Monday, December 22, 2008

Steganabara 1.1.1 - finally!

Hey guys,

I have been making some minor improvements to Steganabara during the years, but due to my laziness a new version has not been released until now. But today, an email from r0d pulled me out of the shadow and Steganabara version 1.1.1 is now ready! No new feature yet, but I am glad to announce that the drag 'n drop feature has been supported for KDE 4.

As always, you can download this new version from my homepage. And of course, you should send me ideas for new features to make Steganabara the best steganalysis tool in the challenger world ;)

Tuesday, December 2, 2008

IBM's XML challenge - joke?

I got an email today about this XML challenge from IBM, which sounded very interesting. But I was quite disappointed.

After registering, I was taken to a MCQ quiz, with the answer to each question almost given out in the introduction text. Oh well.

Next I was provided with 3 contests: Video Mania, Query Challenge, and Programming Contest. I'm no good at making videos, and the programming contest was only available to students, so I started on the Query Challenge.

The query challenge was about pureXML, which could be summarised as some kind of combination between traditional SQL and XML into their database management system.

They launched a website: http://db2xmlcontest.morphexchange.com, which acts as a quick console for those who don't want to download the huge package called DB2 Express-C, but I quickly found it vulnerable to XSS.

After a hard time struggling through their online documents to find reference for some simple queries, I finally managed to reach question 4, in which I needed to find out which country has bordering countries in other continents. Well, have a look at a sample data file:

<?xml version="1.0" encoding="UTF-8" ?><country cid="1"><border_countries>China 76 km, Iran 936 km, Pakistan 2,430 km, Tajikistan 1,206 km, Turkmenistan 744 km, Uzbekistan 137 km</border_countries><population>31056997</population><area unit="sq km"><total>647500</total><land>647500</land><water>0</water></area><boundaries unit="km">5529 </boundaries><coastline unit="km">0</coastline><currency>AFA</currency><fiscal_year>
21 March - 20 March
</fiscal_year><ports_and_terminals>
Kheyrabad, Shir Khan
</ports_and_terminals><elevation_extremes><highest_point>Nowshak 7,485 m</highest_point><lowest_point>Amu Darya 258 m</lowest_point></elevation_extremes></country>

WTF?!!! It's XML, why do they have to store the bordering countries in a stupid string, which isn't even comma-separated? I could still do it anyway, using the power of regular expression in my favourite language. But to do it with a single query, there's no way I'm gonna dig through the poorly documented website just to find some stupid string manipulation functions to get the job done.