redxine

That's the idea. Scenario: Noob: Damnit! I hate not having Administrative privledges on this machine, all because of that flashdrive scare from china. Now I can't even use my wireless. You: Allow me to be of assistance! (Inserts thumbdrive, types furiously, and reboots. Types some more, bring-noise is heard, continues typing) The password is 'noobsauce'. Have fun.

There was once I tried to get a guitar hero controller to play notes. I had worked out a way to play it chromatically, or with septate chords. I got a USB adapter and it showed up as a joystick in /dev/js0, found some source code and got the input working just fine. The only problem I had was actually getting MIDI to work. Looking back, I now realize that I should have searched for ALSA sequencing source code. It's on the second hard drive on my desktop, which [my primary hd] is now experiencing it's last few moments: So I'll have to get it later.

Also Mac4Lin with some alternative icon theme, because the original doesn't have the "Standby" icon. I'm also happy that at least the development version of chrome has finally landed.

For automatic startup, I would go ahead and at least try editing /etc/rc.local to point to the login script, as it's already there and there's no additional software to install. The script shouldn't need root privileges, but I'm not sure if rc.local gives it that or not. Just trying not to abuse it too much. ;) By the way, what software are we talking about here? And I would still go and wireshark as many places on the network you can think of to check, just to be safe. You might end up with a monkey pirate on your LAN.

So let's get this straight, you have a setup like this: __________________________________________---Client 1 Remote.SQL -----(webbernet)--- CompanyServer < __________________________________________---Client 2 ...etc. I would think that your information is pretty safe over the webbernet, but your LAN may have prying eyes, so you'll probably at least want encryption from all the LAN clients to the server. If you need to keep secrets from the government or the Remote.SQL server is not forward facing (directly connected to the internet, no router's inbetween) then you could setup seperate ssh keys for the two servers to use. If possible, I'd setup the client side encryption and then use wireshark to see if there's any SQL traffic anywhere. Then use that to decide on server-to-server encryption. Password-less login is the purpose of public key authentication: http://linuxproblem.org/art_9.html And http://wp.uberdose.com/2006/10/16/ssh-automatic-login/.

But that would mean no challenge! Remember to trust your technolust!

Depending on the manufacturer, there might be a QOS (Quality of Service) that allows you to give priority to a certain port. There also might be something internal with VLC. If your file is in ogv format or can be readily converted, you should try flumotion streaming server, and possibly use it to diagnose between network, software, and OS.

Don't forget the "Closed source software is slavery" bit.

First off: http://sial.org/howto/openssh/publickey-auth/ Let's set up public key authentication. You'll need a copy of the key on each client to authenticate with the server, or in this case on your SQL server.. Basically with public key authentication, the client and server negotiate a key exchange, and if the public and private key modulus/sum up, then access is granted. As for getting it started automatically, there are several ways to do that. Crontab usually supports the @reboot syntax, and this is included in the tutorial specified. you could add a script to /etc/rc.local for it to be executed upon startup. You might even be able to set it as a service in /etc/init.d/. Hope this helps.

Judging by your avatar, I'd say you're a Unix guy (Although I could be wrong). From what you're saying you are suggesting that there is no user called Administrator on any of the machines you see. That's like saying there's no root on any of your machines, updated or not. Updates may take care of kernel things/vulnerabilities like konboot, but the SYSTEM user is still there, and has no intention of going away. Here's how it works: The login page is basically an executable, one that has to be run by a user that can startup really important things, and can't rely on dynamic[?] users, kinda like the nobody account on *nix systems, but with much, much more power. In this case, the login program uses the SYSTEM account to do it's dirty work, an account that can control EVERYTHING on the local system - like the kernel - and can never be told "no" by a higher power. After the machine is logged in, it hands over control to whatever user was selected. In my attack, I use this power against itself. When you hit shift 5 times to startup sticky keys at the login page, it ends up being run by the SYSTEM user. By replacing the sticky key executable (sethc.exe) with cmd.exe, one can boost the privileges through the SYSTEM account, ergo you have full root access to the machine. You can then use it with the net user command to unlock and change the Administrator password, then login using the newly changed credentials. So at your starbucks machine, you'd throw in your handy dandy flash drive with your favorite *nix distro on it, restart the machine and get to at least a bash prompt. You casually type "mkdir /media/disk/ ; mount.ntfs /dev/sda /media/disk/" to mount the hard drive. Then you "cd /media/disk/WINDOWS/System32/" and "rename sethc.exe sethc.exe.bak" then "cp cmd.exe sethc.exe", "unmount /media/disk/", "init 6"/"reboot"/"shutdown 6" and take a long sip of your mocha while windows loads. Hit shift five times and cough to cover up the "Bring---" sound, and quickly type "net user Administrator *", and if nessicary "net user Administrator /active:yes", close the window and login as Administrator, then rain down your coffiey doom upon the machine.

The sethc.exe method I used has worked reguardless of the Administrator account being disabled. The access to the net command is key, and at the login screen's SYSTEM user account gives us that in a nice little package. net user Administrator /active:yes net user Administrator * You should give it a try. EDIT: I was going to make a video demonstrating it, but virtualbox won't let me insert the 5 shifts for some reason. Any suggestions?

If you can get linux booted up on the machine and mount the hard drive, find C:\WINDOWS\System32\sethc.exe and rename it to something like sethc.exe.bak (just in case). Copy cmd.exe and rename the copy to sethc.exe. Reboot. At the login screen hit shift five times, and hear the joyous music and see the black box. Notice the SYSTEM username. Profit. I use this all the time to reset "forgotten" passwords. > user Administrator *

At least google can't shut down your OS remotely on suspicion of piracy. Go install it on a Mac or on Ubuntu and tell me it works better out of the box. Or maybe on window$ it's really in the box to begin with. On another note, why do they need an ad campaign to market something that they are already shipping with their product? Isn't it handled by automatic updates? Or maybe I've been on Linux too long with dpkg apt and rpm updating everything.

There's a few things you'll need to install to get things going, but since it is just a UNIX platform, it is completely possible and easy. X11 (for GUI), bash, and xterm are already installed, so it should just be a matter of installing development stuff like cc/[gcc], then following every wish of the ./configure script. http://www.apple.com/hk/en/macosx/leopard/...ology/unix.html http://www.apple.com/sg/macosx/features/x11/

You see, the person that wrote vi really just got sucked into his computer and had to battle his way out in order to master and defeat the program. It may seem complicated at first, but when you master it you will feel like a black belt in linux-fu. Or maybe not. I don't know. It's still a good thing to learn. I would also recommend getting certification from something like Redhat Academy. good stuff.

Looks kinda like a knoppix-ish distro. Or not. Can't really tell. Anyone know the name of that splash program? I know it was used in the Knoppix startup. It's always nice to see Linux outside of my cave.

I have a warm feeling inside knowing that my operating system can't be shut down [easily] by the 'superiors' (Canonical, Novel, Gentoo-kid-that-compiled-from-source-and-made-a-distro). Just read through the Vista Eula/agreement/whatever for a while. It makes me kinda sick. Also, I've always thought of a Windows platform as being a bit unprofessional. I'd be a little uneasy knowing that the elevators to the Taipei 101 ran on Windows. NO! They'd use Embedded Linux if necessary; they probably use all hardware. The thing is that Linux and UNIX runs great when bundled with the right hardware. That's where Apple got it right. As for other companies, they've made small agreements with Micro$oft to make their hardware nearly incompatible with anything besides Vista. **Growls angrily at (most) computer companies and turns towards Dell and Apple.**

i.e.: React OS. That's pretty much the closest experience to Windows a person can get. Granted it is still in Alpha, but I think it has a huge potential to sweep windows users right of their feet. I like the idea of open source, especially in the corporate field with Apple. It takes alot (or does it) for a big company like Apple to make the entire core of their operating system open source. This is a power that Microsoft will never have.

I guess you could just unplug it from the internet. Or just unplug it all together. That'll show him! :D But really, In this case there is nothing to do but re-format. Just be careful if you have to back anything up. I wouldn't go copying any programs or executables. Just documents. It would really suck if you reformatted just to get it again from your backups. Also, you might not want to use a thumb drive or any other kind of media besides maybe DVD. If the malware knew what it was doing and is still running it would probably pounce on your autorun.inf as soon as you plug anything in.

Does it prompt to install any extra codecs? You might be able to try reinstalling it, or just hit the MP4 link. Does the totem plugin load? If so you should see your video, and be able to click on the arrow in the bottom-left and select "Open with movie player". I used to have problems with Pulse Audio and Flash plugin, and had to remove the old Flash-plugin package. Hope this helps. -- Захария

If you have the patience and computing power, you can try your luck with lcrack. This will only crack passwords that are in the word list you use, so if they chose a really good password then no. Edit: Nevermind. You'd have to write your own plugin I supplose:

Contradiction aside, you'd probably want to look into getting an arduino with the Ethernet shield. There's plenty of projects like this involving twitter on the blog at makezine.com. Here's a few [or alot]: http://blog.makezine.com/archive/2007/12/b...sin_encase.html http://blog.makezine.com/archive/2008/02/h...nts_talk_t.html http://blog.makezine.com/archive/2009/03/a...TC-0D6B48984890 http://blog.makezine.com/archive/2008/08/g...TC-0D6B48984890 http://blog.makezine.com/archive/2009/05/a...led_toilet.html So to answer your question, probably a bit of PHP, Arduino's C-ish how-ya-doin, and an optocoupler and you're all set to go! See also: Make Google Search Hope this helps

You see, you'd have to be attending a public school where IT admins don't get paid to get the right answer. The cut in state funding really hurts anything the schools don't need like SUBSTITUTE TEACHERS. You can imagine where IT comes in that list.

Still, they can just rename the installer to another file, and make the setup.exe run the viral payload before hand, and then continue on with a system("realsetup.exe") call. People are still screwed.

That should work, and it'll make it a whole lot harder to detect, as videos are not as easy to check. If i'm right about how steghide works it magic, then as long as it's still formated as a 720x480 image, it should work. According to wikipedia, digital steganography mostly uses the "Concealing messages within the lowest bits of noisy images or sound files." method or by deleting the last few bits of colour information, so that data should carry through.