I restored the old configuration and the blog will continue its normal operation now. The hotfix can not be downloaded from the site anymore but its source code is still available.
Thank you all for the support! I’d like to say thank you once more to the guys who mirrored the files!
P.S. Next week we will talk about some decompilation problems.
The new version is suitable for automated setup (for example, in logon scripts).
Continue reading Silent WMF Hotfix Installer
It seems that many users installed the hotfix for the WMF vulnerability on their machines.
Continue reading WMF Vulnerability Checker
This week a new vulnerability was found in Windows:
Browsing the web was not safe anymore, regardless of the browser. Microsoft will certainly come up with a thouroughly tested fix for it in the future, but meanwhile I developed a temporary fix – I badly needed it.
Continue reading Windows WMF Metafile Vulnerability HotFix
I updated my EFD utility to handle the packed XCP.DAT file. To extract files from the archive, use:
efd -x xcp.dat
in a clean directory. It will create files like xcp1.dat, xcp2.dat, etc. Unfortunately the file names are not present in the archive, that’s why the names are so meaningless.
Here is the utility: efd.zip
The last week several LGPL violations were found in Sony’s DRM implementation.
Here is a proof of one violation. Here is a dedicated page with many other findings.
By the way the license breach could be found using the simplest tools on the earth: any hex editor or the strings tool from unix would be enough to find the copyright strings. In MS Windows Start, Search for Files or Folders would be sufficient as well. Just think about it and look.
In theory the license breach is easy to fix: just add the required copyright notice to the initial dialog box and there is no license violation anymore.
What is not easy to fix is the public opinion. Many will think: Sony’s rootkit is a bad thing and (therefore) DRM in general is a bad thing too. In fact what we need is a good DRM implementation (since the option of having no DRM is not available). Without rootkits and ‘security by obscurity’ approach. Which does not punish legal buyers.