Entry 41155 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 41155

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/07/09 [General] UID:1000 Activity:popular

7/9

2005/12/28-2006/1/4 [Computer/SW/OS/Windows] UID:41155 Activity:nil

12/28   0 day windows exploit in the wild
        http://isc.sans.org
        \_ What's the innovaguest(?) site at the end of the movie?  Is it
           trying to phish or transfer funds or what?
        \_ What the hell does the "0 day" part mean?
           \_ seems to be the site where you can pay for winhound, if
              you're clueless enough.  it's like (secretly) poisoning a
              guy, and then saying "oh look I happen to have an antidote
              you can buy for $xxx."  probably some russian hackers or so

2025/07/09 [General] UID:1000 Activity:popular

7/9

You may also be interested in these entries...

2013/3/25-5/18 [Computer/SW/OS/Windows] UID:54639 Activity:nil

3/25    It's strange that only every other Windows version is a hit.
        NT 4.0: hit
        2000:   flop
        XP:     hit
        Vista:  flop
        7:      hit
	...

2013/2/19-3/26 [Computer/SW/OS/OsX] UID:54611 Activity:nil

2/19    I program a lot by sshing to a Linux cluster.  So I'm used to using
        Xemacs to code.  This works fine from a Linux or Windows workstation,
        but sometimes I have to use a Mac.  On Mac, the meta is usually
        bound to option, but that often doesn't work over ssh for some reason.
        This makes using emacs a real pain.  Any suggestions on how to fix it?
        (Other than "use vi")
	...

2012/3/15-6/1 [Computer/SW/Languages, Computer/SW/OS/Windows] UID:54340 Activity:nil

3/15    Why does MS put double-quotes around the '8' in Windows Server 8, like
        the following?
        - Windows 8
        - Windows Server "8"
        \_ Because when they didn't do it, code didn't see the '\0'
           and went over?  Looks better than '8','\0' *shrug*
	...

2012/2/23-3/26 [Computer/SW/OS/Windows] UID:54312 Activity:nil

2/23    fixboot wrote FAT boot sector to my WinXP hard drive.  How can I convert
        the drive back to NTFS?
        \_ Does C:\WINDOWS\system32\convert.exe work?
	...

2011/12/21-2012/2/6 [Computer/HW/Laptop, Computer/SW/Editors/Emacs] UID:54269 Activity:nil

12/21   In Emacs, how do I make it so that it will resize its screen
        when the maximum resolution of my monitor changes? When I
        use my laptop, my emacs is too big (and I can't resize it
        because the bottom-right corner is not accessible).
        \_ Which OS?  Can't you drag the top border (not a corner) to resize
           the height to be smaller?
	...

2011/12/23-2012/2/6 [Computer/Rants] UID:54271 Activity:nil

12/23   http://venturebeat.com/2011/12/22/uc-berkeley-google-apps
        Oh noes! What Would Bill Gates Do?
        \_ http://lauren.vortex.com/archive/000701.html
           Microsoft to Transition Corporate IT to Google Apps
	...

2011/11/27-2012/1/10 [Computer/HW/Drives] UID:54244 Activity:nil

11/27   CalMail has been down for a few days (hardware failure and database
        corruption -- sounds like fun!) and is starting to come back online.
        Looks like they're planning to outsource all campus mail to either
        Google Apps or Microsoft 365 as part of Operational Excellence.
        <DEAD>kb.berkeley.edu/jivekb/entry!default.jspa?externalID=2915<DEAD>
        \_ http://ist.berkeley.edu/ciocalmailupdates/november-30-2011
	...

2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil

11/8    ObM$Sucks
        http://technet.microsoft.com/en-us/security/bulletin/ms11-083
        \_ How is this different from the hundreds of other M$ security
           vulnerabilities that people have been finding?
           \_ "The vulnerability could allow remote code execution if an
               attacker sends a continuous flow of specially crafted UDP
	...

2011/5/19-7/30 [Computer/SW/Security] UID:54110 Activity:nil

5/19    Uh, is anyone still using this? Please mark here if you post and
        haven't added this yet. I'll start:
        \_ person k
        \_ ausman, I check in about once a week.
        \_ erikred, twice a week or so.
        \_ mehlhaff, I login when I actually own my home directory instead of
	...

Cache (3006 bytes)

isc.sans.orgThere has been some debate among the handlers about this step, but considering that a lot of people are on holidays and might otherwise miss the WMF 0-day problem, we have decided to raise the alert level. com/weblog/ for an update on the versions of the exploit found in the wild. Working exploit code is widely available, and has also been published by FRSIRT and the Metasploit Framework. Regarding DEP (Data Execution Protection) of XPSP2, the default settings of DEP will not prevent this exploit from working. Microsoft Technet ), the WMF exploit attempt will result in a warning and not run on its own. While the original exploit only refered to the Microsoft Picture and Fax Viewer, current information is that any application which automatically displays or renders WMF files is vulnerable to the problem. This includes Google Desktop, if the indexing function finds one of the exploit WMFs on the local hard drive - see the F-Secure Weblog mentioned above for details. Is there any IP address range or individual IP address that was annoying the daylight out of you in 2005? An address where you tried and tried to contact the ISP to have a malware, botnet controller, exploit page removed, but to no avail? x (AS31159) Provider: Netcathost, Kiev, Ukraine Reason for claim to fame: Hosting exploits, browser hijackers and CoolWebSearch related annoyances since several months. Ignoring, bouncing, or rejecting any complaints to the abuse contacts. biz is being implicated in the currently ongoing WMF 0-day exploit mania. The dropper will then download Winhound, a fake anti-spyware/virus program which asks user to purchase a registered version of software in order to remove the reported threats. During the test Johannes ran, it was interesting that the DEP (Data Execution Prevention) on his system stopped this from working. However, as this was tested on a AMD64 machine, we still have to confirm whether (or not) the software DEP also stops this - let us know if you tested this. Internet Explorer will automatically launch the "Windows Picture and Fax Viewer". In my install of Firefox, a dialog box will ask me if I would like to load the image in "Windows Picture and Fax Viewer". Searching money, finding exploit Published: 2005-12-28, Last Updated: 2005-12-28 08:27:43 UTC by Daniel Wesemann (Version: 1) Every now and then, when using completely benign search terms in Google and others, the results that come out on top range from "not nice" to "outright hostile". The site is booby-trapped with an exploit variant of MS05-054 that is not yet detected by AV. An URL returned by a search engine is not necessarily more trustworthy than one that you receive in a spam message that offers "che ap replcia wathces". Published: 2005-12-28, Last Updated: 2005-12-28 00:51:50 UTC by Deborah Hale (Version: 1) We have received a few emails today advising us that users are receiving popups while on IM. These emails try to convince you to click on a link that is purported to be MyPictures.