Looking through gnome-exe-thumbnail, it overlays the program's version number on top of the icon. Windows doesn't do this, but Windows Explorer will show the program version in the properties panel on the bottom of the window and in the file properties page.
gnome-exe-thumbnailer is a shell script that uses Wine to do the actual thumbnailing. The script uses Wine's VBScript interpreter to run a small VBScript to extract the icon.
The malicious MSI therefore ends up tricking gnome-exe-thumbnailer into running arbitrary VBScript.
"Memory optimizers" have been a thing on Windows for several decades. They all work the same way: they force everything out of memory and into swap. It makes it *look* like you have tons of free memory, but then everything grinds to a halt as it's swapped back in.
For all of us who feel only the deepest love and affection for the way computers have enhanced our lives, read on. At a recent computer expo (COMDEX), Bill Gates reportedly compared the computer industry with the auto industry and stated, "If GM had kept up with technology like the computer industry has, we would all be driving $25.00 cars that got 1,000 miles to the gallon."
In response to Bill's comments, General Motors issued a press release stating: If GM had developed technology like Microsoft, we would all be driving cars with the following characteristics:
1. For no reason whatsoever, your car would crash twice a day.
2. Every time they repainted the lines in the road, you would have to buy a new car.
3. Occasionally your car would die on the freeway for no reason. You would have to pull to the side of the road, close all of the windows, shut off the car, restart it, and reopen the windows before you could continue.
For some reason you would simply accept this.
4. Occasionally, executing a maneuver such as a left turn would cause your car to shut down and refuse to restart, in which case you would have to reinstall the engine.
5. Macintosh would make a car that was powered by the sun, was reliable, five times as fast and twice as easy to drive - but would run on only five percent of the roads.
6. The oil, water temperature, and alternator warning lights would all be replaced by a single "This Car Has Performed An Illegal Operation" warning light.
7. The airbag system would ask "Are you sure?" before deploying.
8. Occasionally, for no reason whatsoever, your car would lock you out and refuse to let you in until you simultaneously lifted the door handle, turned the key and grabbed hold of the radio antenna.
9. Every time a new car was introduced car buyers would have to learn how to drive all over again because none of the controls would operate in the same manner as the old car.
10. You'd have to press the "Start" button to turn the engine off."
Not readable on anything other than Apple products, at least initially. Then again, the Linux HFS+ driver still can't write to volumes that have journalling enabled...
The attack involves the Microsoft Application Verifier, a runtime verification tool for unmanaged code that helps developers quickly find subtle programming errors in their applications. The tool, introduced with Windows XP, is installed by default and enabled on all versions of the operating system.
Since when was Application Verifier installed by default? It was apparently included on Windows XP's CD in/Support/Tools, but wasn't part of the standard installation. I don't recall it being installed on any Windows 7 systems that didn't have Visual Studio installed, either.
Almost all PC LCD monitors I've used, even going back to the Dell 1701FP from the early 2000s, has had minimal input lag (usually attributed to LCD response time). Why is it that so many LCD and OLED HDTVs have ridiculous amounts (60ms+) of input lag? OLED in particular doesn't even have the LCD response time excuse.
Do the manufacturers think people *like* input lag and intentionally increase it on products marketed as TVs or something?
Lenovo tried this already with the [url='http://www.laptopmag.com/reviews/laptops/lenovo-thinkpad-x1-carbon-2014']2014 ThinkPad X1 Carbon[/url]. Granted, the touch strip had fixed indicators instead of a full OLED screen, but it was garbage. (Never mind the other keyboard brain damage like replacing Caps Lock with Home/End and tacking on a Delete key to the right of Backspace.)
Thankfully, they reverted this with the 2015 model.
SoftRAM's problem was that it didn't actually do what it claimed to. It adjusted some parameters that improved swapping performance on Windows 3.1, but on Windows 95 it was effectively a nop, and could actually cause problems due to non-reentrant code.
The article doesn't explicitly say anything other than that the the defendant "tampered with the camera equipment to have an opportunity to insert a thumbdrive into the RNG tower without detection", so I assumed that it auto-executed.
Needs a followup detailing what exactly was done to tamper with the system, but I don't suppose that's likely given the nature of the system in question.
Selecting "automatically update" doesn't actually automatically update. It just causes it to complain that an update is available every time you reboot and/or log on.
Maybe if Adobe fixed this, there wouldn't be so many success Flash-based attacks.
GameCube and Wii discs don't use UDF or this "outside-in" recording method. The physical format is identical to DVD; what's changed is the logical sector format. http://debugmo.de/2008/11/anat... has an analysis of the GameCube format; Wii is similar.
The filesystem is also completely proprietary. http://hitmen.c02.at/files/yag... has a description of GameCube discs; http://wiibrew.org/wiki/Wii_Di... has Wii discs. (Wii discs are similar to GameCube, but it supports multiple partitions and offsets are multiples of 4 in order to address a full 8 GB dual-layer DVD using 32-bit values.)
The reason why most people think GameCube and Wii discs are written "backwards" is because the disc mastering tools deliberately pad the beginning of the disc with filler data in order to push the actual data towards the outer edge of the disc. This is because the CAV drives used in GameCube and Wii are able to read data faster if they're closer to the outer edge.
Slashdot Mirror
Most of HP's multi-function printers with Scan To Network only support SMB1. When will they issue a firmware update that adds support for SMB2?
Looking through gnome-exe-thumbnail, it overlays the program's version number on top of the icon. Windows doesn't do this, but Windows Explorer will show the program version in the properties panel on the bottom of the window and in the file properties page.
gnome-exe-thumbnailer is a shell script that uses Wine to do the actual thumbnailing. The script uses Wine's VBScript interpreter to run a small VBScript to extract the icon.
The malicious MSI therefore ends up tricking gnome-exe-thumbnailer into running arbitrary VBScript.
Community "ports" slashdot.org to Chromebooks, Raspberry Pi.
Community "ports" microsoft.com to Chromebooks, Raspberry Pi.
etc... You get the idea.
Visual Studio "Code" isn't Visual Studio. It's also not a real program. It's merely a JavaScript "app" website wrapped in a copy of Chromium.
"Memory optimizers" have been a thing on Windows for several decades. They all work the same way: they force everything out of memory and into swap. It makes it *look* like you have tons of free memory, but then everything grinds to a halt as it's swapped back in.
https://www.howtogeek.com/1714...
You sure about that?
Ext4 doesn't have user data checksums, only metadata: https://ext4.wiki.kernel.org/i...
Not readable on anything other than Apple products, at least initially. Then again, the Linux HFS+ driver still can't write to volumes that have journalling enabled...
Since when was Application Verifier installed by default? It was apparently included on Windows XP's CD in /Support/Tools, but wasn't part of the standard installation. I don't recall it being installed on any Windows 7 systems that didn't have Visual Studio installed, either.
Almost all PC LCD monitors I've used, even going back to the Dell 1701FP from the early 2000s, has had minimal input lag (usually attributed to LCD response time). Why is it that so many LCD and OLED HDTVs have ridiculous amounts (60ms+) of input lag? OLED in particular doesn't even have the LCD response time excuse.
Do the manufacturers think people *like* input lag and intentionally increase it on products marketed as TVs or something?
Microsoft is the only company that will never read your email, unlike EVIL GOOGLE who reads everyone's emails to steal personal information!
Which RAID level works best with a single drive?
2007 and 2012 if you're Microsoft.
What kind of analog dialup modem were you using that could hit 128 Kbps?
And I totally botched the URL by using BBcode-style links.
ThinkPad X1 Carbon 2014 Review
Lenovo tried this already with the [url='http://www.laptopmag.com/reviews/laptops/lenovo-thinkpad-x1-carbon-2014']2014 ThinkPad X1 Carbon[/url]. Granted, the touch strip had fixed indicators instead of a full OLED screen, but it was garbage. (Never mind the other keyboard brain damage like replacing Caps Lock with Home/End and tacking on a Delete key to the right of Backspace.)
Thankfully, they reverted this with the 2015 model.
SoftRAM's problem was that it didn't actually do what it claimed to. It adjusted some parameters that improved swapping performance on Windows 3.1, but on Windows 95 it was effectively a nop, and could actually cause problems due to non-reentrant code.
The Clipper chip was designed by the NSA and had a government-sponsored backdoor. Unsurprisingly, it failed.
WHY is there a kernel mode driver for HTTP? That's literally begging for security holes.
The article doesn't explicitly say anything other than that the the defendant "tampered with the camera equipment to have an opportunity to insert a thumbdrive into the RNG tower without detection", so I assumed that it auto-executed.
Needs a followup detailing what exactly was done to tamper with the system, but I don't suppose that's likely given the nature of the system in question.
And now for a follow-up question: Why exactly was a "highly locked-down computer" set to automatically execute code from flash drives?
...but instead of hacking a random number generator, they injected paint into the ping-pong balls used for the live drawing.
http://en.wikipedia.org/wiki/1...
Selecting "automatically update" doesn't actually automatically update. It just causes it to complain that an update is available every time you reboot and/or log on.
Maybe if Adobe fixed this, there wouldn't be so many success Flash-based attacks.
GameCube and Wii discs don't use UDF or this "outside-in" recording method. The physical format is identical to DVD; what's changed is the logical sector format. http://debugmo.de/2008/11/anat... has an analysis of the GameCube format; Wii is similar.
The filesystem is also completely proprietary. http://hitmen.c02.at/files/yag... has a description of GameCube discs; http://wiibrew.org/wiki/Wii_Di... has Wii discs. (Wii discs are similar to GameCube, but it supports multiple partitions and offsets are multiples of 4 in order to address a full 8 GB dual-layer DVD using 32-bit values.)
The reason why most people think GameCube and Wii discs are written "backwards" is because the disc mastering tools deliberately pad the beginning of the disc with filler data in order to push the actual data towards the outer edge of the disc. This is because the CAV drives used in GameCube and Wii are able to read data faster if they're closer to the outer edge.