Discovered in 1997 by Aaron Spangler and never fixed, the WinNT/Win95 Automatic Authentication Vulnerability (IE Bug #4) is certainly an excellent vintage. In Windows 8 and 10, the same bug has now been found to potentially leak the user’s Microsoft Live account login and (hashed) password information, which is also used to access OneDrive, Outlook, Office, Mobile, Bing, Xbox Live, MSN and Skype (if used with a Microsoft account).
An Android App for “testing” the Windows SMB2 vulnerability we covered last week has been released. For testing? Yeah right! The availability of this kind of software makes it ridiculously easy for anybody to go out and cause some havoc. Go right now and double check that your machines that run Windows Vista or Windows Server 2008 are protected (see the “workarounds” section.)
[Laurent Gaffié] has discovered an exploit that affects Windows Vista, Windows 7, and possibly Windows Server 2008 (unconfirmed). This method attacks via the NEGOTIATE PROTOCOL REQUEST which is the first SMB query sent. The vulnerability is present only on Windows versions that include Server Message Block 2.0 and have the protocol enabled. A successful attack requires no local access to the machine and results in a Blue Screen of Death.
[Laurent] has a proof of concept available with his writeup in the form of a python script (please, white hat use only). There is no patch for this vulnerability but disabling the SMB protocol will protect your system until one is available.
Update: According to the Microsoft advisory this vulnerability could lead to code execution, making it a bit worse than we thought. On the bright side, they claim that the final version of Windows 7 is not open to this attack, only Windows Vista and Windows Server 2008.
[via Full Disclosure]
In the video above, [conquerearth] is using a theremin to control Super Mario Bros. Moving his hand toward and away from the vertical antenna increases the theremin’s pitch. The computer monitors this in real time and moves Mario left and right. The loop antenna controls the theremin’s volume and acts as the jump button. The controls seem to work well, much better than the sound of one man flailing at a theremin.
[Motoma] sent in his take on the virtual RAID 5 post. He didn’t like the layered system requirements, so he put together a proof of concept that only requires a Linux box. For his proof, he used a NFS share, a SMB share and did everything from the command line. He didn’t cover FTP, but the Gentoo wiki has a nice cheat sheet for mounting FTP and folders over SSH if you want some alternatives. He uses some very interesting partition tricks to make things happen. If you need some help to get things rolling, the Ubuntu forums software raid how-to is a good place to start.