Date: Thu, 05 Jan 2006 21:50:49 -0500
To: WSFA members <WSFAlist at keithlynch.net>
From: "Mike B." <omni at omniphile.com>
Subject: [WSFA] WMF bug in Windows...fix is out.
Reply-To: WSFA members <WSFAlist at KeithLynch.net>

Microsoft has released the fix for the WPM bug sooner than previously
announced.  I guess they decided that it was just too dangerous to let it
slide until the normal security update next week.  Windows Update will get
it for you, and Win2K and XP may be downloading it for you already (or even
installed it) if you have that feature enabled.

Keith:  I hope you are using a modern version of Lynx...I tripped over some
stuff while researching CGI security this evening that indicated that early
versions had security problems that could result in execution of programs
based on the content of the web page being browsed.  A google search turns
up a number of them over time.  For example:

http://ciac.llnl.gov/ciac/bulletins/q-019.shtml  ( a recent one... )

http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0294.html
(also recent)

http://www.xatrix.org/advisory.php?s=5973

Etc..  From what you described of your use, your own machines won't be
harmed, but the data you are "buffering" on your ISPs machines prior to
your periodic download could be...perhaps not in an overt manner that's
easily detectable.  Just FYI.

-- Mike B.

--

  ACHTUNG:
         Das machine is nicht fur gefingerpoken und mittengrabben.
         Ist easy schnappen der springenwerk, blowenfusen und
         corkenpoppen mit spitzensparken. Ist nicht fur gewerken
         by das dummkopfen. Das rubbernecken sightseeren keepen
         hands in das pockets. Relaxen und vatch das blinkenlights!!!