Over at SkullSecurity they’ve done a great job of a step-by-step disassembly of the Energizer Trojan using IDA. Using a sterile/insight environment, they go through the code to give you an insight into the workings of “obfuscation” (or lack thereof), backdoor management (on port 7777) and more.
Good beginner’s intro with pretty pictures 
After a long, hard struggle of 11 years, which started with these two entries:
| 23-Dec-1998: | Released OpenSSL 0.9.1c |
| 23-Dec-1998: | Official start of the OpenSSL project |
we are now at the point of “a major release” with v1.0.0 being made available. Fighting tooth and nail not to be a 1.0.0, we’ve seen iterations such as 0.9.8d to 0.9.8n (taking a page out of Google’s book of running pre-release?), though, to be fair, they started at 0.9.1c.
Go on, then — go and get it!
No access to afrigator.com, afrigator.biz and blog.afrigator.com – whole system, it seems… and no news on their twitter feed…
Just early for Earth Hour at 20.30pm today?
It’s resolving, but not responding…
PING afrigator.com (69.162.110.42) from coolserver : 56(84) bytes of data. 64 bytes from 42-110-162-69.static.reverse.lstn.net (69.162.110.42): icmp_seq=1 ttl=48 time=276 ms 64 bytes from 42-110-162-69.static.reverse.lstn.net (69.162.110.42): icmp_seq=2 ttl=47 time=264 ms
On a different note, amazing images of Cape Town and surrounds by Andre van Rooyen at The Fairest Cape
I’ve been through the domain name registrations in China, in addition to the full documentation to be submitted to the Chinese authorities in order to not have the .cn account suspended.
However, now things have become interesting – registering domain names through non-Chinese registration authorities has been suspended since mid December:
We've disabled the registration of new domains for the moment. CNNIC changed their rules regarding registration of new domains. Now, they allow registration just for Chinese companies. Until they clear up their policies, we've disabled the new domains registration.
That’s what most registrars are coming back with at the moment. However, GoDaddy has suddenly decided that now – 24 March 2010 – they won’t register domains for Civil rights reasons, amongst others. (more…)
Just to have them all in one place, and for posterity’s sake, I’ve pulled together some points on how to optimise your MySQL programming.
First off, the result of Session 1 of MySQL Camp 1:
- Use EXPLAIN to profile the query execution plan
- Use Slow Query Log (always have it on!)
- Don’t use DISTINCT when you have or could use GROUP BY
- Insert performance
- Batch INSERT and REPLACE
- Use LOAD DATA instead of INSERT
- LIMIT m,n may not be as fast as it sounds
- Don’t use ORDER BY RAND() if you have > ~2K records (more…)
Well, as I said in the previous posting on this matter, Google decided to ‘close’ operations in China – to relocate to Hong Kong as www.google.com.hk.
In addition, there is no self-censorship in place anymore – anything goes, according to reports.
The Chinese Government is ‘disgusted’ at these developments and reiterated that foreign firms need to stick to Chinese law in China – which includes the censorship which has been used as the football in this situation (seeing that the actual reason for the bruhaha is Operation Aurora).
Google had a 35% market share of the search engine market in China – and now leaves a gaping hole in the online search/advertising space. So, is bing.cn next?
Argh. Well, it’s really not quite out of the box, at least on Ubutu Server 9.10 (after reinstallations required after initial failures…), so this is just a selection of the fixes that made the import and indexing of the 160 000 files at 102GB possible. So for KnowledgeTree 3.7.0.2 Commercial Edition (the same holds true for the Community Edition), the following should help:
catppt and xls2csv) and pdftotext (which you’ll find in xpdf-utils).
apt-get install catdoc pdftotextknowledgetree/search2/indexing/extractors/TikaApacheExtractor.inc.php and comment out the mime types that are affected above from the returned array in getSupportedMimeTypes() – PDF, XLS, DOC and PPT: (more…)OpenOffice.org startup failures, indexing issues and other niggles forced me to re-install KnowledgeTree 3.7.0.2 Commercial Edition (the same holds true for the Community Edition) more than once during setup. I was met with this delicious error notification which killed all further activity on the site (and prevented the startup of /setup/wizard/, control.php, browse.php, login.php — well, everything, really):
Warning: include_once(DB/.php) [function.include-once]: failed to open stream: No such file or directory in /usr/share/knowledgetree/thirdparty/pear/DB.php on line 371
Warning: include_once() [function.include]: Failed opening ‘DB/.php’ for inclusion (include_path=’/usr/share/knowledgetree/search2:/usr/share/knowledgetree/ktapi:/usr/share/knowledgetree/thirdparty/xmlrpc-2.2/lib:/usr/share/knowledgetree/thirdparty/simpletest:/usr/share/knowledgetree/thirdparty/Smarty:/usr/share/knowledgetree/thirdparty/pear:/usr/share/knowledgetree/thirdparty/ZendFramework/library:.:/usr/local/zend/share/ZendFramework/library:/usr/local/zend/share/pear:/usr/share/knowledgetree/thirdparty/pear’) in /usr/share/knowledgetree/thirdparty/pear/DB.php on line 371
Warning: Cannot modify header information – headers already sent by (output started at /usr/share/knowledgetree/thirdparty/pear/DB.php:371) in /usr/share/knowledgetree/config/dmsDefaults.php on line 299 (more…)
Having repeatedly received the error that OpenOffice.org is not running on the standard installation of KnowledgeTree 3.7.0.2 Commercial Edition (the same holds true for the Community Edition), further investigation was necessary. The key area of investigation must focus on the dmsctl.sh file, particularly from line 47 onwards, but more of that further down below. This is on Ubuntu (9.10 Server).
First, do a few quick checks:
netstat -pant| grep 8100 — as the default installation is running with a headless OpenOffice.org on port 8100. You should see something like:
tcp 0 0 127.0.0.1:8100 0.0.0.0:* LISTEN 9655/soffice.binFor the fix in question, it wasn’t giving any results on this check (sudo the commands where required, but you knew that already), which means that it’s not running properly. Also,
ps -aux | grep soffice
gave no results, indicating non-functioning backend software.
(more…)
Ubuntu 10.04 LTS (beta) now out...
Ubuntu 10.04 went beta yesterday afternoon, with downloads at http://releases.ubuntu.com/10.04/, otherwise from the download mirrors. Lucid Lynx, as it’s called, enjoys LTS support (ie 5 years out the box).
This version promises as a better (and faster) boot experience, new themes, version 2.6.32 as the Linux kernel, Firefox as default browser — with default browser page changed to Yahoo! (that’s new!) nVidia hardware support using open source drivers has improved, and a whack of new features for the Ubuntu Enterprise Cloud have been included. (more…)
From the agency that put together the retrospective for Tim Burton (of Beetlejuice, Sweeney Todd, Corpse Bride — visit his site for a seriously cool interface!) at the Museum of Modern Art, as well as the Victoria’s Secret Fashion Show comes a collection of pre-loaders. You know, that typically twirly swf or flv loader filling up to 100%. But they’ve opened it up to collect the best ones out there. (more…)
Microsoft today announced service packs for both Windows 7 and Windows Server 2008 R2, but declined to set a release date or a schedule for getting a beta in users’ hands.
There’s no concrete roadmap (or tar one, for that matter) yet, but it’s good to see that, if Redmond sticks to it, the 22 month deployment cycle will be revised with a view toward tied-off user systems patched to baselevels. Microsoft suggests minor patches and hotfixes to be included in this roll-out.
The reason for the overlap between the service packs is the code-base overlap between the two operating systems – remind me to blog about the beauty of Windows 2008, or “how I installed Windows 2008 Enterprise in 6 minutes”.
We should be able to expect (unofficially) the roll-out from October 2010 onwards, with a focus on end November 2010.
Based on registry entries found in the base Windows 7 deployment, there are eligibility registry keys that may prevent the service pack to install — but that shouldn’t be a problem as long as it’s only linked to registered and legal software…
Moxie Marlinspike will be at the Security Summit 2010 this year at the Sandton Convention Centre – well, at least he’s on the lineup – and should give some insights; Jeremiah Grosman is back (from White Hat Security) and Joe Grand (from l0pht Heavy Industries – remember l0phtCrack?) will also have some words to say.
Lets hope that the vendor presentations will be kept a mimimum with a focus on content rather than “Oh, we are great”…
Johannesburg, May 11-13, 2010
Bigger, better - more compliant?
While so many corporates are still locked into a Windows XP / IE6 platform, Internet Explorer 9 (IE9) looms on the horizon, “now even more compliant” (don’t you just love that: “not quite, but getting there…”)
In an effort to make Windows XP finally disappear from the landscape through a ‘force migration’ to Windows 7, Microsoft has released a statement relating to the interoperability between the legacy, no longer supported (but so-much-more-stable -than-Windows-98-and-Windows-ME (meh!)) Windows 98 and the next incarnation of their now choice-based Internet Explorer (remember – in Europe, free choice of web browser now required by the EU). (more…)
Google is going to shut down google.cn with a likelyhood some webhosts give as their uptime guarantee. With a reported 99.9% certainty, google.cn is going to power down, not due to business, but, as Eric Schmidt, Google CEO says, about the cencorship rules. Not, quite clearly then, as a reaction to Operation Aurora…
Li Yizhong, the Chinese minister for industry and information technology, said on Mar 12, 2010 that if Google were to take steps violating Chinese laws, “that would be unfriendly, that would be irresponsible, and they would have to bear the consequences.”
Mr Li encouraged Google to continue its operations in the country. “[Google] has taken 30 per cent of the Chinese search market.
“If you don’t leave, China will welcome that, if you don’t leave, it will be beneficial for the development of the internet in China.”
“Do no evil” vs business opportunity. Let’s see who wins…
And many more will follow, cos this is quite fun!
Let’s see how the social spidering kicks in…
A Swiss firm, Objectif Sécurité, makers of Ophcrack_Office (for Word and Excel files) and Ophcrack Open Source (over at sourceforge.net), has tweaked their application to crack XP passwords with up to 14 characters on a Steady State Drive interface (think of large, light, laptop drive using Flashdrive technology) through rainbow tables (pre-calculated hashes) in an average of 5.3s.
Seek times on the SSD seem to be the big tweak here:
Oechslin has fitted an elderly Athlon 64 X2 4400+ with an SSD and the optimised tables. This system can, with only a 75% CPU utilisation, crack a 14 digit password with special characters, in an average of 5.3 seconds. Oechslin says that, worst case, it should be able to search arithmetically through 300 billion passwords per second, a speed that is a factor of 500 faster than an Elcomsoft cracker supported by a modern Tesla GPU from NVIDIA.
So twelve days after jQuery UI 1.8RC3 was released, which followed the release of the previous release candidate – 1.8RC2 after less than 2 weeks, the release of the final jQuery UI 1.8 is only a few days (moments?) away – seeing that 1.8RC3 is the final version before final release. In itself, the UI RC3 release has a huge set of fixes built into it already (listed below, as presented on the release notes) so the rest from here on in will be final testing and tweaking. It’s over at http://jqueryui.com/ (more…)
News from the Eastern Cape:
Bhisho’s Health Department headquarters have had their telephone lines cut thanks to the department’s unpaid Telkom bill of more than R23 million
This is what the Daily Dispatch reported today. Bhisho is in the Eastern Cape, and is the administrative capital of the Eastern Cape in South Africa. (more…)
Over at toni.org, Toni Schneider gives some points about the values of Distributed Companies – including easier hiring, better communications, better office environments and more ‘social’ aspects…
The list is certainly not exhaustive and some of those points (including time zones!!) need to be rethought, but it’s a good starting point for an argument!
