From: Digest To: "OS/2GenAu Digest" Date: Tue, 20 Aug 2002 00:01:04 EST-10EDT,10,-1,0,7200,3,-1,0,7200,3600 Subject: [os2genau_digest] No. 427 Reply-To: X-List-Unsubscribe: www.os2site.com/list/ ************************************************** Monday 19 August 2002 Number 427 ************************************************** Subjects for today 1 [os2genau] * Reminder * - Melbourne OS/2 SIG Meeting : List Admin" 2 Re: [os2genau] SW: WarpVision OS/2 Movie support ! : Voytek Eymont 3 [os2genau] Fwd: Breaking Windows : John Angelico" 4 Re: [os2genau] SW: WarpVision OS/2 Movie support ! : Ed Durrant **= Email 1 ==========================** Date: Mon, 19 Aug 2002 04:41:00 +1000 (EDT) From: "List Admin" Subject: [os2genau] * Reminder * - Melbourne OS/2 SIG Meeting We would like to remind you of this upcoming event. Melbourne OS/2 SIG Meeting Date: Tuesday, 27th August 2002 Time: 6:30PM - 9:30PM Place: Melbourne PC Group Victoria, Australia. The Monthly Meeting of Melbourne OS/2 SIG Normally held the fourth Tuesday of each month. ---------------------------------------------------------------------------------- **= Email 2 ==========================** Date: Mon, 19 Aug 2002 10:06:48 From: Voytek Eymont Subject: Re: [os2genau] SW: WarpVision OS/2 Movie support ! ** Reply to note from Ed Durrant Sat, 17 Aug 2002 19:20:06 +1000 > I have read somewhere that this program also supports Microsoft media > player format, but I haven't tried that yet. I've used WV to play a .wmv move, which, I think..? is the MS video format (?) glad to hear you can playback DVDs, now all I need, is a DVD drive... perhaps I can pull out the one in the ThinkPad Voytek Eymont SBT Information Systems Pty Ltd http://www.sbt dot net dot au/links/ phone +61-2 9310-1144 fax +61-2 9310-1118 ---------------------------------------------------------------------------------- **= Email 3 ==========================** Date: Mon, 19 Aug 2002 12:21:15 +1000 (EST) From: "John Angelico" Subject: [os2genau] Fwd: Breaking Windows Hi all! Calling all OS/2 programmers, and an alert to Mark Rogers of Orion Solutions. This URL was sent to me with a note of glee regarding yet another Windows weakness. However, I note that *theoretically* OS/2&eCS are also at risk because of the window messaging system which is similar to NT/Win2k. We have done a little local testing with WM_TIMER (source of the vuln) but haven't seen any risk. HOWEVER, I want to see if anyone else can detertmine if OS/2&eCS have the same risk or not. Do we have an inbuilt protection because of the Single Input Queue "feature"? (Wouldn't it be nice to be able to point this out to those sneering WinNT/2k apologists...?) Do we also have this vulnerability because of WM_TIMER, or the way apps can use the second parameter? Best regards John Angelico OS/2 SIG talldad at melbpc dot org dot au or talldad at kepl dot com dot au ____________________________________________ ==================BEGIN FORWARDED MESSAGE================== >Received: from mail3.tpgi dot com dot au [203.12.160.59] by emis dot com dot au [203.94.161.16] > with SMTP (MDaemon.v2.84.R) > for ; Sun, 18 Aug 2002 22:30:32 +1000 >Received: from neocast (nme-ts2-2600-153.tpgi dot com dot au [203.213.97.153]) > by mail3.tpgi dot com dot au (8.11.6/8.11.6) with ESMTP id g7ICERs10389; > Sun, 18 Aug 2002 22:14:28 +1000 >From: "Howard Grimsdale" >Organization: :: n e o c a s t >To: John Angelico >Date: Sun, 18 Aug 2002 22:14:19 +1000 >MIME-Version: 1.0 >Subject: Ooooh breaking Windows 8-) >CC: fg58 at postmark dot net, Patrick Cahill >Message-ID: <3D601C3B.13989.2C8078E at localhost> >X-Confirm-Reading-To: "Howard Grimsdale" >X-pmrqc: 1 >Return-receipt-to: "Howard Grimsdale" >Priority: normal >X-mailer: Pegasus Mail for Windows (v4.01) >Content-type: text/plain; charset=US-ASCII >Content-transfer-encoding: 7BIT >Content-description: Mail message body >X-MDaemon-Deliver-To: talldad at emis dot com dot au >X-Return-Path: hg at neocast.tv > http://security.tombom.co.uk/shatter.html Exploiting design flaws in the Win32 API for privilege escalation. Or... Shatter Attacks - How to break Windows. .. . . . . . . . . . . . : : n e o c a s t t: +613 9500 8575 m: 0412 869 349 ICQ: 166374774 ===================END FORWARDED MESSAGE=================== ---------------------------------------------------------------------------------- **= Email 4 ==========================** Date: Mon, 19 Aug 2002 18:22:37 +1000 From: Ed Durrant Subject: Re: [os2genau] SW: WarpVision OS/2 Movie support ! 16x DVD Rom drives are available pretty cheap at the moment - I think I saw one at $129 at Strathfields and I suspect it wont be long before they break the $100 barrier ! There's one additional piece of information though, I think the WarpVision Program (or possibly a codec that it uses) is crippled. That is it only plays a few minutes of the DVD Video. The audio keeps running but the Video stops. There's also a scrolling message to say that this is not a free part of WarpVisdion and to contact the author for further details. Since the product appears to work, I would quite happily pay a fair price to get the un-crippled version, perhaps once they've got the menus and sub-titles working. As for the Windows media format, all the links I can find seem to have ASX files, that contain some sort of instructions and as these don't execute in NS 461, I never get to the actual media file. I'll have to try with Mozilla and possibly Opera/2 to see if I get any further. Cheers/2 Ed. Voytek Eymont wrote: > ** Reply to note from Ed Durrant Sat, 17 Aug 2002 19:20:06 +1000 > > > I have read somewhere that this program also supports Microsoft media > > player format, but I haven't tried that yet. > > I've used WV to play a .wmv move, which, I think..? is the MS video format > (?) > > glad to hear you can playback DVDs, now all I need, is a DVD drive... > perhaps I can pull out the one in the ThinkPad > > Voytek Eymont > SBT Information Systems Pty Ltd > http://www.sbt dot net dot au/links/ > phone +61-2 9310-1144 fax +61-2 9310-1118 > ----------------------------------------------------------------------------------