The shield that comes with the passport card is effective, at least as far as my research so far has suggested. It's worth mentioning though that according UW / RSA, the shields supplied with the electronic drivers license in Washington are ineffective at preventing reads (although they do reduce range somewhat) - http://www.rsa.com/rsalabs/node.asp?id=3557
Well, after a quick show of hands in the office two of us "black hat hackers" were prepared to admit to having sentences reduced. I suspect they may be high on Pixy Stix though, so you shouldn't necessarily believe that...
I've had Autorun disabled on every Windows machine I've owned since the very first time I put a CD in my machine and it did something without me telling it to. I've never seen the error messages of which you speak - or if I have, they've been so minor a problem that I've not really noticed them and I've managed to do what I wanted anyway. Maybe you're just using crummy software - care to name an app that warns you in this way?
On the flipside, I use VMWare in Windows - which warns you that Autorun can cause problems if it's enabled on the host OS, and disables it if you let it.
If anyone has 589Kb of disk space on a server that's not stuck on stupid 384kbit DSL upload limit, I have a VMWare image I created of Windows 1.01 on top of Dos 3.3. Works pretty nicely, except that VMWare can't emulate a serial mouse (and Win 1.01 predates PS/2).
Any offers? I'll email it out to anyone that's prepared to post a link to it here...!
"There are a number of passively cooled Geforce 6200 based cards, for example, but they can't handle high-definition video decoding well".
Sorry, but that's a bunch of bollocks. I've been playing DVDs just fince since they came out in the UK (mid-1998 - when I bought my DVD drive I bought a copy of every single DVD they had in the shops at the time - a total of about 8). I started out with a separate decoder card which was fanless, and played DVDs just fine. They're now trying to tell us that we need to shell out on this because the almost-latest-and-greatest nVidia card can't do DVD decoding? Bullshit.
People, if you want a quiet system just buy an older card. eBay is a great place to pick up an older (fanless) geforce card, and with the speed of a modern CPU (which will HAVE to have a fan on it) you can make up for in software what the decoder on the card lacks in hardware.
Failing that, just put your computer in a cupboard behind the speakers. How quiet do you really need it to be?
Think about it. If the RIAA has to prove that you've distributed files to other people, that means that either you or they have to be keeping logs - which AFAIK no current P2P programs actually do. Either that, or they'd have to sniff the traffic as it goes through the various ISPs between the two people, which they won't be allowed to do.
Either that, or they'll have to download something off you themselves - which I believe puts them on very shakey ground since you could probably class that as entrapment. They could argue that since you have all this content on your hard drive that you must have downloaded it illegally at some point, but if I read the article right you have to specify times as well - they'd have to prove that timestamps on files are accurate.
If this case gets dismissed and the P2P apps continue to not keep logfiles, things could get a lot easier for file sharers and a lot harder for the RIAA.
None that I've ever noticed. The only time I've ever had a problem with it is when I've been trying to connect to the machine remotely, in which case I can just use the IP address. It is very helpful when being IDS-evasive though (I'm a penetration tester by day) since several IDS' simply give up trying to figure out who / what I am when they pick up my traffic...
My dad spent 3 days emailing and calling to find out why ABC wasn't downloading anything after a power cut. I talked him through uninstalling and reinstalling it, trying another client, re-checking his ADSL settings, all sorts of stuff. All international, all without remote access. Eventually, he emailed me to tell me he'd solved the problem - ABC wasn't downloading because he'd run out of disk space. He saved stuff to a different drive and now it works perfectly...
The Register carried this story earlier - I posted this to John Leyden, and might as well repost here....
Being somewhat bored on a Friday afternoon, I decided to take a quick peek at this software from Earthlink, and found some rather disturbing results. In fact, it's ill-represented, borderline illegal, and about as intrusive as RealPlayer (and that's saying a lot).
I ran my machine through their quick'n'dirty scan, which reported 1 Trojan, 5 Adware programs, 65 Adware cookies
Given that the combined might of one internet security expert, Ad-Aware, HijackThis, Spybot Search-and-destroy, and Network Associates Antivirus (all with the latest updates - me included!) found nothing, I got somewhat intrigued and looked a little deeper. My (american) fiancee has an Earthlink account, so I borrowed, that, downloaded the software, and (several reboots and updates later), ran their proper spyware detector.
This showed up that it had found 123search, Alexa Toolbar, Bonzi Buddy, OpenSite, and Netbus(!!) on my system. Every one of those apps would be found by at least three of the apps which I regularly run, and every one of them would have been found in the manual checks which I periodically run as well. So I went a little deeper...
Once the checks had been run, I paused a little before allowing the tool to fix the items it had found. In the meantime, I fired up regmon and filemon, allowing me to see *everything* that the tool was doing.
This turned out to be not a whole lot. No files outside of either the Earthlink install folder or the system registry were modified in any way. The only registry keys which were deleted we for Netbus settings (OK, I fiddled with it for a project about a year ago, but a registry key isn't exactly the same as having it installed!) and a few random CLSID's that could have been anything. Not exactly convincing evidence - especially considering that I know none of those other apps have ever been anywhere near this machine...
So, having "fixed" everything, I ran the quick'n'dirty scan again. Surprise! My machine was clean. So, I uninstalled the proper software (its ONLY saving grace - it uninstalls cleanly), rebooted, ran the quick scan again, and was not entirely surprised to find that it now listed no trojans or adware, but 18 tracking cookies. Despite only accessing the Earthlink site (and El Reg) since it reported that I was clean. And still, Ad-Aware and Spybot report nothing...
Essentially, it looks like this is reporting large numbers of problems in order to convince you to pay Earthlink for their software, which then magically "fixes" all the problems (which never existed in the first place). They're trading off the FUD associated with Spyware, and it's ethically and (probably legally) wrong. Their product may be of benefit to people who know no better, but I'd stick with Spybot S&D and Ad-Aware - two very good (and free) apps which, when combined with a decent AV scanner (and maybe a personal firewall, to boot) give you all the protection you need from spyware, and a whole lot else.
1) Radioactive material tends to be self-heating. That's why you can run a power station off it.
2) A solid steel container, buried underground for a week. How do you train a chicken to hold it's breath, and how long can it do so for?
3) According to the NewScientist article, "If disturbed or damaged, they were primed to explode within 10 seconds". Surely chickens *inside* the thing would disturb it, and set it off?
However, a quick office poll still reveals 50-50 support for the idea. Whatever happens, half the office will get laughed at tomorrow...:)
That's probably fair - more information is warranted. Let me give you some specs, and you can work it out for yourself - bear in mind that this is for my heli, which is one of the smaller petrol-driven aircraft on the market. Certainly not large enough to hoist a decent-sized camera / computer combo.
I fly a Nexus 30, basically an entry-level heli. The blades on mine are carbon-fibre (upgraded from wood), 48" diameter. Those blades run at about 2,000rpm (it's about a 10:1 ratio step-down from the engine driveshaft). That means that in a hover, the tips of the blades (the bit that moves fastest and hence provides most lift) is moving at around 300mph, or about 0.4 mach.
In fact, the main reason I switched to carbon-fibre instead of wood is because CF come in pre-balanced pairs; after spending an hour balancing wood blades, the heli would still shake quite badly. That's considerably easier with pre-matched carbon fibre, but I still have to fully dismantle it every 5 flights or so (~1.5 hours flight time) since it shakes all the screws and bolts loose, even with threadlock.
As for engine noise, I'm not sure. Certainly you could replace the 2-stroke with a 4-stroke engine, and muffle it a lot better, but you'd run into all sorts of other problems (4-stroke engines tend to be heavier, lower RPM, and less reliable - OTOH they're more efficient).
As for jitter-correction; you'd have to jitter-correct significantly faster than the heli is shaking (around 30-40hz), so you're looking at a fairly high-speed camera. That adds weight, and these things don't lift very much (mine will just about lift a 1lb bag of sugar).
Essentially, it might be possible, but I doubt it. Hell, these things are considerably shakier and less stable than a full-size helicopter (less weight == more maneuverable), and have considerably less endurance. You'd be far better off sticking a hulking great camera on a full-sized heli and putting a pilot in it. Admittedly though, that would defeat the point of the exercise...
You've evidently never flown an R/C helicopter. I fly a 30-size and that looks like a 60-size (about 30% bigger than mine in terms of weight and rotor diameter), and they make a LOT of noise. If this thing was anywhere near, you'd know about it - the engines are two-stroke, operating at around 20,000 RPM. And that's without the sound of the blades (also pretty significant).
Add to that the fact that these things shake. A lot. You can't hope for a clear image from far enough away to not hear it. I've mounted a digital camera on my heli before, and used the remote to take pictures of stuff from the air. With a UKP500 digital camera at its fastest shutter speed, all I got were some vague blurs - you can just about make out me holding the controls and my housemate with the camera remote - and that was from about 20 feet away.
Noisy as hell, shakey as hell, useless for covert surveillance. And anything that's not covert can be shot down...
RTFA. They didn't hijack the domain, they re-registered it when cyberangels de-registered it. They bought and paid for a domain that the previous owner no longer wanted.
Windows 2000 Server, SP3. Up for 55 days, 15 hours, 53 minutes. And that's only because I moved into my flat 55 days, 17 hours ago:) In that time it's been used extensively for C / C++ development, plenty of Quake 3, CD burning, watching DVDs, Kazaa, you name it. And it also serves my website (half a million hits over the 55 days), email, internal DNS, DHCP and file server. It's transferred over 150Gb of data to either the internet or LAN, and has never crashed. Who says Windows 2000 isn't stable? I don't even need to reboot when I install patches - restarting services to trigger the updates is relatively easy on Win2K if you know your services well.
Windows in general cops a LOT of shit for instability that it really doesn't deserve. Before you criticise Windows for being unstable, I suggest you try debugging a crashdump - 99.9% of the time it's caused by a third-party driver. Cheap sound card? Old graphics driver? Hell, maybe even you've not installed the 4in1 driver for that Via IDE controller on your motherboard? Drivers are the single biggest source of crashes and reboots in Win2K. If you want a stable system, spend some money on your hardware, and get it from a company that provides decent drivers.
Admittedly, that's the reason why *nix is generally perceived as more stable than Windows - if a driver is bad in Windows, you're screwed. If a Linux driver is bad, you can fix it, recompile the source, and bye bye instability.
Don't blame Microsoft for instability. Blame the third-party hardware vendors who can't be bothered to spend the time and money properly debugging their drivers.
If you think that was good, wait and see what happens at Black Hat.
Incidentally, even being linked to in a/. comment has increased my web traffic a hundredfold in 45 minutes - not sure how much longer my DSL will cope...
From the article:
"The April 30 release, issued by the company's MSN Internet division in the United Kingdom"
Looks like Microsoft are redefining the standards again - releasing April Fools jokes on the last day of April rather than the first. Why can't they just stick to the damned specs?:)
...is the Hoverfly from Snelflight. Total flying weight of 70 grams, unlimited flying time, and so robust you can give your mates the controller without worring about the repair bill. I've been flying one of these things for about a year now - hours of fun, especially when it goes to work with me and the guys in the office take turns at trying to kill each other with it...:)
What I don't understand is...
on
Linus on DRM
·
· Score: 3, Interesting
...how DRM ever actually *CAN* be integrated into Linux in a useful and reliable way. Any kind of code-signing / authentication mechanism will ultimately depend on a signed kernel, and since you have the kernel source you can do whatever you like with it, including spoofing the "Yes, we're running DRM" responses. Even if it comes down to a hardware chip, the kernel will still be perfectly capable of intercepting calls to this chip and spoofing a "Yes, we're running DRM" reply. If the DRM-protected content is dependant upon mechanisms implemented on the client in order to restrict usage, then having total, source-level control over those mechanisms completely negates the security they provide.
Maybe I've missed something here, but client-side security never works in the end. And in the case of DRM-on-linux, I don't see how it can even get off the ground....
The RC2 versions on MSDN earlier today have been replaced by the final builds. It's not mentioned on the homepage anywhere, but it's up. Looks like CNet got it right - there's no announcement anywhere I've looked, but those who pay UKP1700 per developer per year for the privilege of developing for the Windows platform can now download it. And then post it on Kazaa:)
Actually, probably not - I researched this when writing Shatter. When you hit CTRL+ALT+DEL you actually switch desktops from the "Default" desktop to the "Winlogon" desktop. A program on one cannot interact with a program on another. There are functions to "open" a desktop and interact with it - however the Winlogon desktop is tightly restricted, and any attempts to open it are met with an Access Denied error.
Either way, there's numerous windows (normally hidden) on a standard desktop that run as localsystem - it's possible to exploit some of them using the same techniques.
Yes, an antivirus program will pick up the fact that sploit.bin contains the W32/Beavuh "virus". It's not viral - if you look at the Jill source code (where that shellcode comes from) you'll see that the shellcode is injected through the use of an HTTP header called "Beavuh". The initial shellcode parses through memory for this tag, then jumps to it. If you don't believe me, disassemble the shellcode. Failing that, get hold of a copy of Jill and verify that it contains the same "virus". In fact, I'm willing to bet that the same virus scanner will detect hk.exe as a virus, and probably a few others as well. Hell, probably even Netcat will be picked up...
Slashdot Mirror
The shield that comes with the passport card is effective, at least as far as my research so far has suggested. It's worth mentioning though that according UW / RSA, the shields supplied with the electronic drivers license in Washington are ineffective at preventing reads (although they do reduce range somewhat) - http://www.rsa.com/rsalabs/node.asp?id=3557
Well, after a quick show of hands in the office two of us "black hat hackers" were prepared to admit to having sentences reduced. I suspect they may be high on Pixy Stix though, so you shouldn't necessarily believe that...
I've had Autorun disabled on every Windows machine I've owned since the very first time I put a CD in my machine and it did something without me telling it to. I've never seen the error messages of which you speak - or if I have, they've been so minor a problem that I've not really noticed them and I've managed to do what I wanted anyway. Maybe you're just using crummy software - care to name an app that warns you in this way?
On the flipside, I use VMWare in Windows - which warns you that Autorun can cause problems if it's enabled on the host OS, and disables it if you let it.
Almost as good as the splash screen when Windows 2000 starts - ever noticed where it says "Built on NT Technology"?
Now remember that NT stood for "New Technology".
So Windows 2000 was built on 10-year-old New Technology Technology.
Ah, bollocks to it - I've been meaning to test how well the Smoothwall traffic shaping / QoS mod works, and I can't be bothered to set up a torrent...
Linky clicky goodness...
If anyone has 589Kb of disk space on a server that's not stuck on stupid 384kbit DSL upload limit, I have a VMWare image I created of Windows 1.01 on top of Dos 3.3. Works pretty nicely, except that VMWare can't emulate a serial mouse (and Win 1.01 predates PS/2).
Any offers? I'll email it out to anyone that's prepared to post a link to it here...!
"There are a number of passively cooled Geforce 6200 based cards, for example, but they can't handle high-definition video decoding well".
Sorry, but that's a bunch of bollocks. I've been playing DVDs just fince since they came out in the UK (mid-1998 - when I bought my DVD drive I bought a copy of every single DVD they had in the shops at the time - a total of about 8). I started out with a separate decoder card which was fanless, and played DVDs just fine. They're now trying to tell us that we need to shell out on this because the almost-latest-and-greatest nVidia card can't do DVD decoding? Bullshit.
People, if you want a quiet system just buy an older card. eBay is a great place to pick up an older (fanless) geforce card, and with the speed of a modern CPU (which will HAVE to have a fan on it) you can make up for in software what the decoder on the card lacks in hardware.
Failing that, just put your computer in a cupboard behind the speakers. How quiet do you really need it to be?
Think about it. If the RIAA has to prove that you've distributed files to other people, that means that either you or they have to be keeping logs - which AFAIK no current P2P programs actually do. Either that, or they'd have to sniff the traffic as it goes through the various ISPs between the two people, which they won't be allowed to do.
Either that, or they'll have to download something off you themselves - which I believe puts them on very shakey ground since you could probably class that as entrapment. They could argue that since you have all this content on your hard drive that you must have downloaded it illegally at some point, but if I read the article right you have to specify times as well - they'd have to prove that timestamps on files are accurate.
If this case gets dismissed and the P2P apps continue to not keep logfiles, things could get a lot easier for file sharers and a lot harder for the RIAA.
None that I've ever noticed. The only time I've ever had a problem with it is when I've been trying to connect to the machine remotely, in which case I can just use the IP address. It is very helpful when being IDS-evasive though (I'm a penetration tester by day) since several IDS' simply give up trying to figure out who / what I am when they pick up my traffic...
I call my main work machine "localhost". Confuses the hell out of a surprising number of people and programs...:)
My dad spent 3 days emailing and calling to find out why ABC wasn't downloading anything after a power cut. I talked him through uninstalling and reinstalling it, trying another client, re-checking his ADSL settings, all sorts of stuff. All international, all without remote access. Eventually, he emailed me to tell me he'd solved the problem - ABC wasn't downloading because he'd run out of disk space. He saved stuff to a different drive and now it works perfectly...
The Register carried this story earlier - I posted this to John Leyden, and might as well repost here....
Being somewhat bored on a Friday afternoon, I decided to take a quick peek at
this software from Earthlink, and found some rather disturbing results. In
fact, it's ill-represented, borderline illegal, and about as intrusive as
RealPlayer (and that's saying a lot).
I ran my machine through their quick'n'dirty scan, which reported
1 Trojan,
5 Adware programs,
65 Adware cookies
Given that the combined might of one internet security expert, Ad-Aware,
HijackThis, Spybot Search-and-destroy, and Network Associates Antivirus (all
with the latest updates - me included!) found nothing, I got somewhat intrigued
and looked a little deeper. My (american) fiancee has an Earthlink account, so
I borrowed, that, downloaded the software, and (several reboots and updates
later), ran their proper spyware detector.
This showed up that it had found 123search, Alexa Toolbar, Bonzi Buddy,
OpenSite, and Netbus(!!) on my system. Every one of those apps would be found
by at least three of the apps which I regularly run, and every one of them would
have been found in the manual checks which I periodically run as well. So I
went a little deeper...
Once the checks had been run, I paused a little before allowing the tool to fix
the items it had found. In the meantime, I fired up regmon and filemon,
allowing me to see *everything* that the tool was doing.
This turned out to be not a whole lot. No files outside of either the Earthlink
install folder or the system registry were modified in any way. The only
registry keys which were deleted we for Netbus settings (OK, I fiddled with it
for a project about a year ago, but a registry key isn't exactly the same as
having it installed!) and a few random CLSID's that could have been anything.
Not exactly convincing evidence - especially considering that I know none of
those other apps have ever been anywhere near this machine...
So, having "fixed" everything, I ran the quick'n'dirty scan again. Surprise!
My machine was clean. So, I uninstalled the proper software (its ONLY saving
grace - it uninstalls cleanly), rebooted, ran the quick scan again, and was not
entirely surprised to find that it now listed no trojans or adware, but 18
tracking cookies. Despite only accessing the Earthlink site (and El Reg) since
it reported that I was clean. And still, Ad-Aware and Spybot report nothing...
Essentially, it looks like this is reporting large numbers of problems in order
to convince you to pay Earthlink for their software, which then magically
"fixes" all the problems (which never existed in the first place). They're
trading off the FUD associated with Spyware, and it's ethically and (probably
legally) wrong. Their product may be of benefit to people who know no better,
but I'd stick with Spybot S&D and Ad-Aware - two very good (and free) apps
which, when combined with a decent AV scanner (and maybe a personal firewall, to
boot) give you all the protection you need from spyware, and a whole lot else.
I have screenshots, logfiles, etc...
1) Radioactive material tends to be self-heating. That's why you can run a power station off it.
2) A solid steel container, buried underground for a week. How do you train a chicken to hold it's breath, and how long can it do so for?
3) According to the NewScientist article, "If disturbed or damaged, they were primed to explode within 10 seconds". Surely chickens *inside* the thing would disturb it, and set it off?
However, a quick office poll still reveals 50-50 support for the idea. Whatever happens, half the office will get laughed at tomorrow...:)
That's probably fair - more information is warranted. Let me give you some specs, and you can work it out for yourself - bear in mind that this is for my heli, which is one of the smaller petrol-driven aircraft on the market. Certainly not large enough to hoist a decent-sized camera / computer combo.
I fly a Nexus 30, basically an entry-level heli. The blades on mine are carbon-fibre (upgraded from wood), 48" diameter. Those blades run at about 2,000rpm (it's about a 10:1 ratio step-down from the engine driveshaft). That means that in a hover, the tips of the blades (the bit that moves fastest and hence provides most lift) is moving at around 300mph, or about 0.4 mach.
In fact, the main reason I switched to carbon-fibre instead of wood is because CF come in pre-balanced pairs; after spending an hour balancing wood blades, the heli would still shake quite badly. That's considerably easier with pre-matched carbon fibre, but I still have to fully dismantle it every 5 flights or so (~1.5 hours flight time) since it shakes all the screws and bolts loose, even with threadlock.
As for engine noise, I'm not sure. Certainly you could replace the 2-stroke with a 4-stroke engine, and muffle it a lot better, but you'd run into all sorts of other problems (4-stroke engines tend to be heavier, lower RPM, and less reliable - OTOH they're more efficient).
As for jitter-correction; you'd have to jitter-correct significantly faster than the heli is shaking (around 30-40hz), so you're looking at a fairly high-speed camera. That adds weight, and these things don't lift very much (mine will just about lift a 1lb bag of sugar).
Essentially, it might be possible, but I doubt it. Hell, these things are considerably shakier and less stable than a full-size helicopter (less weight == more maneuverable), and have considerably less endurance. You'd be far better off sticking a hulking great camera on a full-sized heli and putting a pilot in it. Admittedly though, that would defeat the point of the exercise...
You've evidently never flown an R/C helicopter. I fly a 30-size and that looks like a 60-size (about 30% bigger than mine in terms of weight and rotor diameter), and they make a LOT of noise. If this thing was anywhere near, you'd know about it - the engines are two-stroke, operating at around 20,000 RPM. And that's without the sound of the blades (also pretty significant).
Add to that the fact that these things shake. A lot. You can't hope for a clear image from far enough away to not hear it. I've mounted a digital camera on my heli before, and used the remote to take pictures of stuff from the air. With a UKP500 digital camera at its fastest shutter speed, all I got were some vague blurs - you can just about make out me holding the controls and my housemate with the camera remote - and that was from about 20 feet away.
Noisy as hell, shakey as hell, useless for covert surveillance. And anything that's not covert can be shot down...
...of a story over 2 months ago, about the same company. That one was on Wired and had more information.
RTFA. They didn't hijack the domain, they re-registered it when cyberangels de-registered it. They bought and paid for a domain that the previous owner no longer wanted.
Windows 2000 Server, SP3. Up for 55 days, 15 hours, 53 minutes. And that's only because I moved into my flat 55 days, 17 hours ago :) In that time it's been used extensively for C / C++ development, plenty of Quake 3, CD burning, watching DVDs, Kazaa, you name it. And it also serves my website (half a million hits over the 55 days), email, internal DNS, DHCP and file server. It's transferred over 150Gb of data to either the internet or LAN, and has never crashed. Who says Windows 2000 isn't stable? I don't even need to reboot when I install patches - restarting services to trigger the updates is relatively easy on Win2K if you know your services well.
Windows in general cops a LOT of shit for instability that it really doesn't deserve. Before you criticise Windows for being unstable, I suggest you try debugging a crashdump - 99.9% of the time it's caused by a third-party driver. Cheap sound card? Old graphics driver? Hell, maybe even you've not installed the 4in1 driver for that Via IDE controller on your motherboard? Drivers are the single biggest source of crashes and reboots in Win2K. If you want a stable system, spend some money on your hardware, and get it from a company that provides decent drivers.
Admittedly, that's the reason why *nix is generally perceived as more stable than Windows - if a driver is bad in Windows, you're screwed. If a Linux driver is bad, you can fix it, recompile the source, and bye bye instability.
Don't blame Microsoft for instability. Blame the third-party hardware vendors who can't be bothered to spend the time and money properly debugging their drivers.
If you think that was good, wait and see what happens at Black Hat.
/. comment has increased my web traffic a hundredfold in 45 minutes - not sure how much longer my DSL will cope...
Incidentally, even being linked to in a
From the article:
:)
"The April 30 release, issued by the company's MSN Internet division in the United Kingdom"
Looks like Microsoft are redefining the standards again - releasing April Fools jokes on the last day of April rather than the first. Why can't they just stick to the damned specs?
...is the Hoverfly from Snelflight. Total flying weight of 70 grams, unlimited flying time, and so robust you can give your mates the controller without worring about the repair bill. I've been flying one of these things for about a year now - hours of fun, especially when it goes to work with me and the guys in the office take turns at trying to kill each other with it... :)
...how DRM ever actually *CAN* be integrated into Linux in a useful and reliable way. Any kind of code-signing / authentication mechanism will ultimately depend on a signed kernel, and since you have the kernel source you can do whatever you like with it, including spoofing the "Yes, we're running DRM" responses. Even if it comes down to a hardware chip, the kernel will still be perfectly capable of intercepting calls to this chip and spoofing a "Yes, we're running DRM" reply. If the DRM-protected content is dependant upon mechanisms implemented on the client in order to restrict usage, then having total, source-level control over those mechanisms completely negates the security they provide.
Maybe I've missed something here, but client-side security never works in the end. And in the case of DRM-on-linux, I don't see how it can even get off the ground....
The RC2 versions on MSDN earlier today have been replaced by the final builds. It's not mentioned on the homepage anywhere, but it's up. Looks like CNet got it right - there's no announcement anywhere I've looked, but those who pay UKP1700 per developer per year for the privilege of developing for the Windows platform can now download it. And then post it on Kazaa :)
Actually, probably not - I researched this when writing Shatter. When you hit CTRL+ALT+DEL you actually switch desktops from the "Default" desktop to the "Winlogon" desktop. A program on one cannot interact with a program on another. There are functions to "open" a desktop and interact with it - however the Winlogon desktop is tightly restricted, and any attempts to open it are met with an Access Denied error.
Either way, there's numerous windows (normally hidden) on a standard desktop that run as localsystem - it's possible to exploit some of them using the same techniques.
Yes, an antivirus program will pick up the fact that sploit.bin contains the W32/Beavuh "virus". It's not viral - if you look at the Jill source code (where that shellcode comes from) you'll see that the shellcode is injected through the use of an HTTP header called "Beavuh". The initial shellcode parses through memory for this tag, then jumps to it. If you don't believe me, disassemble the shellcode. Failing that, get hold of a copy of Jill and verify that it contains the same "virus". In fact, I'm willing to bet that the same virus scanner will detect hk.exe as a virus, and probably a few others as well. Hell, probably even Netcat will be picked up...