hee, hee, hee! You people ranting about Taco's disrespect - like the inflatable boy with a pin - he's let his family down, let his school down but most of all he's let hiimself down, right?:D
I suggest you read some zen some time, it might help you to forget. Enjoy!
">I wanted to get files form one to the other, both had the same
>admin user name and password."
i'm sorry to say you display an understanding of Microsoft CIFS / SMB 'file sharing' networking that is fundamentally broken. Not that I blame you: trying to reverse engineer what the hell it's supposed to do, and how, by staring at it, scratching your head, then trying stuff at random to see what changes, is a slow but certain route to premature baldness, impotence, and ultimately stark, bug-eyed staring psychosis. I recommend checking out the O'Reilly Windows network admin book(s). (Haven't read 'em myself since the NT4 days, but they were pretty good then.)
If Microsoft had taken the time to consider the platform in a more paranoid sense they could have produced a product of barn-storming quality. Instead, they listened to the marketing people and we all know what result that lead to.
yeah, they've got about 95% of the OS market and, what, 80% of the desktop W/P, spreadsheet and presentation software markets. Record profits every year without fail. Bill Gates has so much money he's pitch-forking it at deserving causes as fast as he can go, and still gets richer each year than the gross domestic product of many small countries. Where did it all go wrong?
Most people only need their time sync'd to a couple of seconds, so public NTP servers are good enough.
Speak for yourself. Personally I use pool.ntp.org and my machines are so closely sync'd to real time that watching xclock whilst listening to the pips (radio time signal), you can't see a difference. To my slow old eyes at least, they appear to be in perfect sync.
Well, I didn't really think the Petty song was about Peelie, I just read the lyric & naturally thought of him. Still, this Ladd chap sounds like an interesting fellow, too.
Black Books is absolutely totally fucking brilliant. The three main leads are awesome actors and comedians in their own rights and just fit the parts beautifully, and, well, the script... look, if you are the sort of person who generally likes British comedy you'll love this. Especially the Irish half.
Nver mind that, what I want to know is this: after the robots have solved the lawyers (presumably others will be posting the functions here shortly) , who will solve the robots?
Yeah, riiigghhhttt... look, Nick, when the Warhol worm arrives, I might start worrying about this;)
On a hasty no-but-seriously note: are you suggesting WMF is wormable? I can't see how; an machine infected with a WMF worm would have to contact another vulnerable machine and somehow induce it into downloading an image file and parsing it. There was a rather feeble attempt at an IM worm over the weekend which fortunately seems to have fizzled, and I can't easily imagine other vectors. (Perhaps I have a weak imagination!) (Hmmm, if it's OK I may take the liberty of mailing you from my work addy about that?)
I think a lot of people are treating this as a spambot / zombie threat, which is more of a nuisance than a threat to the entity hosting the zombies. A wormable threat like MS05-053 (was it? they blur into one after a while) tends to prompt faster action, at least amongst those who witnessed the havok Nimda, Code Red, Blaster et al wrought.
My theory is that the coders with enough skillz to write effective malware and little enough morals to actually use it are more likely to be working for straightforward money-motivated crooks these days than to be out just to trash the world.
Posting this from a Linux box, but I have to point out that actually Vista will be much moer secure against this sort of thing thanks to D.E.P. and the fact that any CPU modern enough to run Vista will support DEP...
Update: Well, H.D. 'DCOM' Moore has done it again; see ISC.sans.org for the new exploit code that will apparently be harder for A/V, IDS and other sig-based systesm (are there any?) to spot.
See also the info on false negatives if you're running with default stream reassembly config options.
Here's another sort of weed that's acquired herbicide resistance. How long before the Northern Alliance in Afghanistan get herbicide resistant opium poppies? They're American allies, after all, gotta make sure they get the benefit of American "intellectual property", to say thanks and make sure they can maintain their grip on power. OLh, wait, that was the wrong link! That's just about GM coca that's four times bigger than the normal plants, this is the RoundUp Ready[tm] coca plant story. My bad!
Returning to the topic - IIRC GM crops were eventually rejected in the EU a few years ago after a lot of hoo-haa when Monsanto et al tried to railroad them through. However as others have pointed out, wind-borne pollen doesn't tend to respect national boundaries...:(
** Are there any third party Intrusion Detection Systems (IDS) that would help protect against attempts to exploit this vulnerability?
While we don't know of specific products or services that currently scan or detect for attempts to render specially crafted WMF files, we are working with our partners through industry programs like VIA to provide information as we have it. . Customers should contact their IDS provider to determine if it offers protection from this vulnerability.
Snort sigs have been available from BleedingSnort for some time now; I pushed them out to our corporate IDS yesterday morning.
# By Frank Knobbe, 2005-12-28
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE EXPLOIT WMF Escape Record Exploit"; flow:established,from_server; content:"|01 00 09 00 00 03|"; depth:500; content:"|00 00|"; distance:10; within:12; content:"|26 06 09 00|"; within:5000; classtype:attempted-user; reference:url,www.frsirt.com/english/advisories/20 05/3086; sid:2002733; rev:1;)
Once again it looks like Microsoft are going to escape the 'perfect exploit' meltdown by the skin of their teeth. This is exploitable remotely, but Dr Evil can't sit at a console typing in arbitrary IP addresses to 0wn with the exploit. On the other hand you can get close to that sort of thing using Metasploit Framework.
I'm absolutely *not* a Java fan, but feel compelled to mention that an app that's vital for my work (infosec stuff) - the WebScarab web proxy, which allows easy drilling into HTTP requests, on the fly manipulation of cookies, form arguments and so on, and which is perfectly quick enough for me.
Sadly this list was drawn up before the events of yesterday and today... a new 0day Windows vuln is out, and an exploit has been written and packaged for the Metasploit Framework. So that's an unpatched remote root with a pick-your-own payload web interface allowing you to inject it along with a reverse shell, a VNC server, or whatever else you want to try....
A lot of people are going to get owned by this in the next few days / week, especially with so many people out of the office until next week...
Well, this sounds really fascinating. I'm afraid I don't have much to add to that, so - on a slightly-related tangent - (the Magellanic Clouds) - the Opportunity Mars rover recently took pictures of the Martian sky at night that shows the Magellanic clouds. Check out the amateur image processing at Unmanned Spaceflight. There have been some amazing pics from the rovers, but this one stands out for me for emotional impact. (Mind you, I'm a sucker for schmaltz and sentiment... Boing Boing linked to a public domain radio version of "It's a Wonderful Life" the other day, I had to keep pausing it stop from bawling like a 5 year old:)
Blimey it's quiet around here. Where is everyone, I thought y'all had GPS powered wifi blogs to enable you to stay online at all times, even queueing in airports or foaming at the mouth over the latest revelations about how your President is turning out to be more than a little bit of a spooky bastard, but no.
And now I find I have nothing to say about MS selling up and moving out of what I suppose we will not know as MSNBC.com for long... except that every so often, I like to take out a few old copies of Wired from the late 90s and reminisce... and afterwards, I remember the old days. One of my faves is the showing Gates and a number of other then-high profile media magnates as the poker-playing dogs of dodgy Medway pub fame. (I forget the other dogs, I think mebbe there was Steve Case, Ted Turner, Murdoch,.. anyone?) The cover story was about WebTV and how MS was going to produce an end-run around the new young Internet startups with a mass-market, set-top-box based walled-garden internet. That tanked, and thank god tehy've not gone back to it... what freaks me out is stuff like WINCE, the Windows Media Edition stuff, web service & things where they seem prepared to spend huge amounts of money over a long period of time (5-10 years, which is a lifetime these days) patiently tweaking and refining crappy products whilst relentlessly marketing them down people's throats so they become unwilling beta testers.
Arbidol (in Russian) is virtually unknown outside Russia, while it seems that it was shown to be able to defeat bird flu virus. For some discussions in English, look e.g. here.
I've heard that Tamiflu is preferred for political reasons. Maybe there's actually something wrong with Arbidol, but here in Moscow they claim that Arbidol can cure bird flu in their rather widespread advertisements and aren't driven to court for that.
I'm sorry to break it to you, but the absence of a lawsuit or regulatory action against the company selling this mystery wonder-drug that no-one outside Russia has heard of is probably not, on it's own, enough to warrant excitement about a miracle cure for as yet unknown future mutation of a very complex and intractable virus. Maybe... just maybe... they're flogging snake oil and paying off the Russian equivalent of the Advertising Standards Authority here in the UK?
This is an incredibly big deal, not because of anything in the story itself, but because of those magic words "followed up by phone". Someone submitted what looked to the Slashdot editors like a really interesting story, but the credibility of which seemed a little flaky. They then *checked the story with a primary source* themselves. (OK, roblimo's working for OSDN rather than Slashdot, IIRC.) But this means that from now on when Slashdot runs a story that turns out to have been trivially falsifiable by a phone call or couple of emails, they can't use the excuse of "we just report what people submit". Fact chgecking... the thin end of a slippery wedge, if you ask me;)
Thirded, with the caveat that G,E,B: is pretty long and heavy going - by my standards, anyway. My copy was the first thing I ever bought online (from Amazon, when they were airmailing stuff from the US to the UK) and I'm still only half-way through. It's the sort of book where you have to read each paragraph twice and then go for a quick walk round the block before tackling the next one.
Slashdot Mirror
hee, hee, hee! You people ranting about Taco's disrespect - like the inflatable boy with a pin - he's let his family down, let his school down but most of all he's let hiimself down, right? :D
I suggest you read some zen some time, it might help you to forget. Enjoy!
>admin user name and password."
i'm sorry to say you display an understanding of Microsoft CIFS / SMB 'file sharing' networking that is fundamentally broken. Not that I blame you: trying to reverse engineer what the hell it's supposed to do, and how, by staring at it, scratching your head, then trying stuff at random to see what changes, is a slow but certain route to premature baldness, impotence, and ultimately stark, bug-eyed staring psychosis. I recommend checking out the O'Reilly Windows network admin book(s). (Haven't read 'em myself since the NT4 days, but they were pretty good then.)
Have a good one!
Well, I didn't really think the Petty song was about Peelie, I just read the lyric & naturally thought of him. Still, this Ladd chap sounds like an interesting fellow, too.
That would be John Peel, then. Sadly missed :(
Black Books is absolutely totally fucking brilliant. The three main leads are awesome actors and comedians in their own rights and just fit the parts beautifully, and, well, the script... look, if you are the sort of person who generally likes British comedy you'll love this. Especially the Irish half.
Eh? Answer me that, then!
On a hasty no-but-seriously note: are you suggesting WMF is wormable? I can't see how; an machine infected with a WMF worm would have to contact another vulnerable machine and somehow induce it into downloading an image file and parsing it. There was a rather feeble attempt at an IM worm over the weekend which fortunately seems to have fizzled, and I can't easily imagine other vectors. (Perhaps I have a weak imagination!) (Hmmm, if it's OK I may take the liberty of mailing you from my work addy about that?)
I think a lot of people are treating this as a spambot / zombie threat, which is more of a nuisance than a threat to the entity hosting the zombies. A wormable threat like MS05-053 (was it? they blur into one after a while) tends to prompt faster action, at least amongst those who witnessed the havok Nimda, Code Red, Blaster et al wrought.
My theory is that the coders with enough skillz to write effective malware and little enough morals to actually use it are more likely to be working for straightforward money-motivated crooks these days than to be out just to trash the world.
Posting this from a Linux box, but I have to point out that actually Vista will be much moer secure against this sort of thing thanks to D.E.P. and the fact that any CPU modern enough to run Vista will support DEP...
See also the info on false negatives if you're running with default stream reassembly config options.
Returning to the topic - IIRC GM crops were eventually rejected in the EU a few years ago after a lot of hoo-haa when Monsanto et al tried to railroad them through. However as others have pointed out, wind-borne pollen doesn't tend to respect national boundaries... :(
Snort sigs have been available from BleedingSnort for some time now; I pushed them out to our corporate IDS yesterday morning.
(Warning, mangled by Slashcode - remove newlines)
t afile.pm.php; classtype:attempted-user; sid:2002734; rev:1;)
0 05/3086; sid:2002733; rev:1;)
#by mmlange alert tcp any any -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT WMF Exploit"; flow:established; content:"|01 00 09 00 00 03 52 1f 00 00 06 00 3d 00 00 00|"; content:"|00 26 06 0f 00 08 00 ff ff ff ff 01 00 00 00 03 00 00 00 00 00|"; reference: url,www.frsirt.com/exploits/20051228.ie_xp_pfv_me
# By Frank Knobbe, 2005-12-28 alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE EXPLOIT WMF Escape Record Exploit"; flow:established,from_server; content:"|01 00 09 00 00 03|"; depth:500; content:"|00 00|"; distance:10; within:12; content:"|26 06 09 00|"; within:5000; classtype:attempted-user; reference:url,www.frsirt.com/english/advisories/2
Once again it looks like Microsoft are going to escape the 'perfect exploit' meltdown by the skin of their teeth. This is exploitable remotely, but Dr Evil can't sit at a console typing in arbitrary IP addresses to 0wn with the exploit. On the other hand you can get close to that sort of thing using Metasploit Framework.
I'm absolutely *not* a Java fan, but feel compelled to mention that an app that's vital for my work (infosec stuff) - the WebScarab web proxy, which allows easy drilling into HTTP requests, on the fly manipulation of cookies, form arguments and so on, and which is perfectly quick enough for me.
A lot of people are going to get owned by this in the next few days / week, especially with so many people out of the office until next week...
see SANS / ISC for more info.
Well, this sounds really fascinating. I'm afraid I don't have much to add to that, so - on a slightly-related tangent - (the Magellanic Clouds) - the Opportunity Mars rover recently took pictures of the Martian sky at night that shows the Magellanic clouds. Check out the amateur image processing at Unmanned Spaceflight. There have been some amazing pics from the rovers, but this one stands out for me for emotional impact. (Mind you, I'm a sucker for schmaltz and sentiment... Boing Boing linked to a public domain radio version of "It's a Wonderful Life" the other day, I had to keep pausing it stop from bawling like a 5 year old :)
And now I find I have nothing to say about MS selling up and moving out of what I suppose we will not know as MSNBC.com for long... except that every so often, I like to take out a few old copies of Wired from the late 90s and reminisce... and afterwards, I remember the old days. One of my faves is the showing Gates and a number of other then-high profile media magnates as the poker-playing dogs of dodgy Medway pub fame. (I forget the other dogs, I think mebbe there was Steve Case, Ted Turner, Murdoch,.. anyone?) The cover story was about WebTV and how MS was going to produce an end-run around the new young Internet startups with a mass-market, set-top-box based walled-garden internet. That tanked, and thank god tehy've not gone back to it... what freaks me out is stuff like WINCE, the Windows Media Edition stuff, web service & things where they seem prepared to spend huge amounts of money over a long period of time (5-10 years, which is a lifetime these days) patiently tweaking and refining crappy products whilst relentlessly marketing them down people's throats so they become unwilling beta testers.
I blame the Dutch, godamnit. Bah, humbug!!
The main danger to what, the other moon rocks lying around within 10m of the impact point? Gimme a break, already!
The space.com headline is a bit closer to the mark... "Small space rock spotted hitting the moon".
--
Sometimes I think the only reason I read Slashdot is to complain about it
This is an incredibly big deal, not because of anything in the story itself, but because of those magic words "followed up by phone". Someone submitted what looked to the Slashdot editors like a really interesting story, but the credibility of which seemed a little flaky. They then *checked the story with a primary source* themselves. (OK, roblimo's working for OSDN rather than Slashdot, IIRC.) But this means that from now on when Slashdot runs a story that turns out to have been trivially falsifiable by a phone call or couple of emails, they can't use the excuse of "we just report what people submit". Fact chgecking... the thin end of a slippery wedge, if you ask me ;)
Yeah, Alex Wheeler, the security researcher, that's right. What's with the quotation marks?
Thirded, with the caveat that G,E,B: is pretty long and heavy going - by my standards, anyway. My copy was the first thing I ever bought online (from Amazon, when they were airmailing stuff from the US to the UK) and I'm still only half-way through. It's the sort of book where you have to read each paragraph twice and then go for a quick walk round the block before tackling the next one.