I'm still around

Hey guys,

There hasn't been any update for a long while. Work has been keeping me busy, and the rest of my free time has been taken away by Forumwarz, a browser-based RPG about Internet culture. As a security specialist, I even helped Evil Trout, the admin of Forumwarz, fix a lot of security vulnerabilities there.

During my time spent on Forumwarz, I got myself acquainted with Greasemonkey, a Firefox plugin that lets you run custom Javascript on websites to achieve certain tasks, and Prototype, and interesting Javascript framework that makes me think traditional Javascript is just a thing of the past :P

Another thing that attracted my interest is concurrency security. Concurrency-related problems could lead to nasty bugs in your system, data inconsistency, and even security breach. This issue has not been given enough consideration by security researchers, but I believe it cannot be underestimated. Maybe I will create a challenge based on it for everyone to enjoy ;)

Steganabara 1.1.1 - finally!

Hey guys,

I have been making some minor improvements to Steganabara during the years, but due to my laziness a new version has not been released until now. But today, an email from r0d pulled me out of the shadow and Steganabara version 1.1.1 is now ready! No new feature yet, but I am glad to announce that the drag 'n drop feature has been supported for KDE 4.

As always, you can download this new version from my homepage. And of course, you should send me ideas for new features to make Steganabara the best steganalysis tool in the challenger world ;)

IBM's XML challenge - joke?

I got an email today about this XML challenge from IBM, which sounded very interesting. But I was quite disappointed.

After registering, I was taken to a MCQ quiz, with the answer to each question almost given out in the introduction text. Oh well.

Next I was provided with 3 contests: Video Mania, Query Challenge, and Programming Contest. I'm no good at making videos, and the programming contest was only available to students, so I started on the Query Challenge.

The query challenge was about pureXML, which could be summarised as some kind of combination between traditional SQL and XML into their database management system.

They launched a website: http://db2xmlcontest.morphexchange.com, which acts as a quick console for those who don't want to download the huge package called DB2 Express-C, but I quickly found it vulnerable to XSS.

After a hard time struggling through their online documents to find reference for some simple queries, I finally managed to reach question 4, in which I needed to find out which country has bordering countries in other continents. Well, have a look at a sample data file:

<?xml version="1.0" encoding="UTF-8" ?><country cid="1"><border_countries>China 76 km, Iran 936 km, Pakistan 2,430 km, Tajikistan 1,206 km, Turkmenistan 744 km, Uzbekistan 137 km</border_countries><population>31056997</population><area unit="sq km"><total>647500</total><land>647500</land><water>0</water></area><boundaries unit="km">5529 </boundaries><coastline unit="km">0</coastline><currency>AFA</currency><fiscal_year>
21 March - 20 March
</fiscal_year><ports_and_terminals>
Kheyrabad, Shir Khan
</ports_and_terminals><elevation_extremes><highest_point>Nowshak 7,485 m</highest_point><lowest_point>Amu Darya 258 m</lowest_point></elevation_extremes></country>

WTF?!!! It's XML, why do they have to store the bordering countries in a stupid string, which isn't even comma-separated? I could still do it anyway, using the power of regular expression in my favourite language. But to do it with a single query, there's no way I'm gonna dig through the poorly documented website just to find some stupid string manipulation functions to get the job done.

McAfee SiteAdvisor

Lol, have a look at this analysis of my website by McAfee: http://www.siteadvisor.com/sites/freewebs.com/quangntenemy

I suppose many people downloaded the FreeRice bot I wrote a long time ago and that's why they had my site tested for security :P

Winzip password collision

I created this zip file for a word guessing contest at ForumWarz, using a strong password, "5be890c219b0a837600e5fbb7ae8a2505be890c219b0a837600e5fbb7ae8a250" (not insanely strong but I guess that's strong enough for an average user). But it got cracked easily using AZPR with a brute-force attack.

It turned out that you can unzip the file with a much shorter password "tdc4Dl" too.

Surprised? I knew that zip protection was insecure but never thought it was that terrible.

This paper has some more information about zip encryption weaknesses, but I'm too lazy to read something that long. Maybe rhican can enlighten me :)