Search This Blog

Thursday, January 29, 2009

PerfectDisk 10 released!

PerfectDisk 10 is out right on 27th Jan 2009 as stated. All versions are available from Professional, Servers to Windows Home Server edition. Upgrade pricing is available as well ranging from USD$19 up.

So for those owners of PerfectDisk 2008, the next step is here.

More info:
http://www.perfectdisk.com/

Wednesday, January 28, 2009

Epson TX100 is supported by Windows 7


I tried to install the driver and scanner module and failed. But when I turn on the printer, guess what, it just got installed by itself. Without using the driver I downloaded from Epson. The above screen shows it detect it as a generic Epson AIO printer, but all the printing and scanning functions works perfectly fine. It was even detected as TX100.

Symantec really needs to redo their Maths

I am not kidding. Take a look at this picture:


It doesn't take a rocket scientist to realize that the number of bytes doesn't match.
But what is even more frustrating was that it failed somewhere and I had to retry it.


Fantastic right? I must had missed something somewhere because a 1 byte download does not take that long to download.

Well, in the end, guess what caused the update to fail? Yes, you are right! Its Symantec itself!

Doesn't this give you another reason why you should not be using this product? Imagine if I had not check it and has been using a outdated signature since 2008. I am sure most normal user would not check. Then that would be Happy Chinese New Year for the malware authors.


Saturday, January 24, 2009

Anti everything for Windows 7 beta

After you complete the installation of Windows 7, you will notice you get the warning that a security product such as a antivirus is not present. Well, until Morro is official anyway. You will need to grab hold of a 3rd party antivirus for now and there is 3 official selection as of now:
http://www.microsoft.com/windows/antivirus-partners/windows-7.aspx


1. AVG
http://www.avg.com/special-download-antivirus-for-windows-7-mssc

You have 2 choices. Both the Antivirus and the Security Suite (which includes the firewall). Both these products are Retail and Final.

2. Norton 360 V3.0 Beta
http://www.symantec.com/norton/beta/register.jsp?pvid=n3603beta

This is a new Beta which Symantec claims works with Windows 7. I had terrible experience with their product (V2.0) and even more when they beta it in Windows Vista. I passed on this. How about you?


3. Kaspersky Antivirus
http://www.kaspersky.com/windows7

Kaspersky has a high accuracy, but can be a bit noisy in the responses required. Security wise, I never had a doubt its one of the best. But it may not be for everyone. Still, they are one of the first again to office Windows 7 support. Although it did not mentioned specificly, I believe the full Security Suite is compatible with Windows 7.

Disk Defragment Tool for Windows 7 beta

Windows 7 beta still comes with the default Disk Defragment tool, but I am sure many of us will agree that a decent 3rd party disk defrag tool will perform much much better. While I try to be neutral about this, I am sure many of us has budget and performance in mind when evaluating such product because its not a live and death product, but it certainly will make that difference when you needed the speed.

For what I gathered, unofficially, from Raxco, Perfectdisk 10 has support for Windows 7. I had tried to install Perfectdisk 2008, which refused because the install detection obviously does not support the detection of Windows 7 at the moment. I would not want to risk destroying my new build beta so soon, so I guess I can wait. Perfectdisk 10 should be release on 27 Jan 2009:
http://www.raxco.com/

In my work, I have no choice because nobody will understand what disk defrag is nor the value in it. Therefore, I will have to stick with whatever free stuff I can get my hands on. Surprisely, I found one pretty good ones which claims that it can be compared to the commerical ones, except its for FREE. Introducing Smart Defrag, from the creator of Advance System Care, which has a FREE edition as well, for tweaking and repairing systems settings etc, It is very much like Tuneup Utilities. Unfortunately, Advance System Care does not support Windows 7, or even Windows 2003 for that matters. But luckily, Smart Defrag does. Grab it FREE at:
http://www.iobit.com/iobitsmartdefrag.html

I had yet to hear anything from Diskeeper. Maybe I had just pissed them off because I had so much problem running their product on my Windows Home Server and naturally I reflect them badly in my previous post.

Dell Inspiron 6400 - The most upgrade proof laptop

I had a Inspiron 6400 for quite a while. In fact from models with Core Duo to Core 2 Duo. I had Windows XP and Windows Vista installed and run from these laptop. I ever had Ubuntu in it for a while.

Recently, I had just tried Windows 7 on it. To my surprise, there is no need to install any additional driver at all. Everything is regconized and installed properly using the default Windows 7 Build 7000 Beta. The only thing that needed update was the Nvidia 7300 Go driver which was installed directly from Microsoft Update.

Nvidia has changed its model from downloading individual drivers to gettign it integrated into Windows Update for Windows 7. For now, anyway.

Dell Inspiron has spanned 3 generations of OS - Windows XP, Windows Vista to Windows 7. I had even the 64 bits edition running on the Core 2 Duo models. I do not think you will find another laptop which could be as compatible. I had a Compaq laptop which doesn't even comes with Winows XP drivers!

Microsoft Keyboard / Mice and other hardware drivers for Windows 7

Microsoft moves quickly into the beta for Windows 7 and the drivers for their hardware products follows quickly. Other than those 3rd party hardware from Razor, such as Reclusa and Habu, the rest has Windows 7 beta drivers.

Grab them from:
http://www.microsoft.com/hardware/windows7/support.mspx

Thursday, January 22, 2009

Microsoft Fix for Downadup is flawed

The full story started at:

To cut the crap, basically what Microsoft has recommened in their fix to remove the autorun function in their blog is imcomplete because they had not considered all the scenario which autorun can be activated. The example given was when the user double click on the drive in the explorer.

Another argument was that without the autorun dialog which show you actions you can perform (including the one the bad guys planted), there is simply no dialog at all. It also means that if not protected properly, the worm executes silently. I guess, it all depends on how you look at this. For a common user such as my grandma, if she is still alive, this will spell trouble.

However, CERT has posted a solution to permenant disabling the autorun function in the link above. Microsoft has also posted an update (kb953252) to address this issue. The update can be downloaded via:

But that is interesting is that there may be a hidden agenda here. The keyword is DRM. There are many companies which uses DRM in the form of a autorun (which in my opinion is really dangerous and easily disabled). Microsoft may have the priority to protect these customers instead of the user. Therefore, their "flawed" fix for the Downadup worm might had been deliberate. U3 is another application which uses a similar technology to mount the drive and if autorun is disabled or the virtual CD is not allowed to execute, the drive will remain locked if there was a password set on it. Well, I know I mentioned the U3 hack such as Hacksaw etc that can break the U3 authentication, but thats pretty out of scope here.

So, my advise? Leave autorun on. Install the patch. Look and think two or three times before you allow any action to be executed when you insert a media. If that media has a tendency to be infected, pay extra attention to it. 

Tuesday, January 20, 2009

Sound Wars : A New Hope

A long, long time ago, in a galaxy far, far away... Nah, not really...

I am not sure if I bitched about throwing my Hercules Fortissimo III 7.1 away when Vista launched. It was sad that DirectX did not support sound acceleration. However, its even more sad that this good card did not have Vista driver and Hercules did seems like to go out of the sound card market then.

However, the card laying around for some time, probably 2 years, I finally manage to sell it off on ebay. While I was packing it to be shipped off, I thought I might as well do some extra services for the buyer by downloading the latest (last) driver for him. Little did I know that I was in for a surprise.

The last dated driver was in 2003. But I saw a new entry now. In 2007, they actually released Vista driver for this? What do you know? There is hope for this card in Vista 32 anyway... I had since some time moved on to Vista 64 and this would had been throw out again.

In any case, releasing a driver 4 years after the product was something I truly say I had not seen. Maybe thats the premium about owning a Hercules card. anyway, lucky buyer who bought from me.

Grab the driver update at:
http://ts.hercules.com/eng/index.php?pg=view_files&gid=2&fid=23&pid=18&cid=1

Windows 7 to ship in 2009!

Yes, although its in Beta 1 now. There will only be one more test release - RC. Then it will be RTM in 2009!

Everyone who buys Vista after 1 July 2009 will get free upgrade to Windows 7!

Time to change hardware again!

Microsoft Windows Home Server 2010 Codename Vail

The next generation of the Windows Home Server (codename Vail) will be available in 2010. There will be an update (possibly like WHS R2) in 2009.

Some details on Vail:
  • Only available in 64 bits
  • Based on Windows 7
  • Bigger support for larger HDD (hardware, does not afface home builder)
  • Lower powered chips (Atom? Again, doesn't affect home builder)

More details:

http://www.techradar.com/news/digital-home/next-gen-home-server-based-around-windows-7-501108

How to downgrade Flash?

Downgrade is possible via:
http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14266&sliceId=2

However, I strongly urge anyone NOT to do so unless you are very sure what you are doing and why you need to use a older version of Flash (prior to v10).

The reason? See this:

which doesn't really say much. The keyword however, is "Clickjacking".
Read more at:

Do note while this thread mention about Flash, Clickjacking basically works with everything from javascript to JAVA. While there is not much mention of whether Silverlight is affected, I believe, conceptially, possible.

Anyway, back to downgrading of Flash. Its a very big download because they had archive all possible version of that particular branch into the zip file which you can download at the first link. For example, Flash 9 is 139MB (as of now). 

Well, I am downgrading Flash (for a while at least) for a particular reason. That reason will be obvious in the next few posts in the future. 

Tuesday, January 13, 2009

Windows 7 Beta Keygen 0 Day

Well, before you ask the question. The answer is Yes and NO! This is not an application. And technically its legal. Anyway, details about the keygen later...

Windows 7 Beta was out with a limit of 25 millions download originally intented. However, it is now limited to a 2 weeks windows.

You will need the following (as quoted from Microsoft website):
A blank DVD
A PC with a DVD burner
A test PC for the Windows 7 Beta that meets these minimum hardware recommendations (specific to the Beta and subject to change in the final version of Windows 7). Please do not use a PC you rely on for your work or daily use:
1 GHz 32-bit or 64-bit processor
1 GB of system memory
16 GB of available disk space
Support for DirectX 9 graphics with 128 MB memory (in order to enable Aero theme)
DVD-R/W Drive
Internet access (to download the Beta and get updates)

Now, for the keygen. You will have to go through the sign up for beta in the normal way to uinderstand what I mean. Once you get to the "Windows 7 Beta xx-bit Product Key" page which you should print and keep, here is where magic happens. You need another key? JUST PRESS THE BACK BUTTON ON YOUR BROWSER!!!

Ya, basically, it repost you previous request and give you yet another set of keys for the xx-bit product you just selected. Technically, this is not illegal since this is beta anyway. So I advise anyone who read this, PLEASE DO NOT ABUSE this system. Just make a few key if you need to install a few copies of Windows 7. Microsoft has been nice to provide the beta for no charges so let's not make them pull the beta offline because of this.

BTW, I think I should alert someone from Microsoft about this... But who? :)
P.S. I am also open for employment by Microsoft. Please contact me... :P

Monday, January 12, 2009

IE UserAgent 0-Days on some applications

Recently, I had found a rather interesting bugs. I was using my corporate time managerment software with my poorly patched (missing 100+ patches) company notebook. The IE6 apparently got blocked from the software saying "Please use IE6 or higher..." and redirect me to the IE7 download page. The joke is that the software does not work with IE7... But that aside... I am dead sure I was using IE6. I even checked my About box. So what the hell went wrong?

I was about to try injecting the UserAgent string in, because thats usually what is used to detect the browsert version. However, before I was to do that, I notice it was running ASPX (ASP.NET) and there is a page that checks the security (browser version). I went to take a look at my UserAgent with : javascript:alert(navigator.userAgent) and found that I had .Net 1 to 3.5 there. Now, you can imagine how long the UserAgent string is. 

That was what stucked me. I when ahead and "customized" my UserAgent. Guess what, I was in the time management software again. So what apparently happened was, they check the browser based on the UserAgent. But they had specified a much too small buffer to read it in. I guess we can assumed it caused a buffer overflow, however, ASP.NET will handle it nicely and the result being error in the string reading. That cause a mismatch of my IE6 version which ultimately booted me out of the software claiming I do not have IE6.

What worries me is that its common for people will additional software to have such a long UserAgent. And if applications are not designed to play nice with these, it can cause lots of problems such as a DoS from the application if I made everyone in the company have long UserAgent string. While checking for browser version is good, I believe its necessary to update the routines for newer browsers such as Chrome and other newer dot net frameworks. After this small experience, I tried with a long UserAgent on several other sites and application and found many not able to handle it. To the worse cause, I even managed to cause a few which is not using dot net framework. 

Download Windows 7 Beta Legally

The beta for Windows 7 is out! Finally. I am not sure if this is build 7000 or 7004. But apparently, its here for a limited time only.

Grab it:
http://www.microsoft.com/windows/windows-7/beta-download.aspx

Friday, January 09, 2009

Tsunami came to Xmas


This is not really funny. The tree seems to be hit by a tsunami or something. Well, I guess anything is better than the cone Xmas tree.

Standard Chartered Bank Fire Update

According to a reliable source. The fire is just a small fire in the carpark. Its very likely to be cause by cigarette... However, we should still be cautious as it can be sabotage (someone fired someone) or maybe some people just prefer to burn evidence in the carpark... Haha.

The lesson taken though was something else I heard... Some people on site are really worried about the servers, backup etc. Well nobody is worried if anyone is trapped inside actually. Thats life. One life is never worth too much in a bank.

However, that side, backup is critical in situation like this. If you backup to your thumb drive or external hard disk and its in the same building... Well that quite off the point then. That's exactly the thing that happened to some company which has backup in the other tower in the 9-11 incident.

Offsite backup is critical. No matter how slow or expensive it is. Its time like this that makes the value of offsite backup so important.

Standard Chartered Bank in CBD Caught Fire



Rarely I am into writing about fire. However, this time I am on site when it happened and it involved a big bank. The roller gateway were closed from the MRT access and there were around 4 fire engines big and small on size along with a few police vehicles.

I approached and asked the police what had happened and obviously they said "No Comments". So what happened? I guess I can only wait till the newspaper reports this. Was the CEO burning his chair up because of the bad final year results? Was some managers burning away some audit trails which proves fatal for his career? Or simple, leaking battery in server cause fire in server room?

Only time will tell.

Monday, January 05, 2009

What I do for a living (The Not-So-Good)

There is always those times when you simply hate some of the projects. I am sure some of you know what I am talking about. Usually this are projects where the difficulties usually do not comes from the technical aspect of hacking. For example, in a company where there is a fight between internal audit and the IT department. IA always knew IT were up to something that breaks compliance, but there are fierce resistance to the audit. This is one case where an external auditor is called in to do the dirty work. Well, not that IT will give these guys any better days, but it creates a opportunity to weed out those skeletons in the closets. Sometimes, this type of assignment can be nightmarish, especially if it not supported from the top by CIO / CEO etc.

In another case, the person or group you are auditing or hacking against is simply against you and refuse to co operate in any way. This is not as bad because usually in these situations, you are called in by a higher power to pull out these holes. As long as the higher power gives you the authority, many things is simple not a big issues. For example, network access. If the IT department refused to tell you what network and how to connect, there is always Wireshark to sniff out the segment and probably guess the gateway etc. In 5 minutes you will be in. Usually this situation can be solved using technical means.

There is yet another situation in my daily work which I really hate. And to be fair, it happens because nothing is perfect. That is crushing the network / server during the testing. While it is high desirable to avoid this situation, it is not within our power to ensure it never happens. Some legacy switches or poorly designed server will simply die even with a few pings. If you have a great team to support you, that would be good. Otherwise, there will be lots of finger pointing and flaming going on that actually prevents you from doing your job. But to be honest, if the network cannot survive a reasonable scanning or hacking attempts, this should be viewed as a audit failure because some other day, it won't be you crushing the resource. And these other guys will not be so easy and nice.

Chu Chu, we miss you!

Its one whole year already. How times flies. Like I said, new year will never be the same again. Although I had plenty of time, I did not wrote much here. I tidied up Chu Chu's place on this anniversary on 4th Jan 2009. I starts to see some resemblances with Fion. Especially when Fion make her face very untidy with hair running around that day. They almost looked alike, other then the size itself. Chu Chu was much smaller though.

I know what is gone is gone. I choose this day to watch the movie "10 promises I made to my Dog" as a remembrance to Chu Chu. It was sad, but I know this means I still remember Chu Chu deeply inside. I will always remember those great time we had and how we played together. I will also treasure what I have now more.

Chu Chu, I really miss you.

Thursday, January 01, 2009

春のかたみ (怪 ED) ~ 元ちとせ


This is the ending song of Ayakashi by Hajime Chitose. Loved it. A nice haunting song to kick start this year spring!

Amazon Gift Cards!

Thanks for viewing!

Copyright © 2008 nemesisv.blogspot.com, All rights reserved.