"I've addressed the first two of Steve's observations, but what about his claim that the abort procedure only executes when the SetAbortProc record contains certain invalid record sizes? I've analyzed the control flow of the PlayMetaFile function that executes WMF file records and found that, if an abort procedure is registered, it calls it after executing each record except the last record of the file. That behavior makes sense since there's no need to ask an application if playback should be aborted when the playback is already completed.
Steve's example WMF file contains only one record, the one that specifies SetAbortProc, so under normal circumstances PlayMetaFile will never call his abort procedure. The record sizes that he found trigger its execution cause PlayMetaFile to incorrectly increment its pointer into the WMF file such that it believes that there are more records to process, whereas the values he used that don't trigger the execution land it on data values that indicate there are no more records. So his assertion that only certain magic values open the backdoor is wrong."
To me this looks like Gibson actually stumbled on another bug in the same piece of code.
Now the cats out the bag, I expect the next generation of MS worms and viruses won't need keyloggers - they will just WATCH you type in your passwords/CC numbers etc...
OEM dealer 1: As in every browser of this size, there is a flaw.
Sultan: A flaw?
Gem dealer 2: The slightest flaw, your excellency.
Gem dealer 1: If you look deep into the browser source code, you will perceive the tiniest discoloration. The fix resembles an animal.
Sultan: An animal?
Gem dealer 1: A little fox.
Sultan: Yes! A fox. Come here, Monkey Ballmer. A gift to your father from his grateful people. Some day it will be yours. The most fabulous browser in all the world. Come close...
'Britain' isn't a country, so how the hell you become a 'Brit' I don't know. You are either 'English', 'Welsh', 'Scottish' or 'Irish', which are countries called England, Wales, Scotland and Ireland respectively that make up the 'British Isles'.
That is a terrible term. I am English. There are Welsh, Scottish and Irish people... a 'Brit' is unknown here.
Anyway, as to the BBC. It is terribly bias toward 'correctness' and really sometimes reports really bad information - "Cyclist dies after colliding with car" - of course, really the car hit the cyclist... etc. etc.
The BBC news site is perhaps the best around (the best of the worse), but it is very far from being perfect and 'unbiased', as it still is a mouthpiece for the Government, and thus, has to follow Government rules on what it can, and what it cannot, say (or report) correctly.
Slashdot Mirror
FTA:
"I've addressed the first two of Steve's observations, but what about his claim that the abort procedure only executes when the SetAbortProc record contains certain invalid record sizes? I've analyzed the control flow of the PlayMetaFile function that executes WMF file records and found that, if an abort procedure is registered, it calls it after executing each record except the last record of the file. That behavior makes sense since there's no need to ask an application if playback should be aborted when the playback is already completed.
Steve's example WMF file contains only one record, the one that specifies SetAbortProc, so under normal circumstances PlayMetaFile will never call his abort procedure. The record sizes that he found trigger its execution cause PlayMetaFile to incorrectly increment its pointer into the WMF file such that it believes that there are more records to process, whereas the values he used that don't trigger the execution land it on data values that indicate there are no more records. So his assertion that only certain magic values open the backdoor is wrong."
To me this looks like Gibson actually stumbled on another bug in the same piece of code.
It will take 18 months to download...
"Beginning Excel". Instead use Open Office, Koffice or Gnumeric.
The End.
...a fluffy woolen cardigan in there?
... when they have their own 'distro' designed for spacecraft:
http://flightlinux.gsfc.nasa.gov/
... what a fucking mess.
Now the cats out the bag, I expect the next generation of MS worms and viruses won't need keyloggers - they will just WATCH you type in your passwords/CC numbers etc...
... as the beeps get nearer and nearer... then THEY should be in to room... look UP to the false ceiling!!!!
... MS owns the copyright to the word 'innovative'. They will be releasing this new design in 6 months after copying it.
Bill Gates would never sell...
Obviously they looked at how he fixed it, snarfed it, and now we will see how 'MS innovation' spin produces a hotfix in record time.
OEM dealer 1: As in every browser of this size, there is a flaw.
Sultan: A flaw?
Gem dealer 2: The slightest flaw, your excellency.
Gem dealer 1: If you look deep into the browser source code, you will perceive the tiniest discoloration. The fix resembles an animal.
Sultan: An animal?
Gem dealer 1: A little fox.
Sultan: Yes! A fox. Come here, Monkey Ballmer. A gift to your father from his grateful people. Some day it will be yours. The most fabulous browser in all the world. Come close...
Why doesn't somebody just *pin* a story (maybe the 1996 one) with the security issues with MS and/or IE and leave it there...
;-)
Then we don't need to read about it all over again every 20 days
Now lets see all the Windows users look at processes running, and let them all go
"Ah! alg.exe csrss.exe ctfmon.exe dllhost.exe explorer.exe internat.exe kernel32.dll lsass.exe mdm.exe msmsgs.exe mstask.exe regsvc.exe rundll32.exe services.exe smss.exe spoolsv.exe svchost.exe system winlogon.exe winmgmt.exe wisptis.exe wmiexe.exe wmiprvse.exe wscntfy.exe wuauclt.exe are running - I know EXACTLY what all that is doing."
Linux processes/apps are named from convention and are all documented. The less said about the alternative (and comparing with) the better.
I was going to submit this article, but I had other important beer things to do...
Seeing as the Dodo came from there until man BSOD it :-)
"I already downloaded the latest Dodo record on my iPac, so this information is incorrect", he announced.
Heh - explain where it says Britain is a country? America is a country made up of States.
Britain is a Monarchy made up of COUNTRIES.
Get it right.
why? no fucking adverts!!!
I am glad my £110.00 a year TV licence fee I HAVE to pay goes to good causes to those that don't have to pay it.
'Britain' isn't a country, so how the hell you become a 'Brit' I don't know. You are either 'English', 'Welsh', 'Scottish' or 'Irish', which are countries called England, Wales, Scotland and Ireland respectively that make up the 'British Isles'.
Well you are 'Yanks'. It even rhymes with "Tom 'Miss USA' Hanks", the typical 'yank'.
:-p
There is no such thing as a 'Brit'.
That is a terrible term. I am English. There are Welsh, Scottish and Irish people... a 'Brit' is unknown here.
Anyway, as to the BBC. It is terribly bias toward 'correctness' and really sometimes reports really bad information - "Cyclist dies after colliding with car" - of course, really the car hit the cyclist... etc. etc.
The BBC news site is perhaps the best around (the best of the worse), but it is very far from being perfect and 'unbiased', as it still is a mouthpiece for the Government, and thus, has to follow Government rules on what it can, and what it cannot, say (or report) correctly.
Maybe my joke is too complicated to understand for the modders...
... President Bush decides to bomb the Canary Islands in a bid to stop a global flu outbreak...
...the Apollo missions were faked, otherwise this could have hit some very expensive equipment up there and damaged it beyond repair!