Posts by Twilight Turtle

I'm not sure this is factually accurate. Before the 2014 patch, cleartext password will be stored in LSASS for interactive logon sessions unless explicitly disabled. By default Vista, 7, 2008, 2008R2 and 2012 all stored plaintext credentials in LSASS until KB2871997 when this was disabled by Microsoft, but that still doesn't remove plaintext credentials from WDigest according to their own patch overview ( http://blogs.technet.com/b/srd/archive/2014/06/05/an-overview-of-kb2871997.aspx ). I don't know about Kerberos but it certainly used to be the case that it also required plaintext storing of credentials in-memory for ticket generation

My understanding is that the cleartext passwords are stored encrypted and in-memory via SSP, historically for numerous supported authentication methods but these days pretty much solely for WDigest. The encryption is done via the LSAProtectMemory function, which can simply be reversed via (ab)use of the LSAUnprotectMemory function. There are several tools publicly available that do this, including WCE and Mimikatz.

...Good guy or bad guy?

It's basically an anonymity network built pretty much solely on compromised Windows infrastructure owned by unaware third parties. Even if there are non-malicious users of it, the thing is in principle nefarious.

Re: Am I misreading this?

Theoretically, it would also allow you to move laterally in some environments where the deployment of Windows updates is managed by a centralised server. Get local admin on that server via, say, a compromised service account (people seem to love giving their service accounts local admin) and you could effectively weaponise updates deployed to other hosts.

If you're referring to the TrueType one from the tail end of last year, I think the actual vuln was in the way that certain Microsoft products parsed crafted TrueType files, so I'm not sure the same exploit would work against other vendors implementations of the TrueType standard. But don't hold me to that.

Re: "a cowards justice system"

So you're not interested in academic studies, contained in which are those very statistics you apparently want, but are quite happy to post a newspaper article that doesn't actually demonstrate that harsher prison sentences reduce re-offending generally, but only that they do in the case of one particular judicial system (IE, that of the UK).

Interesting to note that the reason given by Justice Secretary for the better performance of longer-serving criminals is their own failure to institute working rehabilitation programmes for short-term prisoners.

Re: @thx1138v2 - Just curious

I read them as two distinct things, but I've not had enough coffee yet. Pretty sure the Snowden disclosures fingered the Pentagon as the most likely source of the loss of the F-35 plans. That or one of the myriad of defence contractors involved in it who have been compromised over the years.

Re: Ketchup?

Alternatively, Ketjap Manis might make a more authentic substitution for Ketchup for the napalm-shy.

Re: Snakebite made with cider and lager?

Ahh, memories of my university days.

Allow me to introduce the "turbo snakebite". You will need, per person:

1x jug, approximately 2 pints in volume

1/4 jar (500ml) Old Rosie cider

1x Pound-a-can 7% Polish larger such as Okocim

50ml Wray and Nephew

50ml blackcurrant cordial (trust me, you'll need it)

Unlike the Venom vulnerability, this does scale rather well. Enjoy!

"The Germans learned from their experience in Spain..."

As well as from the likes of B.H. Liddell Hart, J.F.C Fuller and Mikhail Tukhachevsky, all of whom (amongst numerous others) had been proposing combined arms warfare since the late 1920's. Sadly Liddell Hart and Fuller were largely ignored by the British military establishment, and Tukhachevsky's significant impact in developing Soviet Deep Battle doctrine came to a fairly abrupt end when Stalin had him purged. People like Ritter von Thoma and Heinz Guerian, who worked to develop German armoured warfare principles, cited Hart and Fuller by name in their writings on the subject.

Re: And still using DISCS IN THE POST

True, it was more a case of puzzlement on my part at the (apparent) outrage of sensitive disks being sent in the post at all.

Psst...

Your gripe should probably be with Borg-Warner, as they build the various DSG boxen (apart from the Veyron one) for VW and a few other marques AFAIK. The six-speed wet-clutch one is supposed to fairly reliable when serviced properly but the mean failure rates for the earlier 7-speed dry-clutch ones seem to be a bit more worrying. Think there was a recall on over 1.5 million cars equipped with that box...

Re: Whisky and water

I did one of the every-region tasting sessions at the Whisky Experience in Edinburgh when on the second day of a stag. The first bottle we sampled was a barrel proof lowlands, can't remember what. At a little over 60% ABV and after a night's worth of fairly heavy drinking, I was very glad to hear our (also young but spectacularly well-informed) guide suggest diluting it 2:1 whisky:water, which made it really rather pleasant. I did try some neat but it was pretty much all alcohol burn and no real discernible flavour. Even as a relative Scotch novice the difference was massive.

Never seen the appeal in adding any cooling assistance to whisk(e)y. All it seems to do is remove the majority of the flavour.

Re: An unsually poor comment

So, what you're actually saying is that Android handset makers are doomed because Sony and HTC are losing money hand over fist? I don't really think that's a fair conclusion given that they're hardly representative of the entire Android handset maker market.

Are LG losing money on their phones? Are ASUS? Huawi and the like are now selling in Western markets. What about the smaller, newer niche providers selling high-end products like Amazon, Xiaomi, Hisense, Sharp et al?

There are a myriad of reasons why Sony and HTC are in trouble, not least of all their failure to compete with Samsung and LG at the top end of the Android smartphone market and their lack of mass appeal.

32.9mpg?

Double what Top Gear managed taking a Mk2 Prius on their test track.

I can't think of another petrol-powered "performance car" that would achieve 33mpg in traditional "performance car" style road testing. Can you?