RSS
 

Archive for the ‘programming’ Category

Dzone: Digg for developers

16 Aug

Dzone
I found a new site for called  Dzone  today. Unlike Digg its focuses on programming, coding tools, processes and practices. The feature which made this site uniquely stand out among the other 100 digg replica’s is its ability to take “webshots” of the URL being linked which is shown as a thumbnail.

dzone fills a void which in a developers life which sites like digg and slashdot can’t fulfill because of their unfocused news items. Lately digg has been trying hard to develop more focused pages, but its no where close to what developers are currently looking for.

 
1 Comment

Posted in hacking, programming

 

Detecting browser bandwidth (in perl)

10 Aug

If your website has file downloads in megabytes, it can take multiple minutes to download from far away places. Detecting user’s bandwidth and predicting the time it might take might become essential to help your customers understand why its taking so long. Detecting bandwidth of a client could be as simple as timing a downloading of a simple file. But there are a few problems with this.

To begin with, most browsers can open multiple download threads to the same destination (IE uses 2, Firefox uses 4). This is not a problem, but its good to know. Then there is a TCP start/stop overhead, impact of which can be minimized by using large files and enabling keepalive. The biggest problem however is caching intelligence within the browser which can trick detection logic to think that it has a superfast network connectivity. The same problem can also confuse multiple browsers behind a caching proxy server.

The solution to all of these problems are relatively simple. First of all use multiple file downloads to maximize the usage of all the browser threads to the server. Enable Keepalives on the server to minimize TCP restart overheads. Use relatively large files for sampling and finally use random numbers as URL parameters to force the cache to discard previous version of the file from cache “?randomnumbers”

 
Comments Off

Posted in internet, perl, programming

 

The Blue Pill – 100% undectable malware

09 Aug

During Code Con 2006 7 months ago I first heard about the existence of virtual machines based rootkits. I’ve also been reading about hypervisor technology and about products like Xen which are trying to build a better virtual machine engines. Amd and Intel now, officially, have hooks in the processor itself to support this. Unlike traditional virtual machines which “emulate” all the processing within another OS, using this new technology, each OS could infact live along with each other talking directly with the processor.
But what took me by surprise is that within this short time of all this happening, there is a new technology called the “Blue Pill” which has been demonstrated and discussed in the underground world, which makes use of the virtualization features of the processors to make 100% undetactable malware.

Here is an extract from authors description of blue pill..

All the current rootkits and backdoors, which I am aware of, are based on a concept. For example: FU was based on an idea of unlinking EPROCESS blocks from the kernel list of active processes, Shadow Walker was based on a concept of hooking the page fault handler and marking some pages as invalid, deepdoor on changing some fields in NDIS data structure, etc… Once you know the concept you can (at least theoretically) detect the given rootkit.

Now, imagine a malware (e.g. a network backdoor, keylogger, etc…) whose capabilities to remain undetectable do not rely on obscurity of the concept. Malware, which could not be detected even though its algorithm (concept) is publicly known. Let’s go further and imagine that even its code could be made public, but still there would be no way for detecting that this creature is running on our machines…

References

 
1 Comment

Posted in hacking, programming, security

 

Dump active directory to file in C#

01 Dec
// Purpose: To List all entries in Active Directory
// Author : Royans K Tharakan
// Date : 2003 Decusing System;
using System.DirectoryServices;
using System.Text.RegularExpressions;
namespace ActiveDirectorySearch1 {
class Class1 {
static void execute(String tab,String arg1, String args2) {
try{
DirectoryEntry entry = new DirectoryEntry(\”LDAP://YOURDOMAINNAME/\”+arg1);
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.Filter = (\”(\”+args2+\”)\”);
mySearcher.SearchScope = SearchScope.OneLevel;
int i=0;
string reg1 = @\”^CN=\”;
string reg3 = @\”^OU=\”;
string reg2 = @args2;
Regex regex1=new Regex(reg1,RegexOptions.IgnoreCase);
Regex regex2=new Regex(reg2,RegexOptions.IgnoreCase);
Regex regex3=new Regex(reg3,RegexOptions.IgnoreCase);
foreach(SearchResult resEnt in mySearcher.FindAll()) {
i++;
Match m1=regex1.Match(resEnt.GetDirectoryEntry().Name.ToString());
Match m2=regex2.Match(resEnt.GetDirectoryEntry().Name.ToString());
Match m3=regex3.Match(resEnt.GetDirectoryEntry().Name.ToString());
String result=resEnt.GetDirectoryEntry().Name.ToString();
if (((m1.Success||(m3.Success) )&& (!m2.Success)))
{
Class1.execute(\”t\”+tab,result+\”,\”+arg1,args2);
System.Collections.IEnumerator en = resEnt.Properties.PropertyNames.GetEnumerator();
while (en.MoveNext())
{
ResultPropertyValueCollection valcol = resEnt.Properties[en.Current.ToString()];
foreach(Object prop in valcol)
{
Console.WriteLine(\”t\”+tab+en.Current.ToString()+\”=\”+prop.ToString());
}
}
}
else
{
Console.WriteLine(tab+result);
}
Console.WriteLine(tab+result);
}
}
catch (Exception e)
{
Console.WriteLine(\”Error \”+e);
}
}
static void Main(string[] args)
{
Class1.execute(\”t\”,\”DC=DOMAINNAME,DC=DOMAINNAME\”,\”ObjectClass=*\”);
}
}
}
 
Comments Off

Posted in programming