Is there anything this guy won’t make a video for? This is a great example of what you can do with a Windows Live CD.
http://www.irongeek.com/i.php?page=videos/barts-pe-builder-intro
Make sure you check his other videos … they’re all really good and very informative.
Oh, the fun you could have with this. Basically, with this tool you can sit between two AOL IM users and control what is said and received by each party.
This is semi-old news, but if you haven’t heard of it, you’re really missing out.
From the original link:
http://searchwindowssecurity.techtarget.com/tip/0,289483,sid45_gci1219830,00.html
Anatomy of the Blue Pill attack
Kevin Beaver, CISSP
10.02.2006
Rating: -4.00- (out of 5)A Blue Pill has been stirring up talk lately about the hardening of Windows Vista. No, I’m not talking about Viagra. Rather, security researcher Joanna Rutkowska’s Blue Pill attack, a malware exploit introduced recently that has gotten the attention of Microsoft and the security community. So, what exactly is this exploit and what can be done about it? Read on.
It used to be that researchers and attackers were looking at Windows exploits at a much higher level. Null sessions, weak share permissions, Registry hacking and password cracking were the bomb a few years back. Now, with the Blue Pill attack — and arguably many more to come — Microsoft is seeing that interested parties in the security community are taking things up a few notches.
More information on Vista vulnerabilities
# Vista’s security features: What to expect
It is not here yet, but Windows Vista will provide quite a few security features that administrators will be able to take advantage of right away.The Blue Pill exploit code — which bypasses Microsoft’s digital signature protection for kernel mode drivers — relies on a set of extensions in the Advanced Micro Devices Inc. (AMD) new 64-bit AMD Athlon processors called Secure Virtual Machine (SVM). With SVM, software developers are able to manipulate processor registers, interrupts, input/output and so on for virtual machine functionality at the hardware level. Ah, the sweet memories of assembly language programming are coming back! The Blue Pill attack itself manipulates kernel mode memory paging and the VMRUN and related SVM instructions that control the interaction between the host (hypervisor) and guest (virtual machine). This permits undetected, on-the-fly placement of the host operating system in its own secure virtual machine allowing for complete control of the system including manipulation by other malware. That’s it in a nutshell.
All in all, the Blue Pill discovery is fascinating. Certainly a lot of smart minds are thinking of ways that hardware and software can be manipulated to keep software vendors and processor manufacturers on their toes (Intel included, since this type of attack could affect its virtualization technology, too). Obviously, Microsoft, AMD and the anti-malware vendors still have some work to do, and undoubtedly there will be more virtualization hacks.
End of our virtual worlds?
Should you avoid the 64-bit AMD processors that support SVM? Do you disable SVM in your systems’ BIOS? Do you stay away from virtualization technologies altogether? Do you not deploy Vista? Do you wait until your anti-malware vendor comes up with a solution?
The simple answer to all those questions is a resounding no. First of all, the Blue Pill attack is more of a proof of concept that operating systems are never going to be completely bulletproof — at least not as long as humans are involved. Furthermore, a lot of things have to fall into place in just the right fashion (including administrator-level access) for the Blue Pill exploit to even be possible.
I think we’ve got much bigger problems to be worried about than a malware weakness affecting a pre-release version of an operating system written for one specific processor architecture that requires administrator access, and won’t even survive a reboot! If we can ever get past human laziness and oversight leading to default OS configurations, weak passwords, missing patches, minimal file access controls, Web applications that don’t validate input and so on, then (and only then) should we worry about security flaws such as this one making a huge impact in our environments. It’s a hard pill to swallow, but we’ve got to fix the basics first if security’s ever going to be improved.
About the author: Kevin Beaver, an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC, spent six long years obtaining his degree in computer engineering, which included a lot of Blue Pill-like bit and byte manipulation. He has more than 18 years of experience in IT and specializes in performing information security assessments regarding compliance and IT governance. Kevin has written six books, including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@principlelogic.com.
In trying to get my new MacBook in shape for everyday use (if I decide to switch from my 15.4″ widescreen FreeBSD laptop), I decided to see if I could get Thunderbird setup with GnuPG (GPG) for signing and encrypting e-mail. I had a pretty easy experience figuring this stuff out although there was a few things that weren’t explained very well, in my opinion, and I want to document the process I went through to get this working on Mac OS X 10.4.8 for any others out there who may be interested. Having it all in one place will do me well if any reinstalls come about in the future.
I have been interested in and using computers since I was like 11 or 12. I have personally owned many computers over the years and used a number of different operating systems personally and professionally. My first PC was an IBM 8088 running various versions of DOS, then on to Commodore with an Amiga 500 and then an Amiga 1200. I got my first 486 PC after graduating high school in 1995. From that point forward I have used a number of operating systems and platforms.
I have used different versions of DOS, every version of Microsoft Windows from 3.11 for Workgroups to Windows Vista Beta, Amiga Workbench 1.2 and 1.3, various flavors of Linux like Mandrake, Red Hat, and Fedora, Solaris 2.6 and 2.8, IBM’s AIX (4.3.x - 5.x), OS/2 Warp, and am now extremely satisfied with and a “fanboy” of FreeBSD.
I have enjoyed the different environments, windowed or command line, that each of the operating systems has offered. In the *NIXs, specifically FreeBSD, Fluxbox is my window manager of choice. Gnome and KDE are great window managers but a bit too bulky for my taste these days. I have customized my Windows XP desktop to be as minimal as possible, and enjoy it like that, but the underlying system is still not my operating system of choice for daily personal use.
xbook:~ cross$ uname -a
Darwin xbook 8.8.1 Darwin Kernel Version 8.8.1:
Mon Sep 25 19:42:00 PDT 2006;
root:xnu-792.13.8.obj~1/RELEASE_I386 i386 i386
I have a lot to learn. That’s all I have to say about my new toy right now…
Until next time…
This is rather interesting … someone has written a script (an open-source one, at that) that will remove all of the junk that’s installed on a new PC.
Here’s the link from TinyApps.org.
And the author’s page: http://www.yorkspace.com/pc-de-crapifier/
Currently Uninstalls
The user can select exactly what is uninstalled from the list below
* QuickBooks Trial
* NetZero Installers
* Earthlink Setup Files
* Corel Photo Album 6
* Tiscali Internet
* Wanadoo Europe Installer
* Get High Speed Internet!
* Internet Service Offers Launcher
* Dell Search Assistant
* Norton Ghost 10.0
* Symantec Live Update
* MS Plus Photo Story 2LE
* MS Plus Digital Media Installer
* McAffee
* Norton Internet Security
* Google Desktop
* AOL US
* AOL UK
* MusicMatch Jukebox
* MusicMatch Music Services
* Wild Tangent Games
* Norton AntiVirus 2005
* Norton Security Center
* Norton AntiSpam
* PC-cillin Internet Security 12
* Run Registry Entries
* Desktop Icons
* Corel WordPerfect
* Roxio RecordNow
* Sonic DLA
* Sonic Update Manager
* Sonic RecordNow Audio
* Sonic RecordNow Copy
* Roxio MyDVD LE
* Microsoft Office Standard Edition 2003
* Quicken 2006
If you’ve never played Trade Wars, then you missed out on some cool BBS action back in the day. I’m sure Jeff remembers the game.
Anyway, I got this email today and thought that I would pass it on. I completed both the one question survey and the other 10 or so question one.
—————————- Original Message —————————-
Subject: Trade Wars Survey
From: “John Pritchett - EIS”
Date: Fri, October 13, 2006 3:12 pm
————————————————————————–
Dear Trade Wars fan,
As we approach the 20th anniversary of the original release of Trade Wars
(December, 1986), I am pleased to announce that I have reached an
agreement with Sylien Entertainment to develop a long-overdue graphical
remake of this classic game. But before we can proceed, we need your
help. Because Trade Wars is 20 years old, I have lost touch with all but
a small percentage of its fanbase. Unless we can reach out to this
fanbase and prove that interest in Trade Wars still exists, we will be
unable to secur
e the funding necessary to complete this project.
To accomplish this, we are running a small survey to estimate the number
of people who have played or hosted Trade Wars over the years. By
answering this one-question survey, you will enable us to demonstrate the
great potential of a new Trade Wars project. Nothing else will be
required of you, but if you choose, you may request to receive a monthly
Trade Wars newsletter with updates on our progress. And if you really
want to help out, you can complete an optional, more extensive survey.
We would lov
e to learn more about your experience with Trade Wars.
The survey is located at http://www.sylien.com/survey.php
For this effort to succeed, I need you to forward this email to anyone who
might be in contact with a past Trade Wars player or game host. Most of
them have been away from the game for many years, and this is our only
hope of reaching them.
Thank you for helping us to update this classic game for a new generation
of gamers!
John Pritchett, EIS
jpritch@eisonline.com
NOTE: You are receiving this email because you are an EIS customer, a
member of one of several active Trade Wars forums, or because it was
forwarded to you by someone who believes you are interested in this game.
You do not need to take any action to avoid receiving future emails.
If you’ve used Firefox for longer than a day, you’re bound to have found that if you middle-click a link it will open a new tab. And surely you’ve also learned that middle-clicking a tab closes it.
Unless you’re running Firefox in Linux.
There is no option for middle-clicking a link to close it. I used to install TabBrowser Preferences to give me the middle-click option, but Jeff found a way to achieve the same goal without installing any additional software.
Type about:config in the address bar.
Do a search for middle and find the entry labelled: middlemouse.contentLoadURL
Change the value to false.
Now you can close a tab by middle-clicking on it.
Thanks, Jeff!