back online... too many visitors lately
On 9/19/07, Rahul Mohandas <[EMAIL PROTECTED]> wrote:
> Could someone send me the POC's please if you have a local copy.
> Gnucitizen.org is not accessible for me.
>
> Thanks
>
>
> - Original Message -
> From: "pdp (architect)" <[EMAIL PROTECTED]>
>
Could someone send me the POC's please if you have a local copy.
Gnucitizen.org is not accessible for me.
Thanks
- Original Message -
From: "pdp (architect)" <[EMAIL PROTECTED]>
To: "Memisyazici, Aras" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>;
Sent: Wednesday, September 19, 2007 12
Depends on your definition of "fully patched". I don't agree that
"fully patched" means tiers one, two and three.
There are three levels of Microsoft update:
Upper section = Critical and Security updates (which to me is "fully
patched") (this isn't just security updates btw)
Middle tier = Op
Err... Windows Media Player 11 update DOES come through on M$ Update. Of
course not via the Express mode, but via Custom mode. It is a
recommended update. When someone tells me "they have fully patched their
system" I am assuming that they have applied any and all patched
available from M$ without
Hi pdp!
Great admirer of your work :) I just wanted to inform you that I have
tested your claim, on a fully patched/updated Win XP SP2 system with an
admin account logged in, and was warned sufficiently(asked whether I
wanted to play asx files, then asked if I was sure by Media Player, then
pop-up
yes, of course :) but u are running Windows Media Player 11 which is
not the default one for Windows XP SP2. Moreover, this Media Player
edition is not slipped through any software update either. Therefore,
if you are not a Media Player fan, you will never get this version on
a fully patched XP SP2
http://www.gnucitizen.org/blog/backdooring-windows-media-files
It is very easy to put some HTML inside files supported by Window
Media Player. The interesting thing is that these HTML pages run in
less restrictive IE environment. I found that a fully patched windows
XP SP2 with IE6 or IE7 and Wind
> Think about how easy it is going to be
> to fake the windows logout - login sequence and phish unaware users'
> credentials
and just how do you propose you catch the SAS with your little IE window?
___
Full-Disclosure - We believe in it.
Charter: http
