Jump to content

Nomen

Member
  • Posts

    676
  • Joined

  • Last visited

  • Donations

    0.00 USD 
  • Country

    Canada

Everything posted by Nomen

  1. ----------- The IBM X-Force Research team has identified a significant data manipulation vulnerability (CVE-2014-6332) with a CVSS score of 9.3 in every version of Microsoft Windows from Windows 95 onward. We reported this issue with a working proof-of-concept exploit back in May 2014, and today, Microsoft is patching it. It can be exploited remotely since Microsoft Internet Explorer (IE) 3.0. This complex vulnerability is a rare, “unicorn-like” bug found in code that IE relies on but doesn’t necessarily belong to. The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user’s machine — even sidestepping the Enhanced Protected Mode (EPM) sandbox in IE 11 as well as the highly regarded Enhanced Mitigation Experience Toolkit (EMET) anti-exploitation tool Microsoft offers for free. What Does This Mean? First, this means that significant vulnerabilities can go undetected for some time. In this case, the buggy code is at least 19 years old and has been remotely exploitable for the past 18 years. Looking at the original release code of Windows 95, the problem is present. With the release of IE 3.0, remote exploitation became possible because it introduced Visual Basic Script (VBScript). Other applications over the years may have used the buggy code, though the inclusion of VBScript in IE 3.0 makes it the most likely candidate for an attacker. In some respects, this vulnerability has been sitting in plain sight for a long time despite many other bugs being discovered and patched in the same Windows library (OleAut32). http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows/#.VGNwwPnF-Sq ------------- Correct me if I'm wrong, but I don't see oleaut32.dll as being a win-9x file. I've scanned my system for that file and have found many different versions, but none of them with the traditional or expected file-date of 4/23/99. I don't think that file exists on (any) win-98 CD. The one I have in c:\windows is version 2.40.4518 (october 2003). I would imagine that we'll see a patch for the POS2009 version of XP (which should be available now?) and should be easily ported to regular XP systems. Has anyone had a look at it to see if it can be used on win-98?
  2. Program: Hey, OS are you there? OS: Sure I am here, ready. Program: Which OS are you? OS: I'm Windows XP. Program: Hmmm, OK. How many cores are available to you? OS: Probe me and you will see. Program: I see that you are running on a system that has single-core CPU which is a pity as I have been written with multi-core support. OS: Well, but surely you have single core capability, don't you? Program: Sure, now that you tell me this I could have it, but I was compiled without support for it, I need a multicore-CPU. OS: Sorry but you cannot run, then. So tell me how common the above scenario is. It certainly would have been VERY common for XP to be running on a single-core CPU during it's first 4 or 5 years of life. Many budget computers were made with single core Pentiums and Celerons. I'm not questioning or debating the fact that software that defacto MUST have a multi-core CPU available to it can therefore not run under 9x/me. I'm questioning the assertion (that this thread has turned into) that not having multi-core CPU support is some sort of fundamental show-stopper for win-98. I think we all know that quite a lot of software that is multi-core "aware" is also single-core compatible, and hence the operatibility of that software on win-98 will depend on other factors other than 98's lack of multi-core support.
  3. He left unsaid: (...) Well I can't exactly agree (or disagree) with what he left unsaid. So why put words into his mouth?He said that software that could benefit from multicore / multii-threading won't run on win-98. Is VLC or Flash (just to name 2 modern CPU-intensive programs) written to be compatible with single and multi-core systems? If so, do they not run under win-98? How much software, written between 2000 and 2006, was written to be compatible with windows 98/me, AND at the same time was written to utilize more than 1 core (when multiple cores was available for their use, obviously when run under some version of NT) ? According to Herbalist, the answer is zero.
  4. I'm not disputing that. I'm questioning what herbalist said: "Most of the applications that could benefit from (multi-threading or multi-cores) won't run on 98 anyway." If what he said is true, then software such as media players (VLC or Flash) browsers (such as Opera 12) must not be written with multithreading / multicore operation in mind. Because that software obviously *DOES* run on windows 98.
  5. So software like VLC 2.x or Adobe Flash player (what-ever the most recent that runs on win-9x with Kex) or browsers (like Opera 12) wasn't coded with multi-threading capability?
  6. I know that Win-9x/me natively utilizes only one core (on multi-core CPU's) but I was wondering if the Intel feature known as "Hyperthreading" would perform some sort of automatic or transparent multi-threading (transparent to the OS). In other words, all else being equal, would Win-9x (and/or any apps running under 9x) see a performance increase when running on a CPU with hyperthreading? I'm thinking of intensive apps like 1080 video playback (VLC) or maybe photo editing (photoshop). I'm trying to figure out which socket 775 CPU would give the best performance for win-98, knowing that the specs for a dual or quad-core CPU are largely meaningless in this case. And it might even be that no socket 775 cpu even has hyperthreading (maybe only limited to socket 478?). Passmark CPU tests show scores for single-threading performance, even for multi-core CPU's. Is that what will ultimately allow me to determine which CPU is likely to have the best performance running under 9x?
  7. This thread is (to me) still fundamentally about how / where to obtain certain win-98 driver files. I don't see how the fact that it also pertains to a certain website (where those files used to be found) would take this topic out of the realm of being a win-9x discussion - especially since there seems to be no resolution or additional info or conversation about why the files are no longer on mgdx (no real discussion happening here along those lines). So if it's not about "websites", then why is it here? And I still don't know where "here" is. Is there any way to see the name of the forum that this thread is taking place in? I don't see the forum name or forum tree structure anywhere on this page. The url that I see is simply /board/topic/172994-forbidden-sound-blaster/ and that doesn't tell me what forum this thread is taking place in. The only way I know it exists is because of the link from the win-9x forum.
  8. Odd how this thread is showing 0 (zero) views (and no replies) on the forum topic display page. Ah - this topic has been moved. But to where?
  9. Upload your copies here: http://www.filedropper.com/ No account needed. It just takes your files and gives you a download link that you can then post here for anyone to download.
  10. Looking at the source of that page, the only place I see "sbdrv" is on this line: (A TARGET=_self HREF=/sbdrv/>Creative Labs Sound Blaster AWE/PCI/Live!/Audigy series Windows/WfWG 3.1x/95/98/ME + native MS-DOS 5/6/7/8 Audio Drivers, Patches + Tools(/A) This google query: site:http://www.mdgx.com/sbdrv strangely says there are 17 results, but only gives one clickable link: www.mdgx.com/sbdrv/ Which is returning 403 Forbidden. I found these on a pastebin page: SB_Live!_Setup_CD_ISO_1713331000.rar http://www.mdgx.com/sbdrv/SB_Live!_Setup_CD_ISO_1713331000.rar SB_Live!_24-bit_Setup_CD_ISO_3201ML0000306.rar http://www.mdgx.com/sbdrv/SB_Live!_24-bit_Setup_CD_ISO_3201ML0000306.rar SB_PCI512_Setup_CD_ISO_1713330882.rar http://www.mdgx.com/sbdrv/SB_PCI512_Setup_CD_ISO_1713330882.rar SB_Live!_Value_Setup_CD_ISO_1713330760.rar http://www.mdgx.com/sbdrv/SB_Live!_Value_Setup_CD_ISO_1713330760.rar SB_16_Setup_CD_ISO_1713310318.rar http://www.mdgx.com/sbdrv/SB_16_Setup_CD_ISO_1713310318.rar (the pastebin page where I found those also contains a lot of links to a wierd assortment of other content. Strange...) But all of those are also giving 403 forbidden. Does MDGX not have any Sound Blaster files? Or were they moved to another part of the site? The wayback machine has none of those, due to robots.txt. (Strange - how can "Disallow: /robots.txt" be listed *in* robots.txt?) BTW, if you do a search for just the above file names, you'll see that some of them were posted on Vogons (at least one was, back in June 2011). I'm guessing the OP came here after seeing them on Vogons and discovering the links don't work. I found some files here: http://www.generalfil.es/files-c/creative-sound-blaster-live/?qa=creative+sound+blaster+live&ca=168427779 Don't know if they're the same or not. Is there something I / we don't know about these old Sound Blaster files? Have they been forced to be taken down over the past 2/3 years?
  11. Some stuff here you might want to try: http://forum.xfce.org/viewtopic.php?id=9055 http://dnet-km.com/eve/forums/a/tpc/f/6141064033/m/2173960087 http://www.wilderssecurity.com/threads/win7-easy-sharing-batch-file.339540/ http://www.vercot.com/~serva/advanced/NullSessionShares.html http://windowsitpro.com/security/scrutinizing-windows-authentication http://technet.microsoft.com/en-us/library/cc749096(v=ws.10).aspx (search for "Windows 98" on that page) https://social.technet.microsoft.com/Forums/windows/en-US/4f82ce33-1999-4124-ab8e-9e9f5eb97318/windows-9x-family-9598seme-cannot-access-windows-7-pro-x86?forum=w7itpronetworking -------------- http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/networking-a-windows-7-and-a-windows-98-computer/6d26ac72-d367-4731-abb4-e8681e1327c7 Networking a Windows 7 and a Windows 98 computer Short answer: cannot be done. You can access shared folders in the Win98 computer from Windows 7 but not the other way around. Scan on one, transfer files afterwards using the other. You can't use a Windows 7 Homegroup to connect this way, you need to use basic file and printer sharing (as in workgroups). Create one account on the Windows 98 computer that has the same username and password as an account on the Windows 7 computer. Set up file sharing as normal on the Windows 98 computer and assign it to the same workgroup name as the Windows 7 computer is using. It should then appear in Windows 7 Network and allow you to access the shared Win98 folders. You may see the Windows 7 computer from Windows 98 but you won't be able to access it. All confirmed as true, but - WHY?? ---------------------- There some stuff here: http://mirror.picosecond.org/defcon/defcon20-dvd/Speaker%20Presentations/Kirk/Extras/DEFCON-20-DSS-ODAA-Baseline-Standards-Final-March-2009-v2-2-JamesKirk.pdf It's not exactly a "how-to" but seems to contain lots of info. What about Samba / SMB? Does / can Win-98 operate as a proper SMB server? If anyone knows how an android tablet can transfer files from a win-98 system, I'd like to know. One final idea: -> NetBeui
  12. Does it have anything to do with XP's default mode for "Simple File Sharing" ? Are you trying to share files on an XP system so that they're visible on a win-98 system, or vice-versa?
  13. What if Microsoft released an operating system in the chasm between Windows 3.1 and Windows 95? It might look something like Windows 93, an interactive art project by Jankenpopp and Zombectro that you can try right in your browser. Try it here: http://www.windows93.net/ And if anyone can make that link work on any browser running on Win-98, tell me how...
  14. So FF must maintain some sort of list of "remembered" domains / hosts. Where does it keep it? In the registry, or a file somewhere?
  15. Yes, I have installed the "Remember Mismatched Domains" extension at some point in the past. Because if I didn't, I wouldn't be seeing the check-box giving me the function "( ) Don't warn me again about this certificate for this domain" that I mentioned in my first post. But I find that FF doesn't seem to honor that setting, because when these situations arise, I'm still getting these messages for domains that I've already check'd off the box for. Has anyone else ever installed that extension while running FF2, and have you found that it does work?
  16. When I add your files (which I very well might have obtained from elsewhere in the past) I have over 40 W95INF32.DLL files spread around different places on my drive. Binary analysis reduces those to 9 unique files. 8 of those show the same version (4.71.0016.0) but one says version 4.71.0017.0. I believe they all say "Copyright 1994-1995". File creation/modification dates seem to have no relavence or utility in ranking them. As for updroots.sst, I have 4 different versions (based on file-size) - 258kb, 267kb, 345kb, 432kb. None of them are in my Windows or program directories so I have no idea how the system interacts with them. I did not look at W95inf16.dll - I assume it's somehow related to 16-bit operations and thus of little value or use today. There does not appear to be a "W98INF32.DLL" file - what is the significance or meaning of that? Because my system is serving up https files and using a self-signed certificate to do so, updating my system's root certificate store would not stop these messages being thrown up by FF. I would like FF to simply not throw up these messages when I put check off the option to not show them again for the same domains.
  17. FF2 throws up various security errors, but I can't remember if it originally had a check-box "Don't warn me again about this certificate about this domain". I seem to think that I found some way to have a checkbox when that warning comes up. Except that I find it's not working: ----------- Security Error: Domain name Mismatch You have attempted to establish a connection with "ajax.cloudflare.com". However, the security certificate presented belongs to "test". It is possible, though unlikely, that someone may be trying to intercept your communications with this website. If you suspect the certificate shown does not belong to "ajax.cloudflare.com", pleace cancel the connection and notify the site administrator. ( ) Don't warn me again about this certificate for this domain. View certificate / Ok / Cancel --------------------- That's just one example. I'm always checking those "don't warn me" boxes, and FF2 never seems to honor the setting. (it's ok, I'm running https server on my computer for hosts file entries 127.0.0.1, so the above message is expected).
  18. I've got Exchange running on a win-2k server. it's been running for years and recently have cloned the hard drive (just to be on safe side) and while I had the machine running, decided to check exchange using some sort of performance tool DL'd from Microsoft. I don't have DNS server running on this box (don't really want to). Exchange is not used for email. The performance tool says that exchange can't resolve it's own FQDN / host-name, even though I have it in the HOSTS file and ping and tracert can resolve the name to 127.0.0.1 just fine. But nslookup must query the DNS server directly (bypassing the hosts file). (tangent - I've noticed on NT systems that nslookup never seems to know about HOSTS file entries, I didn't think it had a choice since I thought that the TCP/IP stack was tied into HOSTS file lookup so I don't know how NSlookup can bypass it, but it does. Can anyone explain how?) So I'm wondering why (or how) Exchange (or the exchange performance analysis tool) doesn't honor or recognize the info in the HOSTS file (or even the LMHOSTS file) when resolving host names. This leads to the bigger question - where exactly in the process of host lookups on an NT-based system does the HOSTS file fit in, and why or how can it be bypassed by certain processes / programs?
  19. Why does IE6 give me "The page cannot be displayed" for this site: https://www.ssllabs.com/ssltest/ Even if I have the check in the box "Require server verification (https:) for all sites in this zone". You said that if I put a check in that box, then IE6 will render (display) https (ssl) site / pages.
  20. What - For IE6 to render https sites, I have to first put the sites in the trusted zone? Makes for cumbersome surfing. Don't have to do anything like that for FF2.
  21. When I go to the control panel, select "internet options", select the Advanced tab, under Browsing I have the option to check/uncheck "Enable third-party browser extensions". Would anyone running win-98 with IE6 have that option? Some people apparently don't have that - but I'm not sure if it's because they're running IE 5 or 5.5, or if there's some other reason why I have it and they don't. Tangent - what exactly is it about IE6 that renders it incapable of displaying https ?
  22. In XP, there apparently is an option under accessories/tools/Internet Explorer (safe mode). I don't think there is anything equivalent in Win-98. Can IE 6 be started in "safe mode" (no add-ons, extensions, BHO's, etc) in win-98? If so, how? Alternatively, is there some "easy" way to disable (even nuke / delete) anything that might be interfering with IE6 browsing capability?
  23. Can someone with knowledge of html tell me why this link: http://www.nbcnews.com/news/us-news/perk-facebook-apple-now-pay-women-freeze-eggs-n225011 is rendered as a completely blank page with Firefox 2.0.0.20 and Netscape Navigator 9? When I view the page source code, it's all there - lots of code. Yet those browsers display nothing. With FF2, I have altered the user-agent and tried several FF/OS versions, up to FF16/Win-8, and still get a blank page. (all this is with hosts file deactivated by renaming it to something else) Opera 12.02 does seem to render the page ok. For IE6, it does load the page (and it's pretty readable, well formatted, and no advertising at all?) - but sometimes throws this error: ------------ AppName: iexplore.exe AppVer: 6.0.2800.1106 ModName: mshtml.dll ModVer: 6.0.2800.1651 Offset: 001931a1 ------------ So what are the code elements in that link that renders the page as invisible or just blank on FF2/Navigator 9? I'm seeing more and more of this behavior as I bring up news stories linked from sites like drudge.
  24. I have a couple of win-98 computers that are in 2 different locations but for some reason I can bring up the virustotal site and submit a file (and get results) on one computer but not the other. For the one that works, I can use FF 2.0.0.20 and I have to have the full path of the file in my clipboard, and I click in the file-submission box on the VT site and hit shift-insert, then hit enter twice. VT goes into download mode, then brings up the screen showing scan progress. On the computer where this doesn't work, I do exactly the same steps, but the VT page stays in download mode, never progressing to the screen showing scan results. I've tried Netscape 9 and Opera 12 but get same results. I've disabled the hosts file and it doesn't change anything. For Opera 12, when clicking in the "Choose File" text-entry box, it immediately brings up file explorer, but with FF2 or Netscape 9 this doesn't happen (this behavior is the same on both computers). There is a utility that provides scanning a file from a right-click context menu: https://www.virustotal.com/static/bin/vtuploader2.2.exe It does install and run under win-98 on both computers (both have kex, if it matters). On the first computer, submitting any file always seems to start fine but stops early in the upload and just stalls in the same place according to the progress bars. On the second computer, the upload progresses smoothly to 100% and then spawns a browser window showing the scan results. So the problem seems to be an incomplete or stalling upload of the file being submitted on the computer with this problem. Does anyone else see this when submitting files to VT using win-98 and any browser?
  25. I should have said that I make aggressive use of my hosts file, where I periodically check my router's outbound logs to see what domains my computer is trying to contact. I block all click-tracking, web-metrics, advertising, fecebook and twitter access that I can identify through host file entries. I also run Abyss Web Server, which serves up any HTTPS files locally as a result of redirection to 127.0.0.1. I've gone out and obtained these files manually (the vast majority being .js files, about 77 of them so far, rum.js, various versions of jquery.js, etc). I expand the js files and inspect them to see if they themselves are trying to access hosts that I don't want them to, and modify the URL as necessary to prevent the access.
×
×
  • Create New...