Sunday, Jun 14th, 2009 by
admin
Category:
Hacking Tags:
asm,
c,
debugging,
Hacking,
hacks,
howto
Recently I saw how this person was tired of how this 3rd party Skype plugin was crashing and decided to fix it without the source code.
I thought to myself, “its not really that hard or newsworthy, I’ve done it myself before.” Although it was for some obscure Korean MMO, it received a flurry of online response ranging from “I love you” to “I don’t trust this patch, and if I crash, everyone else should crash too”.
So here I will try to show you how to become a “leet hacker” that can patch unencrypted programs without the source code like the Skype guy, so commercial software companies can benefit from without paying you, and your screen name forever sung in ballads by traveling troubadours.
Read the rest of this entry »
Friday, Jun 12th, 2009 by
admin
Category:
Python Tags:
hacks,
howto,
Python,
security
Today I will show you how to clear passwords in memory with Python, a feat that many people consider infeasible.
You might ask, “why would I ever need to do this?”
- Your password might be in the section of memory called the swapfile, which will survive a reboot. Attackers could open that file and see your passwords in plain view.
- Cold Boot Attack: Computers use memory that “only lasts until the power goes out” because its cheaper. However, it actually lasts longer than that, especially if frozen.
- A hacker might gain access to your program (ie. buffer overflow). S/he then scans your memory and finds the passwords.
This is easy in C, but in many languages like Python, strings are interned. The consequence of this is that when you use a string, it will probably remain in memory even if you “delete” it.
Read the rest of this entry »
Thursday, Jun 11th, 2009 by
admin
Category:
Algorithm Tags:
Algorithm,
Math,
myths,
Python
I felt the need to write about this topic again. In my previous article, I received no less than 12 comments, all in a misguided effort to try to discredit the research showing that doing hash % prime does not result in a better distribution. (I also thank them in that they help make the analysis more rigorous)
JM: Assume by some stroke of bad luck that your primary hash function does not yield evenly distributed hashes, then computing the index by taking hash % bucket-count with bucket-count prime eliminates the most common cases of collisions.
The problem with this often cited argument is that somehow, using a prime will magically solve the most common cases. What exactly are these common cases? When did it become good science to automatically assume that it is common to output numbers that share a factor with the modulus?
Jason: Using a uniform distribution is the problem. A uniformly distributed set is going to hash nicely regardless of how many buckets you’re hashing into, assuming a decent hash function. You use a prime number of buckets to deal with the general case of an unknown distribution.
This is another often cited argument. The problem with this one is that hash functions are built specifically to have a uniformly distributed output. The test was not about the hash function itself. It was about the modulus at the very end.
- I = low entropy data (low randomness)
- H = Perfect Hash Function
- H(I) = high entropy data (high randomness) equal to random numbers
- bucket = (H(I) or random number) % m this is where the experiment is!
Appeasing the critics
Read the rest of this entry »
Tuesday, Jun 9th, 2009 by
admin
Category:
Hacking Tags:
Hacking,
web
HyperVM is a control panel for the Virtual Machine platforms: Xen and Virtuozzo.
Used by low-cost web hosts everywhere, its future is uncertain.
24 exploits were published June 4th on the popular exploits website milw0rm. (a zero, not letter o)
http://www.milw0rm.com/exploits/8880
Just yesterday it was reported by Times of India that the creator of the company behind HyperVM, K.T. Ligesh, hanged himself. You can find more details and his picture here and here.
Meanwhile, this is sending shockwaves throughout the hosting industry. The WebHostingTalk forum is buzzing with condolences and talk about replacements.
http://www.webhostingtalk.com/forumdisplay.php?f=103
However, it is too late vaserv.com which lost many websites.
Quote from S. Bhargava, the remaining LxLab employee.
As you know Ligesh was the sole owner of Lxlabs. I am not sure whether the company Lxlabs will continue to operate in future. I personally am trying NOT to let the products Kloxo and HyperVM die. Since we all know that the software has severe security vulnerabilities at this point, please avoid using them till we get more information about the future of Lxlabs.
Tuesday, Jun 9th, 2009 by
admin
Category:
Programming Tags:
languages,
php
PHP introduces the goto command in its soon to be released version 5.3.
http://www.php.net/manual/en/control-structures.goto.php
<?php
goto a;
echo 'Foo';
a:
echo 'Bar';
?>
It also comes with the warning:
It is not allowed to jump into a loop or switch statement. A fatal error is issued in such cases.
PHP is on track to be the worst widely used language ever.
Subscribe to the feed.
