Nomen

Member
  • Content count

    481
  • Joined

  • Last visited

Community Reputation

15 Good

About Nomen

  • Birthday

Profile Information

  • OS
    98SE
  • Country

Recent Profile Visitors

1,076 profile views
  1. I'm posting this here in win-7 because in the end, the article is more relevant for that OS in a funny, yet sad way. And also because I like to poke win-7 in the eye every once in a while... ============ Blue screen of death saved Windows XP from WannaCry ransomware, say security researchers Researchers suggest WannaCry attacks against most Windows XP systems failed to install the ransomware payload -- but crashed systems while trying. May 31, 2017 When WannaCry hit the world in mid-May, much focus was put on how the widespread use of the out-of-date Windows XP operating system helped it spread so fast. The UK's National Health service was one of the highest-profile victims of the cyberattack -- and many of its bespoke systems still rely on Windows XP -- while Microsoft were quick to release a security patch for the long unsupported operating system. And while Windows XP systems were among those affected by WannaCry, later analysis suggests that 98% (it had to be 98% eh?) of victims were running Windows 7. But that's not to say WannaCry wasn't problematic for targets using Windows XP, with a new report by cybersecurity researchers at Kryptos suggesting that while the operating system was mostly immune from falling victim to the ransomware, many failed attacks resulted in computers crashing and displaying the 'blue-screen of death' and requiring a hard reset (oh, the horror - a hard reset) Researchers tested WannaCry ransomware against a number of operating systems running in a test environment: Windows XP with Service Pack 2, Windows XP with Service Pack 3, Windows 7 64 bit with Service Pack 1, and Windows Server 2008 with Service Pack 1. While attacks against Windows 7 successfully installed WannaCry, after a number of attempts the supposedly vulnerable Windows XP was much more resilient to the ransomware than expected, with the OS running Service Pack 2 not becoming infected at all. However, Windows XP running SP 2 was affected, but rather than becoming infected with WannaCry and requesting a ransom in return for locked files, the system kept blue-screening and rebooting itself. "The worst-case scenario, and likely scenario, is that WannaCry caused many unexplained blue-screen-of-death crashes," say researchers. While this phenomenon will have no doubt been frustrating for organisations which found their machines repeatedly crashing, at least they hadn't been infected by ransomware. http://www.zdnet.com/article/blue-screen-of-death-saved-windows-xp-from-wannacry-ransomware-say-security-researchers/
  2. Oops - I mean Opera 12.02.
  3. > KB2670838 is only required when installing either IE10 or IE11, not IE9. > plus there's KB2834140, which provides a fix for KB2670838. My Win-7 SP1 install image (created with RT7) I believe currently contains both 2670838 and 2834140. Because my install image also includes IE 11, you're saying I can remove 2670838 and keep 2834140 - yes? > KB2670838 is no longer "evil" - it was only evil when installed on laptops > with hybrid or switchable amd/intel or nvidia/intel graphics adapters using > outdated graphics drivers. The Dell laptop that I use for my test platform does indeed have both Intel and Nvidia graphics adapters, and I'm pretty sure that my win-7 install image has the most recent Nvidia / Dell drivers. > to answer pointertovoid's question about servicing stack updates, > install either KB3020369 or KB3177467 servicing stack update first > before any other update. I see that my install image does have 3020369, and not 3177467. I find that windows-update queries seem to complete just fine, taking maybe a few minutes.
  4. Opera 2.12 and the 20-byte phantom "default" file Sometimes while browsing sites with Opera 12.02, and often on msfn, I click on a link and Opera asks me what I want to do with file "default" (20 bytes). I can either open it, or save it, or just cancel. When I save it, I end up with a zero-byte file. A recent example: I had a notification that someone replied to one of my posts. The URL for the reply was this: www .msfn .org/board/topic/176709-win7-post-sp1-patches/?do=findComment&comment=1139680 When I click on the URL, or if I right-click and copy the URL and try to open it in a new tab, Opera does the same thing - tells me that I've got to choose what to do with file "default - 20 bytes". The same thing happens immediately after I post something. The post obviously goes through regardless if I download this phantom default file or if I tell Opera to cancel. Any ideas what's causing this? I can open the URL with FF 2.0.0.20 for what that's worth, without FF seeing or asking me about this "default" file, and in it's own fractured way will display the page.
  5. So here's the story. I created my reference Win-7 install image on Aug 30, 2016 (using RT7). As of that date, after sitting back and watch it install itself on my reference system (complete with drivers, all .net updates, the install of IE10 and it's updates), I tell it to do a windows-update check and all I get (for Important Updates) are a handful of KB's I don't want. OK, so far so good. It's got everthing I want it to have, and nothing I don't want. Fast forward 8 months. I do another update check a few days ago. Remember, at this point, I've not downloaded *anything* from WindowsUpdate on the reference system. As of yesterday, WU is offering me (in terms of Important Updates) these: KB4019264 2017-05 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4019264) KB3124275 Cumulative Security Update for Internet Explorer 10 for Windows 7 (KB3124275) KB4019112 May, 2017 Security and Quality Rollup for .NET Framework on Windows 7 (KB4019112) KB3042058 Security Update for Windows 7 (KB3042058) KB3086255 Security Update for Windows 7 (KB3086255) KB3138612 Update for Windows 7 (KB3138612) (there's also a windows defender update, and maybe IE11, but let's ignore that for now) Lets look at the last 3. They are in my Bad book, so my system doesn't have them, WU says I should have them. Patrion/Simplix update package also thinks they're good, and they have them. That's nice - I'll continue to pass on them. So there's a .net update (4019112) and apparently there's a vulnerability patch associated with this (CVE-2017-0248). So even though WU is offering 4019112 to me (win-7 SP1 Ultimate 32-bit) the following KB's are all tied together some how as a solution for that CVE: KB4016871 KB4019108 KB4019109 KB4019110 KB4019111 KB4019112 KB4019113 KB4019114 KB4019115 KB4019472 KB4019473 KB4019474 https://www.catalog.update.microsoft.com/Search.aspx?q=KB4019112 Not sure if the one for me is the 104.9 mb one or not. Doesn't say x86. But it's huge. Can I trust it? Has MS implanted any telemetry or other junk in Important .net updates? Patrion/Simplix is not showing this .net kb BTW. Next we have KB3124275. Always the same kb number for IE10 updates. Why is that? Same question - can IE updates be trusted? Lastly we have KB4019264. Simplix has this. The x86 version is 100 mb. Now there's about 30 CVE numbers that came down the pipe, for which the following KB's address: KB4016871 KB4018196 KB4018556 KB4018821 KB4018885 KB4018927 KB4019149 KB4019204 KB4019206 KB4019213 KB4019214 KB4019215 KB4019216 KB4019263 KB4019264 KB4019472 KB4019473 KB4019474 Note that 4019262 is just one of many. 4019262 is a monthly roll-up. Do we know how to de-construct or pick apart these roll-ups? Are all those others also rollups? See here for details: https://www.qualys.com/research/security-alerts/2017-05-09/microsoft/
  6. Ok, here's a writeup of the KB's that I've assembled for my win-7 SP1 installation image, the kb's that I've seen mention in various forums as being "bad", and what I've found in the patreon/simplix UpdatePack7R2-17.5.15 and how it compares with my stuff. From what I can tell, the patreon list would want to add 33 kb's to my August/2016 set of KB's, and of those 33, 14 are on my "bad" list, 9 I already had (as part of my 800+ repository of msu files as of Aug/2016), and 10 I didn't have (but have now). Of those 10, I think maybe 6 are "new" since Aug 2016. Not many for the 8-month stretch of time we're talking about here. win-7 kb info.txt
  7. Here's a better link, to the creator of the update pack, written in English: https://www.patreon.com/simplix Website: http://update7.simplix.info or auto-translate in English The UpdatePack7R2-17.5.15.exe is a self-extracting 7-zip archive, some 654 MB in size. I've downloaded the torrent and verified the SHA-256 hash. It is current to 2017-05-15. I will be checking the contents tomorrow against where I left off my updating last year. From the included excel spreadsheet: ============ The following updates are undesirable and excluded: KB971033- x86-x64 (Update for Windows Activation Validation Technologies) KB2952664- x86-x64 (System Compatibility Update for upgrading to Windows 10) KB2977759- x86-x64 (Diagnostics of compatibility problems for switching to Windows 10) KB3021917- x86-x64 (System Diagnostics and Telemetry for the transition to Windows 10) KB3035583- x86-x64 (Update installs the "Get Windows 10" application) KB3068708- x86-x64 (Update for quality improvement and telemetry diagnostics) KB3075249- x86-x64 (Update adds telemetry points to the file consent.exe) KB3080149- x86-x64 (Update for CEIP program and telemetry diagnostics) KB3081954- x86-x64 (Update to improve working folders and telemetry) KB3123862- x86-x64 (Updated features for upgrading to Windows 10) KB3139923- x86-x64 (Update adds telemetry points to the file consent.exe) KB3150513- x86-x64 (Updated Configurations for Compatibility Diagnostics) KB3161608- x86-x64 (Update adds telemetry points to the file consent.exe) KB3163589- x86-x64 (The message about work under the control of the out-of-date Windows version) KB3172605- x86-x64 (Update adds telemetry points to the file consent.exe) KB3173040- x86-x64 (Update expiration notice for Windows 10) ========== Of the above, 3161608, 3163589 and 3173040 are new additions to my list of 90-odd "bad" Win-7 KB updates. All the others are already on my bad list.
  8. I would like to know if 9x/me is vulnerable. The details to the EternalBlue SMB vulnerability is here: https://packetstormsecurity.com/files/142548/ms17_010_eternalblue.rb.txt A short but very technical explanation is here: https://security.stackexchange.com/questions/159654/how-does-the-eternalblue-exploit-work If someone can compile an executable (that can run on XP/7) that probes the local lan (or be pointed to a specific lan IP where a win-9x machine is operating) and can display a basic pass/fail message to indicate if the target machine was exploitable (or cause the target machine to do something lame, like start the calculator app) then I'd be willing to test it.
  9. It does seem that nobody here, or at least no group here, is actively managing any sort of KB update list for win-7. Picking apart the monthly roll-ups, providing direct download links to individual updates/patches, etc. Is anyone doing that over at sevenforums? I was somewhat deep into doing that last year, and had a tweaked set of .MSU files (no telemetry, no MS spyware, no win-10 nagware) that I rolled into a win-7 sp1 ultimate 32-bit install image using RT7. It was up-to-date as of August 2016 and on the 1 machine I've used it on, I haven't done any updating on that system (hardly use it). Since MS went to monthly roll-ups, I really don't know if the roll-up package can be "un-packaged" to reveal individual .MSU files so that I (we) can continue to pick and choose which ones to install. So I've kindof lost interest in the whole thing. I have a couple of nice laptops (Dell Latitude E6230) that I bought as retail re-furbs (something like $250 each) and they came with win-10, and my plan is to create a custom win-7 install image for them (including all drivers, updates, etc) and blow away the win-10 crap that's on it (take the drive out and slave it to another system to format it). So if there's a list of *useful* .msu files released since Aug 2016 (and a way to get them) then I'd like to know. (I'll probably install XP on these dells first, on a FAT32 partition because I really like running XP from FAT32, then make it dual-boot with 7. Triple-boot actually because the FAT32 would have DOS too).
  10. I'm not that familiar with the inner workings of Win-7. Is the "Malware Protection Engine" an optional component? Is it a service (that can be turned off / deactivated / uninstalled) ? It just proved itself to be more trouble than it's worth. "The flaw allowed attackers to access mpengine by sending emails to users (reading the email or opening attachments is not necessary), having them visit links in a web browser, or through instant messaging. The vulnerability allows remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. " Wow. Microsoft's Motto: If it works, it's not complicated enough. ------------- Over the weekend, two of Google’s Project Zero security researchers announced that they had discovered a "crazy bad" Windows exploit, describing it as the "worst in recent memory." Project Zero gives firms 90 days to fix such discoveries, but Microsoft swiftly jumped on this problem, and just two days later has come up with a fix. The Project Zero team explains that the problem was found with Microsoft's Malware Protection service, MsMpEng. Vulnerabilities in MsMpEng are among the most severe in Windows, due to the "privilege, accessibility, and ubiquity of the service." The flaw allowed attackers to access mpengine by sending emails to users (reading the email or opening attachments is not necessary), having them visit links in a web browser, or through instant messaging. The Security Update for Microsoft Malware Protection Engine, detailed in Security Advisory 4022344, fixes the issue. Microsoft explains: The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. The fix, for Windows 7, 8.1, RT and 10, is available now via Windows Update. https://betanews.com/2017/05/09/microsoft-fixes-crazy-bad-windows-vulnerability/
  11. My trick of turning a link like this: https://www.youtube.com/watch?v=wUcdb6xHybo Into this: https://www.youtube.com/v/wUcdb6xHybo for playback on FF2 has recently sometimes not worked for some video's. I still get a full-screen preview frame and all player controls are there, but when I hit play I get a screen full of static with the message "watch this video on youtube. Playback on other websites has been disabled by the video owner". Which is strange, since I am playing it on youtube. Same thing happens on Opera 12.02 (but I can play the original un-modified video URL on Opera 12.02). So if anyone knows why the modified URL is causing youtube to throw this error message and refuse to play the video, let me know...
  12. MrMateczko said: > I love 98SE, but even I think it's high time not to > bother with web browsers for 98SE at all. My office and home PC are both win-98, running on a intel 845 chipset with P4 socket 478, about 2.5 ghz with 1 gb ram and nvidia 6200 AGP 256 mb video card. It's normal to have several browsers open, multiple tabs on each, outlook 2000 running in the background for email, an old dlink IP-view program monitoring 1 or 2 ip cameras (doing motion-detection on them). Last few days I was doing that and running utorrent (downloading those french emails (several gb worth) that were hacked - lots of .eml files that I click on and voila - Outlook express opens and displays them perfectly!). > it's probably not powerful enough to run modern YouTube/Facebook I tend to look down on anyone who includes Faecebook as part of their lives. I've never had it, joined it, touched it. Then again I don't own a cell phone either (I'll take my computer with a full size keyboard, monitor, OS and file system that's under my full control). > Unless you're doing another ASRock motherboard Socket 775 > 98SE overkill build. Then maybe it is powerful enough, Sorry, but the ancient P4 2+ ghz socket 478 with at least 512 mb ram is perfectly good at surfing any web site these days, and rendering youtube video. Be it win-98 or XP. Now maybe win-7+ needs more horsepower...
  13. Secunia.org (don't know if they're still around) kept track of security advisories on dozens if not hundreds of hardware and software products. They would rank the advisories in terms of critical (or not) and vendor-patched (or not). For win-98, they listed something like 37 advisories up until EOL in 2006, with none of them rising to the top-critical level, and I think maybe 1 of them un-patched. For XP, by the same time in 2006, it was well over 200 advisories, many were critical, and some of those were unpatched. Remember that many win-98 systems were still in-use and on-line in 2006, and it would have been a common OS during for home and soho use during the early years of the mainstream internet (1999 - 2004) and more importantly with direct IP connectivity (very little NAT-routing being used during those years). But it wasn't until XP began to replace 98/ME in home and SOHO situations that trojanized XP machines is what enabled spam to take off during 2004 - because win-98 systems were far less vulnerable to being trojanized (not because they were "obscure" during those years). Win-2k machines were also a favorite (and easy) target between 2000 - 2004, regardless that again there were probably far more win-9x/me systems still in use and on-line during that time. Microsoft would inflate the tendency for people to think that win-9x/me was equally vulnerable as 2K or XP to a given CVE or exploit because they would often list 9x/me in their security bulletin as being one of the affected platforms but when you drill down into the bulletin details you'd find no mention at all of 9x/me. Win98/me got the rap for being unstable because of the pathetic systems they were being installed on at the time. When having 128 mb of ram was a big deal, and they spent most of the time thrashing the hard drive with virtual memory access and dealing with buggy video drivers for the new AGP bus.
  14. When you read about the capabilities of the CIA malware packages and what they can do on "modern" versions of windoze: https://wikileaks.org/vault7/releases/ It's clear that the NT-line of Windoze has become less trustworthy as its internal complexity grows and access to it's internal workings are being cut-off from users regardless what permissions or authority they have on the system. I wouldn't trust a win-8 or win-10 system further than I could throw it. I honestly don't know why anyone who is keeping up on current events would doubt that there more holes (intentional and otherwise) in these OS's than we can imagine, and the fullness of time (and wikileaks) will no doubt reveal.
  15. > Vulnerable to being decrypted by a third party somewhere between your browser and the server you connect to Assuming we're not talking about MIM situation, I simply don't see how a "bad guy" can gain access to the telecom or networking equipment in the path between me and my bank to be able to monitor the data. Regarding the ciphers, would the server I'm connecting to (ie - my bank) choose an insecure cipher in the first place to conduct the session? Or am I assuming that all IT / web admins everywhere are sufficiently up on things to configure their websites to use / not use certain ciphers?