Tweet
can't blame you for dropping ST - it was getting ridiculous when I left CT in 2006.
-
Got Kneecaps? -
Depending on your weather at sunset, a sliver of the moon and Venus will be side by side. And if you have a clear view of the horizon, you might see Mercury too just for a short few seconds before it sets after the sun. Jupiter will join them later this month.
Mars (almost straight up) and Saturn (rising in the east an hour or so later) have been clearly visible the last month or two.------------
<<< Jana Cova ...again (8 <<<Comment
-
and Uranus will still be on YT's screen saver slide show........The only logical explanation is:
I'm about to die and this is my Jacob's LadderComment
-
Yeah, but you can't see it with the naked eye.------------
<<< Jana Cova ...again (8 <<<Comment
-
I long for a Lions team that is consistently competitive.Comment
-
...of planet Earth I presume you to be speaking.Originally posted by Malto Marko View Post------------
<<< Jana Cova ...again (8 <<<Comment
-
Just paid a visit the Microsoft Store in Scottsdale AZ.
I'm not a gadget junkie (at all) so I wasn't all that jazzed about the place, but they did have a demo of a 3D TV (getting a 3D signal from a PC) that was very very cool. I've been skeptical of 3D in the consumer market and still am, but I have to admit I was impressed by what I saw.Comment
-
3d porn.......... yikesThe only logical explanation is:
I'm about to die and this is my Jacob's LadderComment
-
did they have anything regarding windows phone 7?
I'm very excited about that one...more excited than I am for a 4G Android for some reason"Low on the totem, till he showed 'em defiance, giant scrotum"Comment
-
MS Virtual PC exploit (not hyper V)
http://blogs.zdnet.com/security/?p=5742&tag=nl.e550
An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft’s Virtual PC virtualization software to malicious hacker attacks.
The vulnerability, which is unpatched, essentially allows an attacker to bypass several major security mitigations — Data Execution Prevention (DEP), Safe Exception Handlers (SafeSEH) and Address Space Layout Randomization (ASLR) — to exploit the Windows operating system.
As a result, some applications with bugs that are not exploitable when running in a not-virtualized operating system are rendered exploitable if running within a guest OS in Virtual PC, according to Ivan Arce, chief technology officer at Core.
The flaw, discovered by Core exploit writer Nicolas Economou, exists in the memory management of the Virtual Machine Monitor. It causes memory pages mapped above the 2GB level to be accessed with read or read/write privileges by user-space programs running in a Guest operating system.follow Ryan Naraine on twitter <http://twitter.com/ryanaraine>
Affected software includes Microsoft Virtual PC 2007, Virtual PC 2007 SP1, Windows Virtual PC and Microsoft Virtual Server 2005. On Windows 7 the XP Mode feature is also affected by the vulnerability.
In particular, a vulnerable application running in Windows XP Mode on Windows 7 may be exploitable in a virtual environment, while the same application running directly on a Windows XP SP3 operating system is not.
Microsoft Hyper-V technology is not affected by this problem.
http://i.zdnet.com/blogs/2008/12/ivan_arce.jpg <http://blogs.zdnet.com/security/?p=5742> Arce said Core reported the flaw to Microsoft last August — more than seven months ago — but after back-and-forth discussions, the company decided it would not issue a security bulletin to provide patches.
“They [Microsoft] said that they agreed with our assessment of the problem, that it makes DEP/SafeSEH and ASLR bypassable. However, they say it doesn’t meet their criteria for a security bulletin and that they’ll fix in a service pack or a future product update,” Arce explained in a telephone interview from his office in Buenos Aires, Argentina.
“Given that that’s their decision, we feel we have to inform people of the risk so they can make informed decisions,” he added. ”We consider this a vulnerability that needs to be fixed.”
Microsoft officials declined to comment until they had a chance to review Core’s advisory on the issue.
Microsoft’s Virtual PC hypervisor is an element of the company’s Windows Virtual PC package, which allows users to run multiple Windows environments on a single computer. The hypervisor is a key component of Windows 7 XP Mode, a feature in Microsoft’s latest desktop operating system aimed at easing the migration path into the new OS for users and enterprises that need to run legacy Windows XP applications on its native OS.
With this discovery, Arce said it may transform a certain type of common software bug into exploitable vulnerabilities. ”Certain vulnerabilities that have been dismissed as non-exploitable may now be exploitable on virtualized environments,” he said. “Let’s say someone found a vulnerability 2-3 years ago in a virtual application. They did the analysis and determined it was not exploitable because it only caused a crash in the client app. Now, you can bypass DEP and SafeSEH and that same vulnerability or a large list of vulnerabilities may be exploitable on on virtualized systems.”
Core recommends that affected users run all mission critical Windows applications on native iron or use virtualization technologies that aren’t affected by this vulnerability.
Windows operating systems and applications that must run virtualized using Virtual PC technologies should be kept at the highest patch level possible and monitored to detect exploitation attempts.
“This particular case provides a good example of how mechanisms designed to improve an operating system’s security over many years can eventually become ineffective when some of the basic underlying aspects of their operation are changed by virtualization technology,” Arce said.
UPDATE #1: Here is a link to Core’s advisory <http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug> , which includes a technical description of the issue and proof-of-concept code.
UPDATE #2: Here is Microsoft’s official response:
Core Security Technologies is describing a way for an attacker to more easily exploit security vulnerabilities already present on the system, rather than an actual vulnerability. It does this by rendering a number of protection mechanisms that are present in the Windows kernel less effective inside a virtual machine as opposed to a physical Windows machine. An attacker would need to abuse an already present vulnerability in order to leverage this technique.
In the scenario Core describes, the functionality is limited to within the virtualized environment– in other words, an attacker could only exploit a vulnerability in an application running “inside” the guest virtual machine on Windows XP rather than Windows 7 in the case of Windows XP Mode. Specially an attacker could not take over a whole host machine running multiple virtual machines. The safeguards within Windows 7 on the desktop OS (DEP, ASLR, and SafeSEH etc.) remain in place.
In addition, an actual vulnerability must already be present in an application running in the guest machine in order for an attacker to take advantage of this. The difference is that on a regular Windows system, that bug may not be exploitable, whereas in the Virtual PC guest machine, it potentially could be.
Microsoft continues to recommend using Windows XP Mode and Windows Virtual PC as a bridging strategy to Windows 7 if they are concerned about compatibility for some of their legacy applications, so that customers can realize the full security benefits Windows 7 offers.
Brand New Detroit LionsComment
-
Not that I saw.Originally posted by Sweatpants Murphy View Post
I'm also anxiously awaiting WinMo7. My current phone is held togethor with scotch tape. I'm trying to make it last to the end of the year.Comment
-
BTW - I'm browsing the forum at 30,000 ft. How cool is that?Comment
-
that's fly
*chuckle*
also, for those of you who own sprint's version of the touch pro 2; you will be able to update to windows mobile 6.5 tomorrow at sprint.com/downloads"Low on the totem, till he showed 'em defiance, giant scrotum"Comment
-
I've been using my Sony Ericsson K790a for three years (bought it unlocked, runs on T-Mobile—contract expired two years ago!—and it's cool using the phone James Bond used in Casino Royale). It still works perfectly, great battery life, great call quality, and it still has one of the best cameras in a phone, even by today's standards.
That being said, I want a smart(er) phone, and I'm looking at picking up Google's Nexus One once it becomes available for Verizon, hopefully later this week. CDMA technology (Sprint, Verizon) generally gets better reception indoors compared to GSM (AT&T, T-Mobile). The main reason I don't already have an iPhone was because I don't like AT&T. I have an iPod touch for a lot of the iPhone's fun stuff, anyway.
Anyone using this phone already? I'd appreciate any feedback.
Oh, and I'm also going to get Verizon's new NFL Mobile package, when it becomes available."To alcohol! The cause of—and solution to—all of life's problems." —Homer Simpson, 1997Comment
Comment