March
26th
2009
I Will Survive – Gloria Gaynor
评分: 
Loading ...March, 2009的归档
LikeMarch
26th
2009
微软、HP相继发布安全工具
评分:
Loading ...微软在最近的 CanSec West 上发布了自己的免费开源的安全工具. 名为 !Exploitable (官方读作: 砰! Exploit) 以 Win Debugger 的插件形式发布, 可以帮助分析(PE)程序的漏洞. 该程序能够利用被微软称为主要hash和次要hash的两组特征值为崩溃信息分类, 将同一缺陷引起崩溃的分为一类. 从而定义软件缺陷的可利用性. 为了演示 !Exploitable 程序的实用性, 微软安全科学小组的内部测试曾用四个不同的Fuzz测试程序(fuzzer)测试最近获得的同一软件. !Exploitable从57次由模糊测试引起的不同崩溃中识别出15处安全问题, 其中只有1处被分类为可利用.
阅读全文 »
March
5th
2009
Disable Thumbnail Preview in Windows
评分:
Loading ...This article describes a step by step process for disabling Thumbnail previews for faster computer browsing. Follow the steps below to disable thumbnail previews for a faster computer experience.
The below mentioned process makes use of a simple hack which effectively makes use of regsvr32.
regsvr32 is a command-line utility in Microsoft Windows operating systems for registering and unregistering DLLs and ActiveX controls in the Windows Registry. Using the hack mentioned below, we de-register the associated DLLs which control the preview generation for the specific files. Once the DLLs are de-registered, the thumbnail preview generation process is not initialized.
Disable Thumbnail Preview of Video and Media Files
1.) Click on Start –> Run
2.) Type in regsvr32 /u shmedia.dll for disabling thumbnail preview for video and media files. This will disable the thumbnail preview generation for video and other media files.
In order to restart the thumbnail preview generation process, type regsvr32 shmedia.dll at Run and re-open the folder.
Disable Thumbnail Preview of Images
1.) Click Start –> Run.
2.) At Run type regsvr32 /u shimgvw.dll to disable thumbnail preview generation of images.
In order to re-enable thumbnail preview generation of images, type regsvr32 shmedia.dll at Run and refresh or re-open the folder. This will again register the DLL shimgvw.dll with the registry and thus allowing for thumbnail generation for image type files.
This above hack will help you definitely speed up your computer and also avoid it from getting crashed in case of a corrupted file/ missing codec which at times can even lead to 100% CPU utilization.
March
4th
2009
黑客大赛冠军称Safari安全性最差
评分:
Loading ...PWN2OWN黑客大赛即将于3月18日开赛,该项比赛上届奖金得主查理·米勒(Charlie Miller)日前表示,苹果公司的Safari浏览器仍将是其首要攻击对象.
米勒目前是一家安全咨询公司的首席分析师.在去年的黑客大赛上,米勒只花了几分钟的时间就成功入侵了苹果笔记本,并获得10000美元奖金.
本月底在英属哥伦比亚省温哥华的CanSecWest安全大会上,将迎来第三届PWNOWN黑客大赛.参赛者每次成功利用Safari、IE 8、火狐和Google Chrome浏览器的一个新漏洞,将获得5000美元的奖金.IE8和Chrome将运行在一台运行Windows 7的笔记本上,而Safari和火狐则运行在苹果公司的MacBook上.
米勒表示,苹果的产品对用户非常友好,Safari被设计可用来处理所有事情,其中包括支持所有类型的文件格式,不过功能越多也意味着出现漏洞的机会越多.软件越复杂,其安全性通常就越低.
米勒认为,另一个导致Safari更容易被攻破的因素是苹果的Mac OS X,它缺少Windows Vista和Windows 7中的有效防护.将Safari放在Mac OS X上,该攻击目标更容易被攻破.
米勒预测称,IE8和火狐被入侵的难度非常大,据其分析测试结果显示,这两个浏览器比较安全.他表示,5000美元不足以激励他去费大力气来攻击这两个浏览器.至于Google Chrome浏览器,感觉也不会被轻易攻破.
另外,米勒还一直在磨炼自己的移动设备攻击技能,他是首位发现Google Android安全漏洞的研究者,他还打算参加第二场PWN2OWN大赛,在该比赛中,参赛者要对Windows Mobile、Android、Symbian和iPhone及黑莓手机的操作系统进行攻击.对于比赛中成功利用的每一个漏洞,主办方将支付10000美元奖金.
不过,米勒没有透露他将攻击哪一个智能手机.但是他更可能将目光瞄准iPhone,2007年该设备初次亮相几周后,米勒就是发现其存在安全缺陷的三名安全专家之一.
March
3rd
2009
Solve Problem for Opening .chm File
评分:
Loading ...This problem is a result of a security update Microsoft made which restricts opening certain files on the local network which could run malicious code. Here is a link to a description of the problem: http://support.microsoft.com/kb/896358
INSECURE SOLUTION:
The solution is to modify your registry to relax the security for accessing files on your network. There are several examples on how to relax those settings on the page above. Many require you to know which applications and types of files need to be un-restricted. The following will relax restrictions for your entire internal network.
- REGEDIT4
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions]
- "MaxAllowedZone"=dword:00000003
- "EnableFrameNavigationInSafeMode"=dword:00000003
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions]
- "MaxAllowedZone"=dword:00000003
You can just copy and past the above into notepad and save as a .reg file, then run it.
You use this at your own risk.
RECOMMENDED SOLUTION:
The recommended solution is to simply tell the HTMLHelp system which remote folders you are willing to trust by adding a ‘UrlAllowList’ item to the HTMLHelp ‘HHRestrictions’ key.
As an example, assume that the .chm file you want to reach is in root of C drive and that the help packages are in C:\windows\Help. The required registry entry is then:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions]
- UrlAllowList=file://C:\ABC.chm;C:\Windows\Help;
March
2nd
2009
Shutdown or Restart Windows from Command
评分:
Loading ...In order to shutdown or restart the Windows with just one click shortcut or from command prompt or command line, users can use shutdown command line utility/command that comes with Windows 2000 (with the Resource Kit installed) and Windows XP or Windows Vista (native). To access shutdown command, simply go to DOS command prompt by clicking on Start -> All Programs -> Accessories -> Command Prompt or Start -> Run and then type in Cmd to launch a command prompt window.
To create a one-click shortcut to shutdown the Windows computer, right click on your desktop or any folder (or click at File at toolbar), and then select New, and then click on Shortcut. A New Shortcut wizard will ask for location of this item. In the textbox, type “shutdown -s -t 01″ (without quotation marks). Click on Next when done. When ask for a name for the shortcut, give any descriptive name you prefer, such as Shutdown. Then click on Finish, and you can now use the shortcut created to shut down PC immediately after click.
If you want to create a shortcut that quick restart the Windows instead of shutting down the computer, follow the above instruction, but “shutdown -s -t 01″, key in “shutdown -r -t 01″ for location of this item. Again, give a proper descriptive name to the shortcut, such as Restart, and the shortcut is ready to be used to restart the Windows right after click.
As in the shutdown command above, -s parameter will shutdown the computer, while -r will shutdown and restart the computer. -t 01 set the timeout or time to lapse in seconds for a shut down or restart to begin. By default, if no -t argument is specified, shutdown command will wait for 30 seconds countdown before shutdown or restart. The best part for shutdown command is that it can abort a system shutdown, by using -a as the option for shutdown, i.e. “shutdown -a”. There are other options or parameters that available, and users can view all of the flags with “shutdown /?” command at command prompt.
The options available for shutdown are:
阅读全文 »
