Home Private Messages Search
   Toggle Content Content Menu

 Clenched Fist Hall of Honor
 Guild Policy
 Time Converter

   Toggle Content CPG Main Menu
 Home Guild Forums News Search Projects Community Members options Web
 Links

 Calendar

   Toggle Content User Info

Welcome Anonymous

Nickname
Password
Security CodeSecurity Code
Type Code

Membership:
Latest: mh370malastsia
New Today: 0
New Yesterday: 0
Overall: 129

People Online:
Members: 0
Visitors: 32
Total: 32
Who Is Where:
 Visitors:
01: Calendar
02: Community Forums
03: Calendar
04: Picture Gallery
05: Calendar
06: Calendar
07: Calendar
08: Calendar
09: Calendar
10: News
11: Calendar
12: Calendar
13: Calendar
14: Calendar
15: Calendar
16: Calendar
17: Calendar
18: Calendar
19: Calendar
20: Calendar
21: News
22: Calendar
23: Calendar
24: Calendar
25: Calendar
26: Calendar
27: Calendar
28: Calendar
29: Calendar
30: Picture Gallery
31: Calendar
32: Calendar

Staff Online:

No staff members are online!

 

The Clenched Fist: Security

Search on This Topic:   
[ Go to Home | Select a New Topic ]

 DEFCON 18 Opens!

Security DEF CON is one of the oldest continuous running hacker conventions around, and also one of the largest.

Many of the attendees at DEF CON include computer security professionals, journalists, lawyers, federal government employees, crackers, and hackers with a general interest in computer code and computer architecture. The event consists of several tracks of speakers about computer- and hacking-related subjects, as well as social events and contests in everything from creating the longest Wi-Fi connection and cracking computer systems to who can most effectively cool a beer in the Nevada heat.

DEF CON 18 will happen July 30th - August 1, 2010 at the Riviera Hotel & Casino. Admission is $140 USD at the door (no pre-registration available).
Printer Friendly PageScore: 0
Posted by Tessil Thursday, July 29, 2010 (01:00:00)

 Windows WMF Vulnerability

Security A serious new remotely exploitable vulnerability has been discovered in Microsoft Windows' image processing code.

UNTIL THE PATCH IS APPLIED, ANY ATTEMPT TO DISPLAY A MALICIOUS IMAGE IN WINDOWS COULD INSTALL MALICIOUS SOFTWARE INTO THE COMPUTER.

This exploit can be triggered by a malicious Windows Metafile (WMF) image, regardless of the image extension (e.g. .gif, .jpg, .png etc) in any program (e.g. Firefox, Opera, MSN Messenger, IrfanView, MS Office, previewing the image in Windows, indexing by Google Desktop - everything is affected).

All versions of Windows from Windows 98 through ME, NT, 2000, XP, and 2003 are known to be vulnerable, and a large and rapidly growing number of malicious exploits (57 at last count) are already circulating in the wild. They are being actively used to install malware and Trojans into user's machines. Viruses and worms are expected to appear shortly.

Although NOT a complete solution, Microsoft has recommended temporarily disabling the automatic display of some images by the operating system and web browser. This can be done, as detailed below, by "unregistering" the "SHIMGVW.DLL" Windows DLL. THIS IS NOT A COMPLETE SOLUTION, but it significantly lowers the risk from this vulnerability from web surfing.

Steve Gibson has provided additional details and a fix on his security blog at www.grc.com/sn/notes-020.htm. Note that Ilfak Guilfanov's WMF patch has been superceeded by the release of the official Microsoft patch via Windows Update on January 5th (ahead of the scheduled date of January 10th).

There is a Microsoft Security Advisory, Slashdot Article, and an article on Google News discussing the vulnerability.

UPDATE: Currently no patch is available for Windows 95, 98, and ME; however, GRC has committed to providing a solution for those users should Microsoft fail to provide one. Users of those operating systems should check Steve Gibson's blog at the link provided above.

UPDATE2: Two new Metafile bugs have been found, just a week after the patching of previous critical WMF issues. These bugs are not addressed by MS06-001. Microsoft is currently classing the new problems as "performance issues" and that they do not allow an attacker to run code or crash the operating system (but may cause the WMF application to crash).
Printer Friendly PageScore: 0
Posted by Tessil Wednesday, January 04, 2006 (12:45:02)

 Sony DRM Rootkit: More Sordid Details

Security a Finnish researcher named Muzzy noticed a vulnerability in the web-based uninstaller that Sony offers to users who want to remove the First4Internet XCP copy protection software. For affected users, this represents a far greater security risk than even the original Sony rootkit.

The consequences of the flaw are severe. It allows any web page you visit to download, install, and run any code it likes on your computer. Any web page can seize control of your computer; then it can do anything it likes. That's about as serious as a security flaw can get.

The root of the problem is a serious design flaw in Sony's web-based uninstaller. When you first fill out Sony's form to request a copy of the uninstaller, the request form downloads and installs a program - an ActiveX control created by the DRM vendor, First4Internet - called CodeSupport. CodeSupport remains on your system after you leave Sony's site, and it is marked as safe for scripting, so any web page can ask CodeSupport to do things. One thing CodeSupport can be told to do is download and install code from an Internet site. Unfortunately, CodeSupport doesn't verify that the downloaded code actually came from Sony or First4Internet. This means any web page can make CodeSupport download and install code from any URL without asking the user's permission.

USA Today reports that Sony will recall the affected CDs. Discs in the supply chain will not be sold, and customers who have already bought discs will be able to exchange them.
Printer Friendly PageScore: 0
Posted by Tessil Monday, November 21, 2005 (11:33:29)

 Sony BMG - Too Little, Too Late...

Security Sony has offered a sort of "fix" for the DRM rootkit that was discovered by Mark Russinovich over at Sysinternals on his recently-purchased Get Right with the Man (the name is ironic under the circumstances) CD by the Van Zant brothers. The new DRM scheme has been widely reported on Slashdot, C|Net, PC Pro, The Inquirier, The Register, and The Washington Post.

Leo Laporte also interviewed Steve Gibson from GRC.com details and consequences of Sony Corporation's alarming "Rootkit" DRM (digital rights management) copy protection scheme.

"November 2, 2005 - This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers."

The updates site initially prompts the user to install an ActiveX control which detects if there is an XCP - Aurora installation and then selects the most appropriate update. To remove this activeX control simply open the folder "%SYSTEMROOT%\downloaded program files" (On a windows XP computer with a default installation the %SYSTEMROOT% folder will be "C:\Windows") and delete the file "codesupport.ocx".

When the activeX control has been installed the Updates Site will display one of two screens. The updates site will either inform you that it cannot find an XCP installation or it will offer the download of Service Pack 2. [Ed: Note that in this case Service Pack 2 refers to XCP, it's not related to the Microsoft Service Packs.] In addition to removing the cloaking, Service Pack 2 includes all fixes from the earlier Service Pack 1 update. "In order to ensure a secure installation," Service Pack 2 includes the newest version of all DRM components.

Be warned, the patch does not remove the DRM software, it merely updates it and removes the cloaking feature.

Instead of using the "uninstaller" (which uninstalls nothing), users can perform a safe decloaking by opening the Run dialog from the Start menu, entering "sc delete $sys$aries", and then rebooting. This sequence deletes the driver from the Windows Registry so that even though its image is still present on disk, the I/O system will not load it during subsequent boots.
Printer Friendly PageScore: 0
Posted by Tessil Thursday, November 03, 2005 (10:45:47)

 Norton Windows Management Instrumentation (WMI) Update Available

Security The Norton Windows Management Instrumentation (WMI) Update is now available through Symantec's LiveUpdate content distribution feature.

The update requires running LiveUpdate twice (once to update LiveUpdate, and once to add the WMI feature). After the second time that you run LiveUpdate, the Windows Security Center will accurately read Norton AntiVirus and Norton Personal Firewall as ON.

More information is available at the Symantec Windows XP Service Pack 2 information center.
Printer Friendly PageScore: 0
Posted by Admin Wednesday, August 11, 2004 (16:11:34)

 
   Toggle Content Guild Wall of Fame
Guild Name:
 Clenched Fist
Server:
 Crushbone
Guild Level: 95
Guild Status: N/A
Total Characters: 194
Unique Members: 35
Average Adv. Level: 59
Average Art. Level: 29

Date Formed:
 Wed, 12 Jan 2005 19:31:00
Average Quests Completed: 447
Total Rares Harvested: 9,275
Total Items Crafted: 603,964

Total Kills: 3,272,892
Total PvP Kills: 0
Total City PvP Kills: 0
Total Wild PvP Kills: 0
Total Deaths: 75,427

Total Kills: 3,272,892
Total Deaths: 75,427
Kills vs. Deaths Ratio: 43

Highest Guild Status Contributor:
 Tulvarus (8,888,788)
Most Quests Complete:
 Tulvarus (5,671)
Most Collections Complete:
 Toukai (542)
Highest Max Melee Hit:
 Glouciir (142,246,544)
Highest Max Magic Hit:
 Ratul (69,847,342)
Most rares collected:
 Tulvarus (993)
Most items crafted:
 Tulvarus (358,570)
Longest Time Played:
 Tulvarus (1 year 7 months 3 weeks 2 days 10 hours)

Class Breakdown:
  • Fighter: 28
    • Berserker: 4
    • Guardian: 6
    • Bruiser: 5
    • Monk: 7
    • Paladin: 6
    • Shadow Knight: 0
  • Priest: 28
    • Templar: 5
    • Inquisitor: 6
    • Warden: 3
    • Fury: 6
    • Defiler: 3
    • Mystic: 5
  • Mage: 39
    • Warlock: 5
    • Wizard: 10
    • Illusionist: 5
    • Coercer: 7
    • Necromancer: 7
    • Conjuror: 5
  • Scout: 38
    • Brigand: 5
    • Swashbuckler: 2
    • Dirge: 6
    • Troubador: 6
    • Assassin: 2
    • Ranger: 7
    • Beastlord: 10

Trades Breakdown:
  • Craftsman: 25
    • Craftsman: 7
    • Provisioner: 8
    • Woodworker: 4
    • Carpenter: 6
  • Outfitter: 22
    • Outfitter: 7
    • Armorer: 6
    • Weaponsmith: 4
    • Tailor: 5
  • Scholar: 24
    • Scholar: 2
    • Jeweler: 8
    • Sage: 7
    • Alchemist: 7

   Toggle Content Forums Last Posts
Last 10 Forum Messages
 Practice/starter ex spouse stories
Last post by mh370malastsia in The Forum on Apr 17, 2014 at 11:46:14

 Everquest2 VS Cat
Last post by Diatomic in The Forum on Mar 31, 2014 at 20:31:49

 TOV Armor comparison
Last post by bordorg in The Forum on Feb 23, 2014 at 20:05:55

 SOE LIVE 2013 Tulvarus
Last post by Tulvarus in The Forum on Jul 29, 2013 at 20:15:58

 LON Packs February 2013
Last post by Tulvarus in The Forum on Feb 02, 2013 at 21:20:27

 SOE LIVE 2013
Last post by Tulvarus in The Forum on Feb 02, 2013 at 21:18:47

 Moving in to a House
Last post by Tessil in The Forum on Aug 12, 2012 at 01:03:06

 Computer Opinion
Last post by Tulvarus in The Forum on Dec 02, 2011 at 19:01:05

 EQ2 BETA
Last post by Tulvarus in The Forum on Nov 06, 2011 at 11:38:26

 Ask a Drunken dwarf
Last post by Oxonia in The Forum on Jul 28, 2011 at 02:24:35


   Toggle Content Coming Events
April 2014
SMTWTFS
01 02 03 04 05
06 07 08 09 10 11 12
13 14 15 16 17 19
20 21 22 23 24 25 26
27 28 29 30

Sun Apr 20, 2014
Event Moonlight Enchantments Begins
Event Easter
 
Mon Apr 21, 2014
Event Moonlight Enchantments Ends
 
Tue Apr 22, 2014
Event Earth Day
 

   Toggle Content Useful Links
The Dragons Armory - Character analysis
The EQ2 Wire - Breaking News and Commentary
EQ2i - The EverQuest II Wiki
EQ2U - Live Game and Character Data
EQ2Interface - User Interface Mods and Add-ins

Adornment Calculator
Guide to Velious Armor
EQ2Achieve

EQ2 Decorators
EQ2 Traders
Everseek - Furniture and House Items

   Toggle Content Information

CPG Dragonfly CMS

Powered by GNU

Powered by Apache

Powered by PHP

Protected by Suhosin

Powered by MySQL

W3C CSS

W3C XHTML 1.0

Valid CSS! Valid XHTML 1.0!
The logos and trademarks used on this site are the property of their respective owners.
We are not responsible for content posted by our users, the individual user assumes full responsibilty.
You can syndicate our news using the file news.php (RSS 0.91), or news2.php (RSS 2.0).

Interactive software released under GNU GPL, Code Credits, Privacy Policy