iDefense announced a vulnerability today in Microsoft’s HTML Application Host (MSHTA).

Note: As of today, this issue has been addressed by MS Security Bulletin MS05-016 - Make sure you’ve updated!

MSHTA’s are a notorius problem and are still in use as a very convenient means of executing code on a target host. Since I have nothing better to do but clean up my place and pack all my belongings so I can move in a couple weeks, I figured I’d write up a little proof of concept.

The only difficult part was determining how the CLSID was stored in the file, as it is not formatted the same way it is in the registry. A little trial and error proved to be quicker than finding MS documentation.

Instructions are in the doc. This will not do anything malicious to your system. I would recommend saving this to your system. Double-clicking it to read the Word doc and then renaming it to some unknown extension “.bob” and double-clicking it again.

Enjoy: iDefense MSHTA PoC

I must be tired or something, but ponder this while pulling down your Monday morning donut and coffee.

Imagine for just a second that Apple wifi-enables the iPod. Now the F-Secure weblog has all kinds of information about mobile phone viruses and even have a new job opening for just such a position. So, as predicted, that sector is growing quickly.

Now let’s go back to the wifi-enabled iPod. Let’s assume for the sake of ease that bluetooth has also been enabled. With 4.5 million iPods sold in the last quarter of 2004 alone, the estimated iPod userbase is estimated to be around 15 million at this time. 15 million iPods. 15 million runners and joggers and iPods all talking to each other. 15 million iPods getting infected by malware and launching a DoS attack on the Internet. ouch Now let’s not be vendor-biased here. Since iPod decks out their mp3 players, all the other vendors will as well. But the virus will be smart and able to jump from mp3 player to mp3 player via bluetooth, infect it, and sit patiently waiting for orders from it’s master.

Just a wacky scenario that popped into my head this morning, but could you imagine the chaos? Not to mention you’d probably lose all of your songs…bummer.

I’m not saying this will happen or that Apple will enable the iPod in this manner and this will actually play out in our universe, but man that would hurt if it did.

Perhaps I should document when I go to sleep each night…just for the fun of it!

The only thing is, I do I determine when I go to sleep if it’s like 2am the next day? I’ll just have to post on the specific date.

Nix that - I think I will just include both the date and time.

I always wondered what I might use the custom tags in wordpress for. Fitlog is a great example of what you can do - I had never even considered using wordpress to track this kind of data, but what a great idea!

Now I just need some things to track…

via [Robin Hastings]

I found this via Scoble, but take a look at what Paul Rademacher has done with Google Maps and Craigslist!

I could’ve used this a month ago, but I’m pretty happy with the place I found. I used the Apartment People here in Chicago and was pleased with their service. This is primarily due to the agent you get - I’ve heard both good and bad things. Fortunately, my agent (Susan Richter) was excellent. She was able to quickly determine my needs and tastes and show me exactly what I was looking for…even if I can be a little demanding. ;)

I can’t wait!

wl-premove/Kitchen

amanda had a question for me about my indented categories in my sidebar using the Minima Plus theme. I figured I’d make a post out of it instead of replying in the comments.

I had the biggest problem getting those categories like that. I tried every combination of parameters possible and was getting nowhere. If you take a look on the Wordpress forum (specifically, this thread) you will see that other people were having similar problems.

I found the answer in another thread which turns out to be use list_cats instead of the new wp_list_cats. Apparently there is a bug with the latter which will be fixed in WP 1.5.1.

Here’s the actual line I use in my sidebar template:

1

< ?php list_cats(0, '', 'name', 'asc', '', true, 0, 1, 0, 1, 1, 0,'','','rss','','','1') ?>

Apparently, MSN Messenger 7 has been released. Wahoo.

I wonder if lets you turn it off without hacking the registry now so it doesn’t fire up every single time you start up any other MS communication tool…

I love troubleshooting.

As you know I like to script, most recently with virtual server.

I’ve got a set…ok, two…of scripts that create and tear down customized virtual server environments. Unfortunately, the kill script started having some problems recently. After I would run the script, virtual server would hang and a process called

1

dw20.exe

would start chewing up CPU and memory. Turns out dw20 is some sort of Office error reporting application. So virtual server was dying for some reason. Tracking down the virtual servers logs only resulted in the following ambiguous error:

The thread “” was forcibly terminated because it did not exit after a waiting period.

Access denied attempting to launch a DCOM Server. The server is: {DA3111BC-1BD7-4884-A535-8470D36028F7} The user is renamed_admin/MSVS01, SID=S-1-5-21-[not]-[these]-[sorry]-500.

What happened?

Soon after I first setup this box, I renamed the administrator account. But here’s the catch! I never logged out of my remote desktop after I made that change. For whatever reason, the fact that I had logged in as “Administrator”, renamed the admin account to “renamed_admin”, and continued to work without logging out and back in was causing virtual server to die when I would try to launch a COM componenet.

shrug I thought most things in Windows were tied to the SID.

If you are planning on using a base virtual machine to deploy an environment, don’t forget to sysprep your vm it in order to get a new SID, GUID, and MAC address! Otherwise, you have to use NewSID and it’s not an easy process.

I am not too impressed with MSN Video Downloads yet. Why not?

1. I don’t have a miniSD card yet for my phone - this is the only reason I am still willing to try it again when I do get the card.
2. The user interface is horrible:
   • There’s no feedback for when I click on links.
   • There’s a big ugly gray bar at the top that just says “Download Status”…what the heck is that big waste of space?
   • There are links to different services, but I’m not sure how they all tie in together.
   • Under HELP, there is a View All link. View all what? I figured it meant video’s, but no it’s the help. Were there any other help items to indicate what this was referring to…not really.
   • There’s one “View My Music” link, but no view my video’s, or TV, or anything else…why not? I thought this was MSN video downloads?!
   • The links are not intuitive - I click on download status and it appears to sign me out. When I’ve selected download status, there’s nothing to indicate that’s the page I’m on. Same with the other links. How the hell do I know what I’m doing??!
   • It’s just plain damn ugly!
3. When I try to play licensed content that I don’t have a license for, it prompted me for a password to some random site - admin.theplatform.com?? Michael Creasy is confused as well.
4. Media Player 10 continually crashed on me and McAfee also seems to think there is some sort of Buffer Overflow in wmplayer.exe::GetProceAddress… Granted we all know how much I like McAfee.

At least when Google puts their products out in beta, they usually look good and work well. Who at Microsoft let this thing out the door?? This is how Microsoft works though. They come out with something that doesn’t work too well, but tons of people still use it because of amazing marketing. They figure out what’s wrong with, fix a lot of things, but it’s still fundamentally flawed. Nevertheless “product” snags the majority of marketshare due to several factors. I have no doubt that MSN Video Downloads will be great at some point, but man does it suck right now.

Update: Maybe something was wonky with my laptop, but at least now the page says “View My Videos” and when I click on links, there is a status bar at the bottom that tells me what’s going on. That addresses a couple of my issues…