Tuesday, October 28, 2008

Find The Gap.

Well, this picture is quite embarrassing :



You might think everybody knows what the iPhone is and how to put it in the right way, but nope, you're wrong.
At least it's funny to see that.

Monday, October 27, 2008

SU.bash a funny "rootkit".

Hi Folks, today surfing on the web I've found this really funny "su-rootkit".
It's a kind of rootkit, in fact it doesn't replace the real su binary but it's a simple bash script which might be used in home directory.





Thanks to super .

Friday, October 24, 2008

Out-of-band patch from Microsoft

From Microsoft Security Bulletin MS08-067 :


Microsoft has released an emergency security update for a broad swath of its users that patches a critical security hole that is already being exploited in the wild.

The vulnerability - which has been subjected to “limited, targeted attacks” - could allow miscreants to create wormable exploits that remotely execute malicious code on vulnerable machines, Microsoft said. No interaction is required from the end user. It was the first patch released outside Microsoft’s regular update cycle in 18 months.

“This is a remote code execution vulnerability,” Microsoft’s out-of-band advisory warned. “An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely.”


As you may read from the following picture lots ( ... ) of Windows distributions are affected:



Little bit more in detail:

On Vista and Windows Server 2008, the combination of Address Space Layout Randomization (ASLR) and Data Execution Protection (DEP ) will make the exploitation of this vulnerability more difficult. ASLR will randomize the base address of modules, heaps, stacks, PEB, TEBs, etc. making difficult the return into known locations. Known DEP bypass techniques will not be applicable on these platforms because of the presence of ASLR.

Regarding /GS protection, the stack frame of the function that contained the overflowed buffer was protected with a stack frame boundary cookie. However, due to the nature of this particular vulnerability, the exploit code is able to take advantage of another stack frame that was not meant to be protected by the /GS security cookie. The /GS security cookie is only emitted for functions meeting certain criteria.

F-Secure has already caught the malwares which use this kind of hole, it classified them as Trojan-Spy:W32/Gimmiv.A, with the following features:



On execution, the malware drops a DLL component ( which is also detected as Trojan-Spy:W32/Gimmiv.A ) as

[System Folder]\wbem\sysmgr.dll

and injects it to svchost.exe. The main executable file will then delete itself.

As part of its routine for connecting to a remote server, the trojan will take into account both the operating system version and the presence of any security applications in the system. The trojan checks for the following antivirus programs:

BitDefender
avp.exe
Jiangmin
KasperskyLab
Kingsoft
Symantec
OneCare Protection
Rising
TrendMicro
dwm.exe

The trojan then connects to:

http://59.106.145.58/[...].php?abc=1?def=2

The two parameters 'abc=' and 'def=' are determined by the antivirus program and the operating system version, respectively. For example, if avp.exe is installed on an infected machine that runs Windows XP, then abc=1 and def=2.

The trojan then harvests the following information from the infected machine:

MSN Credentials
Outlook Express Credentials
Protected Storage Information
Username
ComputerName
Patches Installed
Browser Information
Username (web browsing)
Password
URL

The harvested information is encrypted using Advanced Encryption Standard (AES) and is sent to the remote server.


This time the upgrade is strongly required !

Monday, October 20, 2008

Grabbing The Web

Hi folks, today I was seeking something able to grab pieces of web.
I'm building a kind of spam-message-compositor for one research of mine, and what I found is pretty much interesting.
It's called Web-Harvest, and of course it does much than a simple grab, but for my purpose is more than enough.

Web-Harvest is Open Source Web Data Extraction tool written in Java. It offers a way to collect desired Web pages and extract useful data from them. In order to do that, it leverages well established techniques and technologies for text/xml manipulation such as XSLT, XQuery and Regular Expressions. Web-Harvest mainly focuses on HTML/XML based web sites which still make vast majority of the Web content. On the other hand, it could be easily supplemented by custom Java libraries in order to augment its extraction capabilities.

Process of extracting data from Web pages is also referred as Web Scraping or Web Data Mining. World Wide Web, as the largest database, often contains various data that we would like to consume for our needs. The problem is that this data is in most cases mixed together with formatting code - that way making human-friendly, but not machine-friendly content. Doing manual copy-paste is error prone, tedious and sometimes even impossible. Web software designers usually discuss how to make clean separation between content and style, using various frameworks and design patterns in order to achieve that. Anyway, some kind of merge occurs usually at the server side, so that the bunch of HTML is delivered to the web client.



Every Web site and every Web page is composed using some logic. It is therefore needed to describe reverse process - how to fetch desired data from the mixed content. Every extraction procedure in Web-Harvest is user-defined through XML-based configuration files. Each configuration file describes sequence of processors executing some common task in order to accomplish the final goal. Processors execute in the form of pipeline. Thus, the output of one processor execution is input to another one. This can be best explained using the simple configuration fragment:



When Web-Harvest executes this part of configuration, the following steps occur:

http processor downloads content from the specified URL.
html-to-xml processor cleans up that HTML producing XHTML content.
xpath processor searches specific links in XHTML from previous step giving URL sequence as a result.
Web-Harvest supports a set of useful processors for variable manipulation, conditional branching, looping, functions, file operations, HTML and XML processing, exception handling. See User manual for technical description of provided processors.



Friday, October 17, 2008

Linkedin "space"

Finally after some requests I decided to open a LinkedIN "space" .

I like very much this web tool and I'll be really glad if you wanna add my contact in your network. So, if you're a reader of this blog and if you got a linkedIN account please feel free to add me in your contacts.
Thank you folks !

Wednesday, October 15, 2008

Fruux: Free MobileME

Hi folks, 
today I tried Fruux, a valid alternative of MobileME; very intuitive and fast. It's still a beta-release but it already appears very powerful and trustable. Actually the Fruux community is working on iPhone Application, so far is not available but it's seems forthcoming  !!






Tuesday, October 7, 2008

Safari on iPhone: still vulnerable.

Safari does it again and again. Don't forget that the first iPhone jailbreak has been made thanks to a known Safari bug. And today safari has another security problem. I reported this kind of bug some time ago in this post saying to apple to watch out to the "applications's space". They said to me: "thank you man ! " .... and nothing more ....
Here we go, Safari on iPhone doesn't care about spacing and graphic; these are the results :





No conclusions for that, just pay attention to what you're opening on your smart iPhone.
Read More: here 

Thursday, October 2, 2008

Nice Javascript Function on Firefox

Hi folks, today I've found a new (for me) firefox function : Find().
I've used this function in a "hand made" web site where a button "Find" would find a word inside a big list. My bad, I pressed two times the button and two windows appeared. That's interesting.... So what happen if I call multiple find() functions directly from code ?



Firefox will load multiple find's windows, of course, kind of cool !
So what happen if you try to load thousands of find windows ?
Does firefox die or all your PC will die ?





My Mac did ! :(