Re: [CGUYS] CanSecWest
It happens the same as it happens in every OS, errors in code. Exploits written to take advantage of the errors. Your question about Miller starting as admin...he is on another machine and by remote over the network takes over the mac via a Safari exploit. Oh, right. Of course. Sorry to be slow, there. So the question is, after he has remotely taken over the mac, does he have admin rights there? I haven't seen anything saying either way, only that in his words he has 'taken over the mac'. Yes, thanks for clarifying; that's my question. I spose (I hope) he has hold of no more than the current user-- On Fri, Mar 20, 2009 at 4:01 PM, Jennifer Hiebert jenn.hieb...@gmail.com wrote: I'm curious about some of Miller's statements to zdnet afterward ( http://blogs.zdnet.com/security/?p=2941, linked at the bottom of the tippingpoint entry), e.g. It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows. It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti- exploit stuff built into it. Do folks here know, is Miller starting as an admin user, e.g.? [I don't want to start any bonfires; I love my Mac, and don't plan to ditch it, but statements like these make me wonder how it's happening.] Jennifer Hiebert On Mar 19, 2009, at 11:44 AM, mike wrote: CanSecWest kicked off again.. http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits \ Safari, IE 8 and firefox all taken down easily by the same guy who took Apple down last year. So far chrome is the only left standing, although that seems to be more from lack of trying then anything. They are supposed to take cracks at the mobile market next, that should be more interesting. Mike * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http:// www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http:// www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] CanSecWest
It happens the same as it happens in every OS, errors in code. Exploits written to take advantage of the errors That's true, but still the quote was pretty interesting. It didn't get much of a response here, so I wonder if it got sort of buried in the larger excerpt: The things that Windows do to make it harder [for an exploit to work], Macs don't do. Hacking into Macs is so much easier. You don't have to jump through hoops and deal with all the anti-exploit mitigations you'd find in Windows. Doesn't exactly comport with the conventional wisdom, but it's hard to argue with someone who seems to do this more or less as a living. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Silly but important question...
Oops... I changed the computers... Was able to reinstall the Favorites, have connected Excell and Word with the D: Data drive. Will struggle now with the addresses in Palm and the Splash ID Data. What a pain. To make my week end more stressful (fun?), Windows XP Home is not allowing me to enter as administrator... I have not much experience with Windows Home (I used to have Professional). I can predict hours in the computer and troubles with the wife... Disappointed that now I have 4 giga memory, a very good mother board and I keep still having the sign that I am not having enough resources... Very disappointed... Thank you you all! Any help is appreciated. Marcio -Original Message- From: Rev. Stewart Marshall popoz...@earthlink.net Sent: Mar 18, 2009 6:04 PM To: COMPUTERGUYS-L@LISTSERV.AOL.COM Subject: Re: [CGUYS] Silly but important question... There might be more than one. Stewart At 02:14 PM 3/18/2009, you wrote: Yes but where is the favorites directory?... The folder I find with the name favorites seems to have nothing on it... Marcio -Original Message- From: Chris Dunford ch...@covesoftware.com Sent: Mar 18, 2009 1:45 PM To: COMPUTERGUYS-L@LISTSERV.AOL.COM Subject: Re: [CGUYS] Silly but important question... I am not sure why we make this stuff all so hard. ... For IE I go to the favorites directory and copy it to a memory stick and again copy them to the new system in the favorites location there and when Is tart up IE it finds all my books marks. I agree. This is what I said to do originally, in the first reply to his inquiry. It's not necessary to tart up IE, though. It's already tarted up. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * Rev. Stewart A. Marshall mailto:popoz...@earthlink.net Prince of Peace www.princeofpeaceozark.org Ozark, AL SL 82 * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
[CGUYS] Windows resources [Was: Silly but important question...]
Quoting Marcio m...@ix.netcom.com: Disappointed that now I have 4 giga memory, a very good mother board and I keep still having the sign that I am not having enough resources... Very disappointed... Well that doesn't make much sense. What are you doing when you get that message? I'm running a Toshiba laptop that started out with 512MB mem. (now 2G), 1.7 GHz, and never had any resource issues. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] CanSecWest
At 9:31 AM -0400 3/21/09, Chris Dunford wrote: It happens the same as it happens in every OS, errors in code. Exploits written to take advantage of the errors That's true, but still the quote was pretty interesting. It didn't get much of a response here, so I wonder if it got sort of buried in the larger excerpt: The things that Windows do to make it harder [for an exploit to work], Macs don't do. Hacking into Macs is so much easier. You don't have to jump through hoops and deal with all the anti-exploit mitigations you'd find in Windows. Doesn't exactly comport with the conventional wisdom, but it's hard to argue with someone who seems to do this more or less as a living. One of the things he is referring to is Address Space Layout Randomization (ASLR), which is supposed to mitigate against buffer overflow attacks. Here is what Symantec has to say about ASLR in Vista: Abstract: Address space layout randomization (ASLR) is a prophylactic security technology aimed at reducing the effectiveness of exploit attempts. With the advent of the Microsoft® Windows Vista operating system, ASLR has been integrated into the default configuration of the Windows® operating system for the first time. We measure the behavior of the ASLR implementation in the Windows Vista RTM release. Our analysis of the results uncovers predictability in the implementation that reduces its effectiveness http://www.symantec.com/avcenter/reference/Address_Space_Layout_Randomization.pdf In Wikipedia there is this note about Mac OS X: Apple introduced randomization of some library offsets in Mac OS X v10.5[7], presumably as a stepping stone to fully implementing ASLR at a later date. Their implementation does not provide complete protection against attacks which ASLR is designed to defeat http://en.wikipedia.org/wiki/Address_space_layout_randomization A problem here is the NDA (Non-Disclosure Agreement) the crackers have to agree to; we won't know the details about the exploit until long after the hoo-raw has died down. So we don't really know if the crack is significant or not. Or if the person quoted above is being overly dramatic in his estimation of the ease of cracking Mac OS X. -- Roger Lovettsville, VA * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] CanSecWest
So we don't really know if the crack is significant or not. Or if the person quoted above is being overly dramatic in his estimation of the ease of cracking Mac OS X. Roger, I don't disagree with anything you said, except for that last sentence: since hacking appears to be the guy's raison d'etre, and since he has hacked both Windows and Mac systems, I don't think we can really call it estimation. I wouldn't quibble if that were rephrased as, Or if the person quoted above is being overly dramatic about how easy it is to crack OS X. It's just the word estimation, really. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Windows resources [Was: Silly but important question...]
This is what puzzles me... I will observe... Thanks Marcio -Original Message- From: Reid Katan ka...@his.com Sent: Mar 21, 2009 1:41 PM To: COMPUTERGUYS-L@LISTSERV.AOL.COM Subject: [CGUYS] Windows resources [Was: Silly but important question...] Quoting Marcio m...@ix.netcom.com: Disappointed that now I have 4 giga memory, a very good mother board and I keep still having the sign that I am not having enough resources... Very disappointed... Well that doesn't make much sense. What are you doing when you get that message? I'm running a Toshiba laptop that started out with 512MB mem. (now 2G), 1.7 GHz, and never had any resource issues. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
[CGUYS] Now the Word...
My wife is refusing to use Word 2007. She is lost. I tried to help and I myself feel that I must work with it at least three months daily to get an idea on how it works... Well... I installed Word 97... yeas the old Word 97... Now I only have one problem that I have not been able to solve for hours... How can I make the default font Arial 12?... When I start the program it goes to Arial 10... Why? Many thanks Marcio * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Now the Word...
Open a document and set all the parameters that you want . (font, size, margins etc.) Save the document as normal.doc If word does not allow you to save this save it on your desktop and then close word and copy it to the location. c:\documents and settings\name of your computer\My Documents\WINWORD\TEMPLATE This is the template document that Word loads up every time it runs. Also note there was a program you could purchase that got you the old Menu system to run Word 2007. It does have a large learning curve. Stewart At 05:40 PM 3/21/2009, you wrote: My wife is refusing to use Word 2007. She is lost. I tried to help and I myself feel that I must work with it at least three months daily to get an idea on how it works... Well... I installed Word 97... yeas the old Word 97... Now I only have one problem that I have not been able to solve for hours... How can I make the default font Arial 12?... When I start the program it goes to Arial 10... Why? Many thanks Marcio * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * Rev. Stewart A. Marshall mailto:popoz...@earthlink.net Prince of Peace www.princeofpeaceozark.org Ozark, AL SL 82 * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Now the Word
Funny you should ask this, Marcio, as I have a friend who phoned about exactly this issue yesterday. Once you open Word, go to Format, then Font (from the Format menu!). Select the settings that you want when you open a new Word document, and then select the Default button at the lower left of the dialog box. I'm using Word for Mac OS X, but I think this is pretty standard for most versions of Word. Good luck! Mical Wimoth Carton chrper...@aol.com Date:Sat, 21 Mar 2009 19:40:31 -0300 From:Marcio m...@ix.netcom.com Subject: Now the Word... MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit My wife is refusing to use Word 2007. She is lost. I tried to help and I myself feel that I must work with it at least three months daily to get an idea on how it works... Well... I installed Word 97... yeas the old Word 97... Now I only have one problem that I have not been able to solve for hours... How can I make the default font Arial 12?... When I start the program it goes to Arial 10... Why? Many thanks Marcio * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *