So the Windows XP leak is pretty interesting. I grabbed a copy for the lulz here.
Will there be backdoors? Most likely not. It is in fact entirely possible that this leak has been tampered with by MS/govt. to reduce risk of something like that being exposed.
Moreover, it’s also possible that the backdoor, if it exists, will be obfuscated behind multiple exploit chains—most definitely not something you can find by merely skimming the source.
The Windows XP and Windows Server 2003 source code leaks online...
A test engineer walks into a bar, orders a mag of beer.
A test engineer walks into a bar, orders 50 mags of beer.
A test engineer walks into a bar, orders 0.746 mag of beer.
A test engineer walks into a bar, orders 10000 mags of beer.
A test engineer walks into a bar, orders a mag of pee.
A test engineer walks into a bar, orders a tank of water.
A test engineer walks into a bar, orders ahsbwhdheuc mag of beer.
A test engineer walks into a bar, orders /$&@"(&(: mag of beer.
A test engineer walks into a bar from drain, and leave by jumping out of the window.
A test engineer walks into a bar, orde
A thousand test engineers rush into a bar, and rush out.
A test engineer walks into a bar, orders 2"; DROP TABLE bar; mag of beer.
A test engine walks into the bar, punches tender's face.
A test engineer leaves the bar with satisfied face.
END OF STORY:
A client walks into the bar, orders a plate of pasta, the bar explodes.
Putting the EICAR Anti Malware Test File (https://www.eicar.org/?page_id=3950) in a QR code and putting it up everywhere is a hilarious idea.
As seen on Mastodon!
@TheGibson literally impervious to remote attackers
@TheGibson now if I'm reading it right, you can only *use it* on a domain controller, right?
as in, ordinary windows 10 machines and windows server not acting as a DC are fine?
Hey everyone, let's all laugh at and make fun of Voatz, a company that miserably failed a third party audit, skips basic protections and monitoring that even an itty bitty shitty MSP has, uses **wildcard certs lmao**, stores creds in MongoDB (after being told they can't store it in git), and STILL wants you to think they've made internet voting secure
If you punish someone instead of offering education, you are failing to affect meaningful change.
You must recognize good faith, and engage to change perspectives if you want the world to be better.
Too few are willing to do this in this age.
At hackers.town, we have long embraced the idea of helping the N00b.
We have also long acknowledged that we are all N00bs at something.
Know when to help a N00b, especially if you have a strong base of knowledge around a topic.
Don't assume their lack of knowledge is an attack on your expertise.
Find the educational moments and exploit them.
Save the world.
Hacker, comedian, RED Scout fan, gold Ekko one-trick. Watching them sorting debris.
A Mastodon instance for info/cyber security-minded people.