If you’ve got a nook, and wanted to get root privileges, but really didn’t want to open up your fancy new toy. We have good news. The people over at nookdevs have found that the nook looks for updates from the external microSD slot at boot time. Simply download the patch, load it and boot. Though it was previously possible to get root privileges before, you had to physically open the device. While we would have opened it anyway, we understand that there may be people who prefer not to.
Hack
Nook rooted without being opened
Hack
Windows 7 and Vista crash via SMB exploit
[Laurent Gaffié] has discovered an exploit that effects Windows Vista, Windows 7, and possibly Windows Server 2008 (unconfirmed). This method attacks via the NEGOTIATE PROTOCOL REQUEST which is the first SMB query sent. The vulnerability is present only on Windows versions that include Server Message Block 2.0 and have the protocol enabled. A successful attack requires no local access to the machine and results in a Blue Screen of Death.
[Laurent] has a proof of concept available with her writeup in the form of a python script (please, white hat use only). There is no patch for this vulnerability but…
Internet
Microsoft Internet Information Services Vulnerability Gives Complete Server Control
Microsoft has confirmed a vulnerability in its Internet Information Services webserver and spelled out the conditions under which it can be exploited to give an attacker complete control of the server on which it runs.
Remote execution of malicious code can be triggered only in limited cases, and even then, it’s relatively easy to change settings that close that possibility. Even then, exploits can still touch off denial-of-service attacks that completely shut down file transfer protocol.
Proof-of-concept code exploiting the vulnerability was released Monday. Microsoft said it will release a fix as soon as it’s ready.
The vulnerability can be…
Hack
Apple TV with Boxee and more update
In November, we covered installing Boxee on AppleTV using atv-usb-creator. [Danny] has written a tutorial on installing Boxee, XBMC, NitoTV, SSH access, and external USB hard drive support. His method installs most of the software via the USB patch stick, then uses the SSH support to enable the external drive and install NitoTV. The tutorial lists a Mac running OSX 10.4 or newer as a prerequisite but there is now a Windows version of atv-usb-creator. According to their Google Code page Linux support for this package is on the way.
[via AppleTV Hacks]
Hack
Simple, low-tech attack on Credit Unions
The National Credit Union Administration is warning all Credit Unions about malicious hackers and a low tech attack by mailing branches CDs with malware on them.
Using a somewhat dated but still effective Social Engineering attack, a package designed to look as though it was mailed by the NCUA is sent to the branch. The package contains CDs with the attacker’s malware on it, and an accompanying letter (PDF) which informs the branches, ironically, about phishing scams. The letter directs the personnel to review the “training material” on the enclosed CD. Once branch employees proceed as directed, the malware…
Tech Support
WordPress 2.8.3 Remote Admin Password Reset Vulnerability
Researchers are sounding the alarm for a serious administrator password-reset vulnerability affecting the latest version of WordPress, the popular open-source blog publishing platform. An attacker could exploit this vulnerability to compromise the admin account of any wordpress/wordpress-mu 2.8.3 and older.
The flaw, which can be exploited via the browser, gives an attacker a trivial way to compromise the admin account of any WordPress of WordPress MU (multiple user) installation.
The attack uses an ability of PHP to not only set values on variables, but also make them arrays. Basically a GET request can add data like: http://www.example.com?data
PHP takes…
Hack
Music Visualizer (oscilloscope)
The Music visualizer is actually a second build based on an earlier design[Thanks Roger]. The build was influenced by Zyra’s How to make an oscilloscope out of a television. The hack is quite simple, patch the output of an amplifier into the vertical deflection coils of the CRT. This is a good use for that old TV you may have laying around but don’t want to recycle it just yet. While on the subject we had covered the Mac SE/30 audio visualizer in 2006. For those looking for something a little more hard core, here is a bit about…
Software
Foxit PDF Editor v2.1.0.0702 + KeyGen & Patch
With Foxit PDF Editor you can open a PDF file create a brand new file add or remove pages change anything and save All graphic details will be retained with no quality loss You can select modify delete and insert text images or graphic objects Like any real editor Foxit PDF Editor supports features such as single or group selection copy and paste and undo and redo You can see your changes immediately Foxit PDF Editor is an independent application so you don 39 t need to install any other software not even Acrobat Reader It 39 s compact and…
Tech Support
Firefox 3.5 Can Install Malware
An unpatched memory corruption flaw in the latest version of Firefox creates a means for hackers to drop malware onto vulnerable systems.
Security notification firm Secunia reports that the security bug (which it describes as extremely critical) stems from errors in handling JavaScript code. The flaw has been confirmed in the latest 3.5 version of Firefox, released in late June.
Older versions of the popular alternative browser might also be affected, Secunia warns.
Exploit code has been uploaded onto recently revived security exploit website milw0rm, a factor that could hasten the development of more attack code.
Secunia advises Firefox…
Software
Diskeeper 2009 Pro Premier / Enterprise Server v13.0.844 x86 + KeyGen
Diskeeper 2009 EnterpriseServer empowers IT professionals and systems managers to enhance the performance and reliability of their systems with no extra overhead time or resources Allow Diskeeper to give your hard drives a transparent tune up while you enjoy unprecedented speed and reliability Diskeeper 2009 EnterpriseServer marks the end of scheduling and the beginning of real time maintenance of servers without ever again having to worry about dips in performance or straining valuable system resources ven when demand is at its absolute highest nbsp Install Notes 1 Unzip unrar and install 2 Then read CAREFULLY THIS NFO and follow steps…
Computer
How To: Set Up A New System From Scratch
The question frequently comes up about how to format and install XP from scratch. Following are the steps I take when I get a new system. I mention the “brand names” of software I use not as an endorsement or recommendation, but just for the sake of example. After unpacking and connecting all hardware, here’s what I do: 1. Partition the HD according to my preference, thus deleting everything on the drive (the number and size of partitions is entirely up to the individual user – I prefer several, keeping the OS on c: and various programs, cache folders, swap…
Hack
LED bottle wall
Here are two new projects from [Alex Beim] at Tangible Interactions. The video above is the bottle wall with a controllable LED behind each bottle. Embedded below is the 7×5 pixel Rainbow Box. He’s planning on writing a Quartz Composer patch to actively drive the display.
[via Create Digital Motion]
