“VNC (Virtual Network Computing) software makes it possible to view and
fully-interact with one computer from any other computer or mobile device
anywhere on the Internet.”

Improper security measures allow attackers to bypass RealVNC authentication.

Vulnerable version is RealVNC version 4.1.1.

As documented in rfbproto.pdf by Tristan Richardson, the RFB (remote frame buffer) protocol performs an initial handshake which allows clients and servers to negotiate appropriate authentication measures. There are several methods of authentication, including the standard DES Challenge-Response, as well as an option to disable authentication completely. Due to an incorrect implementation, clients are able to force the server to disable authentication, and allow login without a password.

Proof of Concept:

1. Server sends its version, “RFB 003.008\n”
2. Client replies with its version, “RFB 003.008\n”
3. Server sends 1 byte which is equal to the number of security types
offered
3a. Server sends an array of bytes which indicate security types offered
4. Client replies with 1 byte, chosen from the array in 3a, to select the
security type
5. The handshake, if requested, is performed, followed by “0000″ from the
server

Here is a typical packet dump:

Server -> Client: 52 46 42 20 30 30 33 2e 30 30 38 0a <- Server version
Client -> Server: 52 46 42 20 30 30 33 2e 30 30 38 0a <- Client version
Server -> Client: 01 02 <- One field follows... and that field is 02 (DES
Challenge)
Client -> Server: 01 <- Ahh, the lovely 1 byte exploit! Beautiful, isn't
it?
Server -> Client: 00 00 00 00 <-- Authenticated!

Update all RealVNC’s ASAP if you dont want troubles or Run VNC servers behind firewall, and use SSH tunnels for communication.

I finally got it! Google sent me it after 6 months. But now… Yeah i’m so happy that i cant bealive it I’ll notice you about this great service when i got statistics from it

“Yeah baby!” (A. Powers)

Intel have released the details of their next generation of dual core processors: the new chips will be under the Core 2 Duo brand, and there will be three versions. The most interesting for video users will be the Core 2 Extreme, a new dual core chip that’s designed for high-end desktop systems and servers.

Read more here…

Seagate Technology on Wednesday announced the release of a 750GB version of its Barracuda 3.5-inch hard disk drive mechanism.

The newest Barracuda 7200/10 model comes in capacities ranging from 200GB to 750GB and features support for Ultra ATA/100 and SATA interfaces with either 8MB or 16MB of data cache buffer.

The drive makes use of perpendicular recording technology, which stands data bits vertically on the disc media, rather than horizontally as hard disks have traditionally worked.

Read more… (MacWorld)

I found very nice page wich contains links for some very good e-books stored on free public servers. I found a lot of interesting stuff here…

What am I still taling… Go HERE and find something for you

Moves by French politicians to soften plans that will force Apple and others to open up DRM to help consumers do not go far enough, industry representatives have claimed. The interoperabilty bill was passed yesterday by the upper house of the French parliament.

Under the relaxed proposals, rather than force Apple and others using DRM software to abandon copy protection, a new agency would be set up to consider issues on a case-by-case basis. Applications from other firms wanting access to Apple’s Fairplay DRM would have to apply to the agency.

The bill will now go before a committee where senators and assembly members finalise the text before it reaches the statute books. A draft will be drawn up from each of the two houses, each with different clauses that need to be merged.

Read the rest here.

Portable Gaim is the versatile Gaim instant messaging client packaged as a portable app, so you can take your IM settings and buddy lists with you. The Off-the-record plugin is also included for secure, encrypted messaging.

Download it: HERE

Installation is simple - you just need USB Storage Key, and when you install you can use it on any windows machine (even if you’re not admin). So very useful if you’re in school which doesent have MSN messenger (6)

You need some time to get use with Gaim, but than it’s super. It’s installed on my USB Key with Portable Firefox

V ZDA so v bojih proti piratom začeli uporabljati pse, ki lahko v poštnih pošiljkah zavohajo piratski DVD.

V boju proti piratskim filmom so v ZDA začeli uporabljati pse, ki v poštnih pošiljkah najdejo oz. zavohajo piratski DVD, je sporočilo ameriško združenje za film (MPAA).Prvič so tako dresirane pse uporabili v Veliki Britaniji, in sicer v okviru skupne akcije britanske carine in organizacije za boj proti piratstvu Fact in združenja MPAA, ki varuje interese velikih hollywoodskih filmskih družb. V akciji sta sodelovala dva labradorca, Lucky in Flo.Prvi delovni dan na letališču Stansted pri Londonu sta psa zavohala več DVD v večjem številu pošiljk, vendar so bile vse zgoščenke legalne.

Uničevanje piratskih DVD in CD medijev (Foto: Reuters)

Vir: 24ur

Today from 18.00 - 20.00 ed-Mail page will be down. This is becouse of apache, php and mysql upgrade. This will improve your security and security of server itself.

All mail forwards will STILL work, just page will be unavailable. ed-Mail needs some banners or maybe new design. If you think you can help, contact one of the admins.

Enjoy using the service!

It’s here Terminator is sent to past to protect Jesus Check the trailer on next link:

YouTube - Terminator and Jesus

I had a really god laught on this

Jeanson James Ancheta (52) was on Monday sent to prison becouse of spreading malicius software (dosnet bots, urreptitiously taking over thousands of computers, and using them to launch Internet-based attacks).

He also made those botnets available for a fee to spammers and other malicious hackers.
The type of stealth cybercrime perpetrated by Ancheta has become popular among malicious hackers in recent years, creating concern and problems for end users, businesses, law-enforcement agencies and IT vendors.

He could got even up to 25 years in jail. OMG for using public lame h4×0rz t00lz?

Read the whole story Here

Amebis je sprogramiral robota, ki ve in odgovarja na vsa naša vprašanja. Poimenoval ga je kar Klepec. Videti je da je v sam program vloženega veliko dela in truda, vendar mislim da še vedno potrebuje nadgradnje. Vsekakor pa kapo dol za slovence! Upam da vsaj veste kdo je klepec

Pogovori se s Klepcom

on IGN homepage we can see the “trailer” of the Red Steel game - game of future. I hope this game + game pad wont be too expensive. But i’m shure I want to try it

I have a fealing nintendo will sold more his stuff now

Oh and if on official site is too much “buffering” try this link.

Another trailer is awailable here

As it says on the Metacafe God Bless Them All!
Watch this by yourself here.

Že nekaj časa nazaj sem prevedel MSN Plus!, vendar šele sedaj dajem link v javnost, tako da ga sedaj lahko uporabljate kar v domačem jeziku. Zadeva je za namestitev zelo preprosta. Najprej morate naložiti .ini datoteko s slovenskim prevodom, ki jo dobite:
Tukaj
To zadevo potem shranite v Resources mapo, ki se nahaja v MessengerPlus! 3 imeniku (običajno c:\Program Files\MessengerPlus! 3\Resources). Sedaj sledi še lažji del.

Potem odpremo glavno msn okno in kliknemo Plus! in potem Preferences

,

Potem v sekciji Language Pritisnemo Change.

Kliknemo radio button kjer piše Use the folowing translation (kot na sliki) in izberemo Slovenian. Dvakrat kliknemo OK in to je to.

Sedaj mora biti vaš MSN PLUS! Popolnoma slovenski

Če je kakšen prevod zgrešen, me pa le obvestite

LP