grack.com

Has anyone noticed that Microsoft is willing to admit to that “a bug in ASP.NET canonicalization exists”, but refuses to divulge any more information?  Considering that the information is easily available and being distributed by bloggers between themselves, you should have all of the information at your fingertips to protect yourself.

Basically, the bug involves subverting Windows or Forms authentication by modifying your URL slightly.  By replacing traditional URL slashes with backslashes, you can fool ASP.NET into serving files that should be protected.

Note that you’ll need to use Firefox to check out some parts of this bug, since IE automatically replaces DOS-style slashes with URL-style slashes in the address bar.

The original message is here on NTBugTraq.  Don’t let Microsoft keep the important security information away from you!

Note: there are alternate ways to exploit this bug by using the URL-encoded version of a slash to subvert the URL scanner.  The one described above is the easiest attack to implement.  I’ll post more information here as I discover it.

Read full post

Neat Image is a tool for automatically reducing digital camera noise.  I tried it out last night on a few photos - it manages to clear up a lot of random noise you see when zooming in on most digital pictures.  Best of all - it’s free for personal use!

I managed to get results that were pretty good, but not as striking as their examples.  I suppose the developers of the tool would understand how to get the most out of it.  You’ll notice a subtle difference in the shots that you’ve processed with the tool. 

It’s a bit of extra work for each shot, but I think it pays off to clean up the pictures you really like.

As far as I know, cleaning up pictures this way won’t affect how they look when printed professionally.  I believe that proper processing blurs the image enough that you won’t see small per-pixel artifacts.

Read full post

After reading the full-disclosure list for more ASP.NET vulnerability information, I came across a report of spyware installing on fully-patched XP SP2 IE instances.

The thread is here.  Basically, a site is forcing a CAB file down user’s throats without any sort notification.  If you want to try it out in VMWare or some other safe environment, jump to the URL http://www.themexp.org/about_wrap.php.

I can’t repeat it enough: Install Firefox today.

Read full post

I tried out Google Desktop Search today and I decided to take a deeper look at how it works and how it integrates into your daily experiences.  This information all comes from reverse-engineering and file/registry observation.  None of it is guaranteed to be correct.

From looking at some of the PDB file references, I think the internal name of this Google search engine is “Total Recall”.  This fits with the replacement string returned from Google (“ ”) and the port number registry key “trs_port”.

The search utility consists of three main applications and a number of “information provider” plugins.  The main applications are:

  • The Google Desktop Search main application.  This provides the UI for configuration of the Google search programs and launches them as necessary.
  • The indexing service.  This program runs a small HTTP server on port 4664, receiving desktop search requests and outputting search results.
  • The crawler service.  This program runs in the background, indexing local files that exist on your disk.

The plugins are:

  • A Winsock1/2 protocol filter.  These intercept requests to www.google.com, www.google.ca, etc. and add a “Desktop” link to the search page, as well as placing the local search results in with the remote search results.
  • An IE-specific BHO (browser helper object).  The BHO indexes the pages you visit and takes a screenshot to store as a thumbnail for later.
  • Microsoft Word/Excel/Powerpoint plugins.  Unknown at the time, but they are probably used to index Office files.

The Winsock 1/2 interception is one of the cooler parts of the Google Desktop Search Application.  Each request you make runs through this filter.  Whenever a Google search is performed, the interception layer sends the requests to the local indexing server and merges the results with the web search results.  I verified this by running Windump on the machine and comparing the request made to Google with the results that Firefox received.

The BHO uses the GoogleDesktopAPI2.dll to add pages to the indexing service.  To take screenshots, it uses the GetDC function to grab the current bitmap from IE itself.  You’ll notice that if any Windows are obscuring the IE window at the time the screenshot is grabbed, they’ll appear in your thumbnails.

GoogleDesktopAPI2.dll has a number of unnamed imports.  Each of the search plugins loads these imports by ordinal and calls into them.  So far, none of the imports have been decoded.

More info as it comes!

Read full post

I decided to pave over my Windows 2000 box with a brand new install of Fedora Core 2.  The network install is awesome - burn the 4MB boot.iso to a CD, select “HTTP” install, point it any Fedora mirror and go!

It took about 30 minutes to get the installation completed on my old PII-400.  Your time may vary based on CPU hugeness and mirror fastness.

I’ve been using my Linksys firewall for managing internal DHCP, but it doesn’t really give you much flexibility to assign static IPs that I’d like.  I hope to get a quick and dirty DHCP server up and running with brand-new DHCP-managed static IP addresses for all of my networked devices (including my Xbox). 

It also gives me a chance to try my hand at setting up a full IMAP mail server at home.  I’ve been using hotwayd for snarfing messages from Hotmail and getting them remotely via POP3.  I’d prefer to have them sit in a common mailbox that I can read from either work or home.

Read full post

Networked printing is really cool in Fedora!  You can configure CUPS to automatically browse the network and discover other printers by using the Printer Configuration tool and, under the “Sharing…” menu, choose “Automatically find remote shared queues”.

You can even use this to set up a remote print queue for Windows.  Install the generic Adobe postscript printer driver and point it to your CUPS printer share when it asks for the URL.  The CUPS URLs are generally of the form:  http://servername:631/printers/printer-name.

You’ll find the printer URL by browsing the CUPS webpages and selecting the printer under “manage printers”.

The cool thing about CUPS is that there are no specialized drivers to load under Windows.  You use the generic postscript driver and everything just works.

Read full post

While upgrading my Linksys router through the upgrade page, I somehow managed to kill the thing.  Having spoken with others that have tried to upgrade the firmware, I don’t seem to be alone.

Luckily, the Linksys-modified TFTP program saves the day.  It seems that the hobbled router comes up in a crippled mode on 192.168.1.1 with a password of “admin”.  Once you re-upload the firmware, it comes back up with the proper settings.

I think the trick is not using the HTML-version of the upgrade page.  Stick with TFTP!

Read full post

Are people finally waking up to Microsoft’s attempts to get their fingers in every pie?  A few months back, Microsoft managed to kill the IETF Marid working group’s attempts to build a common spam filtering framework by refusing to license their technology openly.  This leaves room for SPF to take over, already with the backing of a large number of mail server operators.

Just recently adoption of the WMV9 codec, slated for inclusion in the sequel techology to DVD, is hitting some roadblocks:

Multiple sources close to the SMPTE process told EE Times last week that Microsoft created the impression in the industry that its WMV9 codec had a leg up on H.264/MPEG-4 AVC in quality and licensing terms. But now that the WMV9-based VC-1 has been put to the test in the arduous SMPTE standardization process, VC-1 is “perceived as behind in quality and behind in licensing terms, compared to H.264/MPEG-4 AVC,” one source said.

Does this sound familiar?

Read full post

I just finished setting up dovecot this morning to aggregate my various email boxes and make them available via a single server.  Dovecot seems to be a server from the new golden age of Unix services.  It’s easy to set up and has reasonable defaults for getting a server up-and-running without much effort.  Note that this is in contrast to sendmail configuration, which is as cryptic as could possibly be.

My ideal “unix service” - mail, web, ftp, etc - is a drop-in application that tries to work with your current configuration, rather than reinventing the wheel each time.  It should use PAM for authentication whenever possible, pick up system configuration from shared files and “just work” when you start it up.

So far, I’ve managed to get my home network up and running with the following services:

  • Windows domain (via Samba)
  • DHCP with static addresses assigned per MAC (via ISC’s dhcpd)
  • DNS, including integrated dynamic-DNS with DHCP (via bind)
  • Single-source, aggregating IMAP email server (via dovecot, fetchmail and procmail)
  • Spam filtering and anti-virus protection for above (via spamassassin and clamav, respectively)
  • Networked printing (via CUPS)

To run all of these services off Windows Server 2003 would cost me approx. CDN$1,200 for the basic serverlicense (and five CALs).  I’d also have to add in the basic Exchange package for another CDN$1,200.  Spam filtering might still be possible via spamassassin on Windows and I could probably use the free version of AVG anti-virus for email protection at the client level (versus the server).

Note that my current solution would likely scale up to a medium-sized, single-office solution by upgrading the hardware (no additional effort).  I’d probably be looking at more than CDN$10,000 in license fees to pull this off legally in Windows 2003.

Grand total amount of time to set all of this stuff up: six hours.  To do it again would probably take about two hours.

Read full post