http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2010-02-09 09:32:38 - Vigilance vulnérabilités publiques : Un attaquant peut inviter la victime à consulter des documents multimédia illicites, afin de faire exécuter du code sur sa machine http://www.secuobs.com/revue/news/189935.shtmlhttp://www.secuobs.com/revue/news/189935.shtml 2010-02-09 08:21:35 - Vigilance vulnérabilités publiques : Un attaquant authentifié peut employer deux vulnérabilités d'ADFS, afin d'usurper l'identité d'un utilisateur, ou d'exécuter du code http://www.secuobs.com/revue/news/189928.shtmlhttp://www.secuobs.com/revue/news/189928.shtml 2010-02-09 07:00:54 - Hack In The Box : Microsoftâ s President of Windows has weighed in about the reports of alleged problems with PC batteries coming from some Windows 7 users Steven Sinofsky posted to the Engineering Windows 7 blog about the battery-notification issue on February 8 If you want to know all about battery performance, telemetry data, and more, read the full post If you donâ t have time, hereâ s the synopsis Itâ s not us itâ s your batteries Sinofsky blogged â E very single indication we have regarding the reports weâ ve seen are simply Windows 7 reporting the state of the battery using this new feature and weâ re simply seeing batteries that are not performing above the designated thresholdâ Sinofsky said that Microsoft and its partners have been investigating the reports, especially over the past few days, and have found the battery-metering feature of Windows 7 to be working fine Because previous versions of Windows didnâ t include this meter, some users may not have been aware their batteries were degrading, he said But there is no truth to reports that Windows 7 is sapping batteries prematurely or that any drivers or the BIOS in Windows 7 PCs are not functioning correctly, Sinofsky said http://www.secuobs.com/revue/news/189905.shtmlhttp://www.secuobs.com/revue/news/189905.shtml 2010-02-09 03:23:23 - News : Some Windows 7 users say their PCs started to freeze or randomly display the infamous Blue screen of death after applying a January update Microsoft billed as a stability and reliability fix IMAGE http://www.secuobs.com/revue/news/189844.shtmlhttp://www.secuobs.com/revue/news/189844.shtml 2010-02-08 23:27:15 - 4sysops : UAC off IE protected mode off The Google hack vulnerability probably is harmless if IE protected mode is enabled Windows Phone 7 to drop multitasking Can t believe that MS copies this ridiculous iPhone feature How Wi-Fi attackers are poisoning Web browsers VPN is a must in public Wi-Fi networks Copyright 2006-2009, 4sysops, Digital http://www.secuobs.com/revue/news/189761.shtmlhttp://www.secuobs.com/revue/news/189761.shtml 2010-02-08 22:11:49 - News : Just days after warning Windows 7 users of an impending shutdown of the free release candidate, Microsoft reminded customers running Windows 2000, XP and Vista of approaching support deadlines for those editions IMAGE http://www.secuobs.com/revue/news/189741.shtmlhttp://www.secuobs.com/revue/news/189741.shtml 2010-02-08 18:57:19 - Global Security Mag Online : Depuis le 1er février, Windows Azure est commercialisé en France L'investissement Microsoft dans les services Cloud se chiffre en milliards de dollars et correspond à une transformation complète de l'entreprise Établi depuis longtemps dans le Cloud et profitant d'une expérience riche de services à très grande échelle avec notamment Hotmail, Windows Update ou Microsoft Online Services, Microsoft continue d'investir massivement dans l'innovation Microsoft dispose d'une offre Cloud s'appuyant sur les - Produits http://www.secuobs.com/revue/news/189685.shtmlhttp://www.secuobs.com/revue/news/189685.shtml 2010-02-08 17:14:38 - Alerts : A round-up of the day's latest worms, viruses, and other threats to watch out for http://www.secuobs.com/revue/news/189644.shtmlhttp://www.secuobs.com/revue/news/189644.shtml 2010-02-08 02:55:19 - SearchSecurity.com.au Analysis Commentary : Booting into a virtualised operating system can protect your primary OS and data resident on a PC from malware We explain how to pull off this trick in Windows 7 IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/189494.shtmlhttp://www.secuobs.com/revue/news/189494.shtml 2010-02-07 20:00:07 - Digital Forensics Magazine supporting the professional computer security industry : Can Windows 7 Help You Prepare for Litigation Advances in E-Discovery Readiness http://www.secuobs.com/revue/news/189426.shtmlhttp://www.secuobs.com/revue/news/189426.shtml 2010-02-07 19:10:25 - Lostmon Blogger : A malformed http domain name , can cause that safari turn in a infinite loop wen try to resolve this domain, and it can cause at memory level a access violation wen try to write a secction that contains unknow data See Safari_httpDoSPocpl file to demostrate it AppName safariexe AppVer 3525271 ModName safariexe ModVer 3525271 Offset 00089394 IMAGE usr bin perl Safari_httpDoSPocpl Safari for Windows 321 Remote http uri handler DoS Lostmon Lostmon gmailcom http lostmonblogspotcom archivo ARGV 0 if defined archivo print Uso 0 n cabecera Safari 321 for windows Browser Die PoC By Lostmon n codigo Safari 321 for windows Browser Die PoC By Lostmon lostmon gmailcom http lostmonblogspotcom This PoC is a malformed http URI, this causes that safari for windows turn inestable and unresponsive Click THIS link Safari Die or this other Safari Die piepag datos cabecera codigo piepag open FILE, '' archivo print FILE datos close FILE exit Thnx To estrella to be my ligth Thnx to all who belive in me -- atentamente Lostmon lostmon gmailcom Web-Blog http lostmonblogspotcom Google group http groupsgooglecom group lostmon new -- La curiosidad es lo que hace mover la menteLostmon lostmon gmailcom Web-Blog http lostmonblogspotcom Google group http groupsgooglecom group lostmon new -- La curiosidad es lo que hace mover la mente http://www.secuobs.com/revue/news/189416.shtmlhttp://www.secuobs.com/revue/news/189416.shtml 2010-02-07 19:10:25 - Lostmon Blogger : Safari 321 for windows safariUrl protocol Handler abusse null Deference Vendor http wwwapplecom original advisore http lostmonblogspotcom 2009 01 safari-321-for-windows-safariurlhtml vendor notify YES Exploit available Private This article is a second part of http lostmonblogspotcom 2009 01 safari-for-windows-321-remote-http-urihtml Safari for windows in prone vulnerable to a null pointer deference in protocols handlers http, ftp and SafariURL The issue is triggered when a user in click a specially crafted link with malformed uri that causess a NULL pointer derefence safari, and will result in loss of availability for the browser In the case of SafariURL is very curious, because we can compose a malformed url like SafariIRL or SafariURL http or ftp and wen try to open it whith safari,safari opens a new windows , and wen we try to close this new one,clicking in the 'X' the window is closed, but it reopens again sO why it opens again in a infinite loop Take a look of posible source code of the fucnction in any place of the code before using a pointer, it check that it is not equal to NULL Part of code affected CFURLRef safariURL nil OSStatus err LSFindApplicationForInfo kLSUnknownCreator, CFSTR comappleSafari , nil, nil, if err noErr displayErrorAndQuit Unable to locate Safari , Nightly builds of WebKit require Safari to run Please check that it is available and then try again NSBundle safariBundle NSBundle bundleWithPath NSURL safariURL path CFRelease safariURL return safariBundle Simple PoC usr bin perl Safari_httpDoSPocpl Safari for Windows 321 Remote http uri handler DoS Lostmon Lostmon gmailcom http lostmonblogspotcom archivo ARGV 0 if defined archivo print Uso 0 n cabecera Safari 321 for windows Browser Die PoC By Lostmon n codigo Safari 321 for windows Browser Die PoC By Lostmon lostmon gmailcom http lostmonblogspotcom This PoC is a malformed http ,safariurl and ftp URI, this causes that safari for windows turn inestable and unresponsive Click THIS link Safari Die or this other Safari Die Safari Die or this other Safari Die piepag datos cabecera codigo piepag open FILE, '' archivo print FILE datos close FILE exit I don t know if it has remote code execution, or other i make SEVERAL test and only can cause a DoS , i don t know if we can change NSBundle this issue with SafariURL can exploit across other browsers wen open the link with other browsers it executes safariexe -url link Thnx To estrella to be my ligth Thnx to all Lostmon Team -- atentamente Lostmon lostmon gmailcom Web-Blog http lostmonblogspotcom Google group http groupsgooglecom group lostmon new -- La curiosidad es lo que hace mover la menteLostmon lostmon gmailcom Web-Blog http lostmonblogspotcom Google group http groupsgooglecom group lostmon new -- La curiosidad es lo que hace mover la mente http://www.secuobs.com/revue/news/189415.shtmlhttp://www.secuobs.com/revue/news/189415.shtml 2010-02-07 13:04:01 - How to remove : The file names Top Picturesexe, Sexy Picturesexe, Windows Explorerexe has appeared in an virus analysis report You can see the report on this link The virus installer is a 36 KB file This virus installer is identified as Net Worm Silly-FDC, Please visit the site for rest of this article IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/189360.shtmlhttp://www.secuobs.com/revue/news/189360.shtml 2010-02-07 10:50:42 - How to remove : The file name windowsupdateexe has appeared in an virus analysis report You can see the report on this link The virus installer is a 28 KB file The virus is identified as a network-aware worm that attempts to replicate across the networks It Please visit the site for rest of this article IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/189355.shtmlhttp://www.secuobs.com/revue/news/189355.shtml 2010-02-06 10:54:39 - Channel 9 : IMAGE This week on Channel 9, Dan is joined by special guest host Sara Ford to discuss the week's top developer news, including Sara's leaving the CodePlex team to work as a Developer Evangelist Nitin Bharti - 7-Part video series on using Microsoft Expression Blend, via Alvin Ashcraft Interesting because It's a free set of videos that cover the essentials of using Blend, including controls, data-binding, animation, and more John Papa - Creating Custom Pre-loaders splash screens in Silverlight Interesting because There are certain things you can and can't do in Silverlight's splash screen Channel 9 Team - Simplifying how to share content on Channel 9 Interesting because Most people didn't discover the share feature on C9 and those who did used primarily used Twitter and Facebook Don Syme - Introduction to F Lecture Series Interesting because It's a three part series with Don Syme who created the F language Greg Duncan - The Complete Windows 7 Shortcuts Interesting because This is arguably the most comprehensive list of Windows 7 shortcuts Code Project - Manoj Kumar - Gesture recognition for Touch Devices Interesting because This library helps take raw multitouch data from Windows 7 and interpret specific touch gestures Chris Pietschmann - Turn your Windows 7 PC into a Wifi hotspot Interesting because It's a free, open source 100pourcents C app that enables you to make your PC a wireless hotspot great for travel Jason Zander - Visualizing Dependency Graphs using Visual Studio 2010 Interesting because Jason walks through how to use the Dependency graphing tools and discusses DGML Dependency Graph Markup Language an XML representation of dependency graphs that Visual Studio extensions could use to visualize dependencies Wes Hutchins - Visual Studio Gallery Beta 2 extensions to be unpublished Interesting because If you use or have created an extension in the visualstudiogallery, realize that all beta 2 extensions will be removed Windows Azure Team - Windows Azure Drive and beta SDK available Interesting because Azure Drive enables you to mount Azure as a drive Picks of the week Dan's pick The Top 20 Xbox Live Indie Games for 2009 Sara's Pick Hurricane WhoDat - The Saints are going to the Super Bowl for the first time ever, and whodatnation is one of the most entertaining sites for Saint fans http://www.secuobs.com/revue/news/189239.shtmlhttp://www.secuobs.com/revue/news/189239.shtml 2010-02-06 03:00:30 - Chester Wisniewski's Blog : I'd like to invite all of you to join me for a webcast I am doing Feb 24th, 2010 with TechRepublic titled 5 Best Practices to Protect Windows 7 Computers This webcast will be broadcast 2 00 PM ET 11 00 AM PT 7 00 PM GMT I will be going through some of the new security Related posts 1 Protect your web assets - Is Linux still safe The Register is reporting today that Linux servers have been 2 Is Windows 7 safe Sophos is ready, are you October 22nd, 2009 is the official public launch of 3 Windows 7 vulnerable to 8 out of 10 viruses Now that we in the northern hemisphere have had some http://www.secuobs.com/revue/news/189174.shtmlhttp://www.secuobs.com/revue/news/189174.shtml 2010-02-05 22:24:12 - 4sysops : New Internet Explorer vulnerability Microsoft plans massive Windows patch day next week Microsoft to add Remote Desktop and VM support to Azure Internet Explorer in enterprises as popular as ever Microsoft May Launch New Office Cloud License Copyright 2006-2009, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/189090.shtmlhttp://www.secuobs.com/revue/news/189090.shtml 2010-02-05 16:16:31 - SearchSecurity Security Wire Daily News : The Microsoft Advance Notification warns of five critical bulletins across its product line A total of 13 bulletins addresses 26 vulnerabilities IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/188988.shtmlhttp://www.secuobs.com/revue/news/188988.shtml 2010-02-05 14:46:51 - Journal du Net Solutions l'actualité en bref : Le fondeur a mis à jour son infrastructure matérielle centrée sur l'exploitation et la maintenance logicielle des postes de http://www.secuobs.com/revue/news/188944.shtmlhttp://www.secuobs.com/revue/news/188944.shtml 2010-02-05 12:19:19 - Forensic Focus : Upgrades and system changes allow IT departments to streamline efficiency and gain functionality for companies of all sizes, but many are considering an additional factor when making the change to Windows 7 litigation preparedness More Computer Technology Review IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/188922.shtmlhttp://www.secuobs.com/revue/news/188922.shtml 2010-02-05 12:16:13 - CNET France Spécial : Microsoft s'apprête à corriger 26 failles de sécurité touchant Windows et Office la semaine prochaine à l'occasion du Patch Tuesday Lire l'article http://www.secuobs.com/revue/news/188918.shtmlhttp://www.secuobs.com/revue/news/188918.shtml 2010-02-05 08:04:29 - Help Net Security News : Microsoft announced it will deliver 13 bulletins Tuesday, February 9, 2010 They will address 26 vulnerabilities in Windows and Office, five of which are rated critical The Office related bulletin http://www.secuobs.com/revue/news/188883.shtmlhttp://www.secuobs.com/revue/news/188883.shtml 2010-02-05 01:53:27 - Hack In The Box : Microsoft today said it will deliver a record-tying 13 security updates on Tuesday to patch more than two dozen vulnerabilities in Windows and Office The company will ship a total of 13 updates next week, five of them pegged critical, the highest threat ranking in its four-step scoring system The 13 updates will tie the record from October 2009, when Microsoft issued the same number of bulletins, but fixed a total of 34 vulnerabilities According to Jerry Bryant, a senior manager with the Microsoft Security Response Center MSRC , next week's updates will patch 26 flaws A lot That's an understatement, said Andrew Storms, director of security operations at nCircle Network Security But we could have had 14, he added, referring to the emergency Internet Explorer IE update Microsoft released two weeks ago That out-of-band update was originally slated to be included in the collection set to ship this month http://www.secuobs.com/revue/news/188799.shtmlhttp://www.secuobs.com/revue/news/188799.shtml 2010-02-05 00:13:14 - Help Net Security News : At ShmooCon 2010 tomorrow, Core Security researcher Dan Crowley will demonstrate how features not widely known in Windows path and filename normalization routines cause unexpected behavior and allow f http://www.secuobs.com/revue/news/188760.shtmlhttp://www.secuobs.com/revue/news/188760.shtml 2010-02-04 23:12:15 - InSecurity Complex : Patch Tuesday next week will address critical holes in Windows and Office, but not a recent hole in Internet Explorer http://www.secuobs.com/revue/news/188734.shtmlhttp://www.secuobs.com/revue/news/188734.shtml 2010-02-04 21:57:57 - threatpost The First Stop for Security News : Microsoft's February batch of security patches will be a biggie -- 13 bulletins with fixes for a whopping 26 vulnerabilities According to an advance notice from the Redmond, Wash software vendor, five of the 13 bulletins will be rated critical because of the risk of remove code execution attacks Shorten URL http threatpostcom en_us 3PJ Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/188712.shtmlhttp://www.secuobs.com/revue/news/188712.shtml 2010-02-04 10:29:54 - Rootsecure.net : SANS Forensics Examining Windows Mobile Devices Using File System Forensic Tools http://www.secuobs.com/revue/news/188484.shtmlhttp://www.secuobs.com/revue/news/188484.shtml 2010-02-04 00:56:27 - Hack In The Box : IF YOU BELIEVE Apple's marketing then you would think that the expensive fruity machines are more secure than PCs After all, most of the viruses out there are designed for the PC and Apple users hardly suffer from the problem But this line of reasoning does not influence corporate IT managers who, were it true, would be trying to stave off hackers by installing shedloads of Apple gear However that's not the case Most tell us that even if Apple gear was half the price it's just security by obscurity A determined hacker who wanted to get into corporate systems would be though it like a knife through butter http://www.secuobs.com/revue/news/188377.shtmlhttp://www.secuobs.com/revue/news/188377.shtml 2010-02-04 00:56:27 - Hack In The Box : A couple of weeks after Windows Senior Vice President Bill Veghte decided to leave Microsoft, another Windows marketing veteran is doing the same Mike Nash, Corporate Vice President of Windows Platform Strategy, will be leaving the company in February A Microsoft spokesperson confirmed his departure when I asked From the e-mailed statement â We can confirm that Mike Nash is leaving Microsoft in a couple weeks In his 19 years, Mike made an impact in number of key roles at the company We appreciate his service and wish him wellâ http://www.secuobs.com/revue/news/188364.shtmlhttp://www.secuobs.com/revue/news/188364.shtml 2010-02-04 00:56:27 - Hack In The Box : Ah, the ARM chip ARM is a hugely successful architecture, and can be found in just about every cell phone or other small device out there ARM, however, wants more, and for a long time now we've been hearing predictions about an upcoming massive rise in ARM netbooks - so far, this hasn't materialised Warren East, ARM's CEO, said in an interview with PC Pro that netbooks could one day make up 90pourcents of the laptop market - preferably powered by ARM processors of course Although netbooks are small today - maybe 10pourcents of the PC market at most â we believe over the next several years that could completely change around and that could be 90pourcents of the PC market, East told PC Pro, We see those products as an area for a lot of innovation and we want that innovation to be happening around the ARM architecture East explained that even when you buy an X86 laptop today, chances are it will include two, three, or maybe even more ARM chips already They can be found in WiFi, BlueTooth, hard drive, the integrated camera, and maybe even in the printer you bought with it Right now there's only one microprocessor in the PC that probably isn't ARM and that's the applications processor, East said, Certainly what we're talking about over the next few years - particularly with netbooks, not with PCs - is the opportunity for those to be ARM http://www.secuobs.com/revue/news/188363.shtmlhttp://www.secuobs.com/revue/news/188363.shtml 2010-02-03 23:57:52 - securitystream.info : With a little help from Adobe Security researchers have defeated vulnerability protections baked into the latest versions of Internet Explorer, demonstrating that it's possible to poke holes in a safety net that's widely relied on to keep end users safe from drive-by exploits Case Study WhatsUp keeps Legoland turnstyles ringing Related posts 1 Serious IE and Windows flaws left to fester 2 Stubborn trojan stashes install file in Windows help 3 Twitter hunts app-making, security-boosting techies http://www.secuobs.com/revue/news/188345.shtmlhttp://www.secuobs.com/revue/news/188345.shtml 2010-02-03 23:17:01 - News : Microsoft's Windows 7 took just three months to reach a penetration benchmark that Vista needed almost a year to make, Web measurement firm NetApplicationscom said today IMAGE http://www.secuobs.com/revue/news/188322.shtmlhttp://www.secuobs.com/revue/news/188322.shtml 2010-02-03 23:14:21 - 4sysops : Microsoft confirms Office 2010 has reached the Release Candidate stage Microsoft nears Office 2010 release Installing Windows from a network server without Windows Deployment Services Hyper-V to get memory overcommitment with the next Service Pack Microsoft Outpaces Apple in Customer Satisfaction Windows veteran Mike Nash to leave Microsoft Copyright 2006-2009, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/188317.shtmlhttp://www.secuobs.com/revue/news/188317.shtml 2010-02-03 20:11:10 - News : Microsoft is investigating reported issues with Windows 7 and notebook battery life The issue seems sporadic, but fairly widespread It is unclear whether affected systems are simply misreporting the battery life, or if the battery capacity is actually being permanently affected IMAGE http://www.secuobs.com/revue/news/188264.shtmlhttp://www.secuobs.com/revue/news/188264.shtml 2010-02-03 16:23:40 - News : Ulteo is poised to offer commercial support for its free virtual desktop infrastructure software, which the open-source startup says will cost companies a fraction of established offerings from Citrix Systems Inc, Microsoft Corp and VMware Inc IMAGE http://www.secuobs.com/revue/news/188162.shtmlhttp://www.secuobs.com/revue/news/188162.shtml 2010-02-03 16:23:40 - News : Microsoft is looking into battery problems apparently affecting Windows 7 notebooks amid complaints from some users that the OS has crippled their batteries IMAGE http://www.secuobs.com/revue/news/188161.shtmlhttp://www.secuobs.com/revue/news/188161.shtml 2010-02-03 08:14:05 - securitystream.info : Can't muster rejection Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected Case Study WhatsUp keeps Legoland turnstyles ringing Related posts 1 Germans devise attacks on Windows BitLocker 2 Serious IE and Windows flaws left to fester 3 US will complain to China about Google hacking http://www.secuobs.com/revue/news/188041.shtmlhttp://www.secuobs.com/revue/news/188041.shtml 2010-02-03 07:44:55 - Detroit Dave's Raves : Normally, I would say that I prefer anything nix to Microsoft However, I think I may be equally pleased with Windows 7 as I am with nixmuch to my own surprise I had played with the 7 beta when it was first made available, but only enough to do a clean install and look around the GUI I had quickly decided it looked too much like Vista which I don't mind so much now and went back to other tasks This may have been a mistake This last weekend, I decided to re-build one of my boxes in order to have a dedicated development and analysis box My other dev environment had become too congested as I was admittedly lazy and used it for many other non-dev tasks I had a list of software I just had to have, for both personal preference and for school requirements The major items were - SQL Server 2008 - Oracle 11g - Visual Studio 2008 Pro - Eclipse with multiple platforms and tools - Android SDK - NetBeans 68 - Visio 2007 - Cisco VPN client - IIS 7 - UDDI SDK - Tomcat 6 I was reluctant to slap all of this onto Windows 7 Pro However, the box I was using was sold to me by Dell with Vista, and an AMD processor later found not to support Vista, and some of the drivers I needed for the box were not compatible with XP Pro Thus, my decision to try to use Windows 7 Pro Windows 7 Pro installed clean AND faster than half of the software listed above The total time to install 7, the software above, some minor other software, and ALL patches was about six hours including beer breaks I was able to verify that IIS and Tomcat 6 are playing well together, I easily tested my dev tools by slapping together some quick code, and my DB's are accessible, secure, and working well Bottom line as much as I love nix, Windows 7 Pro So far ROCKS The only pain I had was that I had to slap on an older Net Framework in order to register the MicrosoftUddidll http://www.secuobs.com/revue/news/188030.shtmlhttp://www.secuobs.com/revue/news/188030.shtml 2010-02-03 00:42:30 - Hack In The Box : Want all your downloads, streaming video, and other techie media stuff on your TV Wondering which media center works best for you Here's a look at the biggies in chart and Venn diagram form, followed by some lengthy breakdowns of each New to the idea of TV-connected computers Head down below the charts for some explainers and deeper comparisons of each system If you're already familiar with the HTPC scene, we'll give you the good stuff first We focused on three widely available, and generally popular, media centers for our comparison and review We're certainly aware there are many alternatives out there, as free software or stand-alone hardware boxes, but these are the three media centers that receive ongoing development, and can be installed on the widest number of TV-connected computers http://www.secuobs.com/revue/news/187931.shtmlhttp://www.secuobs.com/revue/news/187931.shtml 2010-02-03 00:08:57 - 4sysops : How to REALLY monitor SMTP, POP3 and IMAP on Exchange 2003 Microsoft looking into Windows 7 battery life failures Internet Explorer 8 Officially Becomes World s Most-Used Browser Microsoft Windows Azure Drive Beta Released 10 Best IT Jobs Right Now Copyright 2006-2009, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/187902.shtmlhttp://www.secuobs.com/revue/news/187902.shtml 2010-02-02 19:47:49 - News : The company advises users to upgrade to paid commercial subscriptions before the deadline for account deletion IMAGE http://www.secuobs.com/revue/news/187823.shtmlhttp://www.secuobs.com/revue/news/187823.shtml 2010-02-02 11:33:10 - Network World on Security : Do you understand and use the new security features in Windows 7 From encryption to malware fighters, here's a look at the key Windows 7 tools that keep enterprise and home PCs safe and secure http://www.secuobs.com/revue/news/187659.shtmlhttp://www.secuobs.com/revue/news/187659.shtml 2010-02-01 22:33:56 - 4sysops : Ex-Microsoft worker pens Windows 8 for July 2011 Windows 7 adoption swells, as XP suffers record drop Microsoft has sold over 60 million Windows 7 licenses it is the fastest selling operating system in history Microsoft Reports Record Second-Quarter Results It seems the recession is over for some companies iPad v A Rock Agreed http://www.secuobs.com/revue/news/187465.shtmlhttp://www.secuobs.com/revue/news/187465.shtml 2010-02-01 17:33:19 - Reverse Engineering : submitted by mebrahim link comment http://www.secuobs.com/revue/news/187352.shtmlhttp://www.secuobs.com/revue/news/187352.shtml 2010-02-01 15:50:30 - Stratagem 13 : How To Turn Off USB Auto Play in Windows 7 - How To Turn Off USB Auto Play in Windows 7 http://www.secuobs.com/revue/news/187324.shtmlhttp://www.secuobs.com/revue/news/187324.shtml 2010-01-30 16:54:25 - Unix Cisco Hacks : IMAGE http://www.secuobs.com/revue/news/186981.shtmlhttp://www.secuobs.com/revue/news/186981.shtml 2010-01-30 13:18:26 - How to remove : The file name WindowsRequestUpdateexe has appeared in an virus analysis report You can see it on this link Threatexpert identifies this as a trojan virus It may allow remote access to hackers to the infected computerIt may be used to install Please visit the site for rest of this article IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/186951.shtmlhttp://www.secuobs.com/revue/news/186951.shtml 2010-01-30 12:43:29 - IT Solutions Knowledge Base : http://www.secuobs.com/revue/news/186949.shtmlhttp://www.secuobs.com/revue/news/186949.shtml 2010-01-30 04:48:02 - News : Want to run Windows 7 on the new Apple iPad Citrix says it will soon be possible--at least virtually--using a new version of its Citrix Receiver software IMAGE http://www.secuobs.com/revue/news/186891.shtmlhttp://www.secuobs.com/revue/news/186891.shtml 2010-01-29 20:48:07 - News : Microsoft will discuss a new version of its Windows Mobile operating system next month at the Windows Mobile Congress in Barcelona, company representatives said during its earnings call on Thursday IMAGE http://www.secuobs.com/revue/news/186765.shtmlhttp://www.secuobs.com/revue/news/186765.shtml 2010-01-29 20:48:07 - News : In the shadow of record quarterly revenue, Microsoft Thursday said 60 million Windows 7 licenses have been sold in the past six months, but most of those have been from the consumer side and business uptake has been flat IMAGE http://www.secuobs.com/revue/news/186760.shtmlhttp://www.secuobs.com/revue/news/186760.shtml 2010-01-29 18:07:57 - Vienna Computer Products News : There is a public download available of Windows Boot System, our main product The download Version is the Debug Version, which means the System Loader module will output what it is currently doing ie 'Set VESA Mode' Everything other is http://www.secuobs.com/revue/news/186695.shtmlhttp://www.secuobs.com/revue/news/186695.shtml 2010-01-29 18:07:57 - Vienna Computer Products News : Right now the Windows 31 Emulation project is open for anyone You can go to http wwwviennacomputerproductscom indexphp page windows-3-1-emulation , download the emulation project, and launch Windows 31 with one single mouse click http://www.secuobs.com/revue/news/186684.shtmlhttp://www.secuobs.com/revue/news/186684.shtml 2010-01-29 01:46:38 - News : Thanks largely to the Windows 7 launch, Microsoft on Thursday reported a strong increase in net income and revenue for its second quarter of fiscal 2009 IMAGE http://www.secuobs.com/revue/news/186479.shtmlhttp://www.secuobs.com/revue/news/186479.shtml 2010-01-28 22:03:47 - SAPIEN Technologies : SAPIEN Press Windows PowerShell 20 TFM eBook by Don Jones and Jeffery Hicks is ready for purchase and download on ScriptingOutpostcom This book is a major update to the best selling Windows PowerShell 10 TFM, the first PowerShell book available Don and Jeff have updated their opus to include every nook and cranny of PowerShell 20 Check http://www.secuobs.com/revue/news/186388.shtmlhttp://www.secuobs.com/revue/news/186388.shtml 2010-01-28 19:31:12 - WindowSecurity.com : Authenex ASAS was selected the winner in the Authentication Smart Cards category of the WindowSecuritycom Readers' Choice Awards Aladdin eToken and Smart Enterprise Guardian were runner-up and second runner-up respectively http://www.secuobs.com/revue/news/186353.shtmlhttp://www.secuobs.com/revue/news/186353.shtml 2010-01-28 12:25:26 - SecurityPark.net : Windows 7, the latest public release version of Microsoft Windows the most widely used Operating System reached public on October 22, 2009 This release took place less than 3 years after Windows Vista release, the predecessor of Windows 7 Acknowledging the possible need for Microsoft backup recovery of Windows 7 users, SysTools Software Group has now made most of its products data recover more http://www.secuobs.com/revue/news/186230.shtmlhttp://www.secuobs.com/revue/news/186230.shtml 2010-01-28 11:11:53 - Rootsecure.net : The Register IE Windows vuln coughs up local files http://www.secuobs.com/revue/news/186211.shtmlhttp://www.secuobs.com/revue/news/186211.shtml 2010-01-28 01:16:46 - Hack In The Box : Experts agree that Windows 7 has enhanced security to ward off attacks on vulnerabilities in old software But what if a money-minded online scammer can persuade you to download malware onto your PC Windows 7 is more secure, and upgrading to it is a big improvement, says Chester Wisniewski, a senior security advisor with software-maker Sophos But it's not going to stop malware in its tracks Digital crooks generally use two tactics to install malware on a PC Exploits often take the form of a snippet of attack code hidden on a Web page--often a hacked-but-otherwise-benign site When you browse the page, the exploit hunts for software flaws in Windows or in third-party programs such as Adobe Flash or QuickTime If it finds one, the exploit may surreptitiously install malware without any hint of the attack http://www.secuobs.com/revue/news/186078.shtmlhttp://www.secuobs.com/revue/news/186078.shtml 2010-01-28 00:21:31 - securitystream.info : One click bares entire C drive If you use any version of Internet Explorer to surf Twitter or other Web 20 sites, Jorge Luis Alvarez Medina can probably read the entire contents of your primary hard drive Web threats Why conventional protection doesn't work Related posts 1 Windows plagued by 17-year-old privilege escalation bug 2 Attack exploits just-patched Mac security bug 3 Adobe fixes critical Shockwave bugs with neanderthal patch http://www.secuobs.com/revue/news/186049.shtmlhttp://www.secuobs.com/revue/news/186049.shtml 2010-01-27 19:43:16 - PenTestIT : While performing Windows file Forensics, some folders files are of importance The best example being the thumbsdb file The thumbsdb file is a thumbnail cache that is used to store thumbnail images for Windows Explorer s thumbnail view This speeds up the display of images as the smaller images do not need to be recalculated every time IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/185959.shtmlhttp://www.secuobs.com/revue/news/185959.shtml 2010-01-27 14:40:40 - Vigilance vulnérabilités publiques : Un attaquant local, sur un processeur x86, peut employer le système de compatibilité 16 bits, afin d'élever ses privilèges http://www.secuobs.com/revue/news/185800.shtmlhttp://www.secuobs.com/revue/news/185800.shtml 2010-01-27 14:16:35 - PenTestIT : I happened to find this bat file on my personal HDD I do not remember where did I find it This is a very simple way to close a port on a Windows XP machine if you happen to use the Windows Firewall We have two versions of the script This script is not ours IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/185786.shtmlhttp://www.secuobs.com/revue/news/185786.shtml 2010-01-27 11:51:33 - Network World on Security : WhatsUp Gold acquires Dorian Software to augment its network management software suite with security event and log management capabilities http://www.secuobs.com/revue/news/185757.shtmlhttp://www.secuobs.com/revue/news/185757.shtml 2010-01-27 01:22:02 - Hack In The Box : Google has announced version 40 of its browser Chrome Available for Windows only, it fixes 13 bugs and improves synchronization of extensions Replacing the beta last December, the final version of Chrome 40 fixes a total of 13 security vulnerabilities and provides better synchronization tools Among the vulnerabilities, six were classified among the â high threat systemâ and four of them had even been withdrawn from listing errors Chrome official, supposedly to prevent hackers from exploiting this information This is explained Anthony Laforge, product manager for Chrome â Some bugs are kept secret until a majority of our users to be confrontedâ Another improvement of this final version lies in the synchronization of bookmarks and extensions, a useful improvement to the views of the 1500 add-ons available for Chrome According to Ian Fette, production manager at Google, this version also benefits from Web 20 services, from technology HTML5 and JavaScript, such as facilitating online storage and therefore, collaboration â We have also greatly improved the speed of the browser,â said Nick Baum, another product manager on the official blog of Chrome â The performance has increased by 42pourcents since last version, and 400pourcents since the first version of Chrome released last year http://www.secuobs.com/revue/news/185644.shtmlhttp://www.secuobs.com/revue/news/185644.shtml 2010-01-26 23:59:39 - News : Shipments of graphics chips worldwide went up in 2009 and could rise again this year as the PC industry emerges from the recession and consumers open up wallets, Jon Peddie Research said in a study on Tuesday IMAGE http://www.secuobs.com/revue/news/185607.shtmlhttp://www.secuobs.com/revue/news/185607.shtml 2010-01-26 15:53:54 - News : High Tech Computer HTC , the world's largest maker of smartphones running Google's Android mobile OS and Microsoft's Windows Mobile OS, believes the Nexus One will raise its global profile this year while the launch of Windows Mobile 7 will lead to the development of more apps for Microsoft phones IMAGE http://www.secuobs.com/revue/news/185430.shtmlhttp://www.secuobs.com/revue/news/185430.shtml 2010-01-26 01:11:15 - Hack In The Box : Google today added support for extensions and bookmark synchronization to the production version of Chrome for Windows The new release also patched 13 security vulnerabilities in the browser, six of which Google ranked as high in its threat scoring system Although a beta of Chrome in December 2009 included support for both extensions and bookmark sync, this is the first time that the features have appeared in the stable build channel, a term Google uses in place of final Google also touted the growth of its extension gallery, which now has more than 1,500 add-ons, a five-fold increase over the 300 available at its debut last month Only Windows' stable edition supports extensions and sync Linux users must use the beta channel build for the same features, while Mac owners have to drop all the way down into the least reliable version, dubbed the developer build by Google, to access extensions http://www.secuobs.com/revue/news/185252.shtmlhttp://www.secuobs.com/revue/news/185252.shtml 2010-01-25 23:44:26 - News : Microsoft accidentally published the Windows Mobile 65 SDK software developers kit on Friday but has since pulled it, the company said IMAGE http://www.secuobs.com/revue/news/185223.shtmlhttp://www.secuobs.com/revue/news/185223.shtml 2010-01-25 21:20:40 - Security Bloggers Network : I ran across a bizarre Windows issue today on a friend's laptop It appears to be relatively common, but the answers seem to be elusive, or all over the map Not only was there an NTLDR Missing error, but in trying to access the Recovery Console, the Windows XP Install CD was halting as a blank screen right after Setup is inspecting your computer's hardware The short answer The partition table or boot sector is corrupt and it's messing with Setup when it scans your hard drive and causing the lock up before the installer starts You are going to have to delete the partition and re-install Windows from scratch I hope you have backups Of course, if you prefer, now's a good time to try some other Operating Systems The long answer Normally, NTLDR Missing errors are easy to fix with the recovery console of the Windows install CD or with 3rd party tools like FixNTLDR, UBCD or BartPE builds a live-CD from your Windows install CD The first things to try are replacing the core boot files from the pristine versions on the XP CD as per the Microsoft KB article -- ntdetectcom, ntldr, and verify that the syntax of bootini is valid Also, running fdisk mbr can fix certain boot problems These should be non-damaging to the data on your drive You should try to fix it before you go blowing away the partition table In my case, none of the third party tools were working, and all the Windows XP CDs I have failed to boot past the Setup is inspecting screen on this machine The screen went dark and the CD stopped spinning, the system hung and refused to boot No boot means no recovery console I tried using the Windows 7 CD, too It would boot but couldn't find a valid windows partition to repair My next step was to boot into Backtrack 4 Final from USB, and try to replace the files as one would from the Windows Recovery Console I was able to write to the hard drive, and get the files off the OEM Restore CD just fine Bootini was also intact Still, the system wouldn't boot from the hard drive or the XP install CD As mentioned above, it was time to blow away the partition table and start over Fortunately, my friend had good backups on an external hard drive I opted to use BackTrack 4 Final to perform the partition-ectomy Several boot CDs can do this, too YMMV Deleting the partition with BackTrack is simple Once you have booted backtrack, execute cfdisk dev hda - This assumes you have only one hard drive in the machine, and that there's only Windows XP installed Select the partition using the up down arrow keys and navigate with the left right arrow keys to the Delete menu option You may be wondering what I'm doing with a scant 2GB hard drive This is actually a Windows XP Virtual machine, used for lab testing Then, use the arrow keys to navigate to the Write option Quit cfdisk, then reboot with your Windows CD to start the installation process HiR Information Report is brought you you by Edgeos, Your Network Security Platform We are proud members of the Security Bloggers Network This content originally posted on HiR Information Report Copyright 1997-2009, HiR IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/185176.shtmlhttp://www.secuobs.com/revue/news/185176.shtml 2010-01-25 21:17:25 - MS Digest IIS Exchange : When using Security Configuration Wizard SCW on Windows Server 2008 SP2 together with Exchange 2007 You could run into an issue trying to register the Exchange 2007 profile for SCW Registering the SCW profile can be done using one of the following - Register-ExchangeSCWps1 register - scwcmd register kbname Ex2007KB kbfile pourcentsprogramfilespourcents Microsoft Exchange Server scripts Exchange2007_WinSrv2008xml The error is logged in the MSSCW log IMAGE http://www.secuobs.com/revue/news/185165.shtmlhttp://www.secuobs.com/revue/news/185165.shtml 2010-01-25 06:15:22 - HiR Information Report : I ran across a bizarre Windows issue today on a friend's laptop It appears to be relatively common, but the answers seem to be elusive, or all over the map Not only was there an NTLDR Missing error, but in trying to access the Recovery Console, the Windows XP Install CD was halting as a blank screen right after Setup is inspecting your computer's hardware The short answer The partition table or boot sector is corrupt and it's messing with Setup when it scans your hard drive and causing the lock up before the installer starts You are going to have to delete the partition and re-install Windows from scratch I hope you have backups Of course, if you prefer, now's a good time to try some other Operating Systems The long answer Normally, NTLDR Missing errors are easy to fix with the recovery console of the Windows install CD or with 3rd party tools like FixNTLDR, UBCD or BartPE builds a live-CD from your Windows install CD The first things to try are replacing the core boot files from the pristine versions on the XP CD as per the Microsoft KB article -- ntdetectcom, ntldr, and verify that the syntax of bootini is valid Also, running fdisk mbr can fix certain boot problems These should be non-damaging to the data on your drive You should try to fix it before you go blowing away the partition table In my case, none of the third party tools were working, and all the Windows XP CDs I have failed to boot past the Setup is inspecting screen on this machine The screen went dark and the CD stopped spinning, the system hung and refused to boot No boot means no recovery console I tried using the Windows 7 CD, too It would boot but couldn't find a valid windows partition to repair My next step was to boot into Backtrack 4 Final from USB, and try to replace the files as one would from the Windows Recovery Console I was able to write to the hard drive, and get the files off the OEM Restore CD just fine Bootini was also intact Still, the system wouldn't boot from the hard drive or the XP install CD As mentioned above, it was time to blow away the partition table and start over Fortunately, my friend had good backups on an external hard drive I opted to use BackTrack 4 Final to perform the partition-ectomy Several boot CDs can do this, too YMMV Deleting the partition with BackTrack is simple Once you have booted backtrack, execute cfdisk dev hda - This assumes you have only one hard drive in the machine, and that there's only Windows XP installed Select the partition using the up down arrow keys and navigate with the left right arrow keys to the Delete menu option You may be wondering what I'm doing with a scant 2GB hard drive This is actually a Windows XP Virtual machine, used for lab testing Then, use the arrow keys to navigate to the Write option Quit cfdisk, then reboot with your Windows CD to start the installation process HiR Information Report is brought you you by Edgeos, Your Network Security Platform We are proud members of the Security Bloggers Network This content originally posted on HiR Information Report Copyright 1997-2009, HiR IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/184979.shtmlhttp://www.secuobs.com/revue/news/184979.shtml 2010-01-25 02:32:39 - The Academy Pro : Today we have three Rapid 7 videos for you The featured video takes a look at how to scan a Windows 2003 Server and view the results The second and third videos focus on generating PDF reports and excluding vulnerabilities from reports Thank you all for your on-going support and recommendations Peter Giannoulis The Academy Pro wwwtheacademyprocom This update has http://www.secuobs.com/revue/news/184959.shtmlhttp://www.secuobs.com/revue/news/184959.shtml 2010-01-24 00:18:13 - Dan Griffin's Blog : On two topics Securing Windows 7 Managing a Virtual Environment At both events March 29 at the Orange Counter Hilton Costa Mesa, CA April 26 at the Hyatt Regency Embarcadero San Francisco If you decide to go as a result of reading this post, email me or post a comment here and I ll send you a promotion code to use for http://www.secuobs.com/revue/news/184811.shtmlhttp://www.secuobs.com/revue/news/184811.shtml 2010-01-23 05:02:49 - Computer Security News : VASCO Data Security Inc , a leading software security company specializing in authentication products, today announced that DIGIPASS for Mobile now is available to Windows Mobile users http://www.secuobs.com/revue/news/184714.shtmlhttp://www.secuobs.com/revue/news/184714.shtml 2010-01-22 21:21:51 - Core Security Technologies : It's amazing that vulnerabilities such as the Windows GP Trap Handler Privilege Escalation flaw are still wreaking havoc, but they are, so test for them to ensure that you're not exposed, using CORE IMPACT Pro, of course http://www.secuobs.com/revue/news/184575.shtmlhttp://www.secuobs.com/revue/news/184575.shtml 2010-01-22 16:25:27 - eSecurity Planet Features : Who's at risk from virtual DOS vulnerability http://www.secuobs.com/revue/news/184474.shtmlhttp://www.secuobs.com/revue/news/184474.shtml 2010-01-22 14:20:38 - Hack In The Box : Windows 7 has turned out to be the darling of the operating system market share these days, nabbing a larger slice of the pie in a shorter amount of time than Vista - and overtaking all versions of Mac OS X According to a report published on Ars Technica, a month after being released Windows 7 was already at the 400 percent mark, compared to the Microsoft OS that frustrated everyone Vista , which was at 093 percent after a month After two months, Windows 7 was 571 percent, while Vista was at only 204 percent in its early days A lot of Windows 7â s success is being attributed to the fact that it got the 2009 holiday season to boost sales numbers Interestingly, while it seems like Windows 7 was skyrocketing, almost everyone Windows 7, Vista and Mac OS X were all dropping percentage points in the last few months Only Linux showed positive percentage growth in December 2009 http://www.secuobs.com/revue/news/184433.shtmlhttp://www.secuobs.com/revue/news/184433.shtml 2010-01-22 12:19:27 - Hack In The Box : The passage of time has been good for computingâ in most ways But OS kernel development progresses through evolution, which means as new pieces of technology are attached, other pieces are discarded And like evolution, at the core kernel level, some parts remain How does it occur So back in 1993, when Microsoft was still in the NT 31 environment, BIOS calls in the Virtual-8086 mode monitor code were introduced and have survived up to the time of Windows7 Microsoft, 17 years ago, detailed that there were vulnerabilities associated with this BIOS call In order to support BIOS service routines in legacy 16bit applications, the Windows NT Kernel supports the concept of BIOS calls in the Virtual-8086 mode monitor code The flaw exists in the Virtual DOS Machine, which is a system that allows Windows NT to run DOS and 16bit applications on 386 and up machines http://www.secuobs.com/revue/news/184407.shtmlhttp://www.secuobs.com/revue/news/184407.shtml 2010-01-22 12:16:35 - CNET France Spécial : Née avec Windows NT, elle affecte tous les systèmes 32 bits de Microsoft, de Windows 2000 à Windows 7 Il n existe pas encore de patch correctif Lire l'article http://www.secuobs.com/revue/news/184403.shtmlhttp://www.secuobs.com/revue/news/184403.shtml 2010-01-22 00:36:26 - Exploit DB updates : http://www.secuobs.com/revue/news/184246.shtmlhttp://www.secuobs.com/revue/news/184246.shtml 2010-01-21 20:34:43 - InSecurity Complex : Google engineer discloses vulnerability to public security e-mail list one day before a Microsoft advisory and says he told Microsoft about it last June http://www.secuobs.com/revue/news/184157.shtmlhttp://www.secuobs.com/revue/news/184157.shtml 2010-01-21 20:11:00 - The Old New Thing : Back in the old days, programmers were assumed to be smart and hardworking Windows didn't provide functions for things that programs could already do on their own Windows worried about providing functionality for thing that programs couldn't do That was the traditional separation of responsibilities in operating systems of that era If you wanted somebody to help you with stuff you could in principle do yourself, you could use a runtime library or a programming framework You know how to open files, read them, and write to them therefore, you could write your own file copy function You know how to walk a linked list the operating system didn't provide a linked list management library There are apparently some people who think that it's the job of an operating system to alleviate the need for implementing them yourself actually that's the job of a programming framework or tools library Windows doesn't come with a finite element analysis library either You can muse all you want about how things would have been better if Windows had had an installer library built-in from the start or even blame Windows for having been released without one, but then again, the core unix operating system doesn't have an application installer library either The unix kernel has functions for manipulating the file system and requesting memory from the operating system Standards for installing applications didn't arrive until decades later And even though such standards exist today as they do in Windows , there's no law of physics preventing a vendor from writing their own installation program that doesn't adhere to those standards and which can do anything they want to the system during install After all, at the end of the day, installing an application's files is just calling creat and write with the right arguments Commenter Archangel remarks, At least if the ACL route had been taken, the installers would have had to be fixed - and fixed they would have been, when the vendors realised they didn't run on XP These arguments remind me of the infamous Step 3 Profit business plan of the Underpants Gnomes Step 1 Require every Windows application to adhere to new rules or they won't run on the next version of Windows Step 3 Windows is a successful operating system without applications which cause trouble when they break those rules It's that step 2 that's the killer Because the unwritten step 2 is All applications stop working until the vendors fix them Who's going to fix the the bill-printing system that a twelve-year-old kid wrote over a decade ago, but which you still use to run your business I'm not making this up What about that shareware program you downloaded three years ago And it's not just software where the authors are no longer available The authors may simply not have the resources to go back and update every single program that they released over the past twenty years There are organizations with thousands of install scripts which are used to deploy their line-of-business applications Even if they could fix ten scripts a day, it'd take them three years before they could even start thinking about upgrading to the next version of Windows And what about those 16-bit applications Will they have to be rewritten as 32-bit applications How long will that take Is there even anybody still around who understands 16-bit Windows enough to be able to undertake the port IMAGE http://www.secuobs.com/revue/news/184136.shtmlhttp://www.secuobs.com/revue/news/184136.shtml 2010-01-21 19:38:08 - Network World on Security : Microsoft warns that a bug in the kernel of a 32-bit windows versions could allow hackers to hijack PCs The company said the bug is 17-years old http://www.secuobs.com/revue/news/184120.shtmlhttp://www.secuobs.com/revue/news/184120.shtml 2010-01-21 18:58:08 - cr0 blog : Two days ago, Tavis Ormandy has published one of the most interesting vulnerabilities I've seen so far It's one of those rare, but fascinating design-level errors dealing with low-level system internals Its exploitation requires skills and ingenuity The vulnerability lies in Windows' support for Intel's hardware 8086 emulation support virtual-8086, or VM86 and is believed to have been there since Windows NT 31 1993 , making it 17 years old It uses two tricks that we have already published on this blog before, the GP on pre-commit handling failure and the forging of cs eip in VM86 mode This was intended to be mentioned in our talk at PacSec about virtualization this past November, but Tavis had agreed with Microsoft to postpone the release of this advisory Tavis was kind enough to write a blog post about it, you can read it below From Tavis Ormandy I've just published one of the most interesting bugs I've ever encountered, a simple authentication check in Windows NT that can incorrectly let users take control of the system The bug exists in code hidden deep enough inside the kernel that it's gone unnoticed for as long as NT has existed If you've ever tried to run an MS-DOS or Win16 application on a modern NT machine, the chances are it worked This is an impressive feat, these applications were written for a completely different execution environment and operating system, and yet still work today and run at almost native speed The secret that makes this possible behind the scenes is Virtual-8086 mode Virtual-8086 mode is a hardware emulation facility built into all x86 processors since the i386, and allows modern operating systems to run 16-bit programs designed for real mode with very little overhead These 16-bit programs run in a simulated real mode environment within a regular protected mode task, allowing them to co-exist in a modern multitasking environment Support for Virtual-8086 mode requires a monitor, the collective name for the software that handles any requests the program makes These requests range from handling sensitive instructions to mapping low-level services onto system calls and are implemented partially in kernel mode and partially in user mode In Windows NT, the user mode component is called the NTVDM subsystem, and it interacts with the kernel via a native system service called NtVdmControl NtVdmControl is unusual because it's authenticated, only authorised programs are permitted to access it, which is enforced using a special process flag called VdmAllowed which the kernel verifies is present before NtVdmControl will perform any action if you don't have this flag, the kernel will always return STATUS_ACCESS_DENIED The bug we're talking about today involves how BIOS service calls are handled, which are a low level way of interacting with the system that's needed to support real-mode programs The kernel implements BIOS service calls in two stages, the second stage begins when the interrupt handler for general protection faults often shortened to GP in technical documents detects that the system has completed the first stage The details of how BIOS service calls are implemented are unimportant, what is important is that the two stages must be perfectly synchronised, if the kernel transitions to the second stage incorrectly, a hostile user can take advantage of this confusion to take control of the kernel and compromise the system In theory, this shouldn't be a problem, Microsoft implemented a check that verifies that the trap occurred at a magic address actually, a cs eip pair that unprivileged users can't reach The check seems reasonable at first, the hardware guarantees that unprivileged code can't arbitrarily make itself more privileged without a special request, and even if it could, only authorised programs are permitted to use NtVdmControl anyway Unfortunately, it turns out these assumptions were wrong The problem I noticed was that although unprivileged code cannot make itself more privileged arbitrarily, Virtual-8086 mode makes testing the privilege level of code more difficult because the segment registers lose their special meaning This is because In protected mode, the segment registers particularly ss and cs can be used to test privilege level, however in Virtual-8086 mode they're used to create far pointers, which allow 16-bit programs to access the 20-bit real address space However, I still couldn't abuse this fact because NtVdmControl can only be accessed by authorised programs, and there's no other way to request pathological operation on Virtual-8086 mode tasks I was able to solve this problem by invoking the real NTVDM subsystem, and then loading my own code inside it using a combination of CreateRemoteThread , VirtualAllocEx and WriteProcessMemory Finally, I needed to find a way to force the kernel to transition to the vulnerable code while my process appeared to be privileged My solution to this was to make the kernel fault when returning to user mode from kernel mode, thus creating the appearance of a legitimate trap for the fabricated execution context that I had installed These steps all fit together perfectly, and can be used to convince the kernel to execute my code, giving me complete control of the system Conclusion Could Microsoft have avoided this issue It's difficult to imagine how, errors like this will generally elude fuzz testing In order to observe any problem, a fuzzer would need to guess a 46-bit magic number, as well as setup an intricate process state, not to mention the VdmAllowed flag , and any static analysis would need an incredibly accurate model of the Intel architecture The code itself was probably resistant to manual audit, it's remained fairly static throughout the history of NT, and is likely considered forgotten lore even inside Microsoft In cases like this, security researchers are sometimes in a better position than those with the benefit of documentation and source code, all abstraction is stripped away and we can study what remains without being tainted by how documentation claims something is supposed to work If you want to mitigate future problems like this, reducing attack surface is always the key to security In this particular case, you can use group policy to disable support for Application Compatibility see the Application Compatability policy template which will prevent unprivileged users from accessing NtVdmControl , certainly a wise move if your users don't need MS-DOS or Windows 31 applications http://www.secuobs.com/revue/news/184083.shtmlhttp://www.secuobs.com/revue/news/184083.shtml 2010-01-21 18:17:52 - threatpost The First Stop for Security News : One day after a Google security researcher releases code to expose a flaw that affects every release of the Windows NT kernel -- from Windows NT 31 1993 up to and including Windows 7 2009 -- Microsoft has released a security advisory to acknowledge the issue and warn of the risk of privilege escalation attacks Shorten URL http threatpostcom en_us 396 Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/184077.shtmlhttp://www.secuobs.com/revue/news/184077.shtml 2010-01-21 18:01:13 - Zero Day : Microsoft warns that a malicious hacker could exploit this vulnerability to run arbitrary code in kernel mode IMAGE http://www.secuobs.com/revue/news/184074.shtmlhttp://www.secuobs.com/revue/news/184074.shtml 2010-01-21 15:49:20 - Help Net Security News : Windows Security Suite is a rogue security application In order to remove it, find out what files and registry entries to look for below Known system changes Folders c ApplicationData WIN http://www.secuobs.com/revue/news/184030.shtmlhttp://www.secuobs.com/revue/news/184030.shtml 2010-01-21 12:09:30 - Les derniers documents du CERTA. : Une vulnérabilité dans le sous-système MS-DOS de Microsoft Windows peut être exploitée par un utilisateur local malintentionné afin d'élever ses privilèges http://www.secuobs.com/revue/news/183980.shtmlhttp://www.secuobs.com/revue/news/183980.shtml 2010-01-21 10:39:34 - CERT LEXSI Weblog : Following the recent 0-day in Internet Explorer Réf Lexsi 12808 and the Operation Aurora, the 16-bit subsystem of Windows is vulnerable to a privilege escalation vulnerability All Windows versions are vulnerable, from NT 31 to Windows 7 Vulnerability Réf Lexsi 12828 impacts the VDM http://www.secuobs.com/revue/news/183951.shtmlhttp://www.secuobs.com/revue/news/183951.shtml 2010-01-21 08:35:38 - Paul Ducklin's blog : Microsoft are under the pump fighting vulnerabilities at the moment Just six-and-half hours after blogging that the Operation Aurora Internet Explorer fix would be ready the next day, they blogged about a publicly-announced Windows kernel vulnerability Microsoft's 979682 advisory about the vulnerability is sadly devoid of any useful or even interesting technical details at the moment http://www.secuobs.com/revue/news/183934.shtmlhttp://www.secuobs.com/revue/news/183934.shtml 2010-01-21 08:27:44 - PenTestIT : Windows System State Analyzer is developed by Microsoft The most popular versions of this product among users are 10 and 13 The names of program executable files are SAnalyzerexe, Windows System State Analyzerexe due to specific issue or even to compare the difference between two systems related to performance , activity or other many IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/183930.shtmlhttp://www.secuobs.com/revue/news/183930.shtml 2010-01-21 03:11:20 - SANS Internet Storm Center InfoCON green : Yesterday, we reported about a new Windows Kernel vulnerability 1 The vulnerability affects all more http://www.secuobs.com/revue/news/183861.shtmlhttp://www.secuobs.com/revue/news/183861.shtml 2010-01-20 22:53:50 - Rootsecure.net : H Security Windows hole discovered after 17 years - Update http://www.secuobs.com/revue/news/183803.shtmlhttp://www.secuobs.com/revue/news/183803.shtml 2010-01-20 22:22:07 - Internet Security News : Here's a little something to make people who are interested in security shudder a vulnerability's been discovered, and believe it or not, it's present in just about every version of Windows from 1993's Windows NT 31 on 17-Year-Old Windows Flaw Found 17-Year-Old Windows Flaw Found IMAGE Tavis Ormandy, who works for Google, appears to have discovered the issue sometime towards the middle of last year, and - after giving Microsoft more than a fair amount of time to deal with it he notified the company in June - wrote about it yesterday Apparently the fault lies with the Virtual DOS Machine, which comes with 32-bit versions of Windows for the sake of supporting 16-bit applications And the problem amounts to a privilege escalation bug, which isn't the most benign thing in the world Fortunately, 64-bit versions of Windows are gaining market share every day, and Ormandy's recommended precaution for older systems isn't complicated Ormandy wrote, Temporarily disabling the MSDOS and WOWEXEC subsystems will prevent the attack from functioning Applying these configuration changes will temporarily prevent users from accessing legacy 16-bit MS-DOS and Windows 31 applications, however, few users require this functionality Let's just hope there aren't too many other 17-year-old problems lying around out there IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/183795.shtmlhttp://www.secuobs.com/revue/news/183795.shtml 2010-01-20 22:17:27 - Security : Reports have surfaced about a new security hole that has been in Windows since the release of Windows NT 31 on July 27, 1993 The vulnerability is present in all 32-bit versions of Windows released since then, including Windows 7 Thankfully, the flaw isn't in a commonly used application but in the Virtual DOS Machine VDM used to support 16-bit applications There are several vulnerabilities in this implementation, according to Google security team member Tavis Ormandy, who found the issues An unprivileged 16-bit program can manipulate the kernel stack of each process, potentially enabling attackers to execute code at system privilege level The exploit can be used to open a command prompt with the highest privilege level Ormandy claims he informed Microsoft of this hole on June 12, 2009, and the company confirmed receiving his report 10 days later, but it has yet to fix the issue Microsoft is investigating new public claims of a possible vulnerability in Windows, a Microsoft spokesperson told Ars We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact Once we're done investigating, we will take appropriate action to help protect customers This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves Despite the fact that there is no patch available from Microsoft, Ormandy decided to publish the information because he believes the workaround is simple enough disable the MS-DOS subsystem As an effective and easy-to-deploy workaround is available, I have concluded that it is in the best interest of users to go ahead with the publication of this document without an official patch, he writes in his disclosure It should be noted that very few users rely on NT security the primary audience of this advisory is expected to be domain administrators and security professionals To enable the workaround, use the policy template Windows Components Application Compatibility Prevent access to 16-bit applications within the group policy editor to prevent unprivileged users from executing 16-bit applications IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/183786.shtmlhttp://www.secuobs.com/revue/news/183786.shtml 2010-01-20 22:11:46 - Channel 9 : IMAGE Are you wondering how to get started with Windows Azure Join me in this quick video featuring Steve Marx as we walk through a simple 'Hello World' application in Windows Azure See how easy it is to get started using Windows Azure Tools for Visual Studio - develop, debug, and publish to the cloud in minutes http://www.secuobs.com/revue/news/183782.shtmlhttp://www.secuobs.com/revue/news/183782.shtml 2010-01-20 21:30:59 - Rootsecure.net : Full Disclosure Microsoft Windows NT GP Trap Handler Allows Users to Switch Kernel Stack http://www.secuobs.com/revue/news/183770.shtmlhttp://www.secuobs.com/revue/news/183770.shtml 2010-01-20 19:53:34 - Security Shell : ProcNetMonitor Process Network Port Monitoring Tool ProcNetMonitor is the free tool to monitor the network activity of all running process in the system It displays all open network ports TCP UDP and active network connections for each process It has advanced color based auto analysis system to make it easy to distinguish network oriented processes from others with just one glance at the list Newer version also presents unique 'Port Finder' feature which makes it easy to search for particular port in all running process with just one click It also comes with export feature to save the entire process-port list to standard HTML file for offline analysis All these features combined together make it very effective tool in combating the Trojans and Spywares installed on the system which continuously send keyboard strokes, online account data and other sensitive information to remote server ProcNetMonitor works on all Windows platforms starting from XP to latest Windows 7 version Download http://www.secuobs.com/revue/news/183741.shtmlhttp://www.secuobs.com/revue/news/183741.shtml 2010-01-20 18:45:07 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/183719.shtmlhttp://www.secuobs.com/revue/news/183719.shtml 2010-01-20 18:30:11 - CERT LEXSI Weblog : Après la récente 0-day dans Internet Explorer Réf Lexsi 12808 et l'Opération Aurora, c'est au tour du sous-système 16 bits de Windows d'être vulnérable à une élévation locale de privilèges Toutes les versions de Windows sont affectées, de NT 31 à Windows 7 La http://www.secuobs.com/revue/news/183704.shtmlhttp://www.secuobs.com/revue/news/183704.shtml 2010-01-20 18:09:53 - Infosecurity USA Latest News : Microsoft has promised an Internet Explorer out-of-band patch for the zero-day vulnerability discovered earlier this month In the meantime, a trusted researcher has highlighted a flaw in all versions of Microsoft Windows that could lead to privilege escalation http://www.secuobs.com/revue/news/183697.shtmlhttp://www.secuobs.com/revue/news/183697.shtml 2010-01-20 17:12:22 - Integriography A Journal of Broken Locks Ethics and Computer Forensics : I m working on learning Python since Perl, even after 20 years, still doesn t stick in my head The phrase like a duck to water doesn t quite apply to my experience with Python, but I m certainly swimming along nicely Since I learn languages and tools more effectively when I have a real problem to work on, I http://www.secuobs.com/revue/news/183673.shtmlhttp://www.secuobs.com/revue/news/183673.shtml 2010-01-20 17:12:22 - Integriography A Journal of Broken Locks Ethics and Computer Forensics : Three elements combined last week to inspire me to write a tool to deconstruct the Windows NTFS MFT file I ve been wanting to learn Python for quite awhile I found a Learning Python book on my shelf published in 1999 Mark Menz s MFT Ripper started me wondering about the significance of the MFT sequence number I d been trying http://www.secuobs.com/revue/news/183672.shtmlhttp://www.secuobs.com/revue/news/183672.shtml 2010-01-20 16:40:27 - threatpost The First Stop for Security News : A now published hole in Windows allows users with restricted access to escalate their privileges to system level and this is believed to be possible on all 32-bit versions of Windows from Windows NT 31 up to, and including Windows 7 Read the full article The H Security Shorten URL http threatpostcom en_us 38P Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/183667.shtmlhttp://www.secuobs.com/revue/news/183667.shtml 2010-01-20 14:41:19 - WindowSecurity.com : How Windows creates and stores password hashes and how those hashes are cracked http://www.secuobs.com/revue/news/183627.shtmlhttp://www.secuobs.com/revue/news/183627.shtml 2010-01-20 13:06:36 - Global Security Mag Online : VASCO Data Security Inc annonce que le DIGIPASS for Mobile était désormais disponible pour les utilisateurs de Windows Mobile Tant le DIGIPASS for Mobile que le DIGIPASS for Mobile Entreprise Security Edition supportent le Windows Mobile facilitant ainsi le déploiement de l'authentification qui utilise le téléphone mobile dans les entreprises et pour la banque en ligne Le DIGIPASS for Mobile est une solution d'authentification de VASCO qui utilise le téléphone portable pouvant être connecté - Produits http://www.secuobs.com/revue/news/183606.shtmlhttp://www.secuobs.com/revue/news/183606.shtml 2010-01-20 10:32:05 - Vigilance vulnérabilités publiques : Le plugin Adobe Flash Player 6, qui était fourni en standard avec Windows XP, est maintenant obsolète http://www.secuobs.com/revue/news/183566.shtmlhttp://www.secuobs.com/revue/news/183566.shtml 2010-01-20 10:31:36 - Global Security Mag Online : Iron Mountain Incorporated annonce une mise à jour de sa solution de sauvegarde Connected Backup pour PC Désormais compatible avec Microsoft Windows 7, la nouvelle Version 84 offre également de nouvelles fonctionnalités d'administration ainsi que des fonctions d'aide en cas de litige qui permettent la recherche d'informations pertinentes dans le cadre de contentieux juridiques Les licences logicielles sont disponibles dès à présent et le service sur abonnement sera lancé en mars 2010 dans sa - Produits http://www.secuobs.com/revue/news/183565.shtmlhttp://www.secuobs.com/revue/news/183565.shtml 2010-01-20 04:47:18 - News : Remember when Apple promised that Boot Camp would be updated to officially support Windows 7 in late 2009 It turns out that promise was a few weeks off, but the company has finally delivered, only one week after Microsoft's beloved Patch Tuesday IMAGE http://www.secuobs.com/revue/news/183412.shtmlhttp://www.secuobs.com/revue/news/183412.shtml 2010-01-20 03:38:34 - 4sysops : In my last post, I gave an overview of the new Windows Troubleshooting Platform Today, I will discuss the limitations of this new Windows 7 feature With this Platform, users won t allegedly be bothering you any more with trivial issues so you can focus on the more interesting stuff, and CIOs can save costs by reducing http://www.secuobs.com/revue/news/183382.shtmlhttp://www.secuobs.com/revue/news/183382.shtml 2010-01-20 03:15:59 - Yet Another Security Blog : With recent attacks on Google Adobe and Yahoo just to name a few thanks to the Aurora exploit Internet Explorer is something to be avoided at the moment Unless you're running version 501, I would suggest switching to FireFox for the time being As far as I know, Microsoft has not released a patch for this one Let's hope they do As far as I can tell, and with a little info from exploit-db, remote code execution is only functional under Windows XP running Internet Explorer 6 That doesn't mean newer versions of Internet Explorer are not effected we just don't know about it yet IE 7 8 will crash under Windows XP, and the DEP under Vista 7 should stop the crash in time So it's a good idea to listen to Microsoft and enable DEP and everything else under the sun to protect your system s Especially now there's another exploit that basically guarantees privilege escalation The Ring-0 exploit Is the latest one, and let me tell you I've tested this privilege escalation exploit on Windows XP sp2 xp3, Windows Server 2008 Enterprise and Windows 7 Dookie from exploit-db tested it on Windows Server 2003 We all got System shell Not scared yet You should be You can read more about it in the link I provided just above Does this mean Windows is wide open at the moment Should we close down the Internet and our corporate networks Well even if that would be a great solution, it's impossible There is one way to protect one's self or help reduce the risk damage DON'T RELY ON JUST A FIREWALL Let your network administrators install snort Let them monitor inbound as well as outbound traffic Don't close your eyes and say there's no reason to get hacked we're a small company of course this is more for any managers reading this Like to meet the guy that said Linux is less secure now So good luck this week, and lets hope Microsoft comes up with something soon I need to scare the pants off my boss tomorrow Need to work on a nice scenario to really convince him Again, good luck All of you http://www.secuobs.com/revue/news/183359.shtmlhttp://www.secuobs.com/revue/news/183359.shtml 2010-01-20 03:12:43 - securitystream.info : All 32-bit versions vulnerable A security researcher at Google is recommending computer users make several configuration changes to protect themselves against a previously unknown vulnerability that allows untrusted users to take complete control of systems running most versions of Microsoft Windows Web threats Why conventional protection doesn't work Related posts 1 Year 2010 bug wreaks havoc on German payment cards 2 Serious IE and Windows flaws left to fester 3 MS honeypot research sheds light on brute-force hacks http://www.secuobs.com/revue/news/183358.shtmlhttp://www.secuobs.com/revue/news/183358.shtml 2010-01-20 02:29:55 - The Tech Herald Security News : On the heels of Microsoft announcing an Out-of-Band patch for the ZeroDay vulnerability in Internet Explorer, researcher Travis Ormandy has released details on another ZeroDay that exists in the Windows NT Kernel on every version from Windows NT 31 to Windows 7 Ormandy s research and subsequent disclosure is aimed at security professionals and domain administrators he said, as few users rely on NT security http://www.secuobs.com/revue/news/183344.shtmlhttp://www.secuobs.com/revue/news/183344.shtml 2010-01-20 01:18:22 - Sysinternals Site Discussion : Paul Thurrott Interviews Mark on Windows 7 Development Check out Mark s interview with Windows IT Pro Magazine columnist Paul Thurrott, where he discusses some of the thinking behind Windows 7 Mark s Blog Case of the Slow Logon Mark s latest blog post documents a troubleshooting case that highlights the use of PsExec to monitor the logoff or logon process and the technique of Process Monitor log comparison to pinpoint a problem that caused some machines in a corporate network to experience 3-minute logons Process Explorer in PC World s Top 75 Windows Tips of All Time We re proud that Process Explorer was cited as one of PC World Magazine s top Windows tips IMAGE http://www.secuobs.com/revue/news/183327.shtmlhttp://www.secuobs.com/revue/news/183327.shtml 2010-01-20 00:51:18 - Hack In The Box : Apple on Tuesday updated its Boot Camp software and issued new drivers and utilities to allow users to run Microsoft's latest operating system, Windows 7 The Mac maker also issued its first security update of 2010, addressing 12 vulnerabilities The Boot Camp software was updated to version 31 for both 32-bit and 64-bit users of Windows 7 The updates add native support for the Home Premium, Professional and Ultimate versions of Windows 7 In addition, Boot Camp Software Update 31 for Windows addresses issues with the Apple trackpad, turns off the red digital audio port LED on laptop computers when it is not being used, and supports the Apple wireless keyboard and Apple Magic Mouse The 32-bit version is 38073MB, while the 64-bit update is 27458MB The software requires either Windows XP or Windows Vista SP2 before installing Windows 7 http://www.secuobs.com/revue/news/183309.shtmlhttp://www.secuobs.com/revue/news/183309.shtml 2010-01-20 00:21:21 - News : Google s decision to postpone the launch of two new Android phones in China this week points to the wider implications of the search giant s potential exit from the market IMAGE http://www.secuobs.com/revue/news/183284.shtmlhttp://www.secuobs.com/revue/news/183284.shtml 2010-01-19 23:58:37 - Exploit DB updates : http://www.secuobs.com/revue/news/183272.shtmlhttp://www.secuobs.com/revue/news/183272.shtml 2010-01-19 23:24:37 - Security Circus : This is believed to affect every release of the Windows NT kernel, from Windows NT 31 1993 up to and including Windows 7 2009 Tavis Ormandy breaking every Windows system on Earth in the last 17 years http://www.secuobs.com/revue/news/183268.shtmlhttp://www.secuobs.com/revue/news/183268.shtml 2010-01-19 23:17:21 - SANS Internet Storm Center InfoCON green : In a posting to a public mailing list, Tavis Ormandy disclosed a zero day privilege escalation vulne more http://www.secuobs.com/revue/news/183266.shtmlhttp://www.secuobs.com/revue/news/183266.shtml 2010-01-19 23:09:20 - News : Knowing how to use Windows is only half the battle the other half is knowing its language IMAGE http://www.secuobs.com/revue/news/183261.shtmlhttp://www.secuobs.com/revue/news/183261.shtml 2010-01-19 22:36:16 - SkullSecurity : Posts in this series I'll add links as they're written What does smb-psexec do Sample configurations samplelua http://www.secuobs.com/revue/news/183251.shtmlhttp://www.secuobs.com/revue/news/183251.shtml 2010-01-19 21:55:37 - SearchSecurity.com.au Analysis Commentary : Discover the features of Windows 7's new AppLocker feature and how to put it to work for your organisation IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/183234.shtmlhttp://www.secuobs.com/revue/news/183234.shtml 2010-01-19 20:09:08 - News : An intriguing new rumor suggests that Windows Mobile 7 may come in two different flavors a business version and a media version The mobile OS may come with a variety of different features including an impressive mobile version of Office, online collaboration, high-definition video, Xbox Live, and streaming TV, according to WM Experts, a Windows Mobile news site IMAGE http://www.secuobs.com/revue/news/183187.shtmlhttp://www.secuobs.com/revue/news/183187.shtml 2010-01-19 19:46:00 - Exploit DB updates : http://www.secuobs.com/revue/news/183181.shtmlhttp://www.secuobs.com/revue/news/183181.shtml 2010-01-19 12:48:55 - Sunnet Beskerming Security Advisories : It was a footnote to a short bulletin release this month, but Microsoft's Security Response Center has reminded readers that support for some of the still commonly used versions of Windows will be ceasing in the next few months The venerable Windows 2000, regarded by many as the first real modern Windows verion and the real move away from the Windows 9x line of code barring the short-lived Windows Me , will have extended support ceased from July 13 of this year This means that there will no longer be any Security bulletins or any other updates released for the platform It isn't only Windows 2000 that is finding official support ceasing, with Windows XP SP2, arguably one of the most significant Windows versions of all time, also having extended support ceased on July 13 this year Users who are still happy with what SP2 has provided them can always apply Service Pack 3 if they wish to stay on Windows XP and continue to receive updates from Microsoft With two ageing versions of Windows being put out to pasture in July, it is somewhat surprising to see the RTM effectively SP0 version of Windows Vista no longer being supported as of April 13 this year, and SP1 no longer supported as of July 12, 2011 IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/183066.shtmlhttp://www.secuobs.com/revue/news/183066.shtml 2010-01-19 11:20:43 - Network World on Security : Do you ever simultaneously feel like an idiot and also grateful that you've done at least something anything right http://www.secuobs.com/revue/news/183053.shtmlhttp://www.secuobs.com/revue/news/183053.shtml 2010-01-19 03:08:18 - 4sysops : One of the new but rarely discussed Windows 7 features is the Troubleshooting Platform Troubleshooting is usually the job of Windows admins, and so I took a closer look at this new Windows component The introduction in Microsoft s white paper sounds quite promising For many information workers and IT professionals, solving computer problems feels like http://www.secuobs.com/revue/news/182971.shtmlhttp://www.secuobs.com/revue/news/182971.shtml 2010-01-18 01:18:22 - Hack In The Box : Many IT managers swear by the following rule never deploy a version of Windows until the first service pack has been released That way you can be sure that any huge bugs have been resolved before committing to the new platform However, in the case of Windows 7, Microsoft is hoping that you'll throw caution to the wind and roll it out anyway And given the lack of drama emanating from early adopters - true deal-breaker bugs have been few and far between with Windows 7 - some techies will be tempted to ignore their thumbs for a change and take a chance on the RTM build However, for the majority of Microsoft's corporate customers, the 'wait until SP1' mentality will prevail once burned, twice shy , which is why they'll be happy to learn that the first inklings of a public SP1 beta program are beginning to emerge http://www.secuobs.com/revue/news/182594.shtmlhttp://www.secuobs.com/revue/news/182594.shtml 2010-01-17 23:49:15 - Exploit DB updates : http://www.secuobs.com/revue/news/182571.shtmlhttp://www.secuobs.com/revue/news/182571.shtml 2010-01-17 03:40:30 - gynvael.coldwind vx.log en : A few weeks ago j00ru has visited me, and, as one can figure out, some more or less interesting ideas came to be One of such ideas was to use the Call-Gate mechanism in kernel driver exploit developm http://www.secuobs.com/revue/news/182488.shtmlhttp://www.secuobs.com/revue/news/182488.shtml 2010-01-17 03:01:43 - OpenRCE Blogs : written by j00ru http://www.secuobs.com/revue/news/182484.shtmlhttp://www.secuobs.com/revue/news/182484.shtml 2010-01-16 04:43:17 - 4sysops : Office 2010 The Pros and Cons for Businesses Windows 7 Application Compatibility List for IT Professionals updated Jan 12 Why the IE-Google Incident Should Worry You Exploit Code from Google Attack Goes Public on Web Copyright 2006-2009, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/182280.shtmlhttp://www.secuobs.com/revue/news/182280.shtml 2010-01-15 18:05:16 - Channel 9 : IMAGE General Mills and Microsoft have worked together to make the Betty Crocker Kitchen Assistant, a new digital, voice-activated tool featuring high-resolution recipe images and step-by-step cooking instructions, available on Windows PCs and featuring a touch screen interface for Windows 7 The WPF application combines the content and services offered on the web site including recipes and cooking tips with timely, personalized recipe suggestions programmable kitchen timers and up-to-the-minute touch-screen capabilities The Betty Crocker Kitchen Assistant features a highly intuitive recipe search interface, touch-screen compatibility and an easy-to-use cook mode providing simple instructions http://www.secuobs.com/revue/news/182072.shtmlhttp://www.secuobs.com/revue/news/182072.shtml 2010-01-15 17:09:18 - News : Microsoft is hinting Windows Mobile 7 will be unveiled in February and setting expectations high, promising a new mobile experience that will make everyone forget the old Windows Mobile and the iPhone and Android IMAGE http://www.secuobs.com/revue/news/182053.shtmlhttp://www.secuobs.com/revue/news/182053.shtml 2010-01-15 16:29:18 - Alerts : A summary of today's virus and other malware warnings http://www.secuobs.com/revue/news/182040.shtmlhttp://www.secuobs.com/revue/news/182040.shtml 2010-01-15 08:56:54 - Security Bloggers Network : Back on November 11th, 2009 we confirmed Laurent Gaffié's remote exploit for Windows that causes a kernel crash The operating system actually freezes creating a denial of service when for example a user is tricked into clicking on a link to a malicious SMB share on a web page The SMB client goes into an infinite loop when processing this malformed request according to Microsoft The video below demonstrates this effect, having a user click a web site link and showing the crash http://www.secuobs.com/revue/news/181892.shtmlhttp://www.secuobs.com/revue/news/181892.shtml 2010-01-15 04:54:55 - 4sysops : More Windows 7 SP1 details emerge Hackers used IE zero-day in Google, Adobe attacks, McAfee says Microsoft Virtual Desktop Infrastructure VDI Explained Gartner Highlights Key Predictions for IT Organizations and Users in 2010 and Beyond WiFi wireless signals used to charge mobiles Copyright 2006-2009, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/181853.shtmlhttp://www.secuobs.com/revue/news/181853.shtml 2010-01-14 20:40:29 - News : Microsoft Corp's announcement that it would begin renting Windows and Office 2007 left many initially euphoric on the notion that they wouldn't have to shell out several hundred dollars for Office anymore, and then disappointed when it became clear that for most of us that wouldn't be the case IMAGE http://www.secuobs.com/revue/news/181669.shtmlhttp://www.secuobs.com/revue/news/181669.shtml 2010-01-14 19:23:35 - PenTestIT : All of you must have heard about the open source keylogger over at IronGeek But, what you might not know that IronGeek has another good application up its sleeves DecaffeinatID Decaffeinated is many applications in one Plus, it is open source Another special thing about this application is that it has been coded in the AutoIt3 IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/181636.shtmlhttp://www.secuobs.com/revue/news/181636.shtml 2010-01-14 16:37:56 - Alerts : Today's a slow day in malware, with only three new threats in our round-up http://www.secuobs.com/revue/news/181573.shtmlhttp://www.secuobs.com/revue/news/181573.shtml 2010-01-14 13:28:58 - Panda Cloud Antivirus : I would like to announce that Panda Cloud Antivirus has received the official Windows 7 certification for 32 64 bits from Microsoft Corporation More details can be found here http://www.secuobs.com/revue/news/181531.shtmlhttp://www.secuobs.com/revue/news/181531.shtml 2010-01-14 11:40:05 - Graham Cluley's blog : Microsoft has published a security advisory, warning users of Windows XP that they must update their installations of Flash Windows XP came with version 6 of the Adobe Flash Player, and it has been discovered that that version contains a number of vulnerabilities that could be exploited if you visited a boobytrapped webpage The end result http://www.secuobs.com/revue/news/181504.shtmlhttp://www.secuobs.com/revue/news/181504.shtml 2010-01-14 07:21:47 - Praetorian Prefect : Back on November 11th, 2009 we confirmed Laurent Gaffié's remote exploit for Windows that causes a kernel crash The operating system actually freezes creating a denial of service when for example a user is tricked into clicking on a link to a malicious SMB share on a web page The SMB client goes into an infinite loop when processing this malformed request according to Microsoft The video below demonstrates this effect, having a user click a web site link and showing the crash http://www.secuobs.com/revue/news/181444.shtmlhttp://www.secuobs.com/revue/news/181444.shtml 2010-01-14 03:00:36 - News : In the absence of a new version of Windows Mobile, LG said it plans to use Android on more than half its smartphones, despite a recent pledge to use primarily Microsoft's mobile operating system IMAGE http://www.secuobs.com/revue/news/181367.shtmlhttp://www.secuobs.com/revue/news/181367.shtml 2010-01-14 01:17:09 - Rootsecure.net : H Security Support for Windows 2000 and Windows XP Service Pack 2 due to end http://www.secuobs.com/revue/news/181352.shtmlhttp://www.secuobs.com/revue/news/181352.shtml 2010-01-13 17:21:09 - The Day Before Zero : Microsoft posted yesterday Microsoft Security Bulletin MS10-001 Vulnerability in the Embedded Open Type Font Engine Could Allow Remote Code Execution 972270 The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType EOT font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft http://www.secuobs.com/revue/news/181164.shtmlhttp://www.secuobs.com/revue/news/181164.shtml 2010-01-13 15:35:03 - Security : Microsoft has had it with old versions of Adobe Flash and has issued Security Advisory 979267 to urge users to either uninstall old versions, or upgrade to the latest More specifically, the software giant is asking users ditch Flash Player 60 as the multimedia player plugin contains multiple bugs Microsoft rarely issues security advisories on third-party products, but since this version of Flash originally came bundled with Windows XP, Microsoft feels it needs to warn its users Adobe discontinued security support for Flash Player 60 in 2006 the current version is Flash 1004234 The advisory outlines Microsoft's stance very clearly, making sure to emphasize that the vulnerabilities only occur with the combination of the old version of Flash and old version of Windows other supported versions of Windows do not include the Flash The Adobe Flash Player 6 was provided with Windows XP and contains multiple vulnerabilities that could allow remote code execution if a user views a specially crafted Web page Adobe has addressed these vulnerabilities in newer versions of Adobe Flash Player Microsoft recommends that users of Windows XP with Adobe Flash Player 6 installed update to the most current version of Flash Player available from Adobe The good news is that the advisory says Microsoft is not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time The security advisory was posted on Patch Tuesday, the same day Microsoft releases security patches for all of its software for the month This month though, the company only posted a single bulletin, Microsoft Security Bulletin MS10-001 It affects all supported versions of Windows, but is only rated as Critical for Windows 2000, and Low for all later versions As a result, the Adobe Flash flaw is slightly more serious and should take priority IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/181105.shtmlhttp://www.secuobs.com/revue/news/181105.shtml 2010-01-13 12:39:35 - Help Net Security News : WindowsEnterpriseDefender is a rogue security application In order to remove it, find out what registry entries to look for below Known system changes Registry entries HKEY_LOCAL_MACHINE S http://www.secuobs.com/revue/news/181077.shtmlhttp://www.secuobs.com/revue/news/181077.shtml 2010-01-13 12:20:43 - Les derniers documents du CERTA. : Une vulnérabilité dans Microsoft Windows permet à un utilisateur distant malintentionné d'exécuter du code arbitraire http://www.secuobs.com/revue/news/181073.shtmlhttp://www.secuobs.com/revue/news/181073.shtml 2010-01-13 12:04:32 - Network World on Security : Today's post-holiday Patch Tuesday included just one bulletin, which is rated critical only for Windows 2000, but Adobe also released a must-have Reader update http://www.secuobs.com/revue/news/181069.shtmlhttp://www.secuobs.com/revue/news/181069.shtml 2010-01-13 03:59:31 - 4sysops : Did you ever wonder how you could restore the Recycle Bin to the Windows desktop or why you were unable to open help files FixWin is a free portable tool that allows you to fix 50 such typical problems under Windows 7 and Vista One of the advantages of Windows from a user s perspective is http://www.secuobs.com/revue/news/180952.shtmlhttp://www.secuobs.com/revue/news/180952.shtml 2010-01-13 01:18:24 - Hack In The Box : Microsoft released a single Windows security bulletin for its first Patch Tuesday update of the year The bulletin is rated critical for users of Windows 2000 Service Pack 4, and low for several other editions of Windows The vulnerability at issue lies within the Microsoft Windows Embedded OpenType EOT Font Engine, and is due to the way it decompresses specially crafted EOT fonts If an attacker can trick a user into viewing content rendered in EOT font, the vulnerability could be exploited to permit remote code execution, Microsoft said â The lone Microsoft vulnerability affects everything from Windows 2000 to Windows 7, but is only rated critical for Windows 2000,â said Ben Greenbaum, senior research manager at Symantec Security Response, in a statement â From XP SP2 onward, Microsoft hardened heap memory with heap memory protection strategies this makes the vulnerability less of an issue for the later systemsâ http://www.secuobs.com/revue/news/180898.shtmlhttp://www.secuobs.com/revue/news/180898.shtml 2010-01-13 00:55:23 - SearchSecurity Security Wire Daily News : Lone security bulletin is critical for Windows 2000 users IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/180861.shtmlhttp://www.secuobs.com/revue/news/180861.shtml 2010-01-12 23:47:14 - Zero Day : The Adobe Flash Player 6 that ships by default in Windows XP is vulnerable to multiple code execution vulnerabilities that could lead to PC takeover attacks IMAGE http://www.secuobs.com/revue/news/180843.shtmlhttp://www.secuobs.com/revue/news/180843.shtml 2010-01-12 22:48:34 - InSecurity Complex : Security experts say Adobe's patch for a zero-day Reader vulnerability is more critical than the Windows hole http://www.secuobs.com/revue/news/180825.shtmlhttp://www.secuobs.com/revue/news/180825.shtml 2010-01-12 21:58:58 - LinuxSecurity.com Latest News : LinuxSecuritycom The problem with corporate networks is they not only stop the bad guys coming in but also your users who want to work remotely, whether at home, at a client site or on the road Here is where a VPN product comes in, and the simplest to deploy on Windows is a Linux virtual appliance called OpenVPN http://www.secuobs.com/revue/news/180798.shtmlhttp://www.secuobs.com/revue/news/180798.shtml 2010-01-12 18:51:46 - The Old New Thing : While it's true that the cheesy Steve Ballmer Windows video had bad music, bad hair, and bad acting, it's also true that all that cheese was intentional That video was produced for and shown at the Company Meeting, back when a mainstay of the Company Meeting was spoofs of popular television advertisements what today would be called virally popular with Bill Gates and other senior executives taking the starring roles The Crazy Steve video was a spoof of late-night television advertisements, the most direct influence being the popular-at-the-time Crazy Eddie commercials So enjoy the Crazy Steve video, but don't fool yourself into thinking this was a real commercial Bonus commercial chatter I don't know the story behind the commercial produced by crack-smoking monkeys It was shot in one of the Microsoft old-campus buildings, but I don't recognize any of the actors This leaves open the horrific possibility that the advertisement was for real Extra bonus chatter The original Windows XP commercial, featuring Madonna's Ray of Light, had to be abandoned less than two months before launch thanks to the events of September 11, 2001 A commercial featuring people flying was deemed to be in bad taste so soon after the event I don't know how they did it, but the marketing department managed to put together a new ad campaign in less than two months This also explains why some online ads for Windows XP employed the song Ray of Light, even though the song had nothing to do with the new Windows XP ad campaign They were leftovers which could be salvaged because they didn't depict flying Too bad, because I liked the original campaign Double secret bonus chatter Could this be proto-Kylie IMAGE http://www.secuobs.com/revue/news/180739.shtmlhttp://www.secuobs.com/revue/news/180739.shtml 2010-01-12 12:50:23 - Global Security Mag Online : Blue Coat Systems Inc vient d'étendre son logiciel libre K9 Web Protection au support du nouveau système d'exploitation Windows 7, afin d'offrir aux familles un outil pratique de blocage de contenus Web indésirables contenus pornographiques, entre autres et de menaces en ligne telles que le hameçonnage ou les malwares En complément au support des versions 32 et 64 bits de Windows 7, K9 Web Protection s'applique également aux environnements Windows XP et Vista, de même qu'à Mac OS X Le logiciel - Produits http://www.secuobs.com/revue/news/180616.shtmlhttp://www.secuobs.com/revue/news/180616.shtml 2010-01-12 11:07:25 - Darknet The Darkside : http://www.secuobs.com/revue/news/180582.shtmlhttp://www.secuobs.com/revue/news/180582.shtml 2010-01-12 07:46:12 - Vigilance vulnérabilités publiques : Un attaquant du réseau local peut envoyer un paquet illicite vers Web Services on Devices Application Programming Interface, afin de faire exécuter du code sur le système http://www.secuobs.com/revue/news/180542.shtmlhttp://www.secuobs.com/revue/news/180542.shtml 2010-01-12 07:46:12 - Vigilance vulnérabilités publiques : Un attaquant peut employer une requête RPC illicite afin de provoquer un débordement dans License Logging Server, conduisant à l'exécution de code http://www.secuobs.com/revue/news/180541.shtmlhttp://www.secuobs.com/revue/news/180541.shtml 2010-01-12 04:41:05 - 4sysops : 768-bit RSA cracked Why Microsoft killed upgrade versions for Office 2010 Microsoft pulls Office from distribution channels on patent-infringement deadline day Microsoft makes it legal to rent Windows, Office worldwide Copyright 2006-2009, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/180508.shtmlhttp://www.secuobs.com/revue/news/180508.shtml 2010-01-12 00:46:59 - OpenRCE Blogs : written by GynvaelColdwind http://www.secuobs.com/revue/news/180464.shtmlhttp://www.secuobs.com/revue/news/180464.shtml 2010-01-11 23:01:34 - PenTestIT : We were on a lookout for a software on Windows OS es that would monitor some directories for changes We could have achieved it via event viewer, etc, but we wanted a professional report and the likes Hence, we set out to find software s which would let us do the same This is what we found 1 IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/180402.shtmlhttp://www.secuobs.com/revue/news/180402.shtml 2010-01-11 15:58:15 - MX Logic Security News : Microsoft will release a single critical security fix this Tuesday, in its monthly round of patches, plugging a hole that malware and spyware pushers could use to crash or hijack computers running Windows 2000 CNET's Elinor Mills reports that the remote code execution potential is very high for Windows 2000 machines, but low for other versions of Microsoft's flagship operating system - even though most are, technically, vulnerable The company urged users of Windows 2000 machines to review and deploy this update as soon as possible Microsoft did not, however, release a fix for a well-known problem with its server message block architecture, which also carries the potential for remote code execution or denial-of-service attack The Redmond, Washington-based software titan said in a statement announcing the other parch that it was still working on correcting that flaw Adobe is also expected to patch some of its software next week, issuing, among other things, a patch for a glaring vulnerability in its PDF Reader program and fixes for several known security issues with its Flash web graphics frameworkADNFCR-1765-ID-19548685-ADNFCR http://www.secuobs.com/revue/news/180220.shtmlhttp://www.secuobs.com/revue/news/180220.shtml 2010-01-11 14:24:46 - Security Circus : If you haven t heard of Windows 7 s GodMode yet, let me give you the scoop Basically, there are developer shortcuts built into Windows 7, and even Vista, that enable easy access to certain settings and information about the operating system For example, one GodMode view displays every setting in Windows in one very organized Window Windows 7 God Modes - OMG, the Quake-trained developer wave is hitting the mainstream http://www.secuobs.com/revue/news/180199.shtmlhttp://www.secuobs.com/revue/news/180199.shtml 2010-01-11 04:03:56 - grand stream dreams : Back in my Opening Ports in Windows Firewall from Batch files post I found the command-line power for batch file building of the netsh command In the end I wrote a few variants to a install a needed application surreptitiously, and b set the Windows Firewall to open up a needed port to inbound connections from a few specific remote IP address based servers Here they are a few examples with my environmental specifics removed as built specifically for deployment on our XP Pro systems As the first post pointed out, Vista and Windows 7 now has some updated advanced items that should be used instead Note the setupexe file is held in the same folder that contains the bat files For my user-prompted batch-file echo off echo - echo To Set up and configure Application and FW-rule, type 1 echo - echo To cancel, type 2 echo - set P selection Type the number and then press Enter If pourcentsselectionpourcents 1 goto APP_SETUP If pourcentsselectionpourcents 2 goto end APP_SETUP echo Installing Application applet Setupexe echo Adding Windows Firewall port exception netsh firewall add portopening protocol tcp port portnumber name app-name mode ENABLE profile All Scope custom addresses server-ip-address_ 1 subnet,server-ip-address_ 1 subnet echo Windows Firewall port opened end and for the silent no-prompt bat file Setupexe netsh firewall add portopening protocol tcp port portnumber name app-name mode ENABLE profile All Scope custom addresses server-ip-address_ 1 subnet,server-ip-address_ 1 subnet Easy Peasy Note those netsh command lines are actually all on one line with no returns like it seems Show Verbose enable While verifying that I had my netsh line format built correctly, I needed to validate it specifically the subnet into against a system I had manually configured and verified was working correctly Although I was running the following command, it wasn t quite giving me the firewall port detail I wanted netsh firewall show portopening It took me some more digging but I found that if I passed the CLI as follows with the verbose enabled added, I got VERY detailed information on the port settings netsh firewall show portopening verbose enable This technique can easily generate great data from the command-line for system information audits and incident responses From this post Netsh Commands for Windows Firewall Microsoft TechNet show commands The following show commands are used to display the current configuration The show command cannot be used to see the list of exceptions for the public profile, even if the public profile is the current profile To see the list of exceptions for the public profile, use the Windows Firewall with Advanced Security MMC snap-in, and use the Filter by Profile option in the Actions pane show allowedprogram verbose enable disable Displays the current list of program exceptions for the domain and standard profiles Use the parameter verbose enable to see additional details show config verbose enable disable Displays the local configuration information for the domain and standard profiles, including the output of all other show commands Use parameter verbose enable to see additional details show currentprofile Displays the current profile in use for the network location type If the current profile is the public profile, then this command shows the standard profile show icmpsetting verbose enable disable Displays the ICMP settings Use parameter verbose enable to see additional details show logging Displays the current logging settings If the current profile is the public profile, then this command shows the standard profile show multicastbroadcastresponse Displays multicast broadcast response settings for each profile show notifications Displays whether the firewall displays pop-up notifications for each profile show opmode Displays the operational mode for the firewall for each profile show portopening Displays the current list of port exceptions for each profile Use parameter verbose enable to see additional details show service Displays the service configuration for each profile Use parameter verbose enable to see additional details show state Displays the current state information for the firewall Use parameter verbose enable to see additional details For more info see these additional sources JSI Tip 8399 How can I report Windows Firewall settings - WindowsITPro Download details Troubleshooting Windows Firewall in Microsoft Windows XP Service Pack 2 Microsoft Download Center Cheers --Claus V http://www.secuobs.com/revue/news/180122.shtmlhttp://www.secuobs.com/revue/news/180122.shtml 2010-01-11 02:11:06 - grand stream dreams : reposted and re-edited here for clarity and blog-time continuum harmony I get it now Kevin if you are still reading this blog - Gentle readers it has come to my attention via the comments that the post title and content in the following and now updated Grand Stream Dreams post Run Windows Remote Desktop Connection on Win7 Home editions Updated - Grand Stream Dreams might be a bit misleading That was not my intention, but after careful and objective reading of the post now, I clearly find that was the case To that end I want to make some important clarifications Then, if you want to carry the Windows 7 RDC client binaries on your USB stick for whatever clever reason you need them for, please go on and read that post 1 My original desire in that post was twofold a Run Windows RDC from my Windows 7 Home Premium laptop to control my desktop faux-server Windows 7 system currently running Win7 Ultimate RC1 , and b Be able to use the final Win7 RDC binaries at work on my XP Pro system to RD some XP Pro systems If that sounds like what you are interested in doing and or what the post title and or Google led you here for then read these bits if you are curious and then hop over to that previous post If not and you really do want to set up hack patch your Windows 7 Home Premium to run RDC with a host-mode service not natively supported by Microsoft in that version, then keep reading down to item 5 below before deciding to stay or leave this post you might be rewarded for doing so 2 The original nomenclature I had used previously to refer to host and client in RDC was incorrect or at least, muddled Here is the official definitions per Microsoft Remote Desktop Connection is a technology that allows you to sit at a computer sometimes called the client computer and connect to a remote computer sometimes called the host computer in a different location So the PC you are working at that you are initiating the RDC session from is the client end and the one you are actually remote-controlling is the host end M kay 3 As the table below shows but is a bit misleading without the above information ALL versions of Windows 7 allow you to run the Windows 7 RDC client natively That s why as some commenters pointed out the binaries I noted are actually present on all the Win7 systems So following the earlier post instructions really are not necessary UNLESS you want to run the Windows 7 RDC client binaries from a non-Win7 system XP Vista Server and do so from a USB stick unless you then offload them to that system locally image creator unknown original image here Comment please and I will give credit 4 Based on 3 above, you just don t need to do the solution patch hack in this post UNLESS you mean to say you want to run Windows Remote Desktop on Windows 7 Home Premium as the HOST Then without following the steps in this post, you would be completely helpless at least as far as using the specific tool Microsoft RDC per the official Microsoft product description for Win 7 RDC You can connect to computers running Windows 7 Professional, Windows 7 Ultimate, or Windows 7 Enterprise You can't use Remote Desktop Connection to connect to computers running Windows 7 Starter, Windows 7 Home Basic, or Windows 7 Home Premium Only you actually can with Windows 7 Home Premium x32 or x64 If that is what you came here looking for continue on to see item 5 below 5 To REALLY run Windows RDC in host-mode on a Windows 7 Home Premium system you will need to perform the following steps Last course-correction warning If all you want to do is just remote control another system to help a friend or mate or distant relative out, please look to the very end of this post as there are some great freeware solutions to do so without any mucking around and hacking patching of Windows System 32 files that this requires and brings with it possible heartbreak and system-break The Patch Hack to enable Windows 7 Home Premium to run Windows Remote Desktop Connection as a HOST service Note ONLY do this if you understand what you are doing, what the consequences are, and will accept and adopt as your own blood any security issues or system-stability consequences that might arise if you decide to do this Pet hamsters might escape their cages You might Black or Blue Screen of Death your Windows 7 Home Premium system that works just fine right now Seriously This really shouldn t even be considered by anyone except advanced or professional Windows users and administrators Seriously I mean it M kay Still want to do it Fine Keep reading then I warned you that here be dragons and you just wouldn t listen Probably want to start by manually making a System Restore Point On the Windows 7 Home Premium system, go to Start -- Control Panel System From that window, check the sidebar and find and select Remote settings on the left-hand side sidebar In the System Properties window select the Remote tab Check enable the Allow Remote Assistance connections to this computer Select Apply and OK Then close all the windows out Go to this page How to enable Remote Desktop in Windows 7 Home Premium over at the Tenniswood Blog and follow the link to download the zip file Unpack the zip file Concurrent_RDP_Win7_RTM_patcherzip Open up the unpacked folder and find the installcmd file and run it as administrator Note On my Windows 7 Home Premium x32 bit laptop it worked fine out of the box On my Win7 Home Premium x64 AMD system it errored out as it said the termsrvdll file didn t exist A CLI search for the file did find it present but cloaked by the OS in C Windows System32 So I had to then disable UAC, reboot, re-run the installcmd file as administrator It worked I then reset UAC and rebooted image You will need to decide if you wish to allow concurrent multiple sessions let a logged-on user work while you also work on it without force logging out the current user I select Y myself, image and if you want to enable blank password for account login not have to provide the password I select N for this image Once done and the process may take a while, particularly when it waits to listen to the service on port 3389 you will be directed to close the window out Then you are done image Your Windows 7 Home Premium system should now be patched to run RCD as a HOST for incoming RDC sessions Observations This is a hack patch mod of a Windows OS file along with some other automagical system configurations that changes the code of the termsrvdll file, adds the rdpclipexe file to the system, starts the service, and adds Windows Firewall Rules It is completely unsupported by Microsoft Future Service Pack release and or monthly OS security updates might overwrite and or break this whole house of cards I am a bit smart, but I am not a programmer and cannot certify that the documentation on file patching is all that goes on It might allow Martians to mind-control RDC your system I just don t know As far as I can tell everything seems legit and quite effective, but your mileage may vary Also, if you are running a non Windows Firewall solution, you might need to do some more firewall rule tweaking to get the inbound RDC connection session past your firewall Can t help you there Finally as mentioned in the second line of this post, I owe a GSD commenter to this post Kevin an apology Because my nomenclature was muddled up, I didn t quite get the tipoff he was trying to pass to me on this very technique Kevin s tip and information turned out to be MUCH more valuable granted to a really small set of Windows Home Premium users than I realized at the time including myself Great tip Kevin and a full hat tip to you, mate Patch Hack Extras How to enable Remote Desktop in Windows 7 Home Premium -Tenniswood Blog clean post to the zip file Windows 7 RTM concurrent remote desktop patch - The Green Button the Uber-team that seems to craft this out for each version of Windows Home OS time after time As far as I can tell, it all starts here Windows 7 Home Premium - Remote Desktop another RDC forum that pointed to the Tenniswood Blog post Install and Enable Remote Desktop in Windows XP Home Edition My Digital Life For XP Home Premium users seeking RDC Host enablement Enable Remote Desktop Connection on Vista Home Premium Frans goes Blog For Vista Home Premium users seeking RDC Host enablement Turn on Remote Desktop in Windows 7 or Vista - the How-To Geek for lucky folks who do have a version of Windows 7 or Vista that does support the Microsoft OEM enabled RDC Host feature it isn t enabled by default out of the box Freeware Solutions for Windows supported Remote Control Sessions non RDC based Probably most home users won t need Windows Remote Desktop Connection nor will or should they muck around with this patch no matter how effective, cool, or useful it might be Best left to advanced Windows users However, there are LOTS of easy to use and just more than effective solutions to set up a remote-desktop control sessions between two windows machines Like when you want to help that friend or relative out who is stuck on their PC but you don t want to drive across town in the dead of winter to do so even for free beer or pizza Check these solutions out Re Listed in a particular order to me ShowMyPC Still simply the easiest way to remote connect to a remote desktop to perform ad-hock connections and desktop control support Particularly for non-techie re family friends end-points TeamViewer Portable Lots of reasons I m thinking of moving to this application from ShowMyPC That will have to wait for a later post Offered by PortableAppscom so its perfectly portable software for your USB drive LogMeIn - Virtual Networking with LogMeIn Hamachi² along with Free Remote Access from LogMeIn and see also REMOTE DESKTOP WITH HAMACHI PLEASE READ link Mikogo provide free online meeting and desktop sharing that could be used for remote PC control support in a pinch Love the giraffe logo Comodo Easy VPN and the related page Secure Remote Access Zolved Free Remote Control not tried it yet personally but seems to get high marks in the blog-o-sphere for family friendly remote control connection building Shrew Soft Inc Software Yes it s really a VPN specific solution, but it looks really, really cool Chris Realm s Chris Control Looks like Chris has some older circa 07 WinPE 10 plugins for remote control building Not played with them yet but wanted to reference anyway Remote Control IntelliAdmin - Remote Administration For Windows -- I amost didn t list this one, but it is a good administrative level RC tool IntelliAdmin also provides some great freeware sysadmin utilities so check it out See also News and Tips Remote Control 43 Released Finally all recent Windows builds come with something most folks don t know called Remote Assistance or Easy Connect It s also pretty cool, free, and installed on all XP Vista Windows7 builds Windows 7 Easy Connect overview NeoWinnet Windows 7 Tips Easy Connect by Ankit Srivastava at iYogi iKnow, but it s a good post Remote Assistance in Windows 7 Lending a helping Hand is even easier - Windows Live Step-by-Step Guide to Remote Assistance Microsoft TechNet File transfer over network - Windows 7 Forums and this Homegroup problem to share files on another partition Microsoft forum post Sorry 'bout any confusion --Claus V http://www.secuobs.com/revue/news/180103.shtmlhttp://www.secuobs.com/revue/news/180103.shtml 2010-01-10 19:38:35 - Bill Mullins' Weblog Tech Thoughts : You just have to love Windows as an operating system it makes it so easy to DO so many things Often however, Windows does not make it easy to UNDO, or fix things It s not uncommon that attempting to undo things, does nothing more than create additional problems If you are familiar with working with http://www.secuobs.com/revue/news/180042.shtmlhttp://www.secuobs.com/revue/news/180042.shtml 2010-01-10 09:21:20 - SecurityTube.Net : Remote Buffer Overflow Tutorial Windows Video Tutorial IMAGE http://www.secuobs.com/revue/news/179981.shtmlhttp://www.secuobs.com/revue/news/179981.shtml 2010-01-09 09:21:15 - Security Bloggers Network : A little trick allows to open a secret control panel in Windows 7 with lots of settings combined by categories in one convenient place IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/179860.shtmlhttp://www.secuobs.com/revue/news/179860.shtml 2010-01-09 08:35:42 - The Ashimmy Blog : When Windows Vista came out a few years back, I played with it a bit I quickly decided I couldn t deal with the nagging I ditched it and stuck with XP all this time If it ain t broke, don t fix http://www.secuobs.com/revue/news/179856.shtmlhttp://www.secuobs.com/revue/news/179856.shtml 2010-01-09 04:39:42 - 4sysops : When the first article with the title Windows 7 GodMode appeared in my RSS reader, I didn t even click it because I already suspected that this was just another blog post that tries to attract attention at any costs But now, as almost all major news sites reported about this super secret and super http://www.secuobs.com/revue/news/179828.shtmlhttp://www.secuobs.com/revue/news/179828.shtml 2010-01-09 04:39:42 - 4sysops : Forrester warns of possible Office 2010 upgrade hassles Microsoft unveils new HP Slate and other Windows Tablet PCs Who needs Apple Deploying Windows 7 from A to Z Microsoft paper Step By Step Guide Troubleshoot DirectAccess in a Test Lab Copyright 2006-2009, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/179827.shtmlhttp://www.secuobs.com/revue/news/179827.shtml 2010-01-09 00:04:34 - securitystream.info : No Microsoft fix in sight Microsoft won't fix vulnerabilities in the latest versions of Internet Explorer or Windows during its regularly scheduled patch release on Tuesday, meaning users will have to wait at least another month to get updates that correct the security risks Case Study WhatsUp keeps Legoland turnstyles ringing Related posts 1 Germans devise attacks on Windows BitLocker 2 Microsoft AV advice may aid attackers, researcher warns 3 Linux devs exterminate security bugs from kernel http://www.secuobs.com/revue/news/179764.shtmlhttp://www.secuobs.com/revue/news/179764.shtml 2010-01-08 23:18:54 - Channel 9 : IMAGE Microsoft's Gary Schare demos some of the new hardware for Windows 7 at CES including network media devices and touch-enabled monitors that will allow you to multitouchify your current laptop or desktop http://www.secuobs.com/revue/news/179754.shtmlhttp://www.secuobs.com/revue/news/179754.shtml 2010-01-08 23:05:25 - Exploit DB updates : http://www.secuobs.com/revue/news/179750.shtmlhttp://www.secuobs.com/revue/news/179750.shtml 2010-01-08 22:05:20 - Network Monitor : Microsoft publishes protocol documentation on MSDN that is intended to make it easier for others to develop interoperable implementations System Documents provide overviews of system behavior for key systems such as Active Directory, File Sharing and Windows Security The MSDN documentation for each of the System Documents is available here We've recently released sets of annotated network captures on the SysDoc CodePlex Site which cover a subset of scenarios for each of the System Documents What Kind of Behavior For each system component a few choice scenarios were captured and annotated For example, File Systems have annotated traces for finding a file and configuring a server Obviously, it would be quite an undertaking to annotate every scenario, but these annotations attempt to cover typical scenarios or a breadth of components What's an Annotated Trace Starting with Network Monitor 33, we can annotate a trace with comments For more info about trace commenting please reference our blog called Frame Commenting is Here Frame annotation provides a convenient way to describe what is happening at specific frames in a trace Each commented frame has a symbol next to the frame number Clicking on a frame with comments populates the Frame Comments window in the UI There are also ways to go to the next comment, search for a comment, and add a comment title column to the Frame Summary window Learning by Example Besides helping you to understand a specific scenario, these annotated traces can be used to get a feel for how you might dissect a trace with your own scenarios Getting oriented in a trace for an unfamiliar protocol is one of the first steps With these annotated traces, you have some well documented examples to get your started We hope you find them useful IMAGE http://www.secuobs.com/revue/news/179732.shtmlhttp://www.secuobs.com/revue/news/179732.shtml 2010-01-08 13:15:44 - securitystream.info : Posted by InfoSec News on Jan 08 http wwwcomputerworldcom s article 9143297 Microsoft_won_t_fix_Windows_7_crash_bug_next_week taxonomyId 17 By Gregg Keizer Computerworld January 7, 2010 Microsoft today said it will deliver a single security update on Tuesday to patch just one vulnerability in Windows However, the company acknowledged that it does not yet have a fix for a crippling bug in Windows 7 that went public nearly two months ago The expected update will patch Related posts 1 Microsoft denies it built backdoor in Windows 7 2 NSA helped with Windows 7 development 3 Microsoft Confirms First Windows 7 0-Day Vulnerability http://www.secuobs.com/revue/news/179574.shtmlhttp://www.secuobs.com/revue/news/179574.shtml 2010-01-08 11:16:39 - Network World on Security : Microsoft today said it will deliver a single security update on Tuesday to patch just one vulnerability in Windows http://www.secuobs.com/revue/news/179556.shtmlhttp://www.secuobs.com/revue/news/179556.shtml 2010-01-08 05:14:25 - 4sysops : Windows once had a very bad reputation regarding stability Windows NT improved the overall stability significantly, but perhaps Windows XP was the first Windows version that could be called stable Due to sloppy programming of third party devices drivers, Vista s stability suffered considerably Windows 7 was remarkably stable right from the beginning, thanks to http://www.secuobs.com/revue/news/179505.shtmlhttp://www.secuobs.com/revue/news/179505.shtml 2010-01-07 23:34:10 - SearchSecurity Security Wire Daily News : Patch for a Server Message Block zero-day vulnerability in Windows 7 is still being tested, the software giant said IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/179372.shtmlhttp://www.secuobs.com/revue/news/179372.shtml 2010-01-07 22:22:56 - Security Musings : Seems the new year has brought out a few new findings One being the newly discovered God Mode feature in Microsoft s Windows 7 based operating systems At its core, its basically a glorified control panel It takes all the hard to get to, or annoying multiple right click - properties - options - submenu - http://www.secuobs.com/revue/news/179327.shtmlhttp://www.secuobs.com/revue/news/179327.shtml 2010-01-07 19:52:10 - Alerts : A round-up of today's virus and other malware threats http://www.secuobs.com/revue/news/179279.shtmlhttp://www.secuobs.com/revue/news/179279.shtml 2010-01-07 18:22:08 - News : An Italian legal initiative seeking compensation from PC manufacturers for undesired preinstalled Microsoft software will begin next week, the head of the consumer group promoting the class action lawsuit said Thursday IMAGE http://www.secuobs.com/revue/news/179246.shtmlhttp://www.secuobs.com/revue/news/179246.shtml 2010-01-07 16:21:59 - News : Microsoft CEO Steve Ballmer showed off three Windows 7-baased touch screen computers but didn't demonstrate the company's new Courier e-reader-type machine as was expected IMAGE http://www.secuobs.com/revue/news/179194.shtmlhttp://www.secuobs.com/revue/news/179194.shtml 2010-01-07 14:32:22 - Hot Security News : Blue Coat Systems, Inc, the technology leader in Application Delivery Networking, today expanded its free K9 Web Protection software to include support for the new Windows 7 operating system, providing families with an easy-to-use tool for blocking objectionable Web content, such as pornography, and Web-based threats like phishing and malware IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/179160.shtmlhttp://www.secuobs.com/revue/news/179160.shtml 2010-01-07 13:38:34 - Forensics from the sausage factory : I can just about remember the thrill of upgrading to a new OS When I was the new kid on the block I couldn't wait to upgrade from Windows 98SE to XP Pro somehow we missed out Windows ME Anyhow the newer kids on the block have migrated to Windows 7 it is prettier, more stable, blah blah Now I am a dinosaur with XP Pro 64 bit Anyway I had a call today about getting various aspects of C4P to play nicely with MySQL on a Vista 64 bit box In our office we don't actually use Vista on any of our forensic boxes so I thought I'd check out the issues on one of Windows 7 64 bit boxes As you know because if you are still reading this you probably use C4P along with a MySQL DB C4P interacts with the MySQL database in two areas 1 within Encase at Enscript level if the pre categorization option is selected 2 or via Data Migration Special Update Case Direct from C4P Hash Database within the Categorizer for Pictures program itself Both of these connections require an MySQL ODBC connector driver to communicate with the running MYSQL C4P hash database using a suitable database connection string Essentially in this scenario we have a choice of four MySQL ODBC drivers 1 MySQL ODBC 51 64 bit 2 MySQL ODBC 51 32bit 3 MySQL ODBC 351 64 bit 4 My SQL ODBC 351 32 bit All bar the 351 64 bit driver are installed via a Windows installer The 351 64 bit driver is slightly trickier to install - you need to unpack the zip, run a command prompt as administrator, navigate the command prompt to your unpacked zip folder and then run the command Install 0 Enscript level communication At Enscript level it is possible to modify the database connection string which allows you to specify which ODBC connector driver to use In testing on a Windows 7 64 bit box I have found that both the 351 and 51 64 bit drivers work if the drivers fail you generally get a long unintelligible error message The C4P 402 enscript allows the user to configure their own database connection string The string that works for me is IMAGE Provider MSDASQL DRIVER MySQL ODBC 351 Driver SERVER Your_server_name_or_IP_address DATABASE c4p_hash UID c4p_user PASSWORD password OPTION 3 Simply change 351 to 51 if you are using the later driver Categorizer for Pictures communication The database connection string used by this program is hard coded and not user configurable The program requires the 351 driver However I could not get the Data Migration Special Update Case Direct from C4P Hash Database option to work on the Windows 7 64 bit box using the 351 64 bit driver I suspect this is due to a permissions issue and tried to run C4P as administrator but I still failed to connect to the MySQL C4P hash db However I was able to get the Data Migration Special Update Case Direct from C4P Hash Database option to work using the MySQL ODBC 351 32 bit driver Conclusion Other combinations may work but on a Windows 7 64 bit box I recommend installing the MySQL ODBC 51 64 bit driver and the MySQL ODBC 351 32 bit driver to get C4P and the C4P graphics extractor enscript to play nicely with the MySQL C4P hash database http://www.secuobs.com/revue/news/179156.shtmlhttp://www.secuobs.com/revue/news/179156.shtml 2010-01-07 13:01:19 - Crash Dump Analysis : - Dmitry Vostokov DumpAnalysisorg - Memory Dump It http://www.secuobs.com/revue/news/179139.shtmlhttp://www.secuobs.com/revue/news/179139.shtml 2010-01-07 07:59:31 - Hacker The dude Hacking Tech And News : Windows 7 The New shiny product of Microsoft is just revealed and some windows guys have uncovered a new Hack in Windows 7 which the team at windows call is GodMode The Hack is some kind of Glitch as we have also seen the Glitch in YouTube yesterday, What this does is bring you to an new settings page which got some good options in it to play with the windows Windows 7 GodMode Hack Turtorial Obviously not the control panel settings, they contain some of the good one's in them like Back up Your computer and Login Credentials and stuff like that The GodMode Contains a List of Over 50 sections consisting of setting for you which can be enabled by a simple rename But it might be a new promotion by the windows guys to promote their New windows 7 Whatever, lets focus on the Trick that we are going to apply to enable the, so called GodMode in windows 7 Steps ----- The Hack is very easy one, with a simple rename you can access it So don't blame me if this is Lame 1 Create a new folder 2 Rename the folder to 234-windows-godmode-icon GodMode ED7BA470-8E54-465E-825C-99712043E01C note that you can change the GodMode text, but the following period and code number are essential 3 The folder icon will change double click it to show the GodMode window ScreenShot ---------- Windows_7_godmode_610x404 234-windows-godmode-window Conclusion ---------- This might be good for you as you can now apply various setting to your Windows 7 at a single place btw i don't use Windows 7 that much, i just Love the Window Xp It might a new promotional way by the Microsoft guys well who cares - Enjoy Happy Hacking hackerthedude IMAGE http://www.secuobs.com/revue/news/179103.shtmlhttp://www.secuobs.com/revue/news/179103.shtml 2010-01-07 05:09:05 - 4sysops : Microsoft launches Windows Azure without virtual machines Copyright 2006-2009, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/179044.shtmlhttp://www.secuobs.com/revue/news/179044.shtml 2010-01-07 01:56:11 - SearchSecurity.com.au Analysis Commentary : Learn about five Windows 7 registry keys that can improve your organisation's security by tuning PCs in ways that ensure users behave themselves IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/179022.shtmlhttp://www.secuobs.com/revue/news/179022.shtml 2010-01-06 23:40:53 - UnsafeBits : Severe security bugs are getting harder to find, especially is gigantic pieces of software such as the Windows operating systems Microsoft has spent millions attempting to defeat bugs, and arguably leads developers in secure software programming practices by vetting new code with automated analysis programs and by retraining all its developers in secure coding practices Yet, http://www.secuobs.com/revue/news/178982.shtmlhttp://www.secuobs.com/revue/news/178982.shtml 2010-01-06 21:50:57 - Channel 9 : IMAGE Kerry Westphal joins us to announce the first The Access Show Developer contest This is your chance to take Access 2010 for a spin and create a cool web app and win cool stuff We look forward to seeing what you create Check out the Access Show Developer contest for more information http://www.secuobs.com/revue/news/178916.shtmlhttp://www.secuobs.com/revue/news/178916.shtml 2010-01-06 18:58:21 - McAfee Avert Labs : In my last blog, we have discussed the kernel API refactoring in Windows 7, today we are going to look at a new feature of Windows 7 XP Mode, which is a combined solution of Virtualization and RemoteApp technologies For quick understanding on Windows XP Mode, let s look at an excerpt from Wikipedia about its http://www.secuobs.com/revue/news/178848.shtmlhttp://www.secuobs.com/revue/news/178848.shtml 2010-01-06 18:44:01 - Les Tips du Laboratoire Microsoft : Par défaut, la barre de lancement rapide a disparu de la barre des tâches de Windows 7 Il est bien entendu possible de l'afficher à nouveau Pour cela Cliquez avec l http://www.secuobs.com/revue/news/178846.shtmlhttp://www.secuobs.com/revue/news/178846.shtml 2010-01-06 18:44:01 - Les Tips du Laboratoire Microsoft : Le GodMode est une nouvelle fonctionnalité cachée de Windows 7 principalement réservée aux perfectionnistes qui souhaitent optimiser les réglages de leurs mach http://www.secuobs.com/revue/news/178845.shtmlhttp://www.secuobs.com/revue/news/178845.shtml 2010-01-06 13:53:10 - Hot Security News : January 1st, 2010 marks the release date of the official Ares p2p file sharing software for Windows 7 A year in development, Ares http wwwaresnet development group has finally updated the popular p2p software to include many new upgrades, such as, but not limited to a beautiful HD video player for playing HD movies and videos, updated and more user friendly media library, Windows 7 compatibility, and 24 7 email support IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/178753.shtmlhttp://www.secuobs.com/revue/news/178753.shtml 2010-01-06 13:29:07 - Reverse Engineering : submitted by wishi link comment http://www.secuobs.com/revue/news/178744.shtmlhttp://www.secuobs.com/revue/news/178744.shtml