Jump to content

Nomen

Member
 View Profile  See their activity

  • Posts

    676

  • Joined

  • Last visited

  • Donations

    0.00 USD 

  • Country

    Canada

 Content Type 

Everything posted by Nomen

  1. Nomen
    I'm not that familiar with the inner workings of Win-7. Is the "Malware Protection Engine" an optional component? Is it a service (that can be turned off / deactivated / uninstalled) ? It just proved itself to be more trouble than it's worth. "The flaw allowed attackers to access mpengine by sending emails to users (reading the email or opening attachments is not necessary), having them visit links in a web browser, or through instant messaging. The vulnerability allows remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. " Wow. Microsoft's Motto: If it works, it's not complicated enough. ------------- Over the weekend, two of Google’s Project Zero security researchers announced that they had discovered a "crazy bad" Windows exploit, describing it as the "worst in recent memory." Project Zero gives firms 90 days to fix such discoveries, but Microsoft swiftly jumped on this problem, and just two days later has come up with a fix. The Project Zero team explains that the problem was found with Microsoft's Malware Protection service, MsMpEng. Vulnerabilities in MsMpEng are among the most severe in Windows, due to the "privilege, accessibility, and ubiquity of the service." The flaw allowed attackers to access mpengine by sending emails to users (reading the email or opening attachments is not necessary), having them visit links in a web browser, or through instant messaging. The Security Update for Microsoft Malware Protection Engine, detailed in Security Advisory 4022344, fixes the issue. Microsoft explains: The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. The fix, for Windows 7, 8.1, RT and 10, is available now via Windows Update. https://betanews.com/2017/05/09/microsoft-fixes-crazy-bad-windows-vulnerability/
  2. Nomen
    My trick of turning a link like this: https://www.youtube.com/watch?v=wUcdb6xHybo Into this: https://www.youtube.com/v/wUcdb6xHybo for playback on FF2 has recently sometimes not worked for some video's. I still get a full-screen preview frame and all player controls are there, but when I hit play I get a screen full of static with the message "watch this video on youtube. Playback on other websites has been disabled by the video owner". Which is strange, since I am playing it on youtube. Same thing happens on Opera 12.02 (but I can play the original un-modified video URL on Opera 12.02). So if anyone knows why the modified URL is causing youtube to throw this error message and refuse to play the video, let me know...
  3. Nomen
    MrMateczko said: > I love 98SE, but even I think it's high time not to > bother with web browsers for 98SE at all. My office and home PC are both win-98, running on a intel 845 chipset with P4 socket 478, about 2.5 ghz with 1 gb ram and nvidia 6200 AGP 256 mb video card. It's normal to have several browsers open, multiple tabs on each, outlook 2000 running in the background for email, an old dlink IP-view program monitoring 1 or 2 ip cameras (doing motion-detection on them). Last few days I was doing that and running utorrent (downloading those french emails (several gb worth) that were hacked - lots of .eml files that I click on and voila - Outlook express opens and displays them perfectly!). > it's probably not powerful enough to run modern YouTube/Facebook I tend to look down on anyone who includes Faecebook as part of their lives. I've never had it, joined it, touched it. Then again I don't own a cell phone either (I'll take my computer with a full size keyboard, monitor, OS and file system that's under my full control). > Unless you're doing another ASRock motherboard Socket 775 > 98SE overkill build. Then maybe it is powerful enough, Sorry, but the ancient P4 2+ ghz socket 478 with at least 512 mb ram is perfectly good at surfing any web site these days, and rendering youtube video. Be it win-98 or XP. Now maybe win-7+ needs more horsepower...
  4. Nomen
    Secunia.org (don't know if they're still around) kept track of security advisories on dozens if not hundreds of hardware and software products. They would rank the advisories in terms of critical (or not) and vendor-patched (or not). For win-98, they listed something like 37 advisories up until EOL in 2006, with none of them rising to the top-critical level, and I think maybe 1 of them un-patched. For XP, by the same time in 2006, it was well over 200 advisories, many were critical, and some of those were unpatched. Remember that many win-98 systems were still in-use and on-line in 2006, and it would have been a common OS during for home and soho use during the early years of the mainstream internet (1999 - 2004) and more importantly with direct IP connectivity (very little NAT-routing being used during those years). But it wasn't until XP began to replace 98/ME in home and SOHO situations that trojanized XP machines is what enabled spam to take off during 2004 - because win-98 systems were far less vulnerable to being trojanized (not because they were "obscure" during those years). Win-2k machines were also a favorite (and easy) target between 2000 - 2004, regardless that again there were probably far more win-9x/me systems still in use and on-line during that time. Microsoft would inflate the tendency for people to think that win-9x/me was equally vulnerable as 2K or XP to a given CVE or exploit because they would often list 9x/me in their security bulletin as being one of the affected platforms but when you drill down into the bulletin details you'd find no mention at all of 9x/me. Win98/me got the rap for being unstable because of the pathetic systems they were being installed on at the time. When having 128 mb of ram was a big deal, and they spent most of the time thrashing the hard drive with virtual memory access and dealing with buggy video drivers for the new AGP bus.
  5. Nomen
    When you read about the capabilities of the CIA malware packages and what they can do on "modern" versions of windoze: https://wikileaks.org/vault7/releases/ It's clear that the NT-line of Windoze has become less trustworthy as its internal complexity grows and access to it's internal workings are being cut-off from users regardless what permissions or authority they have on the system. I wouldn't trust a win-8 or win-10 system further than I could throw it. I honestly don't know why anyone who is keeping up on current events would doubt that there more holes (intentional and otherwise) in these OS's than we can imagine, and the fullness of time (and wikileaks) will no doubt reveal.
  6. Nomen
    > Vulnerable to being decrypted by a third party somewhere between your browser and the server you connect to Assuming we're not talking about MIM situation, I simply don't see how a "bad guy" can gain access to the telecom or networking equipment in the path between me and my bank to be able to monitor the data. Regarding the ciphers, would the server I'm connecting to (ie - my bank) choose an insecure cipher in the first place to conduct the session? Or am I assuming that all IT / web admins everywhere are sufficiently up on things to configure their websites to use / not use certain ciphers?
  7. Nomen
    Just to add (I can't edit my previous post because I can't find the "save" button using Opera 12.02) I see that Opera 12.02 has SSL3, TLS 1, TLS 1.1 and TLS 1.2 (I have all enabled). There are about 2 dozen SSL3/TLS1 ciphers that can be individually enabled/disabled (all mine are enabled). I want max flexibility to connect to a website, so I enable everything. Isin't the choice of protocol up to the website anyways? > There are 7 vulnerable TLS protocols in Opera 12.02. Do you mean ciphers, or protocols? Like I said above, I see only 4 protocols. If I can add more, tell me how.
  8. Nomen
    > There are 7 vulnerable TLS protocols in Opera 12.02. Vulnerable to what? How does a vulnerable TLS protocol lead to remote comprimise / control of my PC? What if my PC is on ethernet (not wifi) and is wired all the way to my modem and out of my house?
  9. Nomen
    Regarding Netsurf: I just downloaded and installed it. Didn't seem to run right-off-the-bat, so I re-started just to be sure. Using Kex default setting, running Netsurf I get this: netsurf.exe is linked to missing export KERNEL32.DLL:VerSetConditionMask Changing Netsurf Kex setting to Win-Me gives same error. Changing to Win-2k or XP gives a small window with Title "Warning" and the message is simply "CSSBase". Click OK. Netsurf browser window is on-screen, but no page-area is rendered. Menu options can be selected (File, Edit, etc) but no surfing is possible.
  10. Nomen
    > Yieks! That can't be too secure. I have an older relative that I set up a win-7 system for (Zotac Zbox). Created a win-7 install image using RT7 and rolled in a bunch of MS updates. So it was a pretty tweaked system. Office 2010 (has gmail account which is accessed via outlook 2010). I forget which version of FF. A few days ago she was doing on-line banking (TD I think) and got an on-screen message claiming to be from Microsoft, saying something about her computer, wanting her to dial a certain phone number. She freaked and pulled the power-bar cord out of the wall (which naturally shut down everything, cable modem, VOIP adapter, router, PC, monitor, etc). So when you tell me that doing on-line banking with Opera 12.02 on a win-98 system is risky, I think about stuff like this that my poor old aunt gets from time to time and I would LOVE to get this on my win-98 PC so I can have a detailed look at the browser cache files, use cctask to see if anything new is running, and just generally figure out what URL triggered what server to put up this or that message. Truth is, I think for any win-7, win-8 or win-10 PC, using any of those to do on-line banking is more risky vs win-98. Those stupid browser exploits that are being discovered every day just plain fall flat on their face if they hit a win-98 box with an old browser.
  11. Nomen
    > See to me, there is ABSOLUTELY NO up to date browser that works on Win9x. > By that I mean one that can render HTML5 and do banking. I use Opera 12.02 on this win-98 pc to do on-line banking. I just did a bill payment on TD not 5 minutes ago in fact. I do the same on RBC also.
  12. Nomen
    From the "older is better / more secure but they won't tell you that" department: --------------- This Phishing Attack is Almost Impossible to Detect On Chrome, Firefox and Opera http://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html ---------------- Firefox 2 renders the example URL (as displayed in the location bar) as this: https://www.xn--80ak6aa92e.com/ Opera 12.02 renders the URL as a not-quite-right looking apple.com (looks like appie.com).
  13. Nomen
    Just doing a bit of searching and there was a Biostar PT880 Pro-A7 board with VT8237R and the specs say SATA-1. So it must be the S version of the 8237 that can do SATA-2? The Biostar board has DDR + DDR2, PCIe +AGP, but (and get this) it has AC-97 audio (Realtek ALC-655) so this means there are win-98 drivers for sound - yes? RAM limited to 2 gb. I don't see this board on ebay at the moment. Something I found out about the 8237S from wikipedia: "The SATA-II feature of VT8237S is limited to 300 MB/S Data Transfer Rate bearing no NCQ functionality."
  14. Nomen
    This is the board I have: http://www.asrock.com/mb/via/4coredual-vsta/ 4core dual-vsta. So it's not the dual-core VSTA you mentioned in your previous post. Yes, it is SATA-1. If the 4core dual-sata has a SATA-2 controller, explain how because I thought the sata controller was in the chipset and I thought both boards have the same chipset (PT880 / VT8237A). If the dual-sata has SATA-2 controller, and there are win-98 drivers for it, then that's going to be the only sata-2 controller I know with win-98 drivers.
  15. Nomen
    > What's wrong with VIA-Chipsets? Ruthan said he's never gotten a PCIe video card to work on VIA-chipset boards (or at least the Asrock 4coreDual boards, specifically the VSTA which I have). Aside: What's the difference between the dual-VSTA and dual-SATA anyways?
  16. Nomen
    First thing: As a result of fooling around with swapping the Q8200 core2 cpu with a xeon cpu (had to mod the bios to do that) and disabling the on-board IDE controller in the bios, XP decided that it needed to re-validate itself, which I got a chuckle from and I did do the re-validation and checked using XPinfo.exe and I'm back to full-power valid state. The board is now running with an E5450 ($25 from ebay). Second thing: Intel ICH10 2-channel and 4-channel SATA controllers now show up in device manager in the hard drive controller tree, in the same branch as the ide controller devices (which still show up despite having disabled the IDE controller in BIOS?). In XP, do SATA controllers show up under a separate branch in device manager, like they do in win-98 (typically or always as "SCSI" controller) ? Third thing: BIOS is still set to IDE-mode because XP fails to start when set to AHCI (a blue-screen with some text flashes briefly during XP-spash-screen before the screen goes black). But (as I said above) SATA controller shows up in device manager as "present and working" so I don't know how both of those things can happen at the same time. My primary question now is -> what sort of utility program can I run to know exactly if the drive is being controlled under a "SATA" paradigm or an IDE paradigm? Device manager does not explicitly give that information (it does not say which controller the drive is connected to) but a thought just occurred to me - there are different device-views in device manager and I haven't tried them all yet...
  17. Nomen
    775i915PL-SATA2 ? 915 chipset has win-98 drivers? Too bad it's not DDR-2. Even though there *appears* to be many boards, the reality is different. The search results show many boards that don't show win-98 in the actual page. Besides the 915-based boards, I see AMD SiS756 based boards. And it seems all of them are DDR, perhaps DDR 400 at that. And they all have HD-Audio, so you're not gaining anything there because there will not be HD-audio drivers for win-98 (has anyone checked the driver download for the 775i915PL-SATA2 ?) Funny how it looks like SATA-2 in the model name, but is actually SATA-1 controller. And there are win-98 SATA drivers for the 915? I thought the 875 was the last Intel chipset to have Win-98 SATA drivers. Even if there are win-98 drivers for the 915PL (including SATA, USB and LAN controllers) I don't see the point in getting these boards over a socket-478 board unless they have DDR-2. Fully-functional PCIe is a good thing, but for win-98 it's not going to out-perform AGP so the DDR vs DDR2 thing becomes more relevant. Having win98 sound drivers for the 915PL would, however, tilt this in favor of the 915. Show me a non-Via chipset board with socket 775 and DDR-2, with win-98 drivers for LAN, SATA, USB, PCIe bridge, not necessarily having audio driver. Or show me the same except without PCIe slot but with AGP slot. I'm not familar with AMD CPU's of the same vintage and performance of the Intel 478/775 models and the level of win-98 driver support for such AMD-based boards. Maybe there are some?
  18. Nomen
    > > > PCI-E cards work fine under 98SE > > > > Based on what I'm reading here about video cards, I just bought these off e-bay: > > BFG Tech GeForce 7950GT DirectX 9 256MB PCI Express x16 ($30) > > BFG Tech GeForce 7900GS DirectX 9 256MB PCI Express x16 ($28) > > Will use one or the other on an Asrock 4-Core DUAL-VSTA > > I had this board and i have failed to make Geforce 7600 PCI-E running Nice to find that out now. > PCI-E cards work fine under 98SE Tell me - what motherboard with PCIe has decent win-98 driver support?
  19. Nomen
    I've got a system running XP on a Gigabyte GA-EP45-DS3L board and found that the SATA controller was set to IDE in the bios (the system has no actual IDE drives - they're all sata). Changing the setting to AHCI resulted in a system that wouldn't boot. Changing back to IDE and booting back into XP, did some poking around and it sure looks like the SATA drivers are installed. So what exactly needs to be done to prepare XP, while it's running, to prepare it for the next boot when the BIOS is changed from IDE to AHCI mode?
  20. Nomen
    Based on what I'm reading here about video cards, I just bought these off e-bay: BFG Tech GeForce 7950GT DirectX 9 256MB PCI Express x16 ($30) BFG Tech GeForce 7900GS DirectX 9 256MB PCI Express x16 ($28) Will use one or the other on an Asrock 4-Core DUAL-VSTA motherboard (Via 880 chipset) and a Core2 CPU (one of these ->E8400, E8500, E7500 or E7600). Running Win-98, naturally.
  21. Nomen
    I'll throw this in here, since it looks useful: http://wu.krelay.de/en/
  22. Nomen
    This might be of interest to some here: =========== A ‘smart’ clock with Windows 98 (and Raspberry Pi) March 7, 2017 http://fixmibug.com/a-smart-clock-with-windows-98-and-raspberry-pi.html ============ I think they mean "A Smart Watch with Windows 98 and Raspberry Pi". One thing that maybe someone here can explain: ============ The truth is more complicated is to get to the software itself, because of copyright and distribution details. The case of Windows 98 is very particular. After the agreement between Microsoft and Sun Microsystems, Windows 98 is not available through MSDN, therefore, there is a legal way to get the operating system beyond buying a physical copy on eBay or another similar site. ============ What is this agreement between MS and Sun, and how exactly does it affect Win-98 distribution/availability (or ownership?) ?
  23. Nomen
    Over the past day or two I've downloaded all these same .MSU files from MS and they do compare (byte-for-byte) with the files in the wikileaks vault-7 archive. I don't know if there's a master document that's part of this archive that explains the layout of the archive, what certain files are, their relevance or meaning, etc. The significance of why those particular MSU files are there remains unknown.
  24. Nomen
    I've uploaded maybe 6 or 7 of these .msu files to VT and all but one of them tested positive for W32.Virus.Jeefo.Gen as detected by "Webroot" AV program. All other AV programs detected nothing.
  25. Nomen
    These are the files: IE10-Windows6.1-KB3032359-x64.msu IE9-Windows6.1-KB3032359-x64.msu Windows6.1-KB3000483-x64.msu Windows6.1-KB3004361-x64.msu Windows6.1-KB3013455-x64.msu Windows6.1-KB3019215-x64.msu Windows6.1-KB3019978-x64.msu Windows6.1-KB3020387-x64.msu Windows6.1-KB3020388-x64.msu Windows6.1-KB3020393-x64.msu Windows6.1-KB3021674-x64.msu Windows6.1-KB3022777-x64.msu Windows6.1-KB3023562-x64.msu Windows6.1-KB3029944-x64.msu Windows6.1-KB3030377-x64.msu Windows6.1-KB3031432-x64.msu Windows6.1-KB3032323-x64.msu Windows6.1-KB3032359-x64.msu Windows6.1-KB3033889-x64.msu Windows6.1-KB3034344-x64.msu Windows6.1-KB3035017-x64.msu Windows6.1-KB3035126-x64.msu Windows6.1-KB3035131-x64.msu Windows6.1-KB3035132-x64.msu Windows6.1-KB3036493-x64.msu Windows6.1-KB3039066-x64.msu Windows6.1-KB3046049-x64.msu (wasn't sure if I should post this thread to the win-7 forum or here, since I think a lot of the same people would be interested in this no matter where it's posted)
×
×
  • Create New...