Re:This is really good news and here is why...
on
A Rock Moves In Space
·
· Score: 2
Of COURSE! The STOCK MARKET. Well, shit. If a giant ball of rock is hurtling towards my planet, the *very* *first* *thing* that I'd be concerned about is the stock market. Get a grip.
Hmm... depending on how old the system actually is, it might not even HAVE downloadable BIOS updates. IIRC, most 486 systems and even some 586-based systems didn't have Flash ROMs... to upgrade the BIOS, you had to physically replace the BIOS CMOS.
If the motherboard does, indeed, have a flashable BIOS, then try looking up the part/model number on either the manufacturer's site or Google.
1) Acquire several vessels suitable for alcohol. 2) Acquire keg of Guinness, along with suitable tap. 3) If not well versed in the art of the Perfect Pour, seek counsel from your wise barkeep. 4) Enjoy.
NOTE: If keg not available, a few cases of Molson Canadian may suffice.
This simple recipe should be good for a few days... having your favourite pizza joint on speed dial isn't a bad idea, either.
Unfortunately, I get a 403 Forbidden when trying to access that site... not even an authentication dialog, it's just denied. Someone should reverse engineer the authentication protocol so that we can REALLY Slashdot it (I would assume that valid traffic consumes more bandwidth than just sending a 403 page...???).
Well, given NASA's track record at actually getting something to Mars and/or not losing it once it's there, let me be the first to vote that we should send 'N Sync (sp?), 98 Degrees, and a variety of other boy pop bands... at least the female pop singers are sexy.:)
Hey... nice "copy and paste" from the BugTraq posting... ----- BEGIN BugTraq POST -----
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsu bscribe: <mailto:bugtraq-unsubscribe@securityfocus.com&g t; List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Deli vered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 31935 invoked from network); 2 Jul 2002 08:55:04 -0000 Message-ID: <20020702085626.305.qmail@web21002.mail.yahoo.c om> Date: Tue, 2 Jul 2002 01:56:26 -0700 (PDT) From: gcsb <gcsbnz@yahoo.com> Subject: XSS in Slashcode To: bugtraq@securityfocus.com MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-UIDL: "[K!!WR\"!nkN"!NSF"!
There is a nasty Cross Site Scripting(XSS) vuln in Slashcode. This was used a day or so go on slashdot.org and resulted in most of the site being taken down for an hour or so. The maintainers of slashcode have patched the problem in CVS but have not even mentioned it anywhere that I can find. This leaves all sites using slash vulnerable to this exploit.
An example exploit (incomplete) is as follows:
<p > onMouseOver..insert javascript here...>
I am dissapointed that the slachcode maintainers have silently fixed this on slashdot.org yet made no mention of the problem elsewhere so that other sites can patch themselves. No wonder there are so many "trolls" on slashdot.org...ah well.
If you run a site using slashcode, get the latest CVS.
That is all. Move along.
________________________________________________ __ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com
----- END BugTraq POSTING -----
You didn't even reformat the exploit code so that it showed up properly... sheesh.
I totally agree re: RentACoder... when I first heard about the site I got all excited... so I started looking for cool projects. Every once in a while I'd find one and put in a bid... only to find out that some person in India was willing to do the same thing for ( (0.00x0.40)*{my price} ).
[root@myhost/]# su MCSE Access denied. Stupidity not allowed on UNIX boxen.
"add it to a flat-text file... even a MSCE coud do it." No they couldn't. An MCSE would be asking "What do I click on to open this 'flat-text file'???"
"pure stupidity and would only be reccomended by incompetent sysadmins/netadmins" See above.
"they are stuck with a computer store bill for reinstalling their machine"
So now spyware makers/bundlers are going to justify their actions by saying that they create third-party jobs and help strengthen the economy... great.
Hmm... MP3 is a compressed format... silence would, presumably, be a bunch of zeroes in the file... A bunch of zeroes in a row would compress VERY well...
Maybe this lawsuit is actually about a 500:1 compressions scheme....;)
Yeah, the call to AT&T was good. Unfortunately, I couldn't attend in person, but I listened to the MP3 recording of the session (among others). The AT&T call had me ROFL, literally, at some points.:)
I'm likewise trying to scrape together enough $$$ to go this year...
Slashdot Mirror
Of COURSE! The STOCK MARKET. Well, shit. If a giant ball of rock is hurtling towards my planet, the *very* *first* *thing* that I'd be concerned about is the stock market. Get a grip.
Hmm... depending on how old the system actually is, it might not even HAVE downloadable BIOS updates. IIRC, most 486 systems and even some 586-based systems didn't have Flash ROMs... to upgrade the BIOS, you had to physically replace the BIOS CMOS.
If the motherboard does, indeed, have a flashable BIOS, then try looking up the part/model number on either the manufacturer's site or Google.
- Jester
1) Acquire several vessels suitable for alcohol.
2) Acquire keg of Guinness, along with suitable tap.
3) If not well versed in the art of the Perfect Pour, seek counsel from your wise barkeep.
4) Enjoy.
NOTE: If keg not available, a few cases of Molson Canadian may suffice.
This simple recipe should be good for a few days... having your favourite pizza joint on speed dial isn't a bad idea, either.
Yup... but now that major animation houses are using Linux, breaking into a Linux box now yields more realistic Natalie Portman porn than before... :)
Yeah, but the difference between attack counts between Linux and Windows are how many of those attacks are successful...
- Jester
Unfortunately, I get a 403 Forbidden when trying to access that site... not even an authentication dialog, it's just denied. Someone should reverse engineer the authentication protocol so that we can REALLY Slashdot it (I would assume that valid traffic consumes more bandwidth than just sending a 403 page...???).
Well, given NASA's track record at actually getting something to Mars and/or not losing it once it's there, let me be the first to vote that we should send 'N Sync (sp?), 98 Degrees, and a variety of other boy pop bands... at least the female pop singers are sexy. :)
"60 seconds to a minute, 60 minutes to an hour, 25 hours to a day"
;)
Cool... Where do you live? I can use an extra hour of coding time every day...
"Apache market share rises 3.46%; MS down -2.72."
So... MS is actually UP 2.72%? -(-2.72) = 2.72
Hey... nice "copy and paste" from the BugTraq posting...
u bscribe: <mailto:bugtraq-unsubscribe@securityfocus.com&g t;i vered-To: mailing list bugtraq@securityfocus.com
_ __
----- BEGIN BugTraq POST -----
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Uns
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Del
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 31935 invoked from network); 2 Jul 2002 08:55:04 -0000
Message-ID: <20020702085626.305.qmail@web21002.mail.yahoo.c om>
Date: Tue, 2 Jul 2002 01:56:26 -0700 (PDT)
From: gcsb <gcsbnz@yahoo.com>
Subject: XSS in Slashcode
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-UIDL: "[K!!WR\"!nkN"!NSF"!
There is a nasty Cross Site Scripting(XSS) vuln in
Slashcode. This was used a day or so go on
slashdot.org and resulted in most of the site being
taken down for an hour or so. The maintainers of
slashcode have patched the problem in CVS but have not
even mentioned it anywhere that I can find. This
leaves all sites using slash vulnerable to this
exploit.
An example exploit (incomplete) is as follows:
<p > onMouseOver..insert javascript here...>
I am dissapointed that the slachcode maintainers have
silently fixed this on slashdot.org yet made no
mention of the problem elsewhere so that other sites
can patch themselves. No wonder there are so many
"trolls" on slashdot.org...ah well.
If you run a site using slashcode, get the latest CVS.
That is all. Move along.
_______________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com
----- END BugTraq POSTING -----
You didn't even reformat the exploit code so that it showed up properly... sheesh.
- Jester
I totally agree re: RentACoder... when I first heard about the site I got all excited... so I started looking for cool projects. Every once in a while I'd find one and put in a bid... only to find out that some person in India was willing to do the same thing for ( (0.00x0.40)*{my price} ).
[root@myhost /]# su MCSE
Access denied. Stupidity not allowed on UNIX boxen.
"add it to a flat-text file... even a MSCE coud do it."
No they couldn't. An MCSE would be asking "What do I click on to open this 'flat-text file'???"
"pure stupidity and would only be reccomended by incompetent sysadmins/netadmins"
See above.
- Jester
"they are stuck with a computer store bill for reinstalling their machine"
So now spyware makers/bundlers are going to justify their actions by saying that they create third-party jobs and help strengthen the economy... great.
Hmm... MP3 is a compressed format... silence would, presumably, be a bunch of zeroes in the file... A bunch of zeroes in a row would compress VERY well...
;)
Maybe this lawsuit is actually about a 500:1 compressions scheme....
"Perhaps if someone came out with a Java Compiler that turns Java code to machine code I'd like it better. "
Hmm... I seem to recall that gcc had experimental support to do just this... not sure of the current state of it, though.
"supported by an array of perl scripts... doesn't provide the kind of info the marketing department would find really useful"
I think that a LART, applied tactfully, is in order. Obviously, the marketing department needs a crash course in the elegance of Perl. =)
"bring that sucker back and put it where we found it."
:)
Hmm... shouldn't that be exactly where we found it...?
"You can read his .plan or you can finger him."
... but it's so hard to choose!
You don't have a girlfriend,
So you finger John Carmack instead,
But you'd sure like to find a girl who can write good vertex shading code!
:)
- Jester
We watch pr0n all the time, and I'm sure our sex drive is quite high.
:)
Of course, the problem with US is the opposite sex... it's nothin' to do with how horny we are.
- Jester
Yeah, the call to AT&T was good. Unfortunately, I couldn't attend in person, but I listened to the MP3 recording of the session (among others). The AT&T call had me ROFL, literally, at some points. :)
I'm likewise trying to scrape together enough $$$ to go this year...
- Jester
Last I checked, 82.845 WAS a rational number...
Uh, I seriously doubt that renaming a file would stop anything. Ever hear of a regular expression?
So, if we want to get rid of Windows... we have to... kill all its users?!?! Real-life Quake! Sounds good to me. ;)
- Jester
"or we're going to have to give up using Java completely"
:)
Sounds like a plan. Java sucks, PHP and Perl rule. Did I mention that Java sucks?
- Jester