NOTEPAD a security vulnerability? why I prefer Hardware daws!

Discussion in 'Recording In Progress' started by magicfingers99, Aug 14, 2019.

  1. magicfingers99

    magicfingers99 Tele-Afflicted

    Posts:
    1,934
    Joined:
    May 7, 2015
    Location:
    atlanta
  2. Guitarteach

    Guitarteach Poster Extraordinaire

    Posts:
    8,030
    Joined:
    Aug 6, 2014
    Location:
    UK
    Got a Tascam DP32... it’s very nice.

    Just a basic multitrack recorder - no drums of other bits and pieces like some of the boss units.

    Forces you to play a tune or a part rather than fiddle. Nice.
     
    magicfingers99 likes this.
  3. SolidSteak

    SolidSteak Friend of Leo's

    Posts:
    2,851
    Joined:
    Apr 27, 2016
    Location:
    USA
    Zoom R24. Record all the tracks to .wav and then mix it down in Reaper or Audacity.

    Also, not to be a pedant or anything, but it looks like the issue was related to the CTF Protocol, and not Notepad specifically. Any application that uses CTF was vulnerable to this privilege escalation attack as far as I can tell from the author's well-written documentation.
     
    cyclopean and backporchmusic like this.
  4. magicfingers99

    magicfingers99 Tele-Afflicted

    Posts:
    1,934
    Joined:
    May 7, 2015
    Location:
    atlanta
    yeah it also looks like any program that writes to the screen or uses text is at risk, and the hole has been open for at least 20 years.

    really makes me trust microsoft's testing and their operating systems in general.
    its why I unplug the network cable when I'm not using the computer or not on the net.

    its why the house is hardwired and I only use wireless for the nook/kindle and only when I have to. (lock it to the mac address)

    people who trust computers, don't really know computers.
    backing up all my data to the "cloud" cracks me up...
     
  5. SolidSteak

    SolidSteak Friend of Leo's

    Posts:
    2,851
    Joined:
    Apr 27, 2016
    Location:
    USA
    Well, apologies for being pedantic again, but compared to the common ways of mitigating a privilege escalation threat, (i.e. patching the system, using an OS with ASLR), completely disabling wifi and disconnecting a network cable after each use seems like a pretty big inconvenience (to some people - obviously not to you, which is cool). I mean if somebody gets access to your home network, a Notepad vulnerability is pretty far down on the threat list I presume.

    A big inconvenience, that is, unless you're this guy:

    [​IMG]

    ***But back on topic, I love using a hardware recorder because latency need not ever be a concern for me.
     
  6. getbent

    getbent Telefied Ad Free Member

    Posts:
    36,202
    Joined:
    Mar 2, 2006
    Location:
    San Benito County, California
    my fostex x-15 is much more secure than my logic setup... unfortunately, no one has tried to steal my music.
     
    popthree, drf64 and magicfingers99 like this.
  7. magicfingers99

    magicfingers99 Tele-Afflicted

    Posts:
    1,934
    Joined:
    May 7, 2015
    Location:
    atlanta
    if unplugging a cat5 cable is a big inconvience, maybe life has gotten a bit too soft?

    you can't expect the world to wrap every sharp corner in a warm soft blanket for you.

    the bad guys want you to be stupid and lazy, and they will do the rest. I know nothing is fool proof, but at least try to make it harder on them.

    really store all your data in the cloud, use only cloud apps? what sort of person thinks this is a splendid idea? the lazy and the ignorant.

    to post a paranoia meme to dissuade anyone from unplugging their cat5 cord strikes me as shall we say propaganda?

    by all means get that chip implant today, be online 24/7, I'll be at the back of the line
    put my name last on the list and mark me as undecided..
     
  8. magicfingers99

    magicfingers99 Tele-Afflicted

    Posts:
    1,934
    Joined:
    May 7, 2015
    Location:
    atlanta
    The Roland vs1680, over 2,000$ in the year 2000, now availble around 100$, slighty used but rarely worn out..

    upload_2019-8-14_14-41-46.jpeg

    no ethernet, no viruses, no hackers.
    no distraction, except for the 200 page manual.....

     
    SolidSteak likes this.
  9. SolidSteak

    SolidSteak Friend of Leo's

    Posts:
    2,851
    Joined:
    Apr 27, 2016
    Location:
    USA
    "Paranoia meme" is propaganda. I see... I guess you are not a fan of Mr. Robot :)

    Really though, I am familiar with the excessive precautions you take from some of your other posts, and I have no problem with how you want to approach your own security. Let me just say that, in case you feel I have offended you, which is not my intention. I am just curious as to what threats you are trying to mitigate by disconnecting a CAT5 cable from your computer? You have to plug it in sometime if you want to use the internet, so how do you protect it then? And what about the router? Do you turn off the router every night, or when you leave the house? If you do I won't judge you, I'm just wondering what the point of that is.
     
  10. SolidSteak

    SolidSteak Friend of Leo's

    Posts:
    2,851
    Joined:
    Apr 27, 2016
    Location:
    USA
    Is that the kind with the ZIP drive? My friend used to have something like that. Worked really well. We weren't very good, but it was a fun time.
     
  11. woodman

    woodman Grand Wazoo @ The Woodshed Gold Supporter

    Age:
    73
    Posts:
    15,397
    Joined:
    Nov 28, 2004
    Location:
    Mint Hill, NC
    I've got an old Roland VS1824 w/ built-in CDR I'll give free to anybody who'll haul it away. This manual's a mere 138 pages!
     
    magicfingers99 and getbent like this.
  12. magicfingers99

    magicfingers99 Tele-Afflicted

    Posts:
    1,934
    Joined:
    May 7, 2015
    Location:
    atlanta
    ide bus internal (can be converted to ssd I'm told) scsi external.
    no zip drive, I think that was the vs-880 series that had a model
    with a zip drive.

    someone should come up with a solid state deviced that emulates a zip in software/firmware to use on the old samplers/synths and workstations that used those...
     
  13. magicfingers99

    magicfingers99 Tele-Afflicted

    Posts:
    1,934
    Joined:
    May 7, 2015
    Location:
    atlanta
    thats a nice machine if you can understand roland's terminology...

    hope someone is nearby and can take you up on that. Its got a roland space echo on the expansion card If I remember correctly, a dandy guitar effect.
     
  14. magicfingers99

    magicfingers99 Tele-Afflicted

    Posts:
    1,934
    Joined:
    May 7, 2015
    Location:
    atlanta
    I don't run apps on my router, I've got it protected to a degree.
    if nothing is plugged into the computer, nothing can phone home. this is basic security 101 at NSA.

    I always run tools to see what is running, if I get suspicous I run software to check what's running at start. I run a tcp/ip utility to see who's connected and on what ports.

    the point is I don't go to sleep with my front door open and unlocked, why would i go to sleep with my computer plugged into the entire world?

    I lost a computer back in 2007 to a dutch hacker, It wasn't backed up as well as i would of liked. I want to make sure that problem never occurs again.

    a perfect example is notepad. a 20 year old zero day hack, missed by the geniuses at microsoft for 20 years.

    now why don't you tell me why you beleive everything they tell you and leave all your stuff open to hack 24/7 because you think you are safe cause you did what they told you to do. also tell me why you think that is a wise way to live?

    do you lock your doors at night?
     
  15. magicfingers99

    magicfingers99 Tele-Afflicted

    Posts:
    1,934
    Joined:
    May 7, 2015
    Location:
    atlanta
    I don't run apps on my router, I've got it protected to a degree.
    if nothing is plugged into the computer, nothing can phone home. this is basic security 101 at NSA.

    I always run tools to see what is running, if I get suspicous I run software to check what's running at start. I run a tcp/ip utility to see who's connected and on what ports.

    the point is I don't go to sleep with my front door open and unlocked, why would i go to sleep with my computer plugged into the entire world?

    I lost a computer back in 2007 to a dutch hacker, It wasn't backed up as well as i would of liked. I want to make sure that problem never occurs again.

    a perfect example is notepad. a 20 year old zero day hack, missed by the geniuses at microsoft for 20 years.

    now why don't you tell me why you beleive everything they tell you and leave all your stuff open to hack 24/7 because you think you are safe cause you did what they told you to do. also tell me why you think that is a wise way to live?

    do you lock your doors at night?
    one man's excessive, is another man's rightful caution. who draws the line and where....??
     
  16. magicfingers99

    magicfingers99 Tele-Afflicted

    Posts:
    1,934
    Joined:
    May 7, 2015
    Location:
    atlanta
    SolidSteak likes this.
  17. fendrguitplayr

    fendrguitplayr Poster Extraordinaire

    Age:
    67
    Posts:
    8,111
    Joined:
    Oct 11, 2006
    Location:
    Greater Boston
    I started with a BR-864 but moved to DAWs when it died.

    BR.JPG
     
    magicfingers99 likes this.
  18. SolidSteak

    SolidSteak Friend of Leo's

    Posts:
    2,851
    Joined:
    Apr 27, 2016
    Location:
    USA
    See, this is the kind of response most IT-related discussions with you seem to result in. According to you, I am obviously a sheep, doing what "they" tell me to, I think I am so wise, and I probably don't lock my doors at night. This is the kind of dialogue that makes users not want to talk to IT professionals.

    1) apps on a router isn't the point I'm trying to make - whether or not the computer is connected to the network, presumably someone can still try to access the router, right? And that is still plugged in I assume. Control the router, control the gateway = control everything on the network. If you're going to go the extra step of disconnecting a computer, might as well disconnect the gateway too I would think.

    2) nothing plugged in = nothing phones home
    I'm sure you know this, but if something is trying to phone home (I assume you mean keylogger, RAT, vicious Windows spyware, etc.), you already have a problem. Since you are going to plug it in at some point, it will just do its thing then. Also, why not just disable the Ethernet adapter in the OS using a command or shortcut? But I guess that's potato/potahto.

    That sucks about the Dutch hacker. Did you find out how that happened? Was it random, or targeted? I would think exploring that incident would lead to better prevention than just disconnecting intermittently. What if the Dutch hacker just waits for you to connect to the internet again?
     
  19. SolidSteak

    SolidSteak Friend of Leo's

    Posts:
    2,851
    Joined:
    Apr 27, 2016
    Location:
    USA
    To keep going on hardware though, I have found this Tascam to be very helpful to take on vacations and overdub ideas, sort of like a sketchpad:
    [​IMG]
     
    magicfingers99 likes this.
  20. magicfingers99

    magicfingers99 Tele-Afflicted

    Posts:
    1,934
    Joined:
    May 7, 2015
    Location:
    atlanta
    you see I'm a former I/t professional, so yes I know most are sheep on both sides of that magic curtain. I've got to clean up after company presidents email got hacked and started sending porn to our customers (actually everyone in his outlook contacts - thanks microsoft) - because he was downloading porn at work...

    I've seen all the 123abc and
    "password" passwords taped to keyboards and monitors by users.

    I cleaned up virus infections that software couldn't find. I know my way around computers. I cut my teeth on ms-dos floppy disc. I downloaded my 1st file - a hardware driver on a 300 baud modem sitting next to an E.E. and we were amazed that it worked. Though it took over an hour for something like 180kbs..to download.

    look up bot nets, they recruit computers, most users don't know they are hacked. if you have to ask the question "what if the dutch hacker just waits for you to connect to the internet again" you really don't understand how a computer gets "owned" - the ip address doesn't matter, its all on the hardware. You unplug the hardrive and destroy it after you get off whatever you can triple verify is unhacked, which is mostly spreadsheets, and such.

    the computer can be reused, after you reinstall a new drive and new software.

    sorry but most people who think they understand computers, just understand a course curriculum they were taught. I watched the standards being built. I predate ms certification as a nascent fart in bill gates mind.

    so do you lock your door at night? do you think you are safe because you follow best practices.?

    I keep most of my computers unplugged from the internet. I predate the internet in common use, which of course most people think is www.wahtevah.com. I don't need the internet to use my computers.

    I intermittently connect to the internet, not intermittently disconnect from the internet. there is a difference.

    in an infectious disease ward, one avoids contact as much as necessary. consider the internet an infectious disease ward and act accordingly. you are taught to use it as much as possible, for everything from banking to storing private information and business records online. why?

    think about it, you are knees deep in the mud and you have only minutes to keep from being swallowed and you are told to relax and enjoy it. why? think about it, before you are swallowed.

    you can still climb out of the mud, but you will be scared and remember it, the next genereation will be born in the mud and will know nothing but mud. if you are intelligent enough to become educated by the system, you can educate yourself outside the system. think about why the system exist and why it is the easy way forward. the path of least resistance offers no way back..
     
IMPORTANT: Treat everyone here with respect, no matter how difficult!
No sex, drug, political, religion or hate discussion permitted here.


  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.