An Android App for “testing” the Windows SMB2 vulnerability we covered last week has been released. For testing? Yeah right! The availability of this kind of software makes it ridiculously easy for anybody to go out and cause some havoc. Go right now and double check that your machines that run Windows Vista or Windows Server 2008 are protected (see the “workarounds” section.)
[Laurent Gaffié] has discovered an exploit that affects Windows Vista, Windows 7, and possibly Windows Server 2008 (unconfirmed). This method attacks via the NEGOTIATE PROTOCOL REQUEST which is the first SMB query sent. The vulnerability is present only on Windows versions that include Server Message Block 2.0 and have the protocol enabled. A successful attack requires no local access to the machine and results in a Blue Screen of Death.
[Laurent] has a proof of concept available with his writeup in the form of a python script (please, white hat use only). There is no patch for this vulnerability but disabling the SMB protocol will protect your system until one is available.
Update: According to the Microsoft advisory this vulnerability could lead to code execution, making it a bit worse than we thought. On the bright side, they claim that the final version of Windows 7 is not open to this attack, only Windows Vista and Windows Server 2008.
Here’s an interesting bit of research to come out of Microsoft and UCSD. The Somniloquy project is a new type of network interface. It’s a USB device that allows a computer to continue network communications after being put to sleep. By offloading these tasks, machines that would normally stay awake for RDP and file transfers are only powered up when absolutely necessary. The device uses a Gumstix board like the one used in the Tor hardware adapter. The device pictured above has two USB interfaces, but the second is just for debugging and not needed for proper operation. The board runs BSD and creates a USBNet bridge to the Vista host. When the host daemon detects the computer going to sleep, it hands off active communication to the gumstix. They developed “stub” applications to handle the various types of communication. For downloads, they used wget to download only the portion of the data that was still left. For bittorrent, they customized the command line client ctorrent to manage the download. Both programs wake up the PC upon completion and transfer the file off of the SD card.
Sony recently started to shipping the VAIO Pdon’t-call-it-a-netbook netbook. It comes stock with 2GB of RAM, which means it’s not eligible for Microsoft’s XP ultra low cost pc licensing. Hackers wanting to exorcise Vista have run into a few issues. After doing her unboxing photoshoot, [tnkgrl] wrote a guide for replacing Vista with XP on the Vaio P. She used the Universal Extractor to pop open the driver downloads and remove the Vista check. This got the WWAN radio and GPS working in XP. The only casualty was the volume and mute buttons are no longer working. You can see an annotated image verifying all the components here.
Here are a couple small programs to help you make the most of your Playstation 3 Sixaxis controllers. [netkas] heard that quite a few people were having trouble using the Sixaxis controller in Windows Vista. He solved it for himself and uploaded an exe for you to use. He then did essentially the same thing for OSX. This should make your PC gaming feel at least a little more familiar.
Part of the pre-Vista hype was the idea of auxiliary displays. Laptop and desktop displays would provide additional information from your computer. The Vista SideShow feature hasn’t really caught on and the surplus hardware has started to drop in price. Take this PicoLCD for example: It’s a 4×20 character LCD with an IR receiver, multiple buttons, and a USB connection. The best part is: it has Linux drivers and an open source SDK. We know a lot of you like wiring up HD44780 based screens, but it’s hard to pass up a $50 prepackaged solution with such nice extras.
Apparently you can run pretty much anything on a PS3. [mopx0] has managed to get Vista running on his PS3. He used Qemu 9.0.1 to install Vista on a PC. He says it takes “about a day or so”, after using Vlite to speed it up, so be patient. You then make an image of the install and copy it to your PS3. Don’t worry though, your hard work will be rewarded by a speedy 25 minute boot time when you’re done.
Even though it is extremely slow, to the point of being nearly unusable, its good to see people pushing the boundaries of our hardware’s intended use.
We were just as excited as anyone when we heard about Roku’s Linux based Netflix Player, but not being ones to spend money on hardware, even $99, we’d much rather use something that’s laying around that’s not living up to its full potential. Lifehacker has a guide for using vmcNetflix to stream Watch Instantly movies to the Xbox 360. vmcNetflix is a Media Center plugin. When the 360 was originally released, you could only get Media Center by buying a new PC, now it’s included with Vista, meaning people might actually use it.
