Published on January 12th, 2012 by Hypn. Filed under hacks | 2 Comments
Twitter does something I consider to be poor security-wise… not renaming, or removing EXIF information from, uploaded avatar images. There are a few potential security issues around this, all of which I’ve personally come across:
- The image might be named with the person’s first and last name – potentially disclosing more information than they intended to in their Twitter profile
- Many people download their Facebook Profile picture to use on Twitter – Facebook renames uploaded files to include the Facebook user ID, allowing you to easily find their Facebook profile (as opposed to trying to search on their first and last name)
- If the original filename is unique enough you can often find other related pictures just by Goolging
- You can use something like Jeffrey’s Exif viewer to extract EXIF information from the image – often telling you what type of camera/phone the user has
Sure, they’re small things, but for anyone wanting to Social Engineer the target it could certainly help. The frustrating part: it would take only few lines of code for Twitter to prevent this, and it really is (in my opinion) a “best practice” they’re simply not bothering to follow.
Published on August 20th, 2011 by Hypn. Filed under hacks, programming | 2 Comments
There’s a (Windows) program I use that stores it’s data in SQLite files… password protected SQLite files… and I’d really like to take a look inside of them. I’ve tried looking for the password as an embedded text string, I’ve tried decompiling the .Net code (with Reflector – but it’s obfuscated), and I’ve tried attaching a debugger and stepping through tons of ASM code, but still haven’t been able to find the password.
During a mild case of insomnia I had another thought on cracking/bypassing SQLite password protection: what if (in the case where the app uses a .dll file, rather than statically linking the library) I just downloaded the SQLite source code, added “logging” of sorts to each of the main functions (“login”, executing queries, etc), compiled it, and replaced the application’s version with mine – the DLL would basically just output the database’s password for me, in plain text, perfect for opening it with something like SQLiteSpy :D
Published on August 18th, 2011 by Hypn. Filed under hacks | No Comments
I might be a bit late to the party, but I’ve just found out about SanDisk’s “2-in1″ memory cards, which I think are awesome. They look and work just like a regular SD card (think digital cameras, etc) but fold half of it down and it reveals a USB adapter, ready to be plugged straight in to your computer:
What’s so great about this, you ask? Well, I’d imagine it’s far easier to keep one of these in your wallet than to carry a flash drive around with you everywhere (and I prefer to keep my keyring as small as possible so I’m not fond of attaching a flash drive to it). It also has a hardware “read only” lock (at least judging by the pictures), so no more “autorun” viruses when plugging in to infected machines, and you could boot an OS off of it and not worry about becoming infected or backdoor’ed (at least not past a reboot) when visting places like Defcon ;)
Selling for $13 from Amazon (for the 2GB), I definitely think I’m going to get myself one!
Published on November 28th, 2010 by Hypn. Filed under programming, Ruby on Rails | No Comments
I’m busy converting a project of mine from PHP in to Ruby, and one of the things it needs to be able to do is convert a bunch of hex characters into a string (and vice versa)… which I wasn’t sure how to do, so I hit Google. As it turns out there seem to be several other people who’ve needed to do the same thing, without finding the answer they were looking for, so I got to trying to code my own functions and managed to come up with this:
# hex_to_string("486578546f537472") returns "HexToStr"
def hex_to_string(str)
returned = ''
for i in (0..str.length).step(2)
unless str[i].nil?
hex_chr = str[i].chr + str[i+1].chr
returned += hex_chr.hex.chr
end
end
returned
end
# string_to_hex("StrToHex") returns "537472546f486578"
def string_to_hex(str)
returned = ''
for i in (0..str.length)
unless str[i].nil?
returned += str[i].to_s(16)
end
end
returned
end
I’m still new to Ruby, and don’t really know what I’m doing, so please feel free to make any improvements or suggestions. You can find the latest versions of these functions on github: https://github.com/hypn/HexToString
Published on November 11th, 2010 by Hypn. Filed under PHP, programming | No Comments
I just found this gem, in some of our billing code:
$ci = $this->paymentMethod;
$cc['CC_CardType'] = $ci['CC_CardType'];
$cc['CC_Number'] = $ci['CC_Number'];
$cc['CC_ExpMonth'] = $ci['CC_ExpMonth'];
$cc['CC_ExpYear'] = $ci['CC_ExpYear'];
$cc['CC_Name'] = $ci['CC_Name'];
$cc['CC_Street'] = $ci['CC_Street'];
$cc['CC_City'] = $ci['CC_City'];
$cc['CC_State'] = $ci['CC_State'];
$cc['CC_Country'] = $ci['CC_Country'];
$cc['CC_Zip'] = $ci['CC_Zip'];
$p->loadCreditCardPayment($cc, $total, 0);
First it copies A ($this->paymentMethod) to B ($ci), then copies each value of B in to C ($cc), and then passes C to the function. That’s right, 3 copies of the same data, and 14 lines of code. One could also have just passed A to the function, as so:
$p->loadCreditCardPayment($this->paymentMethod, $total, 0);
It’s kinda like pouring a drink that’s already in glass in to another glass, then using a spoon to move the liquid in to a different glass, then drinking from that last glass… why not just drink from the glass it was originally in? o_O
Published on September 3rd, 2010 by Hypn. Filed under PHP, programming | No Comments
This is how NOT to comment your code:
#addCreditCard
function addCreditCard(){
… code removed …
//————————————————————————-
#addBankAccount
function addBankAccount(){
… code removed …
//———————————————————–
#deleteCreditCard()
function deleteCreditCard(){
… code removed …
//—————————————————————–
#deleteBankAccount()
function deleteBankAccount(){
… code removed …
Now I totally understand that for doc-generating programs, and certain IDEs, you’re meant to put comments above your functions describing them and the parameters use… but who does this (above)? Are you really so stupid that you need to put the function’s name in a comment above… the function’s name?
You, sir, should not be coding.
Published on July 15th, 2010 by Hypn. Filed under MySQL, PHP, programming | No Comments
I’ve just gotten word from the creators that USB Webserver 8 is out – long time readers might remember that I released an unofficial hacked up version a little while ago, you should definitely use this official version instead.
This release contains:
- Php 5.2.13
- Apache 2.2.15
- PhpMyAdmin 3.3.1-rc1
- MySQL 5.1.44
Published on November 25th, 2009 by Hypn. Filed under games, programming | No Comments
Here’s some retro geeky awesomeness… Prince of Persia source code notes!
Download (404kb)
Published on May 17th, 2009 by Hypn. Filed under MySQL, PHP, programming | No Comments
UPDATE (15 July 2010): An “official” version of USB Webserver 8 has been released, please use this instead of my “unofficial” version. You can download it from http://www.usbwebserver.net/
This is an unofficial updated version of USB Webserver. The original USB Webserver was created by http://www.usbwebserver.nl – but their site is currently down, and they haven’t released an update for a while.
This version contains:
Apache: 2.2.11
PHP: 5.2.10-dev (with GD and cURL)
MySQL: 5.1.30-community (with InnoDB)
It defaults to “English” (the original was “Dutch”), and you may need to change the ports if you have been using USB Webserver previously.
Download: “USB Webserver 8.0 (unofficial).zip” (17.6mb)
(and yes, I know the main USB Webserver screen still says “USB Webserver 7.0″ – ignore that :P)
Published on April 7th, 2009 by Hypn. Filed under PHP, programming | No Comments
I decided I wanted to start using memcached because it’s really awesome, but really struggled to get it working in Windows on PHP 5.2.3 because I couldn’t find the stupid “php_memcache.dll” file I needed (at the time of writing this, Pecl4Win is down… which happens to be where the official PHP documentation tells you to get it from – great).
Luckily I came across this blog post, which not only tells you how to to install the extension (adding 1 line to your “php.ini” file) but also linked to a PHP 5.2.* version of the it. I decided to mirror it, for anyone else trying to find it:
php_memcache.dll (49kb)
