Helmet Technology

Dressed appropriately
There was a big debate some months ago on the security blogs about bullet-proof designer clothes, which started a thread on whether helmets could stop bullets effectively.

I guess the answer is a definite yes, if you include the ability to deflect force and protect the user against harm.

This harrowing story from Iraq suggests that the troops find the latest technology in helmets heavy and cumbersome, but that it undeniably lowers their vulnerability. Although I understand that the story is meant in part to reassure soldiers to keep their lid on, I couldnt’ help but notice there is no mention whether the prior helmet model would have failed or done a similar job:

The round, most likely a 7.62 mm from a sniper rifle, ricocheted off the upper left side of the helmet, shredding the outside and slightly cracking the inside.

I’ll take two.

function key of death

This news story is quite sad. A high school student discovers that enough people pressing the F5 key while on the school website causes a Denial of Service (DoS) condition, perhaps even on the school’s “system”. Alas, being a typical high school kid, he tells all his friends to give it a try at the same time.

What’s the response?

“It’s a crime and it is important we take this seriously … especially for school officials … it could have done a tremendous amount of damage,” said Canton City Prosecutor Frank Fronchione.

Ok, but let’s be Frank about this. I bet the prosecutor probably broke the speed limit on the way to work that morning, which also could have done a tremendous amount of damage, but mild speeding has not been established as a felony (yet?). So what’s the “reasonable” level of damage and the “reasonable” response? Can Frank explain the risk calculation that has been used to suggest that a “tremendous amount of damage” is even remotely likely, or that the remediation of the hole would cause duress? I’m not defending the student, just wondering if some of the key details of the story are missing.

My guess, based on the over-reaction of the school to the attack, is that this is one of those cases where the kid was already marked as some kind of trouble-maker with a prior record and the school has just been looking for the right function to get him out of their hair. But the details are sketchy and prosecutors are known to blow things out of proportion in order to establish a favorable bargaining position for their client.

Apologies for the puns…

WMF patch details

Get ready to reboot all your XP, 2003 and 2000 systems.

Surprised? Ah, remember the lavish Windows 2000 launch parties when we were all told “rebooting will be a thing of the past” and “only six (kinds) of reboots will be necessary, down from six-hundred in NT4”.

Maybe I’m exaggerating a little, but my point is that this is a major inconvenience in order to fix a minor convenience that most people aren’t even aware of in a large enterprise. It just gets uglier since we are looking at a reboot of critical services when they are supposed to be up all the time and generating revenue — who wants to tell management “we had to have a maintenance window this weekend because of some picture rendering code on the console”. Well, it has to be done.

So far we believe the update changes the following registry keys:

    HKLM,”SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB912919″
    HKLM,”SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB912919″

And the following files get touched:

    Windows Server 2003 will replace Gdi32.dll
    Windows XP will replace Gdi32.dll and Wgdi32.dll
    Windows 2000 will replace Gdi32.dll and Mf3216.dll

Which makes me say…

Patch released early
safer code rolls out to disk-
  why must I reboot?

Note: Never rely on the registry keys alone for proof of a patch since someone could obviously stuff the registry…

Microsoft announces WMF patch

Great news. At 2PM today Microsoft will officially release its patch for the latest WMF exploit, which is nice of them to do ahead of time. It’s already available here:

http://www.microsoft.com/technet/security/Bulletin/ms06-001.mspx

Microsoft will hold a special Web cast on Friday, January 6, 2006, to provide technical details on the MS06-001 and to answer questions. Registration details will be available at http://www.microsoft.com/technet/security/default.mspx.

We’re actually reviewing deployment details now, as well as moving further ahead with the other preventive/detective measures already underway.

Incidentally, 4PM (-8 GMT) is the anticipated Sober explosion, but I’ve watched an incredibly exponential spike (2000%) in sober payload since Dec 28th, suggesting that the two issues may be closely related…all the more reason to get things under control right now.