Android app “tests” Windows vulnerability


An Android App for “testing” the Windows SMB2 vulnerability we covered last week has been released. For testing? Yeah right! The availability of this kind of software makes it ridiculously easy for anybody to go out and cause some havoc. Go right now and double check that your machines that run Windows Vista or Windows Server 2008 are protected (see the “workarounds” section.)

[Thanks Tom101]

Windows 7 and Vista crash via SMB exploit


[Laurent Gaffié] has discovered an exploit that affects Windows Vista, Windows 7, and possibly Windows Server 2008 (unconfirmed). This method attacks via the NEGOTIATE PROTOCOL REQUEST which is the first SMB query sent. The vulnerability is present only on Windows versions that include Server Message Block 2.0 and have the protocol enabled. A successful attack requires no local access to the machine and results in a Blue Screen of Death.

[Laurent] has a proof of concept available with his writeup in the form of a python script (please, white hat use only). There is no patch for this vulnerability but disabling the SMB protocol will protect your system until one is available.

Update: According to the Microsoft advisory this vulnerability could lead to code execution, making it a bit worse than we thought. On the bright side, they claim that the final version of Windows 7 is not open to this attack, only Windows Vista and Windows Server 2008.

[via Full Disclosure]

[picture: Inquirer]

Augmented Network Interfaces


Here’s an interesting bit of research to come out of Microsoft and UCSD. The Somniloquy project is a new type of network interface. It’s a USB device that allows a computer to continue network communications after being put to sleep. By offloading these tasks, machines that would normally stay awake for RDP and file transfers are only powered up when absolutely necessary. The device uses a Gumstix board like the one used in the Tor hardware adapter. The device pictured above has two USB interfaces, but the second is just for debugging and not needed for proper operation. The board runs BSD and creates a USBNet bridge to the Vista host. When the host daemon detects the computer going to sleep, it hands off active communication to the gumstix. They developed “stub” applications to handle the various types of communication. For downloads, they used wget to download only the portion of the data that was still left. For bittorrent, they customized the command line client ctorrent to manage the download. Both programs wake up the PC upon completion and transfer the file off of the SD card.

[via Engadget]

VAIO P XP install


Sony recently started to shipping the VAIO P don’t-call-it-a-netbook netbook. It comes stock with 2GB of RAM, which means it’s not eligible for Microsoft’s XP ultra low cost pc licensing. Hackers wanting to exorcise Vista have run into a few issues. After doing her unboxing photoshoot, [tnkgrl] wrote a guide for replacing Vista with XP on the Vaio P. She used the Universal Extractor to pop open the driver downloads and remove the Vista check. This got the WWAN radio and GPS working in XP. The only casualty was the volume and mute buttons are no longer working. You can see an annotated image verifying all the components here.

Sixaxis in OSX and Vista


Here are a couple small programs to help you make the most of your Playstation 3 Sixaxis controllers. [netkas] heard that quite a few people were having trouble using the Sixaxis controller in Windows Vista. He solved it for himself and uploaded an exe for you to use. He then did essentially the same thing for OSX. This should make your PC gaming feel at least a little more familiar.

[photo: Kominyetska]


Part of the pre-Vista hype was the idea of auxiliary displays. Laptop and desktop displays would provide additional information from your computer. The Vista SideShow feature hasn’t really caught on and the surplus hardware has started to drop in price. Take this PicoLCD for example: It’s a 4×20 character LCD with an IR receiver, multiple buttons, and a USB connection. The best part is: it has Linux drivers and an open source SDK. We know  a lot of you like wiring up HD44780 based screens, but it’s hard to pass up a $50 prepackaged solution with such nice extras.

[via Engadget]

Vista on a PS3

Apparently you can run pretty much anything on a PS3. [mopx0] has managed to get Vista running on his PS3. He used Qemu 9.0.1 to install Vista on a PC. He says it takes “about a day or so”, after using Vlite to speed it up, so be patient. You then make an image of the install and copy it to your PS3. Don’t worry though, your hard work will be rewarded by a speedy 25 minute boot time when you’re done.

Even though it is extremely slow, to the point of being nearly unusable, its good to see people pushing the boundaries of our hardware’s intended use.

[via PS3scene]