Discussion Topic |
|
This thread has been locked |
Nefarius
Big Wall climber
somewhere without avatars.........
|
|
|
Topic Author's Reply - Sep 19, 2008 - 08:25pm PT
|
I think ST owes Rox and I some free stuff, honestly. We found and exploited a bug that wasn't known yet and showed the potential for bad stuff to the ST folks...
I'm thinkin' the ST book collection, in electronic form, at least. There's at least a few I still don't own. Maybe a couple of beers too.
|
|
Hardman Knott
Gym climber
Muir Woods National Monument, Mill Valley, Ca
|
|
|
Sep 19, 2008 - 08:46pm PT
|
I took a screenshot of the ad that was on the page last night: (scaled down to fit)
Is that one still up? I ask because I have an ad blocker on and only saw it
when I went into XP via VMWare, Insidentally, I still have the whole thread
open showing all the avatars, however I can't archive the page because I'm
getting the endless hourglass after I clicked "OK" to "you are about to be banned"...
|
|
Dr. Rock
Ice climber
http://tinyurl.com/4oa5br
|
|
|
Sep 19, 2008 - 09:01pm PT
|
The animated gifs are cool for a while, but get really anoying after a while.
The best way to do it is to have an auto resizer to limit to around 150 by 150, most forums use 125, but screens have been getting larger.
Or if the auto resize is not an option, just have everybody be cool and post a 150 by 150 jpg and be done with it.
|
|
kunlun_shan
Mountain climber
SF, CA
|
|
|
Sep 19, 2008 - 09:27pm PT
|
Rokjox, no I'm knott guessing. There are often unpatched computer vulnerabilities that can be exploited. Subscribe to some of the computer security lists and you'll see how these are regular occurrences. I'm not a coder that can whip up a demo of remote code execution for you, but there are people who do that for a living, usually working for spammers and the Russian mob. There were patches issued just 2 weeks ago by Microsoft for a bug... see below and the link to the M$ site.
http://voices.washingtonpost.com/securityfix/2008/09/microsoft_patches_for_eight_se.html
"The most important and urgent of these patches addresses five vulnerabilities in the Windows graphics device interface (GDI), a component of Windows that is used in rendering certain types of images. Hackers could exploit this flaw to compromise Windows PCs just by convincing users to visit a malicious or hacked Web site with Internet Explorer."
This doesn't relate directly to the ST forum bug. Even with what they fixed so the avatars won't appear, if users are running Windows and whatever version of Internet Exploder, unless they are patched... a "hacker" who knows how to take advantage of this vulnerability could create an image that could run code to do whatever they want.
Similarly, you can buy remote monitoring software over the web. Just pay the money and if you can convince someone to click a link, it'll install software that records all the keystrokes, images, whatever runs on that machine, and sends it off to wherever you choose on the internet. Supposed to help parents find out if their kids are doing drugs at college, if their spouses are cheating, etc. Of course its illegal to do this on a computer that's not your own, but that doesn't stop some people.
I could go on and on.....personally I don't use Windows for the above reasons. I have enough to do, without having to protect my computer from being owned and becoming part of a botnet.
Edit. read this series if you are skeptical:
http://voices.washingtonpost.com/securityfix/web_fraud_20/
|
|
Dr. Rock
Ice climber
http://tinyurl.com/4oa5br
|
|
|
Sep 19, 2008 - 09:32pm PT
|
I use 98 for surfing, supposed to be the most vunerable, but no problems yet.
I do not think a lot of hackers are writing code for P3 machines running 98.
Funny thing, they had a hundred of the best hackers down the street at Yahoo last weekend, camped out on the lawn, and the WiFi network in Mt View went down.
Either Google pulled the plug to avoid a hack, or the hackers brought it down, encouraged by Yahoo, of course, free cokes and pizza!
|
|
Nefarius
Big Wall climber
somewhere without avatars.........
|
|
|
Topic Author's Reply - Sep 19, 2008 - 10:14pm PT
|
Y2K!!!! Yer gonna die!!!!111
:)
|
|
Nefarius
Big Wall climber
somewhere without avatars.........
|
|
|
Topic Author's Reply - Sep 19, 2008 - 10:16pm PT
|
Actually... The java call did come from the exploit we were using, Rox. The java script call was called form the "From:" field, just as the avatars were.
|
|
Dr. Rock
Ice climber
http://tinyurl.com/4oa5br
|
|
|
Sep 19, 2008 - 10:42pm PT
|
This must be a really old rev of the pph forum software or whatever its called?
I think you have to buy a new server if you up rev, thus the antiquity?
Can we get a 64 bit server for chrissakes?
|
|
Dr. Rock
Ice climber
http://tinyurl.com/4oa5br
|
|
|
Sep 20, 2008 - 12:40am PT
|
That's a link to a Rick James avatar, Bi-Atch!
|
|
|
SuperTopo on the Web
|
Let us know!