Trojans, PUP's and virus's in GRC NG's Hmmm

Hmm,
Just connected a new client that caused a refresh of the group.
Multiple postings were intercepted as containing trojans and other such.
Even one in  grc.news, which only Steve can port to (as far as I know)

Is this expected.. IE you guys are discussing the mechanics of trojans etc, 
with code examples?

Dave




09/11/2008	19:41:38	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.news\11AB78DB-00000117.nws	Exploit-CodeBase.gen 
(Trojan)
09/11/2008	20:29:46	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.news.feedback\3FCE59E5-00002B92.nws	Exploit-MIME.gen.c 
(Potentially Unwanted Program)
09/11/2008	20:30:26	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.news.feedback\719D60D8-00002BEF.nws	Exploit-MIME.gen.c 
(Potentially Unwanted Program)
09/11/2008	22:40:12	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.news.feedback\28B54385-000075BC.nws	Exploit-MIME.gen.c 
(Potentially Unwanted Program)
09/11/2008	23:23:34	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.news.feedback\03BC7406-00008E82.nwsExploit-CodeBase.gen(Trojan)
09/11/2008	23:23:55	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.news.feedback\74CC5BE0-00008EB2.nwsExploit-CodeBase.gen(Trojan)
09/11/2008	23:24:01	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.news.feedback\0F101545-00008EC2.nwsExploit-CodeBase.gen(Trojan)
09/11/2008	23:24:32	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.news.feedback\197775B8-00008F0B.nwsExploit-CodeBase.gen(Trojan)
09/11/2008	23:24:32	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.news.feedback\69D753C0-00008F0C.nwsExploit-CodeBase.gen(Trojan)
09/11/2008	23:24:49	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.news.feedback\222D348D-00008F32.nwsExploit-CodeBase.gen(Trojan)
09/11/2008	23:41:58	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.news.feedback\4DFF3951-000098F8.nws	Exploit-MIME.gen.c 
(Potentially Unwanted Program)
09/11/2008	23:55:29	Deleted (Clean failed) 	HOSTNAME\USERNAME	C:\Program 
Files\Windows Live\Mail\wlmail.exeC:\Sandbox\USERNAME\LiveMailnOE\user\current\LocalSettings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.news.feedback\78C627FF-0000A117.nwsExploit-XPHelpDelete(Trojan)
10/11/2008	04:23:09	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.spyware\26D154D5-00001C83.nws	JS/Exploit-ActXComp 
(Trojan)
10/11/2008	04:33:14	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.spyware\030B6FF0-000021F7.nws	Exploit-CodeBase.gen 
(Trojan)
10/11/2008	04:46:55	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.spyware\13A925C5-00002962.nws	VBS/Dismissed.gen 
(Virus)
10/11/2008	05:10:46	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.spyware\2D5B7DD1-0000363E.nws	Exploit-MIME.gen.c 
(Potentially Unwanted Program)
10/11/2008	05:23:58	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.spyware\028C7FEE-00003D7C.nws	Exploit-MIME.gen (Virus)
10/11/2008	06:57:46	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.techtalk.localproxies\66DD00B6-00000B7E.nwsExploit-CodeBase.gen(Trojan)
10/11/2008	07:05:57	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.techtalk.localproxies\71C92AC2-0000101A.nwsExploit-URLSpoof.gen(Trojan)
10/11/2008	07:05:58	Deleted 	HOSTNAME\USERNAME	C:\Program Files\Windows 
Live\Mail\wlmail.exe	C:\Sandbox\USERNAME\LiveMailnOE\user\current\Local 
Settings\Application Data\Microsoft\Windows Live 
Mail\news.grc.com\grc.techtalk.localproxies\35BE4AC3-0000101C.nwsExploit-URLSpoof.gen(Trojan)
 

0
David
11/10/2008 9:24:09 AM
grc.security 16608 articles. 1 followers. Follow

8 Replies
650 Views

Similar Articles

[PageSpeed] 13

David Barnes wrote:
> Hmm,
> Just connected a new client that caused a refresh of the group.
> Multiple postings were intercepted as containing trojans and other such.
> Even one in  grc.news, which only Steve can port to (as far as I know)
> 
> Is this expected.. IE you guys are discussing the mechanics of trojans 
> etc, with code examples?

No, this is unexpected. Active code isn't something that should ever be posted 
here, or even linked to directly. The general policy is no "click and you're 
screwed" content or links. Nevermind the fact that there is a 20k posting limit.

What software is detecting these items? What size are the files? If they are 
much over 20k, they didn't come (unmodified) from these groups. What newsgroup 
postings, specifically? I've just gone through most of grc.news, for instance, 
and find nothing with so much as an attachment.

It is either a case of really bad false positives, or there really is something 
infecting those files. It may not be resident on your computer, but that would 
mean modification of NNTP data which would be about as worrisome.

Regards,
Sam
0
Sam
11/10/2008 10:25:27 AM
Hi Sam (and everyone else)..

"Sam Schinke" <sschinke@gmail.com> wrote in message 
news:gf9270$1chk$1@news.grc.com...
>
> What software is detecting these items? What size are the files? If they 
> are much over 20k, they didn't come (unmodified) from these groups. What 
> newsgroup postings, specifically?

McAfee VirusScan Enterprise 8.5.0i with pretty much everything turned ON!! 
(I'm paranoid)

Yes they are under 20k..

As with most AV products, mine makes a hash of the detection process and 
does not do the detection INSIDE the newsreader
but at the memory and file-system level. (it makes a good job of working 
inside Outlook proper.. but Outlook can't be used as a NG reader)
So.. locating ACTUALLY which posting is throwing the warnings is a 
challenge..
I've found one in grc.news

Path: news.grc.com!.
From: Steve Gibson <support@grc.com>
Newsgroups: grc.news,grc.news.feedback
Subject: Re: Terrifying (Win2K / XP / maybe ME)
Followup-To: grc.news.feedback
Date: Thu, 28 Feb 2002 18:54:00 GMT
Lines: 62
Message-ID: <MPG.16e81ca636848f0298a3a6@207.71.92.194>
References: <MPG.16e81c05dd22ddd498a3a5@207.71.92.194>
Poster: [rrkhtb6owqzuo] (28 Feb 2002 18:55:55 GMT) 
{L2zfQfEEpXRuluq+u2dJRjZ6Xd8}
X-No-Archive: yes
Archive: no
User-Agent: MicroPlanet Gravity v2.30
X-Original-Reader: 84.12.49.251
X-Url: http://www.GRC.com/groups/news:279
Xref: news.grc.com grc.news:279 grc.news.feedback:36482

This has the following at the start of the posting:
-------------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE>IE6 security...</TITLE>
-------------------
So will pretty much load as HTML if I was using outlook express as my 
newsreader (I think)

It then goes on to craft some hidden scripts within the page:
----------------------------------------------------
var programName=new Array(
	'c:/windows/system32/cmd.exe',
	'c:/winnt/system32/cmd.exe',
	'c:/cmd.exe'
);
------------------------------------------------------
And then tries to throw the command prompt up..

This is a sample/proof of concept.
But is correctly detected as Exploit-CodeBase.gen (Trojan).
Which it is (in principle).. All-be-it a neutered (safe) version.
I'm happy with the detection of this (not a false positive) as the html and 
script
appear to be fully functional

> I've just gone through most of grc.news, for instance, and find nothing 
> with so much as an attachment.

It's not an attachment, but in-line html code.
A trojan/virus etc does not need to be attached, but can live in script or
other supposed dormant, passive or safe areas of any information retrieved
from the internet.

>
> It is either a case of really bad false positives, or there really is 
> something infecting those files.

[on the example I located] 'Infecting' would not (possibly) be the correct 
term.
The posting contains the code for a live trojan !


> It may not be resident on your computer, but that would mean modification 
> of NNTP data which would be about as worrisome.

Are you as paranoid as me?.. I had to check out one just to be certain 
myself.


I'll see if I can locate any others
Dave 

0
David
11/10/2008 12:26:10 PM
On Mon, 10 Nov 2008 12:26:10 -0000, David Barnes wrote:

> http://www.GRC.com/groups/news:279

Looking at that via the 12078 gateway, I see that it was a followup to
an earlier SG post, so anyone reading it would have known what to
expect.

As it says 

QUOTE

This page doesn't do anything malicious, but is a demonstration
of how to execute a program on a remote machine using the
marvelously secure Internet Explorer web browser!!

</p>

<p>

Up until at least 18/02/02, this script would open a command window
when viewed in IE5/6 under WindowsXP and Win2k (possibly also WinME).
There are currently no patches available using "Windows Update" which
will prevent this.

UNQUOTE

From time to time, contributors have posted demonstrations and test
items relating to newly discovered exploits. And very useful they can be
too. This one, back in 2002, is no cause for concern in 2008, I think.

I gave up on McAfee long ago, as I was worn out by its (IMO) excessive
warnings and detections. KAV has no concerns about that particular item.
For normal newsreading, I would never, ever use any HTML capable
application, notwithstanding that HTML is not accepted here.

-- 
Original Poster

For so to interpose a little ease,
Let our frail thoughts dally with false surmise
0
Original
11/10/2008 1:32:33 PM
Original Poster wrote:
> I gave up on McAfee long ago, as I was worn out by its (IMO) excessive
> warnings and detections. KAV has no concerns about that particular item.
> For normal newsreading, I would never, ever use any HTML capable
> application, notwithstanding that HTML is not accepted here.

Also, there is no mime type or multipart body on that message. A newsreader is 
violating several RFCs if it renders the post as HTML.

It is, however, a sample of exploit code. I had forgotten about that post. 
Something similar wouldn't be acceptable today, I don't think. It is a different 
internet, thats for sure.

Regards,
Sam
0
Sam
11/10/2008 6:36:05 PM
"Sam Schinke" <sschinke@gmail.com> wrote in message 
news:gf9uus$26q5$1@news.grc.com...
> Original Poster wrote:
>> I gave up on McAfee long ago, as I was worn out by its (IMO) excessive
>> warnings and detections. KAV has no concerns about that particular item.
>> For normal newsreading, I would never, ever use any HTML capable
>> application, notwithstanding that HTML is not accepted here.
>
> Also, there is no mime type or multipart body on that message. A 
> newsreader is violating several RFCs if it renders the post as HTML.
>
> It is, however, a sample of exploit code. I had forgotten about that post. 
> Something similar wouldn't be acceptable today, I don't think. It is a 
> different internet, thats for sure.

I do remember more than one time when someone would mistakenly post direct 
links to malware POC.  It's hard to prevent this type of thing from 
happening with an unmoderated news server.

And in the early days, we had some posters who deliberately tried to link to 
real malware to catch the unaware.

-- 
Robert


0
Robert
11/10/2008 7:22:44 PM
I've been through a few more of the detections and YES they are non 
malicious.
One was a log file of someone's code red network activity.
The act of downloading that particular binary pattern threw up the alarm in 
that case.
Others were script samples and POC scriptlets.

This poses me a few questions.

Am I alone, being the one who see's this?

Personally I like the odd 'false positive' or in this case 'excessive zeal' 
from my AV.
It's doing it's job.
What AV's do others use?
What level of confidence do you have in these products?
How does that fare, when you consider that your AV has allowed know 
malicious code components to be written to the HDD.?
If this was a different NG or just some dodgey web site then the payloads 
would not have been passive.. What then?

I'm not looking to start a flame war on what AV product is better than the 
other, I still think they ALL could do better.
google - site:secunia.com  blog symantec beats the competition

But what are peoples opinions on this?
How can we protect our systems better?
Maybe we should have a group or site with some basic POC tests so that one 
can test against the various exploits. What do others think?
 - It would need to generate/use some sort of randomisation to obfuscate 
payload matching.

What we want to achieve (from the AV product) is protection from the 
malicious action not just one variant of the break-in. What do you all 
think?
At that point one can raise it up with the AV vendor to fix the product. 
(well we could try!)

As the vector and nature of malicious software is changing towards multiple 
unique variants of the same exploit, I feel it's time the security industry 
woke up and started protecting us from the vulnerabilities and NOT just the 
exploit variations they have come across.

As a thought.. Has anyone posted the text string of Eicar as a test.?
Everyone's AV 'should' detect it and squark.
 - Opinions?
 I would not post without long discussion on the merits etc. Maybe a 
separate AVtest group?

AV detection methodologies and practices are of keen interest and could 
deserve some healthy discussions.
One area of hot debate could be the why's and where-for's of the merits of 
'In-line driver detection' vs. 'post-write notification' detection.
In-line drivers:
 Slow the system as they insert themselves into the file-system-IO path
 More aggressive detection ability
 Can prevent write-and-delete viral actions
 Can introduce system instability if the driver has problems.
Post-write notification:
 Has got better since MS provided hooks in the OS for this.
 Better performance
 If system performance is impacted for any or other reasons, can totally 
miss a file, or just get to it too late.


Dave
 

0
David
11/10/2008 8:38:20 PM
"David Barnes" <david at bitsolve dot c o m a@b.c> wrote in message 
news:gfa640$2eg7$1@news.grc.com...
> I've been through a few more of the detections and YES they are non 
> malicious.
> One was a log file of someone's code red network activity.
> The act of downloading that particular binary pattern threw up the alarm 
> in that case.
> Others were script samples and POC scriptlets.
>
> This poses me a few questions.
>
> Am I alone, being the one who see's this?

No, others have reported the same thing.  But not everyone downloads every 
article from the newsgroups when they first come here.  If they are using 
OE6 with some default settings, they might not get any of those old 
articles, so they wouldn't see any problem with news.grc.com.

Since news.grc.com is self-moderated, we just try to jump in and answer 
questions like this whenever we can.  The number of active participants has 
gone down in time and there are not too many new posters.  I can't speak to 
how many lurkers we have.

Have you had a chance to read through discussions.htm?

There is also a weekly update posted to grc.test.

GRC NEWSGROUPS/GUIDELINES/NO REGRETS (v08-136)

NOTICE:

In order to better control spam posts, Steve requires that all
posters to news.grc.com use a "CECIL-ID" logon and passphrase.
If you only wish to read posts ("lurk"), and not reply or send
your own posts, then no action is needed on your part.

Instructions for creating your own unique CECIL-ID can be found at:

  http://www.grc.com/configOE.htm

If you are not using OE as your newsreader and would like more
specific instructions for other newsreaders, use these links:

  http://www.imilly.com/noregrets.htm#cancel

  http://12078.net/grc/cecil.htm

GRC NEWS ACCESS PORTS.

Steve has added ports 110, 563, and 11911 as alternate
connection ports for the news server. These ports can be
used if your Internet access point blocks news server
access via the default port 119.

http://www.GRC.com/groups/news:840

http://www.grc.com/discussions.htm

GRC Newsgroups/Guidelines/No Regrets (updated)

  http://www.imilly.com/noregrets.htm

This page is Milly's unofficial update of Steve's original GRC
first and second generation "No Regrets" page, with updated extracts of
the Discussions and Quick Reference pages. It is intended only as a service
to GRC newsgroup users until Steve has the time to update the grc.com pages.

Contents:

GRC Groups - list and description of all the groups.
  http://www.imilly.com/noregrets.htm#groups

Posting Guidelines - and  reasons for rejections by the GRC server.
  http://www.imilly.com/noregrets.htm#guide

No Regrets - secure post self-cancellation system.
  http://www.imilly.com/noregrets.htm#cancel

Your IP address - and why is it in the "X-Original-Reader:" header.
  http://www.imilly.com/noregrets.htm#ip

Though Steve's newsgroup discussion and FAQ pages may be a bit out
of date, they do contain much useful and relevant information.
Please review them for an overview of Steve's philosophy for the
GRC newsgroups...

  http://www.grc.com/discussions.htm

Also read the Disclaimer and FAQ at...

  http://www.grc.com/forumdisclaimer.htm

  http://www.grc.com/faq-shieldsup.htm

And for newsreader setup information...

  http://www.grc.com/configOE.htm (Outlook Express)

  http://www.grc.com/configNC.htm (Netscape/Mozilla)

(Ignore references to the now non-existent "ten-forward" group)

And for all the rest of Steve's "stuff"...

  http://www.grc.com/default.htm


Posting Notes:

Keep your posting email address away from spammers!
Here's how: http://www.2kevin.net/munging.html

"Is www.grc.com, or news.grc.com, down? Or is it just my connection..."
Check out MicroChip's "GRC News Server Status Monitor" page, and
Tom Voss' neat status utility and monitor, "KnockKnock"...

  http://www.mctech.org/netwatch/grcstatus

  http://grc.vosslighting.com

Or this little instant check:

   http://12078.net/grc/status.php


-- 
Robert



0
Robert
11/11/2008 4:10:28 PM
On Mon, 10 Nov 2008 20:38:20 -0000, David Barnes wrote:

> I've been through a few more of the detections and YES they are non 
> malicious.
> One was a log file of someone's code red network activity.
> The act of downloading that particular binary pattern threw up the alarm in 
> that case.
> Others were script samples and POC scriptlets.
> 
> This poses me a few questions.
> 
> Am I alone, being the one who see's this?

I think you may be in the minority in scanning emails and newsgroup
posts as they download. 

I use Thunderbird for email, and email scanning is disabled, no HTML
allowed, and no preview pane. I only open emails I recognise and expect,
and trash the rest. I have my AV set to scan on access and modification.
I don't care what gets downloaded, as long as it is not allowed to run.

I use Dialog for newsreading, and again don't scan posts as they come
in. 
 
> Personally I like the odd 'false positive' or in this case 'excessive zeal' 
> from my AV.
> It's doing it's job.

Yes, but McAfee is a bit of over eager to find things, then it deletes
them before you can properly examine them.
 
> What AV's do others use?

Kaspersky on this box, NOD32 on others. And SUPERAntispyware, and
SpywareBlaster.

> What level of confidence do you have in these products?

About 0.02% I would say. It's my wits that keep me safe.

> How does that fare, when you consider that your AV has allowed know 
> malicious code components to be written to the HDD.?

As long they don't get run, I don't care too much.

> If this was a different NG or just some dodgey web site then the payloads 
> would not have been passive.. What then?

Then I wouldn't have been there. Or, if I was there, it would be with
Firefox, with NoScript, AdBlock Plus, Cookie Safe, SafeHistory, and all
tifs cleaned after the visit.
 
> I'm not looking to start a flame war on what AV product is better than the 
> other, I still think they ALL could do better.
> google - site:secunia.com  blog symantec beats the competition

Personally, I do not want to see better AV. Adequate AV will do nicely,
and I want my definitions up to date, and to be able to decide the fate
of any alleged malware detected - I have had too many useful tools
deleted by McAfee, and I am really bored with that nonsense. Good and
powerful tools will (should ?) often trigger AV detections. 

Sensible decisions, reasonable caution, and regular backups are still
the best strategy, IMO.

(SNIP)
 
> As a thought.. Has anyone posted the text string of Eicar as a test.?
> Everyone's AV 'should' detect it and squark.
>  - Opinions?
>  I would not post without long discussion on the merits etc. Maybe a 
> separate AVtest group?

It is easily available from 

http://www.eicar.org/anti_virus_test_file.htm

if anyone needs it. I keep a collection of PoCs, but they are mostly
(all?) of historic interest, the vulnerabilities having been patched.

If you can find time to speed-read the entire grc archive, you will see
that a lot of the issues that concern you were discussed here, at
length, when the various vulnerabilities first appeared. In the short
time I have been here, we have had fun with Sasser Worm, the great JPEG
panic, another similar episode with WMFs, and all sorts of stuff like
that.

But don't tell the folks over in grc.techtalk.linux - they get to miss
all the fun.

-- 
Original Poster

For so to interpose a little ease,
Let our frail thoughts dally with false surmise
0
Original
11/11/2008 5:33:30 PM
Reply:

Similar Artilces:

Replace 1's and 0's in a gridview column with Yes's and No's
Is it possible to change the display of a column in a gridview to show a Yes for all 1's and a No for 0's that display in a particular column of a gridview bound to a database?  If so, can someone share the way with me?  I am using ASP.NET 2.0 with VB Code Behind.  Thanks One way you can do is thrrough  CASE in your select statement: Select YesNoColumn= CASE yourColumn WHEN 1 THEN 'Yes' WHEN 0 THEN 'No' ELSE '' END FROM YourtableLimno <Columns>     <asp:TemplateField HeaderText="yourHeader" SortExpression="yourDataField"> ...

It's Linux !? No, it's BSD ! No, no, it's...
kFreeBSD http://wiki.debian.org/Debian_GNU/kFreeBSD a Debian distro using the FreeBSD kernel ! ObiWan wrote: > kFreeBSD > > http://wiki.debian.org/Debian_GNU/kFreeBSD > > a Debian distro using the FreeBSD kernel ! Why use a BSD kernel? I hope the reason is more than, just because they can. http://wiki.debian.org/Debian_GNU/kFreeBSD_why It's easy to understand why the would want to use Debian packages. :) -- Jimmy Johnson Registered Linux User #380263 >> kFreeBSD >> >> http://wiki.debian.org/Debian_GNU/kFreeBSD >> ...

Help! I cannot access the DataGrid's ItemTemplate's LinkButton's Text Atrribute 's Value!!!!!!!!!!!
I write a datagrid's ItemDataBound method as follows:   private void dgTable_ItemDataBound(object sender, System.Web.UI.WebControls.DataGridItemEventArgs e)  {   if(e.Item.ItemType == ListItemType.Item || e.Item.ItemType == ListItemType.AlternatingItem)   {    if(!isRole("Manager"))    {     LinkButton tmp = (LinkButton)e.Item.FindControl("lbPassed");     if(tmp.Text == "Passed")     {      ((LinkBu...

Hyperlink's, ImageURL's, and OnError's
I created an ASP:Hyperlink and set the ImageURL attribute so the link will be the image.If the image is missing, I would like it to display a 'missing image' pic that I have.  I know you can use the OnError attribute of the <img> tag to run some javascript to change it.Unfortunately I can't find a way to access the Hyperlink's Image that is inside it, so I can add an Attribute so the resulting <img> tag will have an OnError attribute inside of it.Any help?If my Hyperlink is called 'foo'....would I do...  ((Image) foo.Controls[0]).Attributes.Add(&...

Who's show is SN? Steve's or Leo's?
I don't want to start anything (honestly)! Just want to ask a simple question. Does the Security Now podcast belong to Steve Gibson or Leo Laporte? Maybe I'm in a world all to myself, but when I listen to the excellent SN podcasts, I want to hear STEVE, not Leo. But especially in the past few shows, it seems Leo will repeatedly interrupt Steve in the middle of a sentence that I want to hear the rest of. I consider this very rude of Leo. Steve is making a point that I (we) want to hear, then looses his train of thought after Leo barges in and asks something. It...

Guru's..?? Any do's and/or dont's for Zfd4 and Citrix..?
We've got a nw6/sp5 network with GW 6.5, bm3.7 and zfd 4.01 up'n'running.. Now we're adding a citrix server ( win2003) to the mix, will supply a couple off app's to users over the internal VPN in another city. Probably we'll skip the AD phase since we can not see any app and/or user with the need for AD. So,, any special considorations..? tip's'tricks..? known issues...? t.i.a... On Mon, 16 Aug 2004 15:57:10 GMT, Emerson wrote: > So,, any special considorations..? tip's'tricks..? known issues...? biggest one... zfd4.x d...

DataSet's DataTable's and TableAdapter's Oh My!
Here is my situation.  I am using VB as my programming language.I am creating a part of a website that will be the admin section.  I want the admin to be able to add/edit data in a set of tables that normal users can't.  There are 20 lookup tables that I use in the website that I want the admin to be able to manage (i.e. add, edit, delete, insert).  I don't want to create 20 separate web pages (one for each table).  I have one page that has links to all the tables.  Each link has a "table" querystring variable associated with it.  When the...

411 it's pconsole, 51 it's NWPMW32, 65 it's ???
I like to give some of my users controll over their print jobs. In Netware 3.x to 4.x it was pconsole. In Netware 5.x it was NWPMW32. I don't seem to be able to find the same type of utility for Netware 6.5? We don't like to give user access to nwadmin and the NWPMW32 I copied from my 51 server (TID 10075273) to the 65 server won't display the jobs. Mmccabe, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try o...

When viewing a ng I'm having problems with choosing what to view. It's like this. When scrolling through the posts my reader wants to view every thread. Let's say I read a particular post. It's highli
When viewing a ng I'm having problems with choosing what to view. It's like this. When scrolling through the posts my reader wants to view every thread. Let's say I read a particular post. It's highlighted because I chose to read it. Then after I am done and scroll down, instead of the highlight moving, it stays centered and wants to read/open every post that I'm scrolling through even though I haven't clicked on it and I don't want to read it. This also affects choosing which ng to read. Things want to scroll when I am not wanting them too. When I ...

Repost: FF won't show gif's nor jpg's Red X's
XP sp2 FF 2.0.0.4 extentions: Adblock Plus Copy plain text Fasterfox Firebug FireFTP McAfee SiteAdvisor NoScript Talkback Video Downloader Pic's show red x's. These pics show just fine in Internet Explorer and Netscape. Anyone have any ideas????? Fasterfox, I guess. See what happens if you disable it (or just disable its pipelining feature). -- �Q� =============== Thank you Q. I disabled all of them, one at a time (restarting each time) and the problem still exists :-( digimomma On 7/12/2007 5:26 PM digimom inquired: > Thank y...

The value's length for key 'data source' exceeds it's limit of '128'.
Hii, When I tried to bind dropdownlist to database by declaring connection string in the code behind file I am getting this error: The value's length for key 'data source' exceeds it's limit of '128'. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.ArgumentException: The value's length for key 'data source' exceeds it's limit of '128'.Source Error: An...

It's not about 1st amendment, it's about condoning Mozilla's despicable behavior.
Today I got a nice email from someone inside Mozilla, in response to my ang= ry post elsewhere, explaining Mozilla's actions. He ended his email with: "Open dialogue is an important part of Mozilla's commitment to open, honest= and community-driven communication, and we remain committed to a free, ope= n web." In the spirit of open dialogue, let me share here my response to him. Ze'ev --------- Dear ..., I appreciate your position yet I remain convinced that Mozilla's behavior w= as despicable. Mozilla caved in to public pressure about one of i...

Sybase Ver wise SysTab's, Proc's and add-on info's !!!
Hi DBA Team, Any one is having table formatted information or an excel sheet which will have a clear picture about Sybase Version wide details on System Tables, Procedures and add-on=92s features right from Sybase 4.x to up to date. This will be serving more clarification on Sybase DBA=92s World to know about Sybase version wide comparative changes, features and upcoming details. Experienced DBA=92s are already known this information on their minds. Kindly spare your time to share the same across the WORLD. Thanks In Advance Regards, Viswanathan.V Sybase DBA Practice ...

NtCanuck's `TreeWalk' and AnalogX's `FastCache' Dns Servers
Hello Global Friends, I have been using AnalogX's "FastCache" software as my Local Dns Server for all these years. For the last three years I did not see a new version of FastCache software. Recently I came to know of (Developers NT Canuck & ObiWan) "Tree Walk" Dns Server and started using it in the place of FastCache. Tree Walk works perfectly but some offline web pages could not load in IE6. http://www.nseindia.com/marketinfo/charting/HistStockChart.jsp?plot1=TRD_QTY&plot2=PRICE&symbol=colgate&indexname=S%26P+CNX+NIFTY&stdate=01&stm...

Opera's widgets vs IE's ActiveX vs FF's extentions.
I've asked the difference on Opera's forum http://my.opera.com/community/forums/topic.dml?id=3D152376 The widgets designer answers some my paranoid quiestions. Tony. In grc.security Anthony OZ wrote: > I've asked the difference on Opera's forum > http://my.opera.com/community/forums/topic.dml?id=152376 > > The widgets designer answers some my paranoid quiestions. Ahh... Thanks for posting. While it all sounds reassuring, I am not yet "supremely confident" here. I knew OS would follow it's security minded approach, but as with ...

Web resources about - Trojans, PUP's and virus's in GRC NG's Hmmm - grc.security

Resources last updated: 1/17/2016 12:18:54 PM