Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Discussions

evildictaitor evildictait​or Devil's advocate
  • "Autoruns", missing DLL identified but it is shown as there on file search.

    It means the DLL is in a WOW64 virtualized location (such as C:\Program Files (x86)\ instead of C:\Program Files.

    Because of the way WOW64 works, when someone running a 32-bit program tries to open C:\Program Files\ they will actually be opening C:\Program Files (x86). This means that if the registry entry shows a 32-bit "autorun" entry for "C:\Program Files\path\something.exe", the system would in fact be running "C:\Program Files(x86)\path\something.exe" - but because Autoruns is running as 64-bit, when it tries to look for "C:\Program Fiels\path\something.exe", that path isn't virtualized, the exe isn't there, and so autoruns (wrongly) concludes that the path wouldn't run.

    The tl;dr is this isn't a problem with Windows or a problem with the DLL. It's a bug in Autoruns.

    Even though Autoruns is clever enough to look for programs and DLLs in WOW64 registry locations, it's not smart enough to look for the paths those registry entries show with WOW64 path translation enabled. Consequently autoruns ends up failing to find the program that is, in fact, there - and then wrongly colors it in leading to this whole confusion.

    For reference: Never download DLLs from the Internet. DLLs are not programs, and the overwhelming majority of DLL-download sites will install adware onto your machine. DLLs with the same name can operate very differently, and it can destabilize your entire operating system if you start replacing them.

    In the unlikely event that a DLL were to be corrupted (although it isn't in this case), the correct thing to do is to uninstall the program and reinstall it. The installer is responsible for making sure that the correct DLLs are put in the correct place. Don't modify them yourself.

  • The Blue Spinning Wheel. I KNOW it has a name!

    , spivonious wrote

    @contextfree`: I have heard "donut" used before as well. 

    "Loading donut" is more commonly used to refer to the busy cursor  rather than the progress bar 

  • Anyone tried the "freak attack" cipher list change suggested in MSDN?

    , cheong wrote

    Nope, I'm explaining why after androidi followed the TechNet's guideline, he can no longer access TechNet pages.

    Oh OK. Yes. the interrim fix is to disable huge numbers of SSL ciphers until a patch is available. It breaks basically every website that doesn't support TLS1.2 (note the ciphers do support RSA certificates, just only via ephemeral RSA key-exchanges, which requires TLS1.2 that TechNet and apparently Akamai don't yet support).

    Instead of applying the workaround, run Windows Update. It will fix the bug in the client.

  • Jeremy Clarkson Fracas

    , Ian2 wrote

    So if the petition reaches 1/2 million does anyone think that would sway the BBC?

    No. They fired him knowing full well the viewing figures for Top Gear (which mean much more than how many people sign a petition) and this isn't the first serious problem of professionalism they've had with Clarkson.

  • The Blue Spinning Wheel. I KNOW it has a name!

    , Alsherman wrote

    So... it's been called that since....  Vista?  Win7 ?  Still looking for a tastier answer - no offense.  ;)

    It's been called that since the Windows8 design team integrated it into Windows8.

    Sorry if you wanted a better name, but the design team make a lot of controls and calling them all weird different names actually gets in the way of getting developers to use them.

    The circular indeterminate progress bar is just a circular version of the linear indeterminate progress bar, which was designed by the Windows Phone team, and just an experiment to make the previous windows indeterminate progress bar more visually distinct from determinate progress bars.

    It never had a special name, but was all built under the design codename "Metro".

    So I suppose you could call if the "Metro indeterminate progress ring" if you want, but that's about as close to a codeword as there ever was for it.

  • The Blue Spinning Wheel. I KNOW it has a name!

    It's called the "Windows8 progress ring" or the "Windows8 indeterminate progress ring" by the design team at Microsoft.

     https://msdn.microsoft.com/en-us/library/windows/apps/hh465469.aspx

  • Anyone tried the "freak attack" cipher list change suggested in MSDN?

    , cheong wrote

    Since from here, all non-RSA based key exchange methods require key of corresponding type, and TechNet currently is using RSA based key, I don't think they can change their cert shortly.

    It's nothing to do with the certificate (or RSA). The problem is a bug in the way SSL clients handle state transitions when parsing the SSL protocol.

    In one variant of the attack (called FREAK), the client can be tricked into accepting ciphers that are extremely weak. In the other variant of the attack (called SKIP-TLS), the client can be tricked into sending data entirely unencrypted. In both cases the client fails to indicate to the user that the HTTPS connection to the website they are using is not secure.

    It's important to note that the bug here is in the client - not the server - although the FREAK variant of the attack requires the server to be misconfigured to offer export-ciphers in order for it to be practically exploitable.

    To check if your client is vulnerable, visit https://freakattack.com/.

    To check if your server has the vulnerable configuration setting, check out https://www.ssllabs.com/ and point it at your server.

  • Lenovo and Crapware (or worse)

    , Bass wrote

    *snip*

    Seems like a lot of effort. I don't actually care all that much:

    Source: XKCD

    Cool. So long as your Linux machine doesn't run Android, PHP or have any users it'll probably be just fine.

  • Lenovo and Crapware (or worse)

    , Bass wrote

    Microsoft added a malware signature for this in Windows Defender. Hey just because a legit company put it into the computers doesn't somehow not make it malware.

    Technically Windows Defender is detecting and removing the "compromised root certificate" part of Superfish. That's not quite the same as stating that Superfish is malware.

    Unfortunately, although adware is pretty indistinguishable from malware for most purposes, there's a legal distinction: adware comes with a EULA that users click through, and consequently Microsoft can't overrule the user's "choice" without getting into antitrust problems.

    If you don't like it, feel free to write a letter to the Department of Justice to complain.

  • Lenovo and Crapware (or worse)

    , GreyLensman wrote

    As to Lenovo PC's being pre-infected?  Yes, it was very stupid of them to use a easily crackable password.  My understanding of the underlying software however points to a  remote support app gone crazy.  Due to the weak password a remote hacker can login remotely and have at your PC.  You all assume this is "new".  I see it as more of the same.  The passwords have simply been a bit more secure in the past.  I say "flog" them however I see nothing not seen elsewhere 

    The security problem isn't the weak password. It's the fact they install an intercepting SSL key into your computers root of trust (so they can decrypt your SSL and inject adverts into HTTPS pages).

    Unfortunately, the key isn't different per machine, it's the same on all machines. So a hacker can use the private key from his machine (which he will always be able to get, because the intercepting proxy needs it to work), and use that private key to attack other Lenovo machines.

    Tl;dr: it's not because of a weak password. It's because they installed a poorly secured trusted root.into your machines global CA store.