Does his 1 million Zunes sold count the devices that were bought and returned within a 30-day period in exchange for an iPod? I personally know of at least a dozen people who have done so.
I just can't believe that someone would actually pay over $200 for this piece of junk. I'd rather buy something from Apple or Samsung than waste two Benjamins and a Grant for something that resembles the design and architecture put in to the XBox 360 power brick.
Typical University IT people not knowing what the hell they are dealing with. Think this "breach" was a big deal? Think again.
Know how to use the Windows Registry? You'll love how simple this is...
Cisco Clean Access looks for several registry keys that determine which Windows patches are installed and which are not. It also looks for registry info to give the system a look at what anti-virus package they are running and which DAT file they have. Basically, all his program would need to do is create entries in the registry in the locations where Clean Access would look. It would defeat the security check and the remediation process very easily.
This is not a vulnerability, it is the means in which the system works.
1. User connects to the network. When a browser is launched, the user is redirected and prompted to install the Clean Access Agent from the Clean Access Server. 2. The user is presented with a login box where he/she would log into the system. 3. The Clean Access Agent checks for several registry flags to determine which Windows Updates are installed and what anti-virus/anti-spyware is installed. It will also check the registry for anti-virus/anti-spyware DAT/REG file date and versions. 4. If the system is not up to date, they are passed to a temporary role (remediation stage) where they are only permitted to selected sites to download the updates they need. 5. Users are left in the temporary role until they fulfill the logon requirements. Once the requirements have been completed, they are passed to the main role allowing full access to the network.
Now...for the easy part...
Wanna get around the CCA check without installing patch KB918439? Create the following registry keys ending with Filelist. [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Wi ndows XP\SP3\KB918439\Filelist\]
How about getting around AV installation (McAfee VirusScan Enterprise as an example)? Create the following registry keys ending with VirusScan Enterprise. [\HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\]
How about getting around a forced DAT update? Create the following registry keys ending with CurrentVersion. Also create a string value called szVirDefVer with the value greater than 5018. [\HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\]
The wife's PowerBook G3 Pismo runs Tiger just fine on 512MB of RAM and a 500MHz processor. Actually, I would LOVE to see Vista's "pretty" UI even think about running on an 8MB ATI Rage 128 chipset. Transparencies, Dashboard (everything but wave effects), Expose, OpenGL games....it all works great on a system that's 7 years old.
Heck my own PowerBook G4 1.5 had 512MB of RAM up until several months ago when I couldn't pass up a deal on a 512MB stick. Just 768MB of RAM and my dock is filled with a ton of black triangles.:-)
Cisco's Clean Access system does not work properly with Windows Vista. Clean Access is used in a lot of college environments in order to help keep student, staff, and faculty machines from being compromised. Clean Access acts as a point of authentication to allow a user access to the network, but that is not its main focus. In conjunction with the Clean Access Agent for Windows, it can also check if Windows Updates, Antispyware and Antivirus packages are installed and up to date. These packages can be set to either be optional or mandatory by the Clean Access administrator.
Clean Access (at this time) detects Vista as an unsupported operating system. However, there are workarounds that allow the agent to be installed and launch on Vista. The workaround does not perform any of the checks to make sure Vista has all of its patches installed or if it has antivirus loaded. So, in a nutshell, it is just acting as a point of authentication to the network at this time.
It seems to amaze me that Microsoft and a huge company like Cisco couldn't get this software Vista ready for when Vista was available. Cisco has been promising an upgrade to Vista compatibility for sometime in April. A little late especially when Vista boxes already are targets of attack from exploits such as animated cursor crap...
Wait! I have the answer! Just install WinAntiVirus and WinAntiSpyware Pro 2006! It'll download the Trojan, you pay your $24 or whatever, and it all disappears!
Wait...what's that "annoying as hell" flashing icon in my taskbar for...?
I still think Apple should have pushed to get Copland 8 released. (I still have a copy of the intro CD that they released showing off the features) The gap between stunning Apple technology and Microsoft's antiquated crap would be even wider than it is now. That's too bad that Microsoft can't invent anything, they just buy companies that have already invented something that they think will be the next best thing. Bungie, anyone?
Microsoft is eventually going to bury themselves by building on and supporting the same old stuff that was in use 15 years ago. It is time for them to let go and realize that they need to build something "advanced" and not just "good enough" or "compatible".
Microsoft apps..."They're EVERYWHERE!", just like the pfhor...
That has to be the lamest hack I have ever seen. First of all, he was using a 3rd party wireless device, not the wireless radio actually built into the Mac. If he was so sure that his hack exploits a hole in the Apple, why didn't he just hack it through the AirPort built-in radio? How many people are actually going to go out and buy an external wireless device for a notebook that already has it built-in?
Your only reason for actually purchasing a second wireless radio would be for sniffing or packet reinjections. This is nothing but a stunt to put his name out there for people to notice. Of course, you're going to get some technologically challenged bonehead to believe him and run with it. He knows that and so do we.
Most Mac users have an arrogance about them, however, as "stupid" as you think they are, they know the difference between a serious security hole and one to yawn about. If you ask me, turning on FTP would be a bigger threat than having your Mac hacked through a wireless radio that probably.0001 % of the Mac population actually owns (and will use religiously).
Frying transistors and such on hard drives are not new news. Some of the Quantum Fireball (what a name to go with it all) 10-20GB drives had failure of this sort. The drives were common in the Gateway E-3400 and Apple iMac DV Special Edition series computers. During failure, you'll commonly hear a whistle noise followed by a 'POP' and your system either locking up or powering off.
I have two Quantum Fireball 13GB drives with similar damage to the drive controller.
It sucks that this guy's data is basically gone due to the scorched platters. In most cases you'd have to locate a replacement controller board if you wanted your data back. (or unless you want to pay to send it to a data recovery company)
'Almost always' doesn't mean 'always'. I know several people that were charged $89.00 an hour (discounted rate through some promotion) to remove spyware/malware from their systems. Also, $249.00 to install an operating system...it might as well be $125.00 an hour since it takes 2 hours to install and patch the thing. I understand that the Geek Squad technicians do not actually receive anywhere near this amount of cash for doing the work. Everyone has to admit that since Best Buy took over Geek Squad, their choice of new employee technical skill has become less than acceptable when charging a customer $249 for a lousy OS installation. A reinstall of Windows XP including data transfer back and forth to the box is almost worth just buying a new PC (in which they try to get you to buy a computer from Best Buy). While I may not know the details of how things are added up, but if they work the same way they are posted on the website, you're looking at the following:
$229 for data backup
$249 for OS install
$129 for customization and optimization (which should be free with the OS install)
$159 if the machine needs an extra stick of RAM (plus cost of RAM)
$129 for basic software installation (Office, Anti-Virus, Flash, Shockwave, RealPlayer, iTunes/Quicktime, Java 2, and any other end-user software needs - plus the cost of software)
So now we're looking at $736 which you can buy a shiny new Dell for. This price does not include the memory installation either. Can you say...RIP OFF!?
Also, for those of you who shop flea markets, you won't see my hard drive containing my personal data for sale anywhere... http://news.yahoo.com/s/wlwt/20060601/lo_wlwt/9303 216/ I would never let Best Buy touch any of my equipment, you should all feel the same way.
Wow, it seems that nobody is here to back Best Buy's Geek Squad...
They're probably too busy playing Halo and screaming "pwn joo l33t styl3" to read anything about the advancement of technology that actually matters.
To those pre-Best Buy Geek Squad employees...I hope you find a better job before the whole boat tips over. Pretty soon they'll be telling the Mac PowerPC users to install Windows XP, cause Macs can run Windows.... (natively;-))
The Geek Squad is just a glorified title for an average Joe who thinks he/she knows how to fix a computer. Best Buy forces them to wear a shirt and tie so that they look more professional, because even Best Buy knows they're not worth the $125.00 an hour they charge for on-site jobs. I work for a University tech support group that has to constantly remove spyware/malware and Internet worms from computers that were supposedly cleaned by Best Buy's "elite" Geek Squad. The sad part is that not a single one of them had anything that required more than just dumping temp files in several locations in the system. No registry editing, no pulling services, not even rooting through system32 looking for spyware marked as hidden system files.
Training won't help these people, nor will Best Buy ever hire anyone with the expertise to charge $125 an hour, because Best Buy wouldn't be satisfied with making only 20% profit off of their hard work. You can teach a dog new tricks, but you can't teach him to drive a car and get a job.
I guess the state of Louisiana has nothing better to do than worry about violent video games making killers out of good little boys and girls. Cause everyone knows that it's up to the government to babysit the kids of irresponsible parents. Maybe if the state would spend less time worrying about animated pixels and more time creating good paying jobs, parents wouldn't have to work 765873294293847 hours a day just to put food on the table.
As much of a ramble this may be, I can still speak better than YOUR president.
Being a long-standing member of the computer/console emulation community, I have seen many applications written in native code and some in other languages such as Java. If applications such as these are rewritten in non-native forms, we are looking at the emulation community taking a HUGE hit no matter how fast processors get. The whole point of emulation is the fine balance between compatibility and performance. Programmers who are looking to emulate processor intensive devices are going to use machine code, most likely assembler, to make their creation worthwhile to the average user. Not everyone will have a top-of-the-line processor every year one is released.
Some programmers in the emulation world have opted for exact cycle emulation which is already a huge exchange of performance for compatibility. Coding this type of application in non-native form would make demands on the processor increase, causing an energy-saving processor to use more electricity to run an application.
While this may not seem to be a concern of an individual, it would actually cost a business with multiple computing units more money in energy usage over the course of a year or so. Some businesses do use emulation technologies in a lot of areas; not all are emulated on hardware expansion devices either.
If they're going to continue Windows 98 support, I wanna see a build for Mac OS 9. Why the inequality? Marketshare should be a small determining factor for most open source software anyway. Isn't that part of what the whole open source idea is all about?
You sound like you work for Microsoft or have no desire to keep your computer and its contents to yourself. Yeah, Microsoft isn't gonna actually "spy" on you, nor will they look at any of your personal information. But it seems our government over the last 6 years has a problem with properly interpreting Constitutional rights to free speech and privacy. If you question their motives, you're a terrorist. If you continue your thoughts or actions against us, you are allowing the terrorists to win. Bullshit. AT&T allowed the NSA to wiretap lines without notifying its users, who's to say that Microsoft won't do the same? Well, I guess you're just "renting" the use of your glorious operating system anyway...they'll do what they damn well please with it.
Slashdot Mirror
Does his 1 million Zunes sold count the devices that were bought and returned within a 30-day period in exchange for an iPod? I personally know of at least a dozen people who have done so.
I just can't believe that someone would actually pay over $200 for this piece of junk. I'd rather buy something from Apple or Samsung than waste two Benjamins and a Grant for something that resembles the design and architecture put in to the XBox 360 power brick.
Oooh, watemelon red! I can't wait...
What a crock-o-blank,
i ndows XP\SP3\KB918439\Filelist\]
;-)
Typical University IT people not knowing what the hell they are dealing with. Think this "breach" was a big deal? Think again.
Know how to use the Windows Registry? You'll love how simple this is...
Cisco Clean Access looks for several registry keys that determine which Windows patches are installed and which are not. It also looks for registry info to give the system a look at what anti-virus package they are running and which DAT file they have. Basically, all his program would need to do is create entries in the registry in the locations where Clean Access would look. It would defeat the security check and the remediation process very easily.
This is not a vulnerability, it is the means in which the system works.
1. User connects to the network. When a browser is launched, the user is redirected and prompted to install the Clean Access Agent from the Clean Access Server.
2. The user is presented with a login box where he/she would log into the system.
3. The Clean Access Agent checks for several registry flags to determine which Windows Updates are installed and what anti-virus/anti-spyware is installed. It will also check the registry for anti-virus/anti-spyware DAT/REG file date and versions.
4. If the system is not up to date, they are passed to a temporary role (remediation stage) where they are only permitted to selected sites to download the updates they need.
5. Users are left in the temporary role until they fulfill the logon requirements. Once the requirements have been completed, they are passed to the main role allowing full access to the network.
Now...for the easy part...
Wanna get around the CCA check without installing patch KB918439? Create the following registry keys ending with Filelist.
[\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\W
How about getting around AV installation (McAfee VirusScan Enterprise as an example)? Create the following registry keys ending with VirusScan Enterprise.
[\HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\]
How about getting around a forced DAT update? Create the following registry keys ending with CurrentVersion. Also create a string value called szVirDefVer with the value greater than 5018.
[\HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\]
Heh...that wasn't so bad...was it?
The wife's PowerBook G3 Pismo runs Tiger just fine on 512MB of RAM and a 500MHz processor. Actually, I would LOVE to see Vista's "pretty" UI even think about running on an 8MB ATI Rage 128 chipset. Transparencies, Dashboard (everything but wave effects), Expose, OpenGL games....it all works great on a system that's 7 years old.
:-)
Heck my own PowerBook G4 1.5 had 512MB of RAM up until several months ago when I couldn't pass up a deal on a 512MB stick. Just 768MB of RAM and my dock is filled with a ton of black triangles.
Requiring 1GB to run Mac OS X is a joke...
Cisco's Clean Access system does not work properly with Windows Vista. Clean Access is used in a lot of college environments in order to help keep student, staff, and faculty machines from being compromised. Clean Access acts as a point of authentication to allow a user access to the network, but that is not its main focus. In conjunction with the Clean Access Agent for Windows, it can also check if Windows Updates, Antispyware and Antivirus packages are installed and up to date. These packages can be set to either be optional or mandatory by the Clean Access administrator.
Clean Access (at this time) detects Vista as an unsupported operating system. However, there are workarounds that allow the agent to be installed and launch on Vista. The workaround does not perform any of the checks to make sure Vista has all of its patches installed or if it has antivirus loaded. So, in a nutshell, it is just acting as a point of authentication to the network at this time.
It seems to amaze me that Microsoft and a huge company like Cisco couldn't get this software Vista ready for when Vista was available. Cisco has been promising an upgrade to Vista compatibility for sometime in April. A little late especially when Vista boxes already are targets of attack from exploits such as animated cursor crap...
In case anyone happened to miss this on the MoKB site...
6 .html
Be sure to have your speakers turned on and up.
http://projects.info-pull.com/mokb/MOKB-26-11-200
Wait! I have the answer! Just install WinAntiVirus and WinAntiSpyware Pro 2006! It'll download the Trojan, you pay your $24 or whatever, and it all disappears!
Wait...what's that "annoying as hell" flashing icon in my taskbar for...?
I still think Apple should have pushed to get Copland 8 released. (I still have a copy of the intro CD that they released showing off the features) The gap between stunning Apple technology and Microsoft's antiquated crap would be even wider than it is now. That's too bad that Microsoft can't invent anything, they just buy companies that have already invented something that they think will be the next best thing. Bungie, anyone?
Microsoft is eventually going to bury themselves by building on and supporting the same old stuff that was in use 15 years ago. It is time for them to let go and realize that they need to build something "advanced" and not just "good enough" or "compatible".
Microsoft apps..."They're EVERYWHERE!", just like the pfhor...
That has to be the lamest hack I have ever seen. First of all, he was using a 3rd party wireless device, not the wireless radio actually built into the Mac. If he was so sure that his hack exploits a hole in the Apple, why didn't he just hack it through the AirPort built-in radio? How many people are actually going to go out and buy an external wireless device for a notebook that already has it built-in?
.0001 % of the Mac population actually owns (and will use religiously).
Your only reason for actually purchasing a second wireless radio would be for sniffing or packet reinjections. This is nothing but a stunt to put his name out there for people to notice. Of course, you're going to get some technologically challenged bonehead to believe him and run with it. He knows that and so do we.
Most Mac users have an arrogance about them, however, as "stupid" as you think they are, they know the difference between a serious security hole and one to yawn about. If you ask me, turning on FTP would be a bigger threat than having your Mac hacked through a wireless radio that probably
Frying transistors and such on hard drives are not new news. Some of the Quantum Fireball (what a name to go with it all) 10-20GB drives had failure of this sort. The drives were common in the Gateway E-3400 and Apple iMac DV Special Edition series computers. During failure, you'll commonly hear a whistle noise followed by a 'POP' and your system either locking up or powering off.
I have two Quantum Fireball 13GB drives with similar damage to the drive controller.
It sucks that this guy's data is basically gone due to the scorched platters. In most cases you'd have to locate a replacement controller board if you wanted your data back. (or unless you want to pay to send it to a data recovery company)
'Almost always' doesn't mean 'always'. I know several people that were charged $89.00 an hour (discounted rate through some promotion) to remove spyware/malware from their systems. Also, $249.00 to install an operating system...it might as well be $125.00 an hour since it takes 2 hours to install and patch the thing. I understand that the Geek Squad technicians do not actually receive anywhere near this amount of cash for doing the work. Everyone has to admit that since Best Buy took over Geek Squad, their choice of new employee technical skill has become less than acceptable when charging a customer $249 for a lousy OS installation. A reinstall of Windows XP including data transfer back and forth to the box is almost worth just buying a new PC (in which they try to get you to buy a computer from Best Buy). While I may not know the details of how things are added up, but if they work the same way they are posted on the website, you're looking at the following:
3 216/ I would never let Best Buy touch any of my equipment, you should all feel the same way.
$229 for data backup
$249 for OS install
$129 for customization and optimization (which should be free with the OS install)
$159 if the machine needs an extra stick of RAM (plus cost of RAM)
$129 for basic software installation (Office, Anti-Virus, Flash, Shockwave, RealPlayer, iTunes/Quicktime, Java 2, and any other end-user software needs - plus the cost of software)
So now we're looking at $736 which you can buy a shiny new Dell for. This price does not include the memory installation either. Can you say...RIP OFF!?
Also, for those of you who shop flea markets, you won't see my hard drive containing my personal data for sale anywhere... http://news.yahoo.com/s/wlwt/20060601/lo_wlwt/930
Wow, it seems that nobody is here to back Best Buy's Geek Squad...
;-))
They're probably too busy playing Halo and screaming "pwn joo l33t styl3" to read anything about the advancement of technology that actually matters.
To those pre-Best Buy Geek Squad employees...I hope you find a better job before the whole boat tips over. Pretty soon they'll be telling the Mac PowerPC users to install Windows XP, cause Macs can run Windows.... (natively
The Geek Squad is just a glorified title for an average Joe who thinks he/she knows how to fix a computer. Best Buy forces them to wear a shirt and tie so that they look more professional, because even Best Buy knows they're not worth the $125.00 an hour they charge for on-site jobs. I work for a University tech support group that has to constantly remove spyware/malware and Internet worms from computers that were supposedly cleaned by Best Buy's "elite" Geek Squad. The sad part is that not a single one of them had anything that required more than just dumping temp files in several locations in the system. No registry editing, no pulling services, not even rooting through system32 looking for spyware marked as hidden system files.
Training won't help these people, nor will Best Buy ever hire anyone with the expertise to charge $125 an hour, because Best Buy wouldn't be satisfied with making only 20% profit off of their hard work. You can teach a dog new tricks, but you can't teach him to drive a car and get a job.
I guess the state of Louisiana has nothing better to do than worry about violent video games making killers out of good little boys and girls. Cause everyone knows that it's up to the government to babysit the kids of irresponsible parents. Maybe if the state would spend less time worrying about animated pixels and more time creating good paying jobs, parents wouldn't have to work 765873294293847 hours a day just to put food on the table.
As much of a ramble this may be, I can still speak better than YOUR president.
Being a long-standing member of the computer/console emulation community, I have seen many applications written in native code and some in other languages such as Java. If applications such as these are rewritten in non-native forms, we are looking at the emulation community taking a HUGE hit no matter how fast processors get. The whole point of emulation is the fine balance between compatibility and performance. Programmers who are looking to emulate processor intensive devices are going to use machine code, most likely assembler, to make their creation worthwhile to the average user. Not everyone will have a top-of-the-line processor every year one is released. Some programmers in the emulation world have opted for exact cycle emulation which is already a huge exchange of performance for compatibility. Coding this type of application in non-native form would make demands on the processor increase, causing an energy-saving processor to use more electricity to run an application. While this may not seem to be a concern of an individual, it would actually cost a business with multiple computing units more money in energy usage over the course of a year or so. Some businesses do use emulation technologies in a lot of areas; not all are emulated on hardware expansion devices either.
If they're going to continue Windows 98 support, I wanna see a build for Mac OS 9. Why the inequality? Marketshare should be a small determining factor for most open source software anyway. Isn't that part of what the whole open source idea is all about?
You sound like you work for Microsoft or have no desire to keep your computer and its contents to yourself. Yeah, Microsoft isn't gonna actually "spy" on you, nor will they look at any of your personal information. But it seems our government over the last 6 years has a problem with properly interpreting Constitutional rights to free speech and privacy. If you question their motives, you're a terrorist. If you continue your thoughts or actions against us, you are allowing the terrorists to win. Bullshit. AT&T allowed the NSA to wiretap lines without notifying its users, who's to say that Microsoft won't do the same? Well, I guess you're just "renting" the use of your glorious operating system anyway...they'll do what they damn well please with it.