villain Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> BIOS backdoor passwords has to be the most retarded security hole I've ever heard of. Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> old but still a good reason to get firefox Myspace Worm (Thank You Internet Explorer) With the advent of social networking sites, becoming more popular is as easy as crafting a few lines of JavaScript code, it seems. One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, "Samy" had amassed over 1 million friends on the popular online community. How did Samy transcend his humble beginnings of only 73 friends to become a veritable global celebrity? The answer is a combination of XSS tricks and lax security in certain Web browsers. First, by examining the restrictions put into place by MySpace, Samy discovered how to insert raw HTML into his user profile page. But MySpace stripped out the word "javascript" from any text, which would be needed to execute code. With the help of Internet Explorer, Samy was able to break the word JavaScript into two lines and place script code within a Cascading Style Sheet tag. The next step was to simply instruct the Web browser to load a MySpace URL that would automatically invite Samy as a friend, and later add him as a "hero" to the visitor's own profile page. To do this without a user's knowledge, the code utilized XMLHTTPRequest - a JavaScript object used in AJAX, or Web 2.0, applications such as Google Maps. Taking the hack even further, Samy realized that he could simply insert the entire script into the visiting user's profile, creating a replicating worm. "So if 5 people viewed my profile, that's 5 new friends. If 5 people viewed each of their profiles, that's 25 more new friends," Samy explained. It didn't take long for friend requests to start rolling in - first in the hundreds, then thousands. By 9:30pm that night, requests topped one million and continued arriving at a rate of 1,000 every few seconds. Less than an hour later, MySpace was taken offline while the worm was removed from all user profiles. Samy says his intentions weren't malicious, but expressed concern that MySpace, which was purchased by News Corp. in July for $580 million, wouldn't see it that way. Company officials have not contacted him, but his account was deleted. "My primary motivation was to make people laugh. I wanted a few friends to have my name appended to their list of heroes, including some of their own friends whom I don't know directly," Samy told BetaNews in an e-mail interview. "Me, a hero? That had to be the funniest joke people have heard in a while. Well, a lot more people heard it than I had really wanted." Still, aside from remnant "samy is my hero" text strewn across the Internet's fifth largest Web site, the end result could end up positive. The worm has piqued the interest of a number of security professionals who say XSS is a major problem that many companies overlook. Google employee Evan Martin even broke down the worm's AJAX code on his personal Web log. "Found in over 90 percent of Web sites, Cross-Site Scripting vulnerabilities are by far the most common security issue," Jeremiah Grossman, co-founder and CTO of WhiteHat Security, told BetaNews. "The incident with MySpace illustrates the dangers presented by XSS vulnerabilities and underscores the importance for organizations to fix these issues." "Those who do not, especially the on-line financial institutions and community Web sites, are prime targets," added Grossman. But Samy noted that MySpace isn't the only party to blame for the vulnerability, stating that browser makers also need to do a better job with security. "MySpace has always properly filtered out valid JavaScript indications," Samy said, "however it was due to browser leniencies that allowed me to still get JavaScript to execute." Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> PC Support Get all your Windows, Hardware, Networking, and software support questions answered here PC Tips and Tricks, Modding Linux/Unix Support Get all your Linux/Unix questions answered here Linux/Unix Tips and Tricks Mac Support Get all your mac questions answered here Mac Tips and Tricks Electronics Get all your questions on MP3 players, Digital Cameras, Digital Video Cameras, TV's, etc. answered here hey for the viewers what the hell do you want to see posted here add yer comments What Do You Want To See Here Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> teh kewl http://www.damninteresting.com/?p=549 handwriting analysis for jobs, etc. short article. Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> Network Utilities from Bindshell http://www.bindshell.net hosts some nice networking and other tools, take a look at: * synscan - A very quick half-open portscanner with optional multithreaded protocol specific probing tool. * ipsort - takes input from standard in, a file or list of files and sorts the ip addresses. * rfidtool - is a linux command line tool for editing rfid tags. Functionality includes reading, writing, saving, loading and erasing. It currently supports ACGs PCMCIA/CF Multi-Tag Readers. * massresolve - This program performs reverse dns lookups for network blocks or an input file and supports multi threading. * kismet-parse - kismet-parse is a small perl script for parsing kismet network files. It displays information relating to the MAC address of the discovered access points and clients Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> Mirosoft Bets Businees On Linux The next time Bill Gates sends an e-mail through Microsoft's shiny new Wireless LAN it will be passed through a behind-the-scenes Linux-based network appliance. Earlier this year Microsoft and Aruba Networks jointly announced the two companies will work to replace Microsoft's existing Cisco wireless network with Aruba's centrally-managed infrastructure, which eliminates the need for individual changes on the access points. Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> mainter: got any good resources for setting QoS in the wrt54g running hyperwrt? i need to set up a vonage line again and make sure it gets bandwidth priority only when a call comes in or goes out. found a few tutorials, but they were awfully written Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> this is a nice site tech noobs read up http://drdeath.hackerszone.org:881/books/ Quote Link to comment Share on other sites More sharing options...
villain Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> that Samy guy must really need some friends. Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> i like the one off of analog x's site, but use winamp and jetcast to set up and b'cast your own online radio station (under 30 minutes to set it all up) http://cms.mn12nationals.com/index.php?option=com_content&task=view&id=41&Itemid=2 Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> sidekick 3 leaked pic Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> hmmm lemme look around Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> im gonna go get some icecream (cookies n cream) Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> casek do you want to enable QOS on the router? you got the latest firmware? Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> yeah, sure do. Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=1701&p_created=1094664616&p_sid=JweSUq8i&p_accessibility=0&p_lva=&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9NCZwX3Byb2RzPTAmcF9jYXRzPSZwX3B2PSZwX2N2PSZwX3NlYXJjaF90eXBlPWFuc3dlcnMuc2VhcmNoX25sJnBfc2NmX2xhbmc9MSZwX3BhZ2U9MSZwX3NlYXJjaF90ZXh0PVFPUw**&p_li=&p_topview=1 did you talk to linksys? Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> How do blind people know when they are done wiping? Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> nah, i hate linksys. ahh, i'll do that mac addy QoS setup. seems easy enough. i know this hyperwrt has alot of options i haven't even explored yet... ugh. thanks, though. that helps me make my mind up about what i'll do temporarily or permanently. i'unno Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> Is an old hundred dollar bill better than a new one? [99 times better] Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> How do blind people know when they are done wiping? smell? http://www.poopreport.com/Debate/Content/looking.html google gave me that Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> Why isn't there mouse-flavored cat food? Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> Why isn't there mouse-flavored cat food? hmm. cats, like dogs, probably go on texture moreso than taste. i do know that the colors are only for us. cats and dogs don't care about color of food. eukanuba has it right. iams, too. Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> them are suppose to be unanswerable questions damnit Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> guess i ruined it. Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> i got one for you if you choke a smurf does it turn blue? Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> possibly navy blue. Quote Link to comment Share on other sites More sharing options...
lord_casek Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> http://raves.ca/photos.php?page=1§ion=1449 bwahhhahahahhahah! canadians are strange. mix them with ravers....they get gay. Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 26, 2006 Author Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> lalalala Quote Link to comment Share on other sites More sharing options...
johnny ballbags Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> mix ravers with anything.... instant gay Quote Link to comment Share on other sites More sharing options...
johnny ballbags Posted May 26, 2006 Share Posted May 26, 2006 Re: «<< 12Oz Computer Tech Support >>> mainter.... check your email Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.