• Search for:

• Non-technical

  • ChrisEccleston.com
  • SteamyKitchen.com food blog

• Technical

  • BootZilla tech CD
  • Computer America
  • gur.in/j/ – PC help site
  • Lunarsoft Forums
  • Lunarsoft.net
  • PC Tech MediX
  • Simon’s PC Services
  • Symantec Sucks

• Categories

  Select Category Activism  (1) American Idol  (1) Apple  (1) Computer America  (6) Data recovery  (4) Delphi  (4) Dial-a-fix  (54) djlizard  (5) Fixes  (34) General  (49) Hack  (7) Hardware  (1) Help  (1) History  (1) Internet Explorer 8  (1) Linux  (2) Mac  (1) Medical  (3) Microsoft  (11)    7  (1) Music  (6) Non-technical  (3) Ranting  (7) Sabrina  (2) Security  (11) Software  (86) Stupid  (10) Technical  (50) Viruses  (5) Vista  (16) Windows 2000  (6) Windows Update  (2) XP  (10) Zealotry  (1)

• Archives

  Select Month January 2010  (1) September 2009  (1) July 2009  (2) January 2009  (1) December 2008  (2) November 2008  (1) October 2008  (2) August 2008  (2) July 2008  (1) June 2008  (2) December 2007  (4) October 2007  (18) September 2007  (3) August 2007  (7) July 2007  (1) June 2007  (2) May 2007  (3) April 2007  (3) March 2007  (3) February 2007  (6) January 2007  (2) December 2006  (2) November 2006  (6) October 2006  (12) September 2006  (8) August 2006  (4) July 2006  (1) June 2006  (16) May 2006  (5) April 2006  (4) March 2006  (9) February 2006  (7) January 2006  (8) December 2005  (7) November 2005  (14) October 2005  (1) September 2005  (5) August 2005  (10) July 2005  (14) June 2005  (15)

http://www.codinghorror.com/blog/archives/000778.html

The type of browser you use depends usually more on your personal preferences than, say, issues of security. Internet Explorer is widely credited with design flaws that constantly need patching. Switching to Firefox is an obvious move because that is less prone to malicious attacks. The problem is that Firefox is technically still in beta and some people don't want to experience the faults that are inherent to beta products.

And so others move in. One of the new players is a browser called Browzar.

Browzar claims to eliminate all traces of your web activities and it has taken a lot of flak over that very bold claim and other issues.

A test by SpywareInfo revealed that the first claim is not entirely correct. SpywareInfo was able to find a copy of the last page visited in the browser cache. They also found some cached objects, saved by the Java plug-in. It did not save cookies or URL history, as far as they could tell.

See the entire article here.

Another problem are persistent claims that Browzar itself is spyware. This is not quite true but it does open to a hard-coded start page and that start page is a pay-per-click search engine.
SpywareInfo writes that there is no way to change that start page to a different address or, for that matter, any other options. It also has a search bar that uses the same search engine.

Roger Karlsson (creator of Bazooka and Koffix Blocker) has found a solution for the above problem by using a Hex editor. Take a look at his solution for changing Browzar's start page.

For those who don't want the bloat that comes with Nero 7, check this out:

http://www.msfn.org/board/index.php?showtopic=69886

The author of this installer also fixed the problem with Nero 7's mp3 decoder which causes songs on audio CDs to skip.

Edit: If you are having trouble uninstalling Nero 7, download the Nero cleaner utilities.

This has hit the wild, and although everyone's reported it already, there is a workaround and something to note about Dial-a-fix, so I figure I should let the users of my site know about it.

Basically, it is an exploit that affects WMF (Windows meta file — clipart) files via a bug in shimgvw.dll. This is kind of similar to the JPEG exploit from a while back.

More info: http://www.securityfocus.com/brief/89

To sort-of work around this, you can go to Start > Run > and type regsvr32 /u shimgvw.dll. Dial-a-fix *does* register this DLL via the Shell checkmark on the More… dialog, so if you use that section of Dial-a-fix and want to stay protected from WMF files until Microsoft issues a patch, you must regsvr32 /u shimgvw.dll again after using that section of Dial-a-fix. Note that there will be a loss in functionality in various sections of Windows, as shimgvw.dll does a lot of things for XP, not just thumbnails and Picture and Fax Viewer. Firefox is not directly affected, but if you open or save the WMF file when prompted, you will then be attacked (when shimgvw.dll creates a thumbnail of the WMF, or if you open it from Firefox).

BugTraq update:

If the exploit file is named with another graphics extension (i.e. .gif, .jpg, .png, .tif), the GDI library will still read it correctly as a WMF file and execute the exploit. As a result, all common graphics files can carry the exploit.

I feel I should elaborate on the previous post, so I am going to describe how to install and configure WinDbg so you can "try this at home". I am only doing this on a Windows XP machine, so if you are using a different platform/version, your mileage may vary.

First, install the Windows Symbol Package required for your operating system. I am using XP SP2, so I chose this Symbol Package.

Then install the Debugging Tools. Since I am using Windows XP on a 32-bit architecture (x86), I chose this package.

Install both the symbols package and the Debug Tools package. Restart if requested.

1.) Start > (All) Programs > Debugging Tools for Windows > WinDbg
2.) Press Control+S (or File > Symbol File Path) to bring up the "Symbol Search Path" dialog
3.) Enter the path you chose when you installed the symbol package (by default, it is C:\windows\symbols). Close WinDbg. If you are asked to save workspace "base", tell it not to ask again, and choose Yes.
4.) Download NTCrash2.zip and extract NTCrash2.exe out of the 'release' folder in the zip, and store it on your desktop (or wherever you like).
5.) Configure your recovery options as directed below:
5a) Right-click "My Computer", > Properties > Advanced tab > Startup and Recovery > Settings (see Figure 1)

Figure 1:

—

5b) Under the "System Failure" group box, checkmark all three checkmarks (Write an event, Send an alert, Automatically restart) if not checked already. In the "Write debugging information" sub-group box, change the drop down box to "Small memory dump (64KB)" and ensure that the "Small dump directory" is set to "%SystemRoot%\Minidump" (without the quotation marks) (see Figure 2)

Figure 2:

At this point, you should navigate to the minidump folder under the Windows folder of your system drive, and delete all of the files in there. (e.g., Start > Run > %SystemRoot%\Minidump)

Note: When you are done with this experiment, you should disable the "Automatically restart" checkmark in the "System Failure" group box. This way, if you get an actual fatal error, you will be able to see the STOP error code. We want it to automatically restart for this experiment for convenience (so that you do not have to hold the power button to turn your machine all the way off when we make it crash).

With all of these settings and tools in place, we are ready to begin. Close any open windows or dialogs, and double click NTCrash2.exe. Wait until your system reboots itself (crashes). If your system reboots itself, Windows will most likely want to send an error report when you return to Windows again. Do not send the error report (but if you do send it, Microsoft will probably tell you there was a fault caused by a device driver or service, or similar).

After the crash, launch WinDbg. Press Control+D (or File > Open Crash Dump…) and nagivate your way to C:\Windows\minidump (or wherever your Windows directory is. You can even type "%SystemRoot%\Minidump" in the file name box to jump directly to it). Select the minidump file. A bunch of nerd words will appear in a new sub-window. At the bottom is a command prompt area. You should type "!analyze -v" to get a stack dump. You'll probably see a file name or two that belongs to the service or driver that crashed when NTCrash2.exe was pounding it. The very first time I experimented with this whole procedure, I had Daemon tools 3.47 installed. I had known that the D-Tools service is called d347bus because it asks you for a name when you install it (and I left it the default name). d347bus was listed as the offending file when I analyzed the crash dump. Immediately thereafter, I downloaded and installed Daemon Tools 4.0 (be sure to uncheck the "DAEMON Tools Search Bar" when you install it – it's ad-supported (it's not malware or spyware, however). After I installed D-Tools 4, I was unable to make the system crash ever again.

As ToastyX has told me, input validation is a very basic, but commonly overlooked, programming procedure. It's the first thing your program should do! You can't just accept garbage from anywhere and then just allow Windows to throw an exception over it. Thankfully, the Daemon Tools team corrected the problem in the 4.0 release. I also noticed that most machines that have Symantec products installed (such as Norton Internet Security 2005) blow up when NTCrash2 pounds on them. I don't recall the exact filename, but it was one of the many, many services that gets installed when you use Symantec/Norton products.

Results 1 - 10 of about 4,120,000,000 for *.*. (0.05 seconds) [results vary depending on the current google server being queried]

I just stumbled across something astonishing. A query so simple, yet so elegant…

Just a few minutes ago, I discovered that if I type:
*-*
or
*.* – [Thanks ToastyX!]
in the query box at google, I can search the entire internet.
But seriously — the results are crazy. See for yourself! : http://www.google.com/search?hl=en&lr=&q=%2B*-*&btnG=Search
Seems it works on froogle, too.

Everything is highlighted. All of your terms have been matched!

[See also: http://www.google.com/search?q=%2B*-*&hl=en&lr=&start=4120000000&sa=N (notice the number overflow - 1073741824]
Now for my next questions: what determines the order? Where are these results being pulled from? Why this order?

Ah I love stuff like this!

http://www.fusor.us/lockpick.html

From the site:

I have had to throw out several locks because I have lost the combination. I recently found a lock and I really hate to throw these things out, and I'm sure you do to (since you're reading this), so here it is: I have read many places online that this is completely impossible, but it's not. It takes a little math, a lot of brute forcing, and some thinking. This is a step by step guide to cracking a master lock combination.