-
Javascript regex quirk
When I’ve written the SMOG analyzer javascript I found a quirk of javascript and this recent post inspired me to share it: The javascript regex specification doesn’t have the s modifier. This is necessary when you want to match multiple lines with a construct like .*. The suggested workaround I found was to specify the…
-
A very cool idea!
I’ve been hearing a lot lately about a terminal emulator called “Terminator” for Linux, so I decided to give it a try. While looking at the authors site, I found the following posting: My new project: juicyD (maybe) The idea is simple, but has a stroke of genius in it: instead of burning CD’s, store…
-
Solution for the Ethical Hacker Network Challenge
As always, I’m publishing my submission to the latest Ethical Hacker Network Challenge (after the submission deadline of course). I believe that publishing all the solutions (rather than just the winner) creates a richer environment to learn from each-other. The basic idea came from me seeing tutorials to tunnel SMB over SSH, the difference being…
-
Good news!
To start off the new year on a happy note, take a look at a list containing some of the things accomplished in the fight against spammers during the year 2008: 2008: A Significant Year In The Fight Against Illegal Spammers
-
Detecting user-mode debuggers under Windows
The packer-unpacker game is a game that I disapprove of, however this doesn’t stop me from documenting a trick I remembered after reading the following blog post: Anti-Debugging Series – Part II. To detect if a user mode debugger is attached to your process, do the following steps: Allocate some memory with HeapAlloc. Write something…
-
Anonymous browsing is hard
From the “big fricking surprise department” comes the news that “private browsing is hard to implement“. Well, duh! Also, quite obvious: the biggest problem were “Flash cookies” – again, duh!, since they are stored outside of the browser, so there is not very much the browser can do about them. There are many ways users…
-
Java numerical calculation benchmark
Update: it seems that the JITting process has improved quite a bit these last years (which is to be expected), and the differences are much smaller (and in some cases in favor of Java). Also, the discussion below is to be understood in the context of trigonometric functions rather than floating point operations in general.…
-
Curious network infrastructure
I was doing a traceroute to 208.67.222.222 (resolver1.opendns.com) to see if I can figure out the reason for the initial startup delay and observed the following curious thing (this is on a DSL line from Romtelecom marketed under the “ClickNet” brand here in Romania): 1 13 ms 13 ms 13 ms … computer’s public ip…
-
Privacy risks of signed Java applets
Probably it is an occupational hazard, but when I’ve listened to episode #222 of the Java Posse (1/3 of the devil :-D) and they talked about a java applet do do screencasts, my first reaction was: is it possible to do this from an applet? isn’t this a privacy risk? The answer is: it depends…
-
A few tips for pshtoolkit
pshtoolkit is short for Pass The Hash Toolkit, and is a program (or rather a small collection of programs) written and released as OSS by CORE. Its basic use is to authenticate to Windows systems by passing the hash of the password – hence the name – rather than the password. Here are a couple…