First, if you took all the applications that read BIOS for some reason and printed their names, you would need to replace your ink cartridge before you were done.
What makes this different?
If BIOS reads were such a dangerous violation of privacy, how come any application can read it and as a limited user, since the PC stone age!
If one wants to yell Fire in a crowded building, lets start by creating a list of applications that read BIOS, find out how many years they have been doing it, and make a list.
I would be much more worried about the little yellow dots on your documents you printed on your printer than the master database of mother board numbers kept by the pentagon.
One thing is for sure, this story just set back the possiblity of intelligent life forms stopping at this bus stop of a rock for at least 10 more years.
"The potential danger of this type of metafile record was recognized and some applications (Internet Explorer, notably) will not process any metafile record of type META_ESCAPE, the overall type of the SetAbortProc record."
It means that at some point in the past Microsoft had full knowledge that Meta-Files were capable of executing custom code when they were being rendered and displayed for "Non-Printer Errors". It took a programing effort to modify Internet Explorer to be "Sand Boxed" from Meta-Files to restrict it from executing the custom code contained in them.
So, Microsoft also knew that just the act of rendering and displaying a Meta-File, would/could execute custom code, and that the same would/could be done while displaying such Meta-Files via Explorer for example when it encountered one of these in a folder ("With or Without") thumbnail view being on.
Now, they also knew that these files could be embedded in Microsoft Office documents, in Microsoft Word, In other 3rd party applictions, viewers and WINE for example.
As They "Sand Boxed" IE from this threat ("Which they left in place") did they warn corporations, users that this BUG still was being allowed to execute custom code and could be delivered using many methods, contained in documents, via email, via downloads, via floppy, CD, DVD?
It is no longer a question that this BUG became a supported FEATURE, the question is why was it allowed to remain?
When your House is flooding, do you build a LEVY ("Sand Box IE") around your house, when you can see very clearly that the water main ("The GDI Libraries") in your front yard is spewing water?
Worse, you already know that you have made a programming effort to "Sand Box" your Browser IE, from this threat ("You Leave in Place") you also PORT it to your new Operating system Vista?
WHY? That answer we will may never know.
One suggestion is they did this to support current clients using this, the questions would be, who were they? Why were they allowed to use unsupported and undocumented features in Meta-Files, and was it worth the exposure of Millions of computers World Wide if this was the case?
"potential danger of this type of metafile record was recognized and some applications (Internet Explorer, notably) will not process any metafile record of type META_ESCAPE, the overall type of the SetAbortProc record. That restriction is the reason it's not possible to exploit this vulnerability by simply referencing an image directly in HTML. IE just won't process it"
So we KNEW that wmf files COULD execute code during rending and BUFF-UP IE and leave the "BUG/Back-Door" as is in the GDI Library?
Everyone KNEW, WINE would be ported Bug-for-Bug ("Puts his sun glasses on, suddenly seeing a Bright LIGHT in the distance from afar;-)")
**COUGH** Hey, this is around the same time "Magic Lantern" FBI lingo got started, NICE FIX Microsoft;-)
100 Percent Agreed. For some reason, also Many people are overlooking the fact that Microsoft Buffed-Up IE ("as stated in their OWN statement") once they learned that this metafile could execute code while it was being rendered, and not just during a printer error.
At that same time they left the most ABUSED HTML devlivery method IFRAME still execute this code, why?
Did they not realize this so called BUG is in the GDI library?
It's very possible that we may have STUMBLED on a fragment of "Magic Lantern" created around the same time by the FBI, any bets we would ever learn the truth? Seems Microsoft was very protective of this by their IE changes to let it remain as is, yet when it went public it became OK to throw the Baby Out With the bath water, by using a Chain-Saw to remove this logic COMPLETLY...ah, so much for LOVE;-)
I have the latest test files created from version 1.17 both OFFLINE and ON-LINE as well as zip files for the last two prior releases 1.16 and 1.14 located here:
http://www.dslreports.com/forum/remark,15188688#15 188722
They can be used for testing, also there is an patch NOT supported by Microsoft for those running Windows 98 here:
http://www.nod32.ch/en/download/tools.php
It should be noted that these files have been used for many days and are safe for testing.
XCP1 pre release technology is designed to provide copy protection onto compact disc recordable media (CDR). Its methodology is an encapsulation process that wraps around the audio content controlling device access. This technique enables the information contained on the disc to be protected without being altered or affecting sound quality. The control program provided as part of the disc management system does not install any programs that alter your access to the content. XCP is deployed through Aurora Software and provides two options for CDR protection."
End Of Quote.
I think it WRAPS around any prior functional protection method the vast majority HAD to protect their Windows Based computer ("Lets Not Forget NETWORK, if you happened to have installed this stuff on a system that's logged on with FULL Network Privileges")
True, the control program does not ALTER your access to the content, it just allows potential World-Wide access to any content on your Network it is installed on and makes WEP look like Quad-WPA encryption when compared to the holes this opens.
Quote From xcp-aurora.com
"XCP1
XCP1 is designed for CD Audio and PC & MAC playability. Levels of protection are very high and recipients of XCP1 copy protected CDs will find it difficult to digitally rip or burn the Red Book content of the CD."
End Of Quote.
Yes however it appears that it was just made much easier to FTP the entire contents of any and all system and possibly Network Media device(s) this stuff has been installed on.
All comments in this post made by ZOverLord are strictly the opinion of ZOverLord and do not reflect the opinions of any other person or entity including the site it was posted on.
I studied the driver's initialization function, confirmed that it patches several functions via the system call table and saw that its cloaking code hides any file, directory, Registry key or process whose name begins with "$sys$".
To verify that I made a copy of Notepad.exe named $sys$notepad.exe and it disappeared from view.
This means that ANYONE who has this ("Sony Root Kit") installed ("And not looking for Root Kits 24/7, The person that found it, Mark, did not even know it was there, and would have not found it had he not been testing the latest version of RootkitRevealer") CANNOT view ANY file, directory, Registry key or process whose name begins with "$sys$" in Windows Explorer or the registry, or process viewer and actually files and directories may not be seen from the command prompt as well, in some cases, I quote from Mark's Blog:
I therefore checked to see if I could examine the files within the hidden directory by opening a command prompt and changing into the hidden directory. Sure enough, I was able to enter and access MOST of the hidden files
As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the "SOFTWARE") onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise
Hmmm, well they just created a BACK-DOOR for anyone who has this root kit of theirs to get ("Personal Information").
Sony even made sure the Root Kit would Load in Safe Mode as well, I quote from Mark's Blog:
As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\Control\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting.
For all Practical purposes Sony has disabled ALL protection from Viri, Spyware, Trojans and Root Kits on the computers that installed their Root Kit IF that Malware uses a $sys$ cloak! for the vast majority of Microsoft Windows computer users.
So IF/WHEN someone creates OTHER Root kits, Viri, Trojans, Spyware that uses this $sys$ cloaking ("Installed Courtesy of Sony") and ANY damage is done to a system because of it, who is responsible for said damage?
This does NOT do streaming, but it does allow storage using the Free Space of any Hard Drive of a PC on your Network. This means that even with a 32Meg Memory Stick, you can still use all the PSP Portals Know to Man Kind and store tons of Videos and Music as well. You can access these files worldwide simple by also using port forwardng on your wireless router, it's a simple http server, and it's FREE. More info here:
http://testing.onlytherightanswers.com/modules.php ?name=News&file=article&sid=30
Yep, that's why I placed a link to another place to get the download on my site, many people complained about the firmware in the link of the story, so I looked around and tested another version.
Maybe the one in the story is Buggy, not sure if they are the same or not. The version I used is working great, so I don't want to try loading the other.
The PSP only likes WEP open keys or Auto/Both "Means the same depending on Wireless Router".
So, If you are having connection problems, check your router.
Hope this helps, spent an hour learning the hard way.
A GREAT example would be show them Open Office:
http://openoffice.org/ ask and tell them they can install this on their systems at home, to communicate with work as well.
It shows them just how much money they can save using open source concepts and also saves them a ton of money instead of them needing to purchase a version of Microsoft Office form their home systems and at their cost.
You could also explain, that unlike Microsoft Office, when a bug is found in this software because you have he source, you can fix it, instead of waiting for patches from Microsoft.
Heck, if you can convince your office to use it, you just might save the company a TON of money as well;-)
OK, I do agree with the access problems, based on state, here is a list of access laws by state, then do a search on the LAW number to get detail.
http://www.crime-research.org/library/State.pdf
I however can find no law about using a CAN,lol for CA or Sacramento County law
By allowing some of their internals to be more public than other search engines they gain an edge by in most cases having the webmasters who already run Google Ads on their site try and climb there way to the top.
If they can't get you to pay for your web site advertising, they can at least make sure you have a way to have their Ads on more top pages of keywords.
Hey, what more could you ask for?
The only way you can get all color hats to really use their talents to rip apart, test, and validate where holes are located is CASH!
Maybe, just maybe some standards will evolve on how to properly design, write and test software prior to releasing it to the public.
There is no excuse with the tools available today for some of this stuff to actually make it past a QA department evaluation.
If companies want others to locate problems, there is no reason why those OTHERS should not be paid for their time and effort.
This concept of physical access required is insane at best.
Done right, almost any device can be re-flashed, if a buffer-overflow is created by a payload, not only can the drivers be infected but the flash-memory itself can be infected.
A good example is this:
http://www.geocities.com/mamanzip/Articles/Low_Cos t_Embedded_x86_Teaching_Tool.html
Note: this was done using the boot-from-lan option for testing, most devices can execute code at boot, no mater what the boot-from option is.
As software becomes more patched, I would worry about legacy harware in the future. This is one of many exploits heading in that direction.
Slashdot Mirror
First, if you took all the applications that read BIOS for some reason and printed their names, you would need to replace your ink cartridge before you were done. What makes this different? If BIOS reads were such a dangerous violation of privacy, how come any application can read it and as a limited user, since the PC stone age! If one wants to yell Fire in a crowded building, lets start by creating a list of applications that read BIOS, find out how many years they have been doing it, and make a list. I would be much more worried about the little yellow dots on your documents you printed on your printer than the master database of mother board numbers kept by the pentagon. One thing is for sure, this story just set back the possiblity of intelligent life forms stopping at this bus stop of a rock for at least 10 more years.
Just look Here for more info:
= /library/en-us/dns/dns/dnsquery.asp
a ys=9999~start=20#15902844
http://msdn.microsoft.com/library/default.asp?url
Also you can defeat a Host file by simply changing the priority of lookups using the registry, more here:
http://www.dslreports.com/forum/remark,15900699~d
Top 10 Reasons Vista was delayed:
.dll
10 - Waiting for Roswell Alien Technology
9 - Will work better when Bird Flu is World Wide
8 - Oprah has not done the book review yet
7 - Apple Dual Boot XP still needs work
6 - Courtney Love needs one more rehab
5 - Still Can't remove Sony Root-kit
4 - Bush is still president
3 - http://onlytherightanswers.com/ has NOT given thumbs up yet
2 - Silva Brown said WAIT!
1 - Moore's Law, It's too slow right now
Did Microsoft Know this BUG was present?
4 17431.aspx
Answer from Microsoft's own statement:
"The potential danger of this type of metafile record was recognized and some applications (Internet Explorer, notably) will not process any metafile record of type META_ESCAPE, the overall type of the SetAbortProc record."
Entire Statement Located here:
http://blogs.technet.com/msrc/archive/2006/01/13/
What does this mean?
It means that at some point in the past Microsoft had full knowledge that Meta-Files were capable of executing custom code when they were being rendered and displayed for "Non-Printer Errors". It took a programing effort to modify Internet Explorer to be "Sand Boxed" from Meta-Files to restrict it from executing the custom code contained in them.
So, Microsoft also knew that just the act of rendering and displaying a Meta-File, would/could execute custom code, and that the same would/could be done while displaying such Meta-Files via Explorer for example when it encountered one of these in a folder ("With or Without") thumbnail view being on.
Now, they also knew that these files could be embedded in Microsoft Office documents, in Microsoft Word, In other 3rd party applictions, viewers and WINE for example.
As They "Sand Boxed" IE from this threat ("Which they left in place") did they warn corporations, users that this BUG still was being allowed to execute custom code and could be delivered using many methods, contained in documents, via email, via downloads, via floppy, CD, DVD?
It is no longer a question that this BUG became a supported FEATURE, the question is why was it allowed to remain?
When your House is flooding, do you build a LEVY ("Sand Box IE") around your house, when you can see very clearly that the water main ("The GDI Libraries") in your front yard is spewing water?
Worse, you already know that you have made a programming effort to "Sand Box" your Browser IE, from this threat ("You Leave in Place") you also PORT it to your new Operating system Vista?
WHY? That answer we will may never know.
One suggestion is they did this to support current clients using this, the questions would be, who were they? Why were they allowed to use unsupported and undocumented features in Meta-Files, and was it worth the exposure of Millions of computers World Wide if this was the case?
Quote From Microsoft:
4 17431.aspx
;-)")
;-)
Entire Statement Here:
http://blogs.technet.com/msrc/archive/2006/01/13/
"potential danger of this type of metafile record was recognized and some applications (Internet Explorer, notably) will not process any metafile record of type META_ESCAPE, the overall type of the SetAbortProc record. That restriction is the reason it's not possible to exploit this vulnerability by simply referencing an image directly in HTML. IE just won't process it"
So we KNEW that wmf files COULD execute code during rending and BUFF-UP IE and leave the "BUG/Back-Door" as is in the GDI Library?
Everyone KNEW, WINE would be ported Bug-for-Bug ("Puts his sun glasses on, suddenly seeing a Bright LIGHT in the distance from afar
**COUGH** Hey, this is around the same time "Magic Lantern" FBI lingo got started, NICE FIX Microsoft
100 Percent Agreed. For some reason, also Many people are overlooking the fact that Microsoft Buffed-Up IE ("as stated in their OWN statement") once they learned that this metafile could execute code while it was being rendered, and not just during a printer error. At that same time they left the most ABUSED HTML devlivery method IFRAME still execute this code, why? Did they not realize this so called BUG is in the GDI library? It's very possible that we may have STUMBLED on a fragment of "Magic Lantern" created around the same time by the FBI, any bets we would ever learn the truth? Seems Microsoft was very protective of this by their IE changes to let it remain as is, yet when it went public it became OK to throw the Baby Out With the bath water, by using a Chain-Saw to remove this logic COMPLETLY...ah, so much for LOVE ;-)
I have the latest test files created from version 1.17 both OFFLINE and ON-LINE as well as zip files for the last two prior releases 1.16 and 1.14 located here: http://www.dslreports.com/forum/remark,15188688#15 188722
They can be used for testing, also there is an patch NOT supported by Microsoft for those running Windows 98 here:
http://www.nod32.ch/en/download/tools.php
It should be noted that these files have been used for many days and are safe for testing.
From xcp-aurora.com ("The Alleged creator of this ROCK-SOLID protection methodology")
http://www.xcp-aurora.com/xcp1.aspx
Quote:
"XCP1 - Burn Protect
XCP1 pre release technology is designed to provide copy protection onto compact disc recordable media (CDR). Its methodology is an encapsulation process that wraps around the audio content controlling device access. This technique enables the information contained on the disc to be protected without being altered or affecting sound quality. The control program provided as part of the disc management system does not install any programs that alter your access to the content. XCP is deployed through Aurora Software and provides two options for CDR protection."
End Of Quote.
I think it WRAPS around any prior functional protection method the vast majority HAD to protect their Windows Based computer ("Lets Not Forget NETWORK, if you happened to have installed this stuff on a system that's logged on with FULL Network Privileges")
True, the control program does not ALTER your access to the content, it just allows potential World-Wide access to any content on your Network it is installed on and makes WEP look like Quad-WPA encryption when compared to the holes this opens.
Quote From xcp-aurora.com
"XCP1
XCP1 is designed for CD Audio and PC & MAC playability. Levels of protection are very high and recipients of XCP1 copy protected CDs will find it difficult to digitally rip or burn the Red Book content of the CD."
End Of Quote.
Yes however it appears that it was just made much easier to FTP the entire contents of any and all system and possibly Network Media device(s) this stuff has been installed on.
All comments in this post made by ZOverLord are strictly the opinion of ZOverLord and do not reflect the opinions of any other person or entity including the site it was posted on.
Here is my 2 Cents on what is so Dangerous that Sony should be sued for it!
When Sony Installed this Root kit according to mark's Sysinternals Blog - http://www.sysinternals.com/blog/
I quote:
I studied the driver's initialization function, confirmed that it patches several functions via the system call table and saw that its cloaking code hides any file, directory, Registry key or process whose name begins with "$sys$".
To verify that I made a copy of Notepad.exe named $sys$notepad.exe and it disappeared from view.
This means that ANYONE who has this ("Sony Root Kit") installed ("And not looking for Root Kits 24/7, The person that found it, Mark, did not even know it was there, and would have not found it had he not been testing the latest version of RootkitRevealer") CANNOT view ANY file, directory, Registry key or process whose name begins with "$sys$" in Windows Explorer or the registry, or process viewer and actually files and directories may not be seen from the command prompt as well, in some cases, I quote from Mark's Blog:
I therefore checked to see if I could examine the files within the hidden directory by opening a command prompt and changing into the hidden directory. Sure enough, I was able to enter and access MOST of the hidden files
From the Sony EULA, the ONLY reference to any software being installed http://www.sysinternals.com/blog/sony-eula.htm I quote:
As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the "SOFTWARE") onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise
Hmmm, well they just created a BACK-DOOR for anyone who has this root kit of theirs to get ("Personal Information").
Sony even made sure the Root Kit would Load in Safe Mode as well, I quote from Mark's Blog:
As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\Control\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting.
For all Practical purposes Sony has disabled ALL protection from Viri, Spyware, Trojans and Root Kits on the computers that installed their Root Kit IF that Malware uses a $sys$ cloak! for the vast majority of Microsoft Windows computer users.
So IF/WHEN someone creates OTHER Root kits, Viri, Trojans, Spyware that uses this $sys$ cloaking ("Installed Courtesy of Sony") and ANY damage is done to a system because of it, who is responsible for said damage?
Any comments?
This does NOT do streaming, but it does allow storage using the Free Space of any Hard Drive of a PC on your Network. This means that even with a 32Meg Memory Stick, you can still use all the PSP Portals Know to Man Kind and store tons of Videos and Music as well. You can access these files worldwide simple by also using port forwardng on your wireless router, it's a simple http server, and it's FREE. More info here: http://testing.onlytherightanswers.com/modules.php ?name=News&file=article&sid=30
ONLINE PSP Portal: http://testing.onlytherightanswers.com/winportal.h tml
And the Virtual Keyboards and Browsers:
http://testing.onlytherightanswers.com/modules.php ?name=News&file=article&sid=27
Thanks
Sorry, we got SWAMPED by the initial Hits from Slashdot, so you can now get to the Original link as well:
http://testing.onlytherightanswers.com/modules.php ?name=News&file=article&sid=29
For the Moment we are upgrading out server due to the load from here, so PLEASE go here: http://boardsus.playstation.com/playstation/board/ message?board.id=pspnet&message.id=56036
Sorry Everyone, our host was offline for a time there, you should now be able to reads the PSP Browser Guide now at: http://testing.onlytherightanswers.com/modules.php ?name=News&file=article&sid=27
Since the Sony PSP keyboard is so ("Cell Phone Like") try this one out. http://testing.onlytherightanswers.com/modules.php ?name=News&file=article&sid=27
http://testing.onlytherightanswers.com/modules.php ?name=News&file=article&sid=26
Yep, that's why I placed a link to another place to get the download on my site, many people complained about the firmware in the link of the story, so I looked around and tested another version. Maybe the one in the story is Buggy, not sure if they are the same or not. The version I used is working great, so I don't want to try loading the other.
The PSP only likes WEP open keys or Auto/Both "Means the same depending on Wireless Router". So, If you are having connection problems, check your router. Hope this helps, spent an hour learning the hard way.
Sorry for the Typos, but I think you get my point
A GREAT example would be show them Open Office: http://openoffice.org/ ask and tell them they can install this on their systems at home, to communicate with work as well. It shows them just how much money they can save using open source concepts and also saves them a ton of money instead of them needing to purchase a version of Microsoft Office form their home systems and at their cost. You could also explain, that unlike Microsoft Office, when a bug is found in this software because you have he source, you can fix it, instead of waiting for patches from Microsoft. Heck, if you can convince your office to use it, you just might save the company a TON of money as well ;-)
OK, I do agree with the access problems, based on state, here is a list of access laws by state, then do a search on the LAW number to get detail. http://www.crime-research.org/library/State.pdf I however can find no law about using a CAN,lol for CA or Sacramento County law
By allowing some of their internals to be more public than other search engines they gain an edge by in most cases having the webmasters who already run Google Ads on their site try and climb there way to the top. If they can't get you to pay for your web site advertising, they can at least make sure you have a way to have their Ads on more top pages of keywords. Hey, what more could you ask for?
The only way you can get all color hats to really use their talents to rip apart, test, and validate where holes are located is CASH! Maybe, just maybe some standards will evolve on how to properly design, write and test software prior to releasing it to the public. There is no excuse with the tools available today for some of this stuff to actually make it past a QA department evaluation. If companies want others to locate problems, there is no reason why those OTHERS should not be paid for their time and effort.
This concept of physical access required is insane at best. Done right, almost any device can be re-flashed, if a buffer-overflow is created by a payload, not only can the drivers be infected but the flash-memory itself can be infected. A good example is this: http://www.geocities.com/mamanzip/Articles/Low_Cos t_Embedded_x86_Teaching_Tool.html
Note: this was done using the boot-from-lan option for testing, most devices can execute code at boot, no mater what the boot-from option is.
As software becomes more patched, I would worry about legacy harware in the future. This is one of many exploits heading in that direction.