Photo Journal: Spring as a Kingdom Methaphor

It may be me but spring seems to liven me up. Realizing that all day you have not used the log burner (which is, with the current price of wood a joy in itself), playing outside under the stars on my good old “stekkie” which is the Dutch word for a favorite little spot, reading the Bible in the morning sun, I just love getting out of winter.

I never thought about it like this before but spring is actually quite metaphoric for Jesus’ ministry. In His times he did what He did, His Father‘s will and with that he gave us a taste of the Kingdom of God, a Kingdom already here an a Kingdom to come. And he told his disciples that they would be doing even greater things so as make disciples of all nations.

When looking around you, it is not too hard to notice the beauty of the fresh young green, the spring flowers that are coming out. All I can do is be amazed not just about the beauty but also the impact, it so makes you realize that something even better is about to arrive.

Just look at the sheer beauty of what is already there.

All without a doubt a doubt glorious and magnificent. Is it not amazing to see a sleeping or so you wish dead world come alive again.

But at the same time is it not even better to know that it will all be back to life again so we can enjoy it in its full glory.

I can’t wait for it to be summer.

Windows DLL load hijacking exploits go wild – Computerworld

Computerworld – Less than 24 hours after Microsoft said it couldn’t patch Windows to fix a systemic problem, attack code appeared Tuesday to exploit the company’s software.

Also on Tuesday, a security firm that’s been researching the issue for the past nine months said 41 of Microsoft’s own programs can be remotely exploited using DLL load hijacking, and it named two of them.

On Monday, Microsoft confirmed reports of unpatched — or zero-day — vulnerabilities in a large number of Windows programs, then published a tool it said would block known attacks. At the same time, the company said it would not patch Windows because doing so would cripple existing applications.

Microsoft also declined to reveal whether any of its own applications contain bugs that attackers could exploit, saying only that it is investigating.

Many Windows applications don’t call code libraries — dubbed “dynamic-link library,” or “DLL” — using the full path name, but instead use only the file name, giving hackers wiggle room that they can then exploit by tricking an application into loading a malicious file with the same name as a required DLL.

If attackers can dupe users into visiting malicious Web sites or remote shares, or get them to plug in a USB drive — and in some cases con them into opening a file — they can hijack a PC and plant malware on it.

By Tuesday, at least four exploits of what some call “binary planting” attacks — and what others dub “DLL load hijacking” attacks — had been published to a well-known hacker site. Two of the exploits targeted Microsoft-made software, including PowerPoint 2010, the presentation application in Office 2010, and Windows Live Mail, a free e-mail client bundled with Vista but available as a free download for Windows 7 customers.

Other exploits aimed at leveraging DLL load hijacking bugs in uTorrent and Wireshark, a BitTorrent client and network protocol analyzer, respectively.

At the same time, a Slovenian security company claimed that it reported bugs in two Microsoft-made programs last March.

“We’re going to publish a list of the vulnerable apps we found sometime soon,” said Mitja Kolsek, the CEO of Acros Security. “However, since HD Moore’s tool kit is already being used for finding vulnerable apps and at this point hundreds of good and bad guys already know about it, I can say that the two we fully disclosed to Microsoft were in Windows Address Book/Windows Contacts and Windows Program Manager Group Converter.”

HD Moore is the U.S. researcher who kicked off a small wave of DLL load hijacking reports last week when announced he had found 40 vulnerable Windows applications. On Monday, Moore published an auditing tool that others can use to detect vulnerable software. When combined with an exploit added that same day to Metasploit, the open-source hacking tool kit that Moore authored, the tool’s results produce what he called a “point-and-shoot” attack.

All four of the exploits that went public Tuesday appear to be based on Moore’s Metasploit attack code.

Read the rest via Windows DLL load hijacking exploits go wild – Computerworld.