An unpatched bug in Adobe Systems' Flash Player software is being exploited by online criminals, Symantec reported Monday.

The student, who attends the county’s Downingtown West High School, reportedly used a flash drive to siphon off the names, addresses, and Social Security numbers of around 15,000 students and school employees and members of the community. According to the Downingtown Area School District, the student used a classroom computer during study hall time to illegally access the information, and later shared it with another student.

Correct me if I'm wrong as I've never been a big one for plowing through RFCs.

During a discussion with a friend about techniques for getting files onto a Windows system once you get a remote cmd.exe shell, I was listing all the ways that I’ve seen: tftp, ftp, ftp with script, vbscript (similar to wget), and pasting hex into a file to be processed by debug.exe.

It was the last technique that piqued his interest because he hadn’t heard of it -- and neither have most people I’ve asked. The last time I saw it in use was an incident in 2005. The admin of the hacked server had locked down the system pretty tight, preventing access to tftp, ftp, and vbscript.

What did the attacker do? He put his own ftp.exe on the server by converting it first into hex (including specific notation understood by debug.exe), and pasted it into the echo command in his shell, putting the copied text into a file on the server. Next, with “debug < ftp.hex”, his file of text was converted into an executable that he could use to download his toolkit.

Makes me want to take that 560 course even more

Tue May 20, 8:54 PM ET
 


SEATTLE - Microsoft Corp. Chief Executive Officer Steve Ballmer scrambled for cover from an egg-hurling protester during a talk at a Hungarian university Monday.

Unlike his boss, Chairman Bill Gates, who was hit in the face with a cream pie a decade ago, Ballmer managed to dodge the eggs.

Ballmer was delivering a speech entitled "You can change the world" to a group of business and technology students at Budapest's Corvinus University when the incident occurred, according to Microsoft spokesman Lou Gellos.

A young man in glasses stood up, pointed at Ballmer and loudly demanded that Microsoft return money it had stolen from the Hungarian people. Then he calmly threw three eggs at Ballmer.

A video of the outburst in a large classroom was widely distributed over the Internet Tuesday. In the footage, Ballmer crouched on the floor behind a large podium as the third egg smashed against the white board behind him.

The man, wearing a white shirt that read "Microsoft corruption," was escorted out of the room at the behest of the dean of the university.

Gellos said Microsoft does not know who the heckler was. The video shows him leaving peacefully; the crowd even laughs at one point.

Ballmer, who initially looked shaken, appeared to recover quickly. He smiled, shrugged and drew laughter from the audience with a quip: "It was a friendly disruption."

Gellos declined to comment on what, if any, security measures were in place that day.

Ballmer was in Budapest to announce Microsoft's leading role and investment a technology skills training program in Hungary, in partnership with the government and other companies. Later in the day, he also accepted an honorary fellowship from the university, according to Gellos.

Nice.  I'm already registered for this one heh.  Last one was entertaining, it will be interesting to see how he does with this one.