video interview with iPhone hacker Charlie Miller from Dean Takahashi on Vimeo.

Human beings cannot write complex code.

There are literally millions of lines of code on your computer right now. Just because your patched does not mean there isn’t a bug in there that could be exploited to do bad things.

So while reading through the Month of Twitter Bugs (MoTB) I thought, wow, sites that millions of people use each day, like bit.ly, had some interesting and serious bugs. I wanted to see how easy it was to find a twitter third party site that was vulnerable. Took me about an hour before I had 5. Each of these sites are part of the http://twtapps.com 3rd party twitter applications. Each one has a reflective XSS vulnerability, and gasp, probably a lot more:

Twtpoll.com

Twtpoll is a simple feedback twitter app. Type in a 140 chars question, type in multiple choice answers, and embed/share it!

Twtvite.com

Twtvite is a simple event manager twitter app.
Create an event, enter the location, date, time, your 140 chars description, and share it/ manage RSVPs.

Twtbiz.com

TwtBiz is business directory for Twitter.
You can find businesses, entrepreneurs, investors! See the company’s team Twitter feed.

Twttrip.com

TwtTRIP is a simple travel organizer twitter app.
Add your travel plans, meet other tweeple traveling to the same destination, and embed/share it.

Twtqpon.com

TwtQpon is a simple coupon creator for businesses.
Enter your promotion details, choose an image and enter a code + url!

All these sites run the same search.php script which does not sanitize search string input correctly and will reflect the script back on the search results page:

PoC: http://sitename.com/search.php?search_str=

%253Cscript%253Ealert%2528%2527xss%2527%2529%253C%252Fscript%253E

What could you do with this? You could use this to gain access to a users account if they were logged into any of these sites, and you convinced them to click on a crafted link, then could grab a their cookie and log into the site as them. And I know reflected XSS is pretty lame, so don’t bother. I’m just trying to show how easy it is to find sites like this.

I did notify the person behind all these sites a few days before posting this, and he just said thanks, so hopefully it’s been patched by the time anyone reads this.

Our first lab said that we must:

Create a new Perl script that:

1. Has a for loop whose loop control variable iterates from 1 to 100 in increments of 1.
2. Has another loop inside this loop that tests the loop control variable to see if its value is a prime number. (Hint: use the modulus operator to see if the loop control value is evenly divisible by another number)
3. Prints all prime numbers between 1 and 100 to the console.

Execute your script to ensure it’s correct! The following output should display
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97

Simple right? Well, yes it is but not for me. I spent quite a while before I came up with a solution:

#!/usr/bin/perl
use strict;
use warnings;
for (my $i = 0; $i < 100; $i++) {
  my $count = 0;
  for (my $x = 1; $x < $i; $x++) {
   if ($i % $x == 0) {
       $count++;
    }
  }
  if ($count == 1) {
     print ("$i ");
  }
}
print ("\n"); #clear line for linux terminal execution of scripts


Does the job but do you see the problem? It's very inefficient. I changed the for loop to cause $i to do 10,000 iterations and checked the execution time: $ time ./cb_lab1.pl The script took about 14 seconds on my Intel dual core processor.

Then the instructor showed me why I'm the student:


# MYLOOP checks numbers 2 - 99 (100 is not prime)
MYLOOP: for ($num = 2; $num < 100; $num++)
{
   # juist check from 2 to $num/2
   for ($i = 2; $i < $num/2; $i++)
   {
    if (($num % $i) == 0)
    {
    next MYLOOP; # stop checking if number is not prime
    }
   }
   print $num . " "; # print prime number
}


If you receive an email that is phishy then the first step is to always check the headers and/or source of the email. You can do this in Apple Mail by selecting the email and hitting ‘View’ on the menu bar and selecting -> ‘Messages’ -> Long Headers (or Raw Source). In Outlook right click the email and select ‘Options’ and look towards to bottom to see the headers. You should see a lot of information such as Return Paths, Received Date, Received, Message-Id, etc. What we really care about is the Received section. This will tell you who *really* sent the email. Spoofing your from email address is very easy. I could email you and make it look like chris@ups.com is emailing you if I wanted. But see, the received section exposes the con. Lets look at the UPS email I got from 8/7/2009:

Pay attention to Received:

from [88.132.108.223] (port=1654 helo=host-88-132-108-223.prtelecom.hu) by [my email server] with esmtp (Exim 4.69) (envelope-from <carboyscd1@sittis.es>) id 1MZPlz-0003Y1-VH; Fri, 07 Aug 2009 08:46:31 -0500

Notice the IP: 88.132.108.223 which reverse dns’ to host-88-132-108-223.prtelecom.hu. Why is UPS sending me an email from Hungary? That’s because it’s not UPS. It’s a computer that’s been hacked and is being used to spam viruses. The zip file is a virus called ZBOT (discovered 2008) that steals banking info, can take screenshots, downloads additional components and may install a backdoor. Well, thanks, but no thanks! I write to inform and hopefully help someone.

Network Tools is your friend. Use it.

I like the new resource manager.

Lots of themes and wallpapers.

Running Hulu Desktop.

Media Center with Internet TV Beta running.

Download Windows 7 Release Candidate for free:
Windows 7 Release Candidate Customer Preview Program

MacPorts is an easy to use system for compiling, installing, and managing open source software. MacPorts may be conceptually divided into two main parts: the infrastructure, known as MacPorts base, and the set of available ports.

Why is MacPorts cool?

If you are a new Mac user like me and you have a background in linux/freebsd type systems then MacPorts will be easy to understand and provides access to 5829 ports. MacPorts provides a simple and easy way to download, compile, and install various open source programs.

What are ports?

A port is software ‘ported’ to run on a different system.

Lets install, yes?

In order to install MacPorts you need the following:

1. Apple’s Xcode Developer Tools [Download from: Developer Center]
2. The X11 windowing environment (A.K.A. “X11 User”) and its related SDK package (“X11SDK”) for ports that depend on the functionality they provide to compile and run.

Once this is done, download the MacPort image for your OS:

• Download MacPorts for Leopard (Universal)
• Download MacPorts for Tiger (Universal)
• Download MacPorts for Panther (PowerPC)



After setup is complete and your install was a success, MacPorts recommends that you manually update your port CVS. You can do this by running:

sudo port -v selfupdate

Note that this may take some time to complete. After I run this my terminal shows:



Now what?

Pick one of the 5289 ports and install. I will show an example by installing GnuPG (GNU pretty good privacy package). Lets run:

sudo port -v install gnupg



Please note that compiling can take a few minutes for certain ports. GnuPG took about 4minutes on my iMac. Also note that when you install programs that they are installed to:

cd /opt/local/bin

Now if gpg compiled and was installed correctly then we should be able to use it:



Cool! Have fun! Don’t forget to mess around with Xcode too!

“Along the way Alexa has developed an installed based of millions of toolbars, one of the largest Web crawls and an infrastructure to process and serve massive amounts of data.”

The “Hot URLS” on Alexa’s homepage means these are some of the most viewed pages in the ‘Alexa Toolbar Community’. Number 7, right now on Alexa, is : “Is Working Online At Home The Next Gold Rush?”. Catchy title, and given the state of the economy this is completely valid. Naturally I click the link, which has the text of Los Angles Tribune in the domain name. The webpage is a story, about a woman who gets paid $25 for every link she posts on Google. She’s making $5500 a month.

The site has a realistic sounding story complete with pictures, sponsers, ads, and comments from people who did what Mary Steadman did and followed the easy steps to posting links on Google for cash. So how do you make big bucks doing nothing? You click on over to ‘Easy Google Profit’, a free course that can teach anyone, regardless of computer skill level to start making money online. Catch? No catch, just pay $1 for shipping.

The ‘Easy Google Profit’ link takes you to a s3curehost.com page with flashing buttons and pretty pictures that ask you to sign up, but hurry, supply is limited. There is even a virtual assistant to pressure you to cough up that credit card information. There are tons of domains with this same message/layout. By viewing the index page at the LA Tribune domain, http://www.losangeles-tribune.com, you get an Apache web server default page that tells you that you have successfully installed Apache. No LA Tribune here. The spam scam page is in /finance . According to compete.com, the number of hits is around 70,000.

After looking up the domain on network-tools.com , you will find out this points to 70.32.77.75 which is a Media Temple IP. Wonder if Media Temple knows? Probably not. Just hit yesterday. You see this type of stuff all the time. Checking the netstat when connected to LA Tribune:

Sources:
http://alexa.com
http://network-tools.com
http://compete.com

Google Conversion about related sites:
http://www.google.com/support/forum/p/AdSense/thread?tid=310b60ceedc1cd07&hl=en

Build an Auto-Scrolling Slideshow That Works With and Without JavaScript

I though this would be really cool to possibly use in a web site redesign I am working on. So I thought I would share what I did and a real world example of using this auto-scroller to display images. The tutorials and demos provided in the download are based in text. Just switch out to an image and edit the slideshow.css to your liking. In the html, I just took out the tab functionality. Maybe you web standard guys will look at me wrong. But who cares, I not a proclaimed web designer.  I changed the scroll intervals and width/height then made 4 images  for the slideshow. I slapped the div’s into spot. Hours of tweeking and editing 3 css files I finally got the desired look I was looking for. See the prototype finished design here.

HonorAir Knoxville is a wonderful organization that fly East Tennesse World War II Veterans to Washington DC to see the Memorial built in their honor. I feel obligated to create a the best site I can out of great respect for these men and women. I am on a deadline though, so jquery based scrollers or effects help make my job easier.

I downloaded the Infinity theme from Smashing Magazine and made my own mark on the sources. Installing themes in Wordpress is a simple as uploading them. I like the Infinity theme because of the twitter stream, delicious feed, and flickr photos. You can download Infinity from Smashing Magazine here. Theme is dated Aug 2008, a little old but oh well.