Windows in XEN domU on laptop, using screen and VGA?

Posted on 2008-07-21 by Oliver

Does anyone among my readers have a clue whether or not it is possible to set up XEN in a way so it will pass control over the screen to a domU to which I want to assign it? It would be a nice scenario for having both Linux and Windows running in parallel on the same box while still being able to use all those 3D-features of the graphics card. But from what I found so far, it doesn’t really seem to be possible.

Apart from firewall/proxy scenarios it would offer some other creative ways of using the laptop.

// Oliver

Posted in EN, Software | Leave a comment

GoDaddy.com SSL cert …

Posted on 2008-07-19 by Oliver

It was a bit of trouble to get it done, even after my purchase was approved. But I have ît now 🙂

Here I just want to share the information with you, since the FAQ on the GoDaddy website wasn’t particularly helpful. I had chosen the multi-domain certificate for up to five domains. It was clear that besides the CN (Common Name) they’d allow me to enter the SANs (Subject Alternative Names). However, this didn’t quite work out. When I had created my CSR (Certificate Signing Request) and tried to submit it, the system refused it and referred me back to the tech support. Darn …

This meant waiting one more day as – due to the timezone difference – the problem would be handled only when it was night in my timezone again. Anyway, I got a reply. Now I had originally pasted my CSR along with the support request in order to help them figure it out. The CSR was complete (with the begin/end markers) so that could be ruled out. However, apparently the CSR parser over there doesn’t like if you enter the SANs already before submitting the CSR, so the final hint from the tech support came in handy: I’d be able to enter the SANs after submitting the actual CSR, so I should try submitting my CSR without SANs. Done – and it worked. So why isn’t this documented in their FAQ? Anyone could have done that easily. The challenging part was originally to get the SANs into the CSR.

But well, it works now. So if anyone else is using these multi-domain certificates from GoDaddy.com, this should help figure out the missing link that wasn’t in the online help 😉

// Oliver

Posted in EN, IT Security, Thoughts | Leave a comment

Two weeks after beta: IDA Pro 5.3 released

Posted on 2008-07-17 by Oliver

Those who haven’t heard the news, get your update now. Here’s a link to the update-request page.

NB: According to Ilfak, the debugger has seen major improvements.

// Oliver

PS: Don’t forget to get the new SDK and the support tools (FLAIR etc).

Posted in EN, Reversing, Software | Tagged | Leave a comment

Ziemlich effektiv

Posted on 2008-07-11 by Oliver

Der “Patch” den ich für mein GMX-Konto benutze hat sich als ziemlich effektiv herausgestellt. Alle 10min loggt sich mein Perlskript (es benutzt Mail::IMAPClient via SSL) bei GMX ein und sortiert alle Ham-Mails aus dem Spamverdacht in den entsprechenden Unterordner. Seitdem ist mein Spamverdacht lange nicht mehr so voll. Die paar (~50) Spam-Mails pro Tag sichte ich nur noch und das meiste fliegt ohnehin schon aufgrund des Titels raus.

Dank Regulärer Ausdrücke, werde ich vermutlich auch diesen Teil noch halbwegs automatisieren können.

// Oliver

Posted in DE, Software | 2 Comments

Nice work! Found hardware keylogger in a DELL laptop.

Posted on 2008-07-10 by Oliver

Read the full story here. DHS denying request under FOIA.

PS: If you read the scanned document closely, you notice the two times 8-digit “file number” which could be a date. If this was state of the art three years ago, what’s the state now? Let me guess, there are a bit more than DELL computers affected? … 🙄

Update: There are claims this was a hoax (from 2005). Let’s hope it was. Read here and here.

The sad part, it is actually not incredible enough to find out it is a hoax immediately. One comment on the first of the links reads:

I can not describe my desire to ridicule people who actually buy into this stupid bullshit. I’m even more outraged at people actually trying to prove other people that this is not said bullshit.

Seriously, what are the chances of someone actually getting away with this?

Well, who would get away with becoming US president without actually getting elected the first time, but getting a second term without being thrown out of office and this time even getting elected (although it also smelled fishy)?

Posted in EN, IT Security, Thoughts | Leave a comment

Very thorough anti-fraud department ;)

Posted on 2008-07-10 by Oliver

I just ordered a five-pack of SSL certificates at GoDaddy.com a few days ago because they have the best offer in that the price is nice and the browsers they cover are virtually 100% of all browsers. The remaining close-to-zero doesn’t need to visit my websites anyway 😆

When paying the thing, I registered with my German postal address, simply because the domains (for which the SSL certs are intended) are registered on it as well. However, I paid the thing with my Icelandic credit card as it is more convenient for me that way, despite the unfortunate difference in the dollar rate (yes, also the ISK has plummeted) or the fact that a registration with my Icelandic (matching) address would have saved me the VAT. That brought the anti-fraud department onto the plan and I got a friendly mail in which I was asked to confirm the purchase and my identity. Due to the fact that I paid with a credit card whose billing address is in a different country than the address of my registration, they thought it was a fraud. I cannot actually think of any fraud where a domain in the hands of the payer (coincidentally the name on my Icelandic credit card is my name :mrgreen: ) could be abused in any way. I used the same email address to register at GoDaddy which you can also see on my contact forms 😉

Anyway, now it is kind of stalled. When requested, I sent immediately the front side of my national ID card as a scanned image, although I would have preferred a secure transmission in their customer area or so (which runs over https). After all, privacy was the reason to get SSL certificates in the first place. And now I can only wait. Everyone says they offer a swift service and the emails so far were pretty quickly exchanged. Also I have to take into account the time zone difference. Now that’s the hardship you get from being a world citizen 😉 … let’s see how this turns out.

Greetings to the GoDaddy.com anti-fraud department,

// Oliver

PS: And yes, I understand the skepticism and appreciate the concern. If someone would have used my credit card data to make a fraudulent purchase somewhere, this would hurt all parties except the fraudster. It’s just so damn inconvenient 😉

Update: Issue is resolved. A mail from support got lost on its way, that’s why it seemed to take so long.

Posted in EN, IT Security, Thoughts | 2 Comments

Saving the world?

Posted on 2008-07-10 by Oliver

Programs of a new type have been created by different companies recently. The first I am aware of was developed in 2006 and violated the GPL back then. More of them seem to be offered all the time.

These programs claim to save you from malware, just like AVs, only better and also for unknown threats. And indeed the idea is intriguing and I have heard of the first implementation – although more complete than the half-hearted solutions offered now – in 2005. That particular solution would move the Windows kernel into ring 1 and could then supervise it. In fact every process would literally see its own copy of the system. Process separation to the max.
Continue reading

Posted in EN, IT Security, Software, Thoughts | Leave a comment

From the G8 summit we learn …

Posted on 2008-07-09 by Oliver

… that nuclear energy comes to the rescue of the world climate. Even better. If you think thoroughly enough, it comes to the rescue of nature as well. While humans have managed to drive several species to extinction over time, dumping waste that will persist for millenia to come will ensure that through increased mutation (thanks to the radioactivity) the diversity in nature will flourish once again. Whether humankind will still inhabit Earth by then is more than questionable though.

// Oliver

Posted in EN, Thoughts | 2 Comments

GMX “patchen”

Posted on 2008-07-09 by Oliver

Jupp, richtig gehört. GMX hat zwar seit Jahren einen Spamfilter, aber sie haben es nicht geschafft reguläre Ausdrücke zu dokumentieren (scheint aber PCRE zu sein) oder einen Filter vor dem Spamfilter zuzulassen. Filterregeln ja, aber erst nach dem hauseigenen Spamfilter von GMX. Da der leider nicht sonderlich lernfähig ist und das Verschieben in einen anderen Ordner vom “Spamverdacht” aus den GMX-Spamfilter nicht zum Lernen animiert sondern quasi umgeht, wird der GMX-Spamfilter es auch nie begreifen. Dumm nur, daß es keinen Sinn macht, Mails als “Kein Spam” zu markieren da dies automatisch die Mail in den Posteingang verschiebt und eben nicht nochmal durch die Filterregeln laufen läßt. So ist es denn so, daß ich seit Jahren meine Mails von den Mailinglisten NTDEV, NTFSD und WINDBG – über die ich übrigens noch nie Spam erhalten habe – brav aus dem “Spamverdacht” in den vorgesehenen Ordner verschiebe. Ähnliches gilt für Mailinglisten von CVSNT, ReactOS und Security Focus und so weiter und so weiter.
Continue reading

Posted in DE, Gedanken, Software | 4 Comments

Are they allowed to tell the truth like that?

Posted on 2008-07-08 by Oliver

Read and judge yourself: Intellectual Property Regime Stifles Science and Innovation, Nobel Laureates Say.

Posted in EN, Thoughts | Leave a comment

Two years …

Posted on 2008-07-07 by Oliver

The blog exists for two years now. Amazing it’s still active. :mrgreen:

Posted in /dev/null, EN | 2 Comments

DDKWizard demo video

Posted on 2008-07-05 by Oliver

I’ve created and uploaded a little demo clip about how easy it is to create a project with DDKWizard. (Hint: you need Flash enabled.)

If you want a higher quality and higher resolution, try this link! More instructional videos about DDKWizard and DDKBUILD will follow in future, if enough people are watching this one 😉

// Oliver

Posted in DDKWizard/DDKBUILD, EN, Programming | 1 Comment

“Sausage yourself” …

Posted on 2008-07-04 by Oliver

or “Pulsaðu þig” … can you read in places where you can buy the (in)famous Icelandic hotdogs. Creative use of the language.

While we’re at it. Pylsusinnep is called sinnep, i.e. mustard, but it just got some mustard flavour in it. Main ingredients: starch and water. 😯
I say: do not call this mustard!!! :mrgreen:

// Oliver

Posted in EN, Island/Iceland/Ísland | 1 Comment

Coming home late …

Posted on 2008-07-01 by Oliver

This is, what happens if you get home late in Reykajvík during summer. You look at the night sky and think, let’s go down to the sea and take a few pictures. The pictures were taken between about 00:50 to 01:00 local time (2008-07-01).

Note: All photographs are released into the public domain. An attribution would be nice, but is not required.
Anmerkung: Alle Fotos sind gemeinfrei. Nennung des Autors ist erwünscht, aber nicht erforderlich.

01.jpg 02.jpg 03.jpg 04.jpg 05.jpg 06.jpg 07.jpg 08.jpg 09.jpg 10.jpg 11.jpg 12.jpg 13.jpg 14.jpg 15.jpg

I hope you enjoyed the pictures just like I enjoyed the actual view. Feel free to share or spread them as you like. As mentioned above, they are released into the public domain. Of course I am not a professional photographer and my camera is not the best either, but I hope they are likable 😉

// Oliver

PS: If anyone needs the original resolution pictures, drop me a message (contact in the tabs at the top).
PPS: Since the pictures were taken against the backlight, they appear a bit darker than it actually was. But the colors still look vivid as in reality. The pictures of Höfði give you an impression how bright it still was – no flash was used.

Posted in DE, EN, Island/Iceland/Ísland | 8 Comments

Argh … mysqld giving me a hard time

Posted on 2008-06-30 by Oliver

First I killed one server (domU) by having log_bin turned on (and cluttering the disk drive with several GiB of logs), although I do not need replication. Then I ran out of memory with mysqld on the server on which this blog is, so the blog would complain about the lack of communication with the DB. And rightly so. Now I found the magic bullet. I uncommented the line:

skip-bdb

… and now mysqld behaves again. What the heck do I know, why this is enabled by default. Same for the log_bin one on Debian (Etch) as well. Once you comment out the line with log_bin, don’t forget to comment out expire_logs_days, max_binlog_size, binlog_do_db, binlog_ignore_db. Oh, and by no means forget to restart the MySQL daemon. On Debian:

/etc/init.d/mysql restart

// Oliver

Posted in EN, IT Security, Software | Leave a comment

Es hat sich ausgebloggt …

Posted on 2008-06-29 by Oliver

… für Gotts Blog 😉

Posted in DE | 2 Comments

Getting rid of SSH brute forcers

Posted on 2008-06-29 by Oliver

I am usually using different methods in a combination. In the sshd_config I declare AllowGroups with the group ssh-users. This group does never contain root. Furthermore I set PasswordAuthentication no and generally authenticate only by key. Root login is of course not allowed either, except in single-user mode (PermitRootLogin no). Of course root has a different key, which will only be used in emergency cases, i.e. in single-user mode. Martin F. Krafft, author of the Debian book, has a nice recipe for this (note, that there is an erratum on the book’s website). Set this in your /etc/inittab:

sh:S:respawn:/usr/sbin/sshd -Do 'AllowUsers=root'

That will already keep out most attackers since they will try passwords most of the time. However, we can make it a bit harder for them. In order to achieve this, you just need a recent version of iptables. You will need the ipt_recent module of iptables installed as well. There are two programs coming with iptables, which can be used to save and restore the iptables rules. They are aptly named iptables-save and iptables-restore. We’ll use the latter one for our purposes. It allows us to declare rules and have them stored conveniently in a file. I usually call the file something like /etc/firewall.conf, but that’s a matter of taste.
Continue reading

Posted in EN, IT Security, Linux | Leave a comment

Beware the msvcrt.dll

Posted on 2008-06-28 by Oliver

As noted previously, the msvcrt.dll got the state of a system library and is thus included in systems from XP up. On earlier systems you will have to have a particular service pack level or get the redistributable package with the suitable version of msvcrt.dll.

But be careful. I noticed that the build target system will define whether a newer functions in msvcrt.dll will be used. For example functions involved in exception handling. Several of these aren’t available in previous versions of Windows and thus the built binary will really only run on the target and later. Previously it was possible to target binaries for – say – Windows 2003 Server and yet be able to run it on earlier systems.

// Oliver

Posted in DDKWizard/DDKBUILD, EN, Programming | Leave a comment

Version numbers of DDKBUILD.CMD and DDKWizard

Posted on 2008-06-27 by Oliver

I have just finished moving all previous DDKBUILD.CMD and DDKWizard versions under version control – subversion, to be more precise. This means there will be a change of the way how the version number is represented. Currently we have the normal way of saying 7.1, 7.2, 7.3 … 7.10, 7.136 … and so on. Whenever a slight change was made, the changed version wouldn’t change the minor version number, but rather get appended an a, b, c and so on (1.1.2a …). This will change with the next version of these two products. The new version numbers are going to look like this:

7.2/r20 or 1.2.1/r42

The number behind the “r” is the revision number in my SVN repository. Eventually I will even open up the respective repositories – but there are some technicalities I need to resolve first.

// Oliver

PS: Yes, I am working on the new version(s), including considerable updates to the DDKWizard manual.

Posted in DDKWizard/DDKBUILD, EN, Programming | Leave a comment

Prick passing chain – unpleasant questions

Posted on 2008-06-26 by Oliver

… at work or elsewhere, how often have you met those guys who pretend they can do things they don’t even have a clue of?

  • How often did such a person not only lie but hold you ransom by initiating ideas without following up on them? Did you and others have to fix it? How much of your efforts were rewarded? Who got the fame in case of success? Who got the blame in case of failure?
  • How often has the person posed as an expert and how many personal fans does he have?
  • How often has this person changed jobs?
  • How much does that person exaggerate in every single aspect of life?
  • How does the person’s expertise compare to the actual knowledge when caught without prepared presentation and lit projector?
  • How many jet packs does the person own?
  • How many incognito visits from leaders of foreign countries has the person gotten recently? How many visitors came in private jets?
  • How well does that person speak English?
  • How many photo-realistic pictures has the person “rendered” without being able to explain technical details of the process or the result? How much of that was done on the two-graphics-chip machine he got for work?
  • How many books did the person claim to have written? How many of them does your book store have in the catalog? Has he used the name of actual experts to appear more knowledgable?
  • How many truck loads of bananas did the person order?
  • How many nights did the person spend in a hotel room for five thousand dollars a night (and off-topic: were there any hookers included in that price?)?
  • How often was the person CxO/VP of a company? How many of the CxO/VP positions can be found in the CV?
  • How often was the person a grunt worker? How many of those positions appear on the CV?
  • How much of the claims in the CV add up when checked with Google and other search engines?
  • How many companies has the person left out on the CV? How does the CV add up if you add the left out jobs?
  • Does the person like to show off with gadgets or company-financed goodies?
  • Does the person change internet nicknames whenever changing companies?
  • Did the person single-handedly improve the product of the company he worked for according to his and his fans’ accounts?
  • Was the person suspiciously productive when joining the company with all the acquired knowledge from the previous company but soon went out of … aah maybe you aren’t at this point just yet?!
  • Is the person the most important knowledgable expert in your company?
  • Is there something wrong in this previous item?

How much of all this could possibly be true? Does such a person exist?

Chances are, you are wondering whether we think about the same person. It’s a well-known game and it is your turn now. Good luck! You’ll need it …

PS: Never mind the spelling of the subject line, I am not a native speaker.

Posted in EN, Thoughts | 5 Comments