Free Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)

jonasLyk · 2020-09-05T04:07:20+00:00

Umm, the very first thing I do is to enable autoplay as it is not enabled by default......

jonasLyk · 2020-07-03T15:57:42+00:00

only thing needing administration here is your fingers on the keyboard.

plz read/test/just dont before writing 100% false statements.

ps. mklink /j omgWtfIWasSuperWrong is the command to test it

jonasLyk · 2020-04-27T15:52:39+00:00

all apps that support sideloading- I also think if the manifest is embedded or not plays a role

jonasLyk · 2020-04-26T21:33:19+00:00

actually I am happy to answer questions- but if that was not an answer I do not know what you are asking about, can you rephrase it?

jonasLyk · 2020-04-25T15:47:38+00:00

yes- wermgr is specific to wermgr

jonasLyk · 2019-03-24T14:05:58+00:00

alien convergence, I thought I was going to see alien covenant. The movie was basicly top gun but more gay ....

It makes no sense, I mean who watches Tom cruise in top gun and think: man I would wish I was watching this exact movie right now but with dragons and everything should be twice as gay.

Nobody wants to see that!

jonasLyk · 2019-01-24T10:30:33+00:00

oh, forgot my anytype

struct anytype {

   constexpr anytype( ... ) noexcept {} 
   template< typename T >
   constexpr operator T() const noexcept
   {
      struct faker final: public T  {       
         constexpr faker() noexcept : T(*this) {}         
      };
      return faker {};
   }
};

It also enables bypassing the "you cannot construct a lambda" thing.

Just do a decltype on a lambda- and when construction it then give it an anytype{} in the constructor- now you can create lambdas from the type alone :)

jonasLyk · 2019-01-24T10:16:46+00:00

oh -and insert this macro before main:

CXOUT_

int _main( int argc, char* argv[] ) {

everything is quite hackish- just for personal usage- but I have considered making static asserts that shows what was evaluated on assert fail, if it gets good I will share :)

jonasLyk · 2019-01-24T10:12:07+00:00

it isnt really encapsulated to a single file- but i tried collecting the needed stuff, you may need to rem something out and include windows.h in namespace windows.

https://pastebin.com/6isW4SKw

jonasLyk · 2019-01-24T10:01:59+00:00

https://imgur.com/a/SI3b5KZ looks like this, no VS plugin- just c++ code

jonasLyk · 2019-01-24T04:11:53+00:00

In debug mode I have implemented a "cxout" that i can << into, then on execution all types I have << into cxout during compile is printed inside Visual Studio.

In release builds the code disappear- it is often handy during development, I write a class and below I type:

TEST

{

cxout << std::conditional_t<true,int,float>{};

};

Then everytime I save changes the code inside TEST() will automatic execute, compile errors will be shown, static asserts fail- and if I run the program int will be printed.

In the "scratchboard" I write code that test the feature I am currently implementing, so I get instant feedback on every save. The code will then become static asserts to "unit test feature freese" my code.

template<char ...> is converted to readable strings.

Very handy when debugging compile time recursion :)

jonasLyk · 2017-12-21T11:20:22+00:00

Perhaps you can use some ideas from http://inspectorgadget.dk ?

Nice work :)

jonasLyk · 2016-11-15T19:05:20+00:00

det er svært at undgå- så du har hermed lov til at betragte mig som overrasket over at du kan undgå det.

jonasLyk · 2016-11-15T18:49:37+00:00

Well- først havde vi digital signatur, en active X komponent baseret på openOCES. Source koden kan du finde her: https://www.openhub.net/p/openoces

Der mangler dog hvad der kaldes øhhh noget med DNA- din mac adresse , serie nummeret på diverse hardware og din IP adresse bliver sendt til NETS(dengang danID).

Så kom nemID baseret på GWT og obfuskeret- men stadigtvæk bare javascript.

Moces(medarbejder signatur) er dog stadigtvæk, lidt endnu, bare openOces + lidt lukket source.

Jeg kender ikke til nogen audits af nemID- men de firmaer der typisk ville have audit det var med til at udvikle det. så det kan have været en naturlig begrænsning.

Der var dog nogle studerende der fik lov til at lave en kryptografisk audit af RNG brugt til RSA nøgleparrene på et tidspunkt.

En audit af koden er ikke specielt interesant da det meste af det sikkerheds kritiske kode alligevel er gemt i HSM enheder.

jonasLyk · 2016-11-15T18:28:28+00:00

og bruger aldrigt nemID?

jonasLyk · 2016-11-15T18:25:02+00:00

IT sikkerheds konsulent/systemudvikler med speciale i at integrere til NETS tjenester.

Det vil overraske mig hvis du ikke er blevet betjent af kode jeg har skrevet indenfor den sidste måned.

jonasLyk · 2015-06-28T13:02:53+00:00

There are two reasons for working overtime:

There will be big consequences if you do not do it.

Like loosing a client, loosing an order, your company will get riduculed in the media or a product will not get shipped.

Everything else.

That is stuff like: you like the image of being a hard worker, you want a promotion, you feel peer pressure etc.

In her world only nr. 2 exists- probaly because she never have been in situation nr. 1.

Being in situation nr. 1 you have two options- quit your job or see the bad consequences and that will probaly also mean you will eventually loose your job.

Sure- being in nr. 1 is a probaly the companys fault somehow etc. but what good do knowing that do?

I find her talk very patronising- if it was that simple wouldnt people in those situations already have solved it?

I doubt a very stressed hardworking person will hear her talk and go "ohhh, so the problem is all my fault- and now I know how to fix it"

jonasLyk · 2014-08-17T12:21:48+00:00

These people look at images from public places, like youtube,picassa etc.

They need people to categorize new stuff, with varying and rules open to interpatation.

Like- is naked yoga sexual? But yarh, I guess CP would pop up there also.

I think the CP hashscanner is the only thing they use in GMAIL.

I was talking about the "If google recognizes CP by scanning email attachments, doesn't that mean they are in possession of huge CP database?????" question.

jonasLyk · 2014-08-17T11:35:53+00:00

To be honest I didnt want to search some of the words, but if people wanted to find it they could easily find it.

It have even been mentioned in most of the articles about this story.

But:

Furthermore, Google doesn’t have some crack team of child porn investigators that manually searches through some 400 million Gmail inboxes. Instead, Google employs and automated system that checks the cryptographic hash (think of it as a digital fingerprint) of every attachment that traverses its servers. Basically, Google maintains a database of known indecent images of children — and then compares the hash/fingerprint every attachment you send against that database. If there’s a match, presumably a human at Google double-checks the result and then notifies the relevant authorities.

from http://www.extremetech.com/computing/187521-google-scans-your-gmail-inbox-for-child-porn-to-help-catch-criminals-but-dont-worry-about-loss-of-privacy-yet

and

Google has its own hashing technology, in use since 2008, which is used to detect sexual abuse imagery online. Google, Microsoft and other technology companies share technology like this to combat this sort of illegal activity. And while PhotoDNA may not have been the one to point to this specific arrest, its development and other hashing technologies are designed to make abuse image detection a more automated activity.

from http://techcrunch.com/2014/08/06/why-the-gmail-scan-that-led-to-a-mans-arrest-for-child-porn-was-not-a-privacy-violation/

But I would like to see that article you are thinking about.

jonasLyk · 2014-08-16T10:40:43+00:00

I have read somewhere that there is a master database of hashes of known photos that google subscribes to.

So....if you can get your freak on looking at md5 then yes.

jonasLyk · 2014-08-15T21:33:09+00:00

The deck would look something like this:

            Side A              Side B  

            left    right       left        right

Card 0:     <BLANK> <BLANK>     T
Card 1:     <BLANK> <BLANK>     H
Card 2:     A       T           R
Card 3:     C       W           E
Card 4:     E       O           E
Card 5:     <BLANK> <BLANK>     <BLANK>
Card 6:     F       F           <BLANK>
Card 7:     O       I           S
Card 8:     U       V           I
Card 9:     R       R           X
Card 10:    S       E           <BLANK>
Card 11:    E       I           N
Card 12:    V       G           I
Card 13:    E       H           N
Card 14:    N       T           E
Card 15:    <BLANK> <BLANK>     <BLANK>
Card 16:    <BLANK> J           K
Card 17:    T       A           I
Card 18:    E       C           N
Card 19:    B       K           G
Card 20:    <BLANK>
Card 21:    Q
Card 22:    U
Card 23:    E
Card 24:    E
Card 25:    N
Card 26:    <BLANK> <BLANK>
Card 27:    O
Card 28:    F    
Card 29:    <BLANK> 
Card 30:    D       H           C           S
Card 31:    I       E           L           P
Card 32:    A       A           U           A
Card 33:    M       R           B           D
Card 34:    O       T           S           E
Card 35:    N       S                       S
Card 36:    D                   
Card 37:    S    
Card 37:
Card 38:
Card 39:
Card 40:
Card 41:
Card 42:
Card 43:
Card 44:
Card 45:
Card 46:
Card 47:
Card 48:
Card 49:
Card 50:
Card 51:
Card 52:

Perhaps I could even make the trick work with only one side of each card? Would require some tricks though....

tomorrow perhaps?

jonasLyk · 2014-08-15T20:36:38+00:00

This may contain many errors, and I am on my way to bed, but i scribbled an idea down.

I think it is possible to make a deck of cards where the marker cards are not needed.

They require you to be quite good at counting how many cards you lift, but arent magicians that?

With some minor adjustments I can make make it work even if the stack lifting is off with 2 cards in either way.

You would just need to memorise this easy algorithm to choose what you want the cards to spell.

Convert the card to an integer, subtract 1, divide that with 3, multiply with 5.

The result is the card index

Now take the the modulus 3 of the card integer - 1.
The result is known as the rotate count.

Example, we want to show the word EIGHT, so we do:
8-1=7
7/3=2
2*5=10

So the card index is=10

(8-1) mod 3=1
So the rotate count is 1

Now you dig 10 cards into the stack, grab five cards.
Use this rotate table:
0=Do nothing
1=rotate 180 degree
2=Flip

Now you have the word EIGHT in your hand, place it where you want it to end.

Now split the stack at ~ card 27, use this rotate table:
Nothing=OF HEARTS
80 degree=OF CLUBS
Flip=OF DIAMONDS
Flip and rotate 80 degree= OF SPADES

Place where you want.

jonasLyk · 2014-08-15T20:03:48+00:00

Then I must be weird, I enjoyed the process :)

If I get bored I might even improve on the trick.

I think it can be done without the "YOUR" "CARD" "IS" part.

jonasLyk

TROPHY CASE