Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


All Activity

This stream auto-updates     

  1. Past hour
  2. I'm not sure if this counts as a bug in XP or in Windows 10. The PoC uses schtasks.exe and schedsvc.dll from a Windows XP system on a Windows 10 system. Files from XP work on Windows 10, but when they do, they use priveledge escalation. https://web.archive.org/web/20190522011933/https://github.com/SandboxEscaper/polarbearrepo/tree/master/bearlpe
  3. I was able to get past the crash in tornado by installing an older version: pip uninstall tornado pip install tornado==5.1.1 ... but now I'm getting a crash in zmq! Seems to be looking to link libzmq.lib. I'm not sure that lib can even be built on Win XP.
  4. I think I am just short of 20 years of "IT" experience, mostly due to a couple periods of unemployment and that one year I worked in sales.
  5. Hi, i also have 20 years of experience with It, however, most of these were spent with Video Games, only minoi part with anything "professional"
  6. A bit of a necro-post to add my own experience with Hibernate. I've tried all the solutions suggested as regards BIOS/UEFI, wake on LAN and power management settings but I'd regularly get my PC waking up from Hibernation apparently at random rather than when you used the keyboard. Except it was not random - I eventually found the culprit(s) were other electrical devices connected to my home's ring main. But it was not just any device or a device plugged in the same mains electricity socket or even in the same room. It was two particular TVs and either of their digital STBs. Nothing else I've tested has the same effect - not a microwave, powerful lamp, heater, hairdryer, hi-fi or anything drawing significant current, it is just those two TVs. Put the PC into Hibernation then turn on either TV/STB and it'll wake the PC nine times out of ten. But if I turn the TV/STB on before Hibernation there is no problem and if I turn the TV/STB off whilst it is in Hibernation, in the same circumstances, there is no problem either. It would seem that Hibernation maybe storing the electrical state of the system. There has to be a residual current being used to be able to wake the PC up from the USB keyboard. Turning the TV/STBs on must be being detected and treated as a keyboard stroke. But why only those two devices I can not begin to guess.
  7. I disabled the task scheduler service and deleted all the tasks. Does this mitigate the vulnerability?
  8. It seems to also be present in Windows XP x64 Professional.
  9. Today
  10. My name is Eric Fries. I have 20 years of IT experience over a wide array of job specialties within IT. I tend to tinker to find new solutions to old problems,
  11. Just curious if Microsoft Baseline Security Analyzer addresses missing KB4500331 & KB4024402 (not automatic updates) as severe security leaks in a POS/XP system.
  12. @Nojus2001, you're definitely not alone. A weather forum I used to visit that closed sometime late last year or early this year was revealed to be running on Server 2003 until the bitter end. I'm sure that it's found itself mired into tonnes of big corporate networks too. It makes a wonderful workstation OS as well. And this is my 15-hour-old XP x64 install: :
  13. Good morning! Is "PM27's XPIProvider and friends" what is referred to as TychoAM in the UXP GitHub repo? Was that change implemented early on in UXP development (I was under the impression WebExtAM was only removed towards the end of 2018/start of 2019, when WE support in Bk52 was obliterated )? From a comment by Moonchild himself exactly a year ago: https://forum.palemoon.org/viewtopic.php?p=141539#p141539 https://forum.palemoon.org/viewtopic.php?p=141641#p141641 Best regards
  14. because they ported PM27's XPIProvider and its friends to UXP, which made huge differences between their XPIProvider and official ones.
  15. Yesterday
  16. I understand; I too have mixed feelings about signed extensions. It certainly helps users have confidence in who developed the add-on and whether it's been modified, but taken to extremes, it just becomes another closed ecosystem, like the Apple store. (There's also an implied promise: if, say, MCP signs an add-on, the user is likely to believe that MCP has checked the add-on for malware and the like. I think Mozilla tries to do that, but it's probably beyond the means of a smaller organization like MCP.) Probably the best approach would have been something similar to code-signing certificates. When you install an add-on, it would validate any signature, and the certificate used to sign it, and let you know who, if anyone, signed the add-in, and whether anything was amiss. But the certificates wouldn't have to come from Mozilla, MCP, or anyone in particular, so there's no implied guarantee; and the user would have final say on whether any add-on was allowed to run, so if you knew why a signature was invalid, you could override the check for that add-on and let it run anyway.
  17. ... I spent the better part of last hour researching and reading on this ; the ability to install id-less extensions from AMO into Basilisk was lost (what is called a regression) when the MCP devs decided to remove the internal platform mechanism that effectuated extension signature verification; this happened early on during Basilisk's development, when the (experimental at the time) application was "baking" on top of the (now deprecated) Moebius platform... Put very simply, id-less extensions acquire first a temporary (internal) id and then a permanent one, whose strings are derived from their verified signature hash; you need to have a working internal mechanism to process the add-on's signature and then generate valid id strings for the installation to succeed; but the devs in Moebius wanted to remove that mechanism altogether and not just allow the installation of unsigned extensions, because then unsigned installed extensions would produce warnings inside about:addons (Add-ons Manager, AOM); this is indeed what happens when you install unsigned extensions in FxESR 52 with the pref xpinstall.signatures.required set to false (NB that, as I have posted in another thread, extension signature verification - in FxESR 52 - is still performed in the background for already installed signed extensions and will also be triggered when a new signed extension is about to be installed!). There wasn't uniform agreement between the dev team which features inherited from Mozilla should be kept and what regressed functionality should be restored; Moonchild himself wanted to cut-off reliance on Mozilla-issued certificates (in hindsight, he was probably right, given the recent - May 3rd - armagaddon-2.0 Mozilla debacle), that meant removing the signature verification code; an "incomplete" workaround was implemented in PR #279 (see below); in any case, the focus of the team was always on Pale Moon (which, by design and choice, doesn't support WEs at all), as for Basilisk's inherited WE support, it wasn't very high on their agenda at the time (and we all know how that ended! ). If you've got spare time to spend, some Moebius era GitHub issues and pull requests are linked below: Addons - Can't install some addons: https://github.com/MoonchildProductions/moebius/issues/238 Add ID from a signature if it isn't included in manifest.json: https://github.com/MoonchildProductions/moebius/pull/251 Fix signed extension checks: https://github.com/MoonchildProductions/moebius/issues/277 (emphasis should be put on Moonchild's comment below: https://github.com/MoonchildProductions/moebius/issues/277#issuecomment-356231470 ) Get IDs for ID-less WebExtensions without breaking normal libJAR signature checking: https://github.com/MoonchildProductions/moebius/pull/279 Then the Moebius platform was left to rot... When Basilisk was later ported to UXP Take 2 (now just UXP), the issue of id-less WEs resurfaced: https://github.com/MoonchildProductions/UXP/issues/373 but Moonchild decreed: and he "WON'TFIX"-ed that issue... ; moot point now in the case of official Basilisk, still an issue with the Serpent 52 fork... =============================================== Disclaimer: Had a rough day today , so I might have not grasped 100% correctly what was contained inside the devs' exchanges in the linked issues/PRs; I have the sense the "general idea" is there, but anyone is free to correct any misunderstandings on my part...
  18. I appreciate all the concern for Windows Vista on page 199 of this thread! You might be interested to know that Microsoft has just revised Customer guidance for CVE-2019-0708, which now advises those running Vista to install KB4499180 for Server 2008. The KB article has also been revised to include Windows Vista.
  19. Excellent detective work: So, I had to know: since versions prior to 1.4.0 work in FF 52, could, say, 1.3.0 (which I agree has superior functionality) be "fixed" to run in Serpent, simply by adding the above block to its manifest.json file? Yes! I just tried it; of course changing manifest.json invalidates the sig, but unlike FF, Serpent doesn't care about that (actually my copy of FF has been set not to care about it either, but you don't need to "fix" Tab Tally for FF anyhow); and with that change, Tab Tally 1.3.0 installs and runs in Serpent fine! Not a huge deal, but I wonder why the heck that function was removed? Was this just another case of MCP getting rid of code they didn't think the browser needed, as they did with all WE add-ons later?
  20. Thanks @actinium! I just tried to open a docx Word file in Office XP on Windows 98SE, and it failed! I'm now just getting an error message which says - "This is a pre-release version of the Compatibility Pack and can only open pre-release Office 2007 files only. Do you want to check for a newer version of the Compatibility Pack?" If I press "Cancel" nothing happens, and if I press "OK" it opens Internet Explorer 6 (!) with a "not-found" page. This is really odd, because I'm sure it used to work! I've tried repairing the installation and uninstalling and re-installing, but the same result. I'm sure it will no longer open files that it used to open, so I don't know what's changed. I did try that Windows 2000 version of the installer you kindly linked me to, but it doesn't work in any KernelEx mode that I tried. It gets past the licence agreement with KernelEx, but then just says the installation failed. I might try extracting the files from it and if there's an msi file and associated cab file in there and try that. It was an msi file I used for the original install, which does still install fine but now no longer actually works. If it now needs SP3 of the Pack I guess I'm stuck, because I never got that to install at all, but it did seem happy without it until now.
  21. I would like an objective discussion/fair criticism on quality too besides piling up all the Start menus in the world. That would help me and Ivo to improve Classic Shell.
  22. During the MainPathBoot phase, most of the operating system work occurs. This phase involves kernel initialization, Plug and Play activity, service start, logon, and Explorer (desktop) initialization. To simplify analysis, we divide the MainPathBoot phase into four subphases, as show in the next picture. Each subphase has unique characteristics and performance vulnerabilities.
  23. I changed to a custom Vista theme for Windows 8, which works perfect. For all of those bells and whistles of the Aero theme, you can just go to the advanced system settings and change performance settings in there. Of course, for features like Media Player
  24. Well i must be the last human being on this planet to run Windows Server 2003 as main server OS to host anything i need to. I've appilied a lot of tweaks, removed unneeded stuff to get MAXIMUM PERFORMANCE!
  25. @heinoganda Thank you so much I have finally got my XP antivirus updated. Last update I got to succeed was 2017!
  1. Load more activity
×
×
  • Create New...