 |
 Home Guild Forums News Search Projects Community Members options Web
 Calendar
|
|
|
|
|
DEF CON is one of the oldest continuous running hacker conventions around, and also one of the largest.
Many of the attendees at DEF CON include computer security professionals, journalists, lawyers, federal government employees, crackers, and hackers with a general interest in computer code and computer architecture. The event consists of several tracks of speakers about computer- and hacking-related subjects, as well as social events and contests in everything from creating the longest Wi-Fi connection and cracking computer systems to who can most effectively cool a beer in the Nevada heat.
DEF CON 18 will happen July 30th - August 1, 2010 at the Riviera Hotel & Casino. Admission is $140 USD at the door (no pre-registration available). |
|
 Score: 0
Posted by Tessil Thursday, July 29, 2010 (01:00:00) |
|
| Windows WMF Vulnerability |
A serious new remotely exploitable vulnerability has been discovered in Microsoft Windows' image processing code.
UNTIL THE PATCH IS APPLIED, ANY ATTEMPT TO DISPLAY A MALICIOUS IMAGE IN WINDOWS COULD INSTALL MALICIOUS SOFTWARE INTO THE COMPUTER.
This exploit can be triggered by a malicious Windows Metafile (WMF) image, regardless of the image extension (e.g. .gif, .jpg, .png etc) in any program (e.g. Firefox, Opera, MSN Messenger, IrfanView, MS Office, previewing the image in Windows, indexing by Google Desktop - everything is affected).
All versions of Windows from Windows 98 through ME, NT, 2000, XP, and 2003 are known to be vulnerable, and a large and rapidly growing number of malicious exploits (57 at last count) are already circulating in the wild. They are being actively used to install malware and Trojans into user's machines. Viruses and worms are expected to appear shortly.
Although NOT a complete solution, Microsoft has recommended temporarily disabling the automatic display of some images by the operating system and web browser. This can be done, as detailed below, by "unregistering" the "SHIMGVW.DLL" Windows DLL. THIS IS NOT A COMPLETE SOLUTION, but it significantly lowers the risk from this vulnerability from web surfing.
Steve Gibson has provided additional details and a fix on his security blog at www.grc.com/sn/notes-020.htm. Note that Ilfak Guilfanov's WMF patch has been superceeded by the release of the official Microsoft patch via Windows Update on January 5th (ahead of the scheduled date of January 10th).
There is a Microsoft Security Advisory, Slashdot Article, and an article on Google News discussing the vulnerability.
UPDATE: Currently no patch is available for Windows 95, 98, and ME; however, GRC has committed to providing a solution for those users should Microsoft fail to provide one. Users of those operating systems should check Steve Gibson's blog at the link provided above.
UPDATE2: Two new Metafile bugs have been found, just a week after the patching of previous critical WMF issues. These bugs are not addressed by MS06-001. Microsoft is currently classing the new problems as "performance issues" and that they do not allow an attacker to run code or crash the operating system (but may cause the WMF application to crash). |
|
Score: 0
Posted by Tessil Wednesday, January 04, 2006 (12:45:02) |
|
| Sony DRM Rootkit: More Sordid Details |
a Finnish researcher named Muzzy noticed a vulnerability in the web-based uninstaller that Sony offers to users who want to remove the First4Internet XCP copy protection software. For affected users, this represents a far greater security risk than even the original Sony rootkit.
The consequences of the flaw are severe. It allows any web page you visit to download, install, and run any code it likes on your computer. Any web page can seize control of your computer; then it can do anything it likes. That's about as serious as a security flaw can get.
The root of the problem is a serious design flaw in Sony's web-based uninstaller. When you first fill out Sony's form to request a copy of the uninstaller, the request form downloads and installs a program - an ActiveX control created by the DRM vendor, First4Internet - called CodeSupport. CodeSupport remains on your system after you leave Sony's site, and it is marked as safe for scripting, so any web page can ask CodeSupport to do things. One thing CodeSupport can be told to do is download and install code from an Internet site. Unfortunately, CodeSupport doesn't verify that the downloaded code actually came from Sony or First4Internet. This means any web page can make CodeSupport download and install code from any URL without asking the user's permission.
USA Today reports that Sony will recall the affected CDs. Discs in the supply chain will not be sold, and customers who have already bought discs will be able to exchange them. |
|
Score: 0
Posted by Tessil Monday, November 21, 2005 (11:33:29) |
|
| Sony BMG - Too Little, Too Late... |
Sony has offered a sort of "fix" for the DRM rootkit that was discovered by Mark Russinovich over at Sysinternals on his recently-purchased Get Right with the Man (the name is ironic under the circumstances) CD by the Van Zant brothers. The new DRM scheme has been widely reported on Slashdot, C|Net, PC Pro, The Inquirier, The Register, and The Washington Post.
Leo Laporte also interviewed Steve Gibson from GRC.com details and consequences of Sony Corporation's alarming "Rootkit" DRM (digital rights management) copy protection scheme.
"November 2, 2005 - This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers."
The updates site initially prompts the user to install an ActiveX control which detects if there is an XCP - Aurora installation and then selects the most appropriate update. To remove this activeX control simply open the folder "%SYSTEMROOT%\downloaded program files" (On a windows XP computer with a default installation the %SYSTEMROOT% folder will be "C:\Windows") and delete the file "codesupport.ocx".
When the activeX control has been installed the Updates Site will display one of two screens. The updates site will either inform you that it cannot find an XCP installation or it will offer the download of Service Pack 2. [Ed: Note that in this case Service Pack 2 refers to XCP, it's not related to the Microsoft Service Packs.] In addition to removing the cloaking, Service Pack 2 includes all fixes from the earlier Service Pack 1 update. "In order to ensure a secure installation," Service Pack 2 includes the newest version of all DRM components.
Be warned, the patch does not remove the DRM software, it merely updates it and removes the cloaking feature.
Instead of using the "uninstaller" (which uninstalls nothing), users can perform a safe decloaking by opening the Run dialog from the Start menu, entering "sc delete $sys$aries", and then rebooting. This sequence deletes the driver from the Windows Registry so that even though its image is still present on disk, the I/O system will not load it during subsequent boots. |
|
Score: 0
Posted by Tessil Thursday, November 03, 2005 (10:45:47) |
|
| Norton Windows Management Instrumentation (WMI) Update Available |
The Norton Windows Management Instrumentation (WMI) Update is now available through Symantec's LiveUpdate content distribution feature.
The update requires running LiveUpdate twice (once to update LiveUpdate, and once to add the WMI feature). After the second time that you run LiveUpdate, the Windows Security Center will accurately read Norton AntiVirus and Norton Personal Firewall as ON.
More information is available at the Symantec Windows XP Service Pack 2 information center. |
|
Score: 0
Posted by Admin Wednesday, August 11, 2004 (16:11:34) |
|
|
|
|
 |
| Guild Name: |
| | Clenched Fist |
| Server: |
| | Crushbone |
| Guild Level: 95 |
| Guild Status: N/A |
| Total Characters: 183 |
| Unique Members: 33 |
| Average Adv. Level: 57 |
| Average Art. Level: 29 |
| Date Formed: |
| | Wed, 12 Jan 2005 19:31:00 |
| Average Quests Completed: 444 |
| Total Rares Harvested: 8,314 |
| Total Items Crafted: 584,044 |
| Total Kills: 3,016,914 |
| Total PvP Kills: 0 |
| Total City PvP Kills: 0 |
| Total Wild PvP Kills: 0 |
| Total Deaths: 71,460 |
| Total Kills: 3,016,914 |
| Total Deaths: 71,460 |
| Kills vs. Deaths Ratio: 42 |
| Highest Guild Status Contributor: | | | Tulvarus (8,095,834) |
| Most Quests Complete: | | | Tulvarus (5,552) |
| Most Collections Complete: | | | Toukai (510) |
| Highest Max Melee Hit: | | | Glouciir (142,246,544) |
| Highest Max Magic Hit: | | | Ratul (69,847,342) |
| Most rares collected: | | | Tulvarus (977) |
| Most items crafted: | | | Tulvarus (356,510) |
| Longest Time Played: | | | Tulvarus (1 year 6 months 1 week 6 days 6 hours) |
Class Breakdown:
 | Fighter: 27 |
- Berserker: 4
- Guardian: 6
- Bruiser: 4
- Monk: 7
- Paladin: 6
- Shadow Knight: 0
| Priest: 25 |
- Templar: 4
- Inquisitor: 6
- Warden: 3
- Fury: 6
- Defiler: 2
- Mystic: 4
| Mage: 35 |
- Warlock: 6
- Wizard: 8
- Illusionist: 4
- Coercer: 6
- Necromancer: 6
- Conjuror: 5
| Scout: 35 |
- Brigand: 5
- Swashbuckler: 2
- Dirge: 6
- Troubador: 6
- Assassin: 2
- Ranger: 5
- Beastlord: 9
Trades Breakdown:
| Craftsman: 23 |
- Craftsman: 6
- Provisioner: 8
- Woodworker: 4
- Carpenter: 5
| Outfitter: 22 |
- Outfitter: 9
- Armorer: 6
- Weaponsmith: 3
- Tailor: 4
| Scholar: 23 |
- Scholar: 3
- Jeweler: 7
- Sage: 6
- Alchemist: 7
|
|
|
|
Last 10 Forum Messages
 LON Packs February 2013
Last post by Tulvarus in The Forum on Feb 02, 2013 at 21:20:27
SOE LIVE 2013
Last post by Tulvarus in The Forum on Feb 02, 2013 at 21:18:47
Moving in to a House
Last post by Tessil in The Forum on Aug 12, 2012 at 01:03:06
Computer Opinion
Last post by Tulvarus in The Forum on Dec 02, 2011 at 19:01:05
EQ2 BETA
Last post by Tulvarus in The Forum on Nov 06, 2011 at 11:38:26
Ask a Drunken dwarf
Last post by Oxonia in The Forum on Jul 28, 2011 at 02:24:35
Sony Data Breach Expanding in Scope, Important!
Last post by Tessil in The Forum on May 21, 2011 at 19:21:48
[Humor] Editorializin'
Last post by Tessil in The Forum on Apr 29, 2011 at 18:35:11
[Humor] It Only Doesn't
Last post by Tessil in The Forum on Apr 29, 2011 at 18:34:11
New Server, New Problems Come Gratis!
Last post by Tessil in The Forum on Apr 17, 2011 at 19:54:23
|
|
|
|
Content Menu
Latest: 
New Today: 0
New Yesterday: 0
Overall: 125
Members: 0
Visitors: 2
Total: 2
