Chess

Just a quick update. I haven't been very active in challenge solving during the past few months. However, I just developed some interest in chess. I am doing pretty well on chess.com with a rating closing 1700.

This is one of my favourite games: http://www.chess.com/echess/game.html?id=42014101

You know what, I found some of the geeks there too. Caesum the alien is playing more than 100 games at the same time, while TheHiveMind with his super chess bot has already reached a rating of 2200+.

I'm having a duel with Caesum atm, and the game is a bit on my side. Wish me luck!

Ubuntu Tweak

Finally got rid of the stupid pink login screen using Ubuntu Tweak. What a pain!

Hacker skills in action

Have you ever needed to use your 1337 hacker skills in real life as a non-security professional?

I was once given the task of writing a Windows library to connect to a Juniper VPN system. All I was given was just the web interface of the system. A task that cannot be completed without reverse-engineering skills.

Some experiments with the system showed me that the VPN system wasn't too complicated. After the user authorizes himself via the login page, an ActiveX or Java applet will be launched, which will subsequently download and run a Windows application that is responsible for the VPN connection.

Authenticating via the login page programmatically to retrieve the cookie for the session was a trivial task. For downloading and running the Windows VPN application, with my 1337 Java skills, I decided that reverse-engineering the Java applet was the way to go. After decompiling the applet with Jad, all I needed to do was modifying the code to make it run in a "simulated" applet environment, and everything went on smoothly.

Year 2038 problem - not very far away

Maybe some of you have already heard about the year 2038 problem, caused by software and systems storing system time as a signed 32-bit integer. I thought it would be quite a while until I'd have to care about it, but it seems that isn't the case.

A little while ago, my yahoo mailbox was hit by a lot of spammers sending from the future date of 18th Jan 2038. Back then, I thought it was funny. Spammers always want their spam mails to appear on top by setting the date to the farthest in the future. But this is as far as they can go ;)

However, recently, I have discovered the bug lying in an authentication server by a well-known security company I'm testing. It appears all certificates signed by the server cannot have an expiry date of later than 19th Jan 2038. If not discovered early, this could cost us a lot of maintenance fee when the time comes close.

Mandriva 2010

Although Mandriva 2010 was released a long time ago, I haven't had the time to upgrade until now.

Just like the last time, I received the message that "the system could not be safely upgraded to Mandriva Linux 2009" (yes, it did say 2009, probably someone overlooked that trivial bit). Nevertheless, as a professional penguin tamer, I decided to take the risk and continued. This time the estimated upgrade time was 5 hours. But in the end it only took about 1 hour and a half.

Brilliantly, the new system booted smoothly without any problems. Time to see what this great new system has to offer ;)

Ubuntu 10.04 LTS

Ubuntu 10.04 LTS was finally released last week, and I just managed to upgrade it today. Unlike Mandriva, to upgrade Ubuntu, I needed to use the alternate CD image instead of the normal one.
The upgrade took about an hour, which was actually quite long for such a newly installed system. However, on the bright side, it could be done while the system was running.

The Ubuntu guys boasted about the 10 second startup time. And in fact, my new system booted really fast. I doubt if it's as fast as 10 seconds though :P

There's a very annoying problem with the new Gnome button layout: the minimize, maximize, and close button are moved to the top left of the windows, whichever theme you use. A guide to fixing that problem is available here: http://www.howtogeek.com/howto/13535/move-window-buttons-back-to-the-right-in-ubuntu-10.04/

Ubuntu

So I got a new laptop, and of course I installed another Linux distro on it. Ubuntu seems to be a very popular one now, so I decided to give it a try.

Gnome seems to have improved a lot since the last time I tried it on Fedora. After some modding it looks quite awesome now ;)

Another thing I like about Ubuntu is the free 2GB Ubuntu One space I can use to synchronize and share my data.

Is cloud computing really the way to go?

Some updates

So I updated my kernel to 2.6.29.1, however the computer failed to boot. Probably there were some changes in the system structure. I guess I'll stick with 2.6.27 for a little more.

On the bright side, I have finally managed to find a way to connect to vpn from my Linux box. At first I went through the trouble of installing the Cisco VPN client for Linux, but no matter how hard I tried it couldn't connect to the gateway. Next I tried OpenVPN, but it didn't seem to be compatible either. In the end I tried vpnc. It was impossible to get it to work using certificate authentication, however group authentication worked fine ;)

Now probably there'll be no big changes until Mandriva Linux 2010 comes out!

New challenge

So finally, a new challenge! As I mentioned in the previous post, it's about concurrency security. I've been too busy (and lazy :P) to put it all together but Gizmore did the job quite well. You can try the challenge here: http://www.wechall.net/challenge/quangcurrency/index.php

This challenge is just a small demonstration of the problem. In real world systems this could be a tricky bug neglected by most developers so probably you can find it everywhere, and if more people look into it there might be chaos. Maybe more demonstration will be coming soon ;)

2009.1

So Mandriva 2009 Spring Edition (2009.1) has been out for a few months, but I'm too lazy to update it. To be honest, I was quite satisfied with 2009, until recently when Yahoo changed their protocol and my old version Pidgin couldn't connect to their server anymore. A lame reason I know but that was the thing that helped me defeat my laziness and download the new image.

This time, instead of burning the image to dvd, I have decided to mount it locally and use it as an update media. Here's the command to add it to urpmi database:

$ urpmi.addmedia --distrib cdrom /mnt/2009.1/i586/
adding medium ""Mandriva Linux - 2009 Spring (Free) - main" (cdrom1)" before remote medium "Mandriva Linux - 2009.0 (Free) - Installer"
adding medium ""Mandriva Linux - 2009 Spring (Free) - contrib" (cdrom2)" beforeremote medium "Mandriva Linux - 2009.0 (Free) - Installer"

Then the pidgin update:

$ urpmi pidgin
To satisfy dependencies, the following packages are going to be installed:
 Package                        Version      Release       Arch
(medium ""Mandriva Linux - 2009 Spring (Free) - main" (cdrom1)")
libpurple0                     2.5.5        5mdv2009.1    i586
pidgin                         2.5.5        5mdv2009.1    i586
pidgin-i18n                    2.5.5        5mdv2009.1    i586
pidgin-plugins                 2.5.5        5mdv2009.1    i586
1.2MB of additional disk space will be used.
4.9MB of packages will be retrieved.
Proceed with the installation of the 4 packages? (Y/n) y

installing pidgin-i18n-2.5.5-5mdv2009.1.i586.rpm pidgin-plugins-2.5.5-5mdv2009.1.i586.rpm libpurple0-2.5.5-5mdv2009.1.i586.rpm pidgin-2.5.5-5mdv2009.1.i586.rpmfrom /mnt/2009.1/i586/media/main
Preparing...                     #############################################
    1/4: libpurple0            #############################################
    2/4: pidgin-plugins        #############################################
    3/4: pidgin-i18n           #############################################
    4/4: pidgin                #############################################

Unfortunately, the problem with pidgin was only fixed in version 2.5.7. So in the end I had to grab the latest version 2.5.8 off the Internet to get it done.

Maybe tomorrow I'll try updating the kernel next.

I'm still around

Hey guys,

There hasn't been any update for a long while. Work has been keeping me busy, and the rest of my free time has been taken away by Forumwarz, a browser-based RPG about Internet culture. As a security specialist, I even helped Evil Trout, the admin of Forumwarz, fix a lot of security vulnerabilities there.

During my time spent on Forumwarz, I got myself acquainted with Greasemonkey, a Firefox plugin that lets you run custom Javascript on websites to achieve certain tasks, and Prototype, an interesting Javascript framework that makes me think traditional Javascript is just a thing of the past :P

Another thing that attracted my interest is concurrency security. Concurrency-related problems could lead to nasty bugs in your system, data inconsistency, and even security breach. This issue has not been given enough consideration by security researchers, but I believe it cannot be underestimated. Maybe I will create a challenge based on it for everyone to enjoy ;)

jQuery calendar

If you use jQuery Calendar in your web page, never use "hasCalendar" as the css class. Because jQuery Calendar itself uses this as the marker to indicate that the textbox already has a calendar associated with it. I used this to automatically add a calendar to all textbox controls in my page, but it didn't work and it took me a while to figure this out.

Steganabara 1.1.1 - finally!

Hey guys,

I have been making some minor improvements to Steganabara during the years, but due to my laziness a new version has not been released until now. But today, an email from r0d pulled me out of the shadow and Steganabara version 1.1.1 is now ready! No new feature yet, but I am glad to announce that the drag 'n drop feature has been supported for KDE 4.

As always, you can download this new version from my homepage. And of course, you should send me ideas for new features to make Steganabara the best steganalysis tool in the challenger world ;)

IBM's XML challenge - joke?

I got an email today about this XML challenge from IBM, which sounded very interesting. But I was quite disappointed.

After registering, I was taken to a MCQ quiz, with the answer to each question almost given out in the introduction text. Oh well.

Next I was provided with 3 contests: Video Mania, Query Challenge, and Programming Contest. I'm no good at making videos, and the programming contest was only available to students, so I started on the Query Challenge.

The query challenge was about pureXML, which could be summarised as some kind of combination between traditional SQL and XML into their database management system.

They launched a website: http://db2xmlcontest.morphexchange.com, which acts as a quick console for those who don't want to download the huge package called DB2 Express-C, but I quickly found it vulnerable to XSS.

After a hard time struggling through their online documents to find reference for some simple queries, I finally managed to reach question 4, in which I needed to find out which country has bordering countries in other continents. Well, have a look at a sample data file:

<?xml version="1.0" encoding="UTF-8" ?><country cid="1"><border_countries>China 76 km, Iran 936 km, Pakistan 2,430 km, Tajikistan 1,206 km, Turkmenistan 744 km, Uzbekistan 137 km</border_countries><population>31056997</population><area unit="sq km"><total>647500</total><land>647500</land><water>0</water></area><boundaries unit="km">5529 </boundaries><coastline unit="km">0</coastline><currency>AFA</currency><fiscal_year>
21 March - 20 March
</fiscal_year><ports_and_terminals>
Kheyrabad, Shir Khan
</ports_and_terminals><elevation_extremes><highest_point>Nowshak 7,485 m</highest_point><lowest_point>Amu Darya 258 m</lowest_point></elevation_extremes></country>

WTF?!!! It's XML, why do they have to store the bordering countries in a stupid string, which isn't even comma-separated? I could still do it anyway, using the power of regular expression in my favourite language. But to do it with a single query, there's no way I'm gonna dig through the poorly documented website just to find some stupid string manipulation functions to get the job done.

McAfee SiteAdvisor

Lol, have a look at this analysis of my website by McAfee: http://www.siteadvisor.com/sites/freewebs.com/quangntenemy

I suppose many people downloaded the FreeRice bot I wrote a long time ago and that's why they had my site tested for security :P

Yay for 2009.0

Hey guys, I'm back with a brand new operating system :)

After installing I encountered some bug with the display manager that made the keyboard stop working after a while so I needed to use KDM 3.

KDE 4 is awesome! Here's a screenshot:

I'm still a bit unfamiliar with the changes though :( I can't find the new hotkey for "Show desktop", which used to be Ctrl-Alt-D in KDE 3. The PrintScreen key doesn't seem to work, and I need to run the ksnapshot command to take a screnshot. The desktop setting to change the monitor gamma is gone, and I need to use the xgamma command. And more...

Let's try to tame this new penguin :)

Mandriva Linux 2009.0

Mandriva announced the official public release of Mandriva Linux 2009.0 yesterday. It's the first time in many years they've met their scheduled date! I am downloading it now. Wish me good luck!

Winzip password collision

I created this zip file for a word guessing contest at ForumWarz, using a strong password, "5be890c219b0a837600e5fbb7ae8a2505be890c219b0a837600e5fbb7ae8a250" (not insanely strong but I guess that's strong enough for an average user). But it got cracked easily using AZPR with a brute-force attack.

It turned out that you can unzip the file with a much shorter password "tdc4Dl" too.

Surprised? I knew that zip protection was insecure but never thought it was that terrible.

This paper has some more information about zip encryption weaknesses, but I'm too lazy to read something that long. Maybe rhican can enlighten me :)

HTTP Error 403.2 - Forbidden: Read access is denied

Today I encountered this stupid error on my server all of a sudden. A virtual website threw the stupid error message, while the others were still working fine.

The only clue I could find from the system admin was that he recently installed the crappy SharePoint stuff from M$.

After hours of searching on the internet, I finally found the solution to my problem here: http://objectmix.com/inetserver/285116-http-error-403-2-forbidden-read-access-denied-2.html#post1008979
Basically what happened was that the SharePoint installer screwed up some hidden metabase property named AccessFlags. On my server it was changed to 30215. I needed to change it back to 519 for it to work again.

What can I say? M$ sucks. As always!

Steganabara on Ohloh

I came over Ohloh today while looking at the subversion website for the new update. It looks like a pretty cool social network for open source developers and lovers.

At Ohloh you can promote your software projects and vote on projects you like. So I went on ahead and created a project page for Steganabara: http://www.ohloh.net/projects/steganabara.

If you enjoy this great steganalysis tool you should create an account there, add Steganabara to your stack, write reviews, and vote for it :)

There hasn't been any major update to Steganabara for quite a while. So if you have any idea for improvement, feel free to contact me.