If I remember, I'll post the name / author of the book (highly doubtful).
I remember! I remember! It is The Missing Matter by Thomas R. McDonough. The key plot element was that there is this rogue planet that wanders between universes. You just catch a ride on it.
And they know this how? Why wouldn't the speed of light be slower? Why would it be different?
1) They don't
2) It could be
3) It needn't be
However, the idea is that there could be universes with different "constants" than we experience here. Planck's constant, the charge of an electron, the gravitational constant, and speed of light could vary. There was a Scientific American article a few months back on "universal constants" that might be a good read.
There is a sci-fi novel, the name of which I have been trying to remember since this popped up on digg, which goes into this in some depth. As the characters shift between universes, the material properties of their craft and themselves change with the different physical constants in the current universe.
If I remember, I'll post the name / author of the book (highly doubtful).
Anyway to the middle argument, "c" need not be greater, and even if it is, it may not be "practically" faster - an example is that the mapping between universes may be nonlinear and you go no further than you would in "normal space".
Were I to write sci-fi, this is a theme I would pursue.
What about 3rd party solutions?
Wait. MS'll patch it next week. We'll do it in 23 languages and thoroughly test it.
Why is it taking so long?
Our team of "designated product specific security experts" look at the problem, figure out how big it is, then how to fix, then fix it, then test the fix, then port it to all the affected platforms and languages.
I suspect, without further details, that the Trojan Horse affects IE somehow.
Automatically, I did that as well. Is that the case though? There seems to be little in the way of technical information on this - does it act as a proxy that is installed via the "internet options" control panel, a browser "helper" object or what?
I suspect that Google will simply change the format of the Adsense ads, perhaps breaking current adblocking software, as well as the trojan.
Oh, I forgot to mention that you still have an infectious file in your disk cache, even if you're not vulnerable directly through the browser. There may be ways to exploit that somehow.
CERT probably has the best write up on this. But, as they say, "We are currently unaware of a practical solution to this problem."
".wma" and ".wmv" file extensions seem closer to the ".wmf" extension than ".jpg" or ".tif" extensions
It only seems that way - image formats (wmf, jpeg, tiff, gif...) would be opened by the routines that vulnerable. Animations would have a different handler. Though as you say, if the handler is working correctly, it should detect WMF and use the appropriate routines.
If you are using FireFox, and don't open images with external viewers or plug-ins, you should be reasonably safe. FF doesn't appear to have WMF capability. (Someone should submit an enhancement request.) The same goes for Opera. (No enhancement requested there.)
If you use an MS IE based browser, they will render wmf files "natively", even with the extension changed to mask the contents. This will likely trigger the vulnerability, given what CERT says.
The question now is - does this affect embedded images in, say, Word documents?
The file extension, as someone else noted below, isn't the sole basis for determining how a file is handled.
There is also a mime-type which is set by the web server, and also the "magic numbers" or signatures which can identify a file inside the file itself.
Someone else notes that you could call it a.jpg file. This will work to some extent, but usually the web browser knows that it can handle jpegs and will try to render it as a jpeg and note that it can't. (File is corrupt.) There may be problems with Internet Explorer using the same routines as the vulnerable programs. I use Opera, don't know about IE, sorry.
The file will get downloaded into your cache, and may cause problems later.
Perhaps browsing with images off is the best solution until this gets rectified;-)
If any pic can be loaded from a web page, can we even trust your Wiki?
It's not my Wiki;-) anyone can put stuff there. There is a minimum amount of paranoia one should have at all times. There is also a maximum amount one should have at any time.
I want to point out that the file extension is not used exclusively for file type detection, and the magic string at the beginning of the file will trigger the use of the WMF processing. A ".tiff" extension will also work in a similar manner. (Likely there are several good candidates.)
A few people on this thread don't seem to be familiar with the WMF format or GDI.
This format provides for a set of commands which are supposed to be graphics only. (I guess they got carried away in this case.)
As the viewer is basically a scripting engine, the exploiters would certainly try to target it for vulnerabilities. I don't have a copy of the dangerous file, so I don't know whether this particular exploit is a buffer overflow or something else.
The article is a bit thin,
The article is transparent. There is no substance to it.
but it raises an excellent point.
I've no idea what that point is. I think it may be that he believes that the only way that people know which program to use is if it is spelled out in full:
"MicroSoft Windows Web Browser"
"MicroSoft Windows program to play music and video files"
"Adobe program to manipulate photos, images and pictures"
If that's all you want, create a menu item that takes up half the screen:
"GNU Image Manipulation Program"
Sorry, I guess that was not the point he was trying to make, was it?
The author seems to be lacking in depth of experience, implying that GIMP, Opera and FireFox are "Linux applications" only.
Q: Hi I've been using opera from Opera 4 . And after four years I still have it - in fact I can't live without it! If Bill Gates wanted to buy Opera, do you accept it ?
Jon S. von Tetzchner:
Hi Shima, thank you for using the best browser year after year! The answer to your question is simple: No. We would never sell Opera to Microsoft in a million years. Best regards, Jon.
Disclaimer: Yeah, I'm an Opera fanboi! What's it to ya?
Slashdot Mirror
Try ghostscript. The PDF opens with gs under windows, should work under Linux/BSD. Might not be as pretty, but what do you want? ;-)
I remember! I remember! It is The Missing Matter by Thomas R. McDonough. The key plot element was that there is this rogue planet that wanders between universes. You just catch a ride on it.
And they know this how? Why wouldn't the speed of light be slower? Why would it be different?
1) They don't
2) It could be
3) It needn't be
However, the idea is that there could be universes with different "constants" than we experience here. Planck's constant, the charge of an electron, the gravitational constant, and speed of light could vary. There was a Scientific American article a few months back on "universal constants" that might be a good read.
There is a sci-fi novel, the name of which I have been trying to remember since this popped up on digg, which goes into this in some depth. As the characters shift between universes, the material properties of their craft and themselves change with the different physical constants in the current universe.
If I remember, I'll post the name / author of the book (highly doubtful).
Anyway to the middle argument, "c" need not be greater, and even if it is, it may not be "practically" faster - an example is that the mapping between universes may be nonlinear and you go no further than you would in "normal space".
Were I to write sci-fi, this is a theme I would pursue.
A stable of science fiction travel is the barn where you keep your faster than light-speed horses.
What about 3rd party solutions?
Wait. MS'll patch it next week. We'll do it in 23 languages and thoroughly test it.
Why is it taking so long?
Our team of "designated product specific security experts" look at the problem, figure out how big it is, then how to fix, then fix it, then test the fix, then port it to all the affected platforms and languages.
Did you do too much MULE when you were younger, too?
Caveat emptor ... I have not tried this - Windows WMF Metafile Vulnerability HotFix.
Automatically, I did that as well. Is that the case though? There seems to be little in the way of technical information on this - does it act as a proxy that is installed via the "internet options" control panel, a browser "helper" object or what?
I suspect that Google will simply change the format of the Adsense ads, perhaps breaking current adblocking software, as well as the trojan.
So what you're saying is that humans originated in Hawaii and sailed away from there. Interesting. Except - why would they leave Hawaii?
Oh, I forgot to mention that you still have an infectious file in your disk cache, even if you're not vulnerable directly through the browser. There may be ways to exploit that somehow.
Other browses based on IE (Maxthon, Netcaptor, ...) are likely vulnerable as well.
Not entirely. It blocks the WMF previewer from running, but if you use programs which are WMF-aware, you are still vulnerable through them.
You may want to test FF or Opera for a while. ;-)
He ain't heavy, he's my brother. (You insensitive clod.)
".wma" and ".wmv" file extensions seem closer to the ".wmf" extension than ".jpg" or ".tif" extensions ...) would be opened by the routines that vulnerable. Animations would have a different handler. Though as you say, if the handler is working correctly, it should detect WMF and use the appropriate routines.
It only seems that way - image formats (wmf, jpeg, tiff, gif
If you are using FireFox, and don't open images with external viewers or plug-ins, you should be reasonably safe. FF doesn't appear to have WMF capability. (Someone should submit an enhancement request.) The same goes for Opera. (No enhancement requested there.)
If you use an MS IE based browser, they will render wmf files "natively", even with the extension changed to mask the contents. This will likely trigger the vulnerability, given what CERT says.
The question now is - does this affect embedded images in, say, Word documents?
Just get Proxomitron. Works on all browsers - ad blocking in Opera, FF, IE, even "links".
As it is, I just listen in on the stuff they play, because it's usually loud enough for the bass to reach me several seats away.
Someone else notes that you could call it a .jpg file. This will work to some extent, but usually the web browser knows that it can handle jpegs and will try to render it as a jpeg and note that it can't. (File is corrupt.) There may be problems with Internet Explorer using the same routines as the vulnerable programs. I use Opera, don't know about IE, sorry.
The file will get downloaded into your cache, and may cause problems later.
Perhaps browsing with images off is the best solution until this gets rectified ;-)
If any pic can be loaded from a web page, can we even trust your Wiki?
It's not my Wiki ;-) anyone can put stuff there. There is a minimum amount of paranoia one should have at all times. There is also a maximum amount one should have at any time.
A few people on this thread don't seem to be familiar with the WMF format or GDI. This format provides for a set of commands which are supposed to be graphics only. (I guess they got carried away in this case.) As the viewer is basically a scripting engine, the exploiters would certainly try to target it for vulnerabilities. I don't have a copy of the dangerous file, so I don't know whether this particular exploit is a buffer overflow or something else.
I don't think libwmf is vulnerable though.
I think it might have been DNTO and Nick Purdon's quest for the true pint.
The article is transparent. There is no substance to it.
but it raises an excellent point.
I've no idea what that point is. I think it may be that he believes that the only way that people know which program to use is if it is spelled out in full:
"MicroSoft Windows Web Browser"
"MicroSoft Windows program to play music and video files"
"Adobe program to manipulate photos, images and pictures"
If that's all you want, create a menu item that takes up half the screen:
"GNU Image Manipulation Program"
Sorry, I guess that was not the point he was trying to make, was it?
The author seems to be lacking in depth of experience, implying that GIMP, Opera and FireFox are "Linux applications" only.
I wonder how "Evolution" feels about the award - 4 billion years of hard work, and now it gets recognition.
Extract of a chat with Jon held earlier this year:
Q: Hi I've been using opera from Opera 4 . And after four years I still have it - in fact I can't live without it! If Bill Gates wanted to buy Opera, do you accept it ?
Jon S. von Tetzchner: Hi Shima, thank you for using the best browser year after year! The answer to your question is simple: No. We would never sell Opera to Microsoft in a million years. Best regards, Jon.
Disclaimer: Yeah, I'm an Opera fanboi! What's it to ya?
us slashdotting bastards ...
Well, you might count this as a contender for "sequel". ;-)