Windows XP SP3 Release Dates

With Service Pack 3 for Windows XP just over the horizon, we’ve managed to get our hands on the internal schedule for the release of the highly anticipated update to the aging operating system. As you can see in the list below, most of the stages will occur before the end of the month, though forced automatic updates won’t land until June. This delay should give system administrators an ample amount of time to prepare for the upgrade or simply come up with an excuse when things go awry.

• April 14, 2008: Support is available for the release version of Service Pack 3 for Windows XP
• April 21, 2008: Original Equipment Manufacturers, Volume License, Connect, and MSDN and TechNet subscribers
• April 29, 2008: Microsoft Update, Windows Update, Download Center
• June 10, 2008: Automatic Updates

View: Windows XP Service Pack 3 Overview

Source: Neowin 

Posted in Windows | No Comments

Two Overclocked 9800 GTX Cards

By our count, Nvidia and its add-in board partners offer no less than five designs based around the company’s G92 GPU: the 8800 GS, 8800 GT, 8800 GTS 512MB, 9800 GX2, and 9800 GTX—and that’s not even counting memory variants. That’s a lot of seemingly different products based on the same chip.

Of course, there are substantive differences. The 8800 GTX 512MB, 9800 GX2, and 9800 GTX all have more shader units (128) and ROPs (16) than the 8800 GT, which in turn, has 112 shader units to the 8800 GS’s 96. Still, they’re all built on the same chip—the lower end cards simply have some functional units disabled.

Our ET analyst Jason Cross recently examined an XFX GeForce 9800 GTX, and found performance to be only marginally better than an 8800 GTS 512MB. There are a couple of new features, including support for hybrid SLI and 3-way SLI. But despite requiring two power connectors in a 10.5-inch long card, the performance differences were minor.

But what if you took the 9800 GTX design—which can be considered an overclocked 8800 GTS 512MB card—and overclocked it? Today, we’ll examine two such cards: The PNY 9800 GTX OC and BFG’s top end 9800 GTX OCX.

Read the rest of the story…

Posted in Gaming, Hardware | No Comments

sqlninja 0.2.2 Released – SQL Injection Tool

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.  Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.  It is released under the GPLv2 and it has been featured on SecurityHack’s Top 15 Free SQL Injection Scanners, which is a good result for something that started as a small script written on-the-fly during a pen-test.

Features

The full documentation can be found in the tarball and also here, but here’s a list of what the Ninja does:

• Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
• Bruteforce of ‘sa’ password (in 2 flavors: dictionary-based and incremental)
• Privilege escalation to sysadmin group if ‘sa’ password has been found
• Creation of a custom xp_cmdshell if the original one has been removed
• Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed)
• TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
• Direct and reverse bindshell, both TCP and UDP
• DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works)
• Evasion techniques to confuse a few IDS/IPS/WAF

Platforms supported

Sqlninja is written in Perl and should run on any UNIX based platform with a Perl interpreter, as long as all needed modules have been installed. So far it has been successfully tested on:

• Linux
• FreeBSD
• Mac OS X

Sqlninja does not run on Windows and I am not planning a port in the near future.

Download here.

Posted in Internet, Privacy, Security, Software | No Comments

CEOs targetted by sneaky phishing scam

Panos Anastassiadis didn’t click on the fake subpoena that popped into his inbox on Monday morning, but he runs a computer security company. Others were not so lucky.

In fact, security researchers say that thousands have fallen victim to an email scam in which senior managers such as Anastassiadis are told that they have been sued in federal court and must click on a web link to download court documents. Victims of the crime are taken to a phony website where they are told they need to install browser plug-in software to view the documents. That software gives the criminals access to the victim’s computer.

This type of targeted email attack, called “spear-phishing,” is a variation on the more common “phishing” attack. Both attacks use fake email messages to try to lure victims to malicious websites, but with spear-phishing the attackers try to make their messages more believable by including information tailored to the victim.

The e-mail sent to Anastassiadis, CEO of Cyveillance, included his name, company’s name and even the correct phone number, said James Brooks, director of product management with the security vendor. “Given the nature of our business, he suspected something right away and forwarded it to our operations centre.”

However, Verisign’s iDefense division has tracked more than 1,800 victims who clicked on the message. “This is probably one of the largest spear-phishing attacks we’ve seen to date in terms of number of victims,” said Matt Richard, director of iDefense’s Rapid Response Team.

Read the rest of this story…

Posted in Internet, Privacy, Security | No Comments

Dealing With Hard Drive Problems

It happens to all of us: You turn on your system and see the stomach-churning “disk not found” error.

It’s really not surprising considering hard drives fail–more often than you might think. You don’t believe me, I know, so look at Study: Hard Drive Failure Rates Much Higher Than Makers Estimate.

Some Help From a Hard Drive Guru

If you’ve been following my saga, you know I had trouble with my mother’s hard drive. It could be that my office is stuck in a harmonic convergence or some magnetic vortex, but a month earlier, I had a hard drive fail on a test PC.

The error was “Boot Failure: System Halted” and it was new one for me. I started digging for answers and I bumped into DTIData, a hard drive recovery company.

They had a toll-free number and even though it was late afternoon on a Saturday, I decided to call. I spoke with Dick Correa, the chief programmer at DTIData, who immediately diagnosed it as a BIOS problem. “I absolutely can tell from the error message,” he said. Once I reset the BIOS back to its default and rebooted, the hard drive worked fine.

Read the rest of this story…

Posted in Hardware | No Comments