Redpill getting colorless?

Posted on 2006-11-05 by Oliver

Although I had posted this already at the malware research forum and received little feedback, I decided to prepare a brief research paper about this topic and post it here.

The topic is that the Redpill approach by Joanna Rutkowska does not seem to work reliably and the values retrieved in kernel mode inside a virtual machine (VMWare ) differ substantially from the ones retrieved in user mode. While calling SIDT in user mode was the rationale of the whole approach, it would not usually be expected that the results between user mode and kernel mode are different. Also the difference means that the approach is not generally applicable. Last but not least the Redpill approach failed for me on Virtual PC (see the paper).
Continue reading

Posted in EN, IT Security, Programming, Reversing, Software | 2 Comments

Spammers screwing around with postmaster alias

Posted on 2006-11-01 by Oliver

As required by section 4.5.1 of RFC2821, the RFC detailing the SMTP (Simple Mail Transfer Protocol), the postmaster alias (e.g. postmaster@domain.tld) is required on any system running an SMTP service. So far so good.

Having not gotten spam via my own SMTP, thanks to Greylisting I thought I was safe. But now spammers – scum as they are – resort to the very last method to spam valid addresses. Continue reading

Posted in /dev/null | Leave a comment

Got ’em back, LS :-P …

Posted on 2006-11-01 by Oliver

Backup is always good to have …

Yeah, found the stuff. Here is a screenshot of the article “Bragging Rights” referenced in this article from exactly 3 months back …

Last but not least the two articles – referenced here – about rootkits have been found on my 500 GB backup disk. I could pretend that I found them after only some days, but actually it took only about 10 minutes for the XP search to come up with the results :mrgreen:. Here are the files as an archive. Uncompress the file and watch them with the application that registered to view .mht (web archive) files. Enjoy.

// Oliver

Posted in /dev/null | 1 Comment

Lustiger Verschreiber bei Hetzner ;-)

Posted on 2006-10-31 by Oliver

Heute habe ich eine Email vom Hetzner-Support erhalten, in Deutsch und Englisch:

Am Mittwoch dem 01.11.2006 steht Ihnen auf Grund des Feiertages (Allerheiligen) in Bayern kein Support zur Verfügung. Der Notfallsupport kann wie gewohnt in Anspruch genommen werden.

Wednesday, 01.11.2006, wont be any support in bavarian, because of holiday (Allerheiligen).
Emergency support can be ordered normally.

Continue reading

Posted in /dev/null | Leave a comment

ROFLMAO

Posted on 2006-10-30 by Oliver

Have a look at this link:mrgreen:

// Oliver

PS: Yes, Germans actually have (some sort of what you could eventually call) humor 😉

Posted in /dev/null | Leave a comment

Des Rätsels (Auf)Lösung

Posted on 2006-10-28 by Oliver

Nachdem einige gerätselt haben was ich denn wohl in Island so treiben könnte, kann ich es jetzt ja verraten. Ich habe bei “FRISK Software International” (oder “Friðrik Skúlason ehf.” wie die Firma hier offiziell heißt) als Engine-Entwickler angeheuert. Wie es aussieht, kann ich auch meine Kenntnisse in Sachen Treiberprogrammierung nutzen und weiterentwickeln.

// Oliver

Posted in DE, Island/Iceland/Ísland | Leave a comment

Lost in Iceland, too

Posted on 2006-10-28 by Oliver

Thanks to Mike I am now lost in Iceland, too.

The weather has not been too nice in the last few days, but at least it has not been as cold as the name Iceland suggests either. After some problems I finally got my ADSL connection on friday. This means I can stay in touch with my family and others around the world without huge extra costs (although the connection itself is not too cheap either). Continue reading

Posted in /dev/null | Leave a comment

Cool: Lavasoft blog cleaned … (update #1)

Posted on 2006-10-27 by Oliver

Hi fellows,

today I recognized that LS has removed all stuff from the Lavasoft blog. Interestingly all of my blog entries (e.g. this one) have been cleaned up including the one to which I am referring here. Surely just a mistake or maybe because of “regular” cleaning. The funny thing is, that in the forums my blog entries had created some positive feedback – will the inverse hold now that the blog entries have gone?!?! Continue reading

Posted in EN, Lava-watch | 2 Comments

DDKWizard updated

Posted on 2006-10-22 by Oliver

Last night I worked on DDKWizard again and got it updated to support all current versions of Visual Studio .NET as well as the respective Visual C++ products and last but not least the Express version of Visual C++ 2005! Grab your copy at the DDKWizard website.

// Oliver

Posted in /dev/null, Programming | Leave a comment

Die Bahn kommt … manchmal auch am falschen Gleis an

Posted on 2006-10-22 by Oliver

Bevor ich am letzten Montag meinen Flug nach Island antrat, mußte ich natürlich irgendwie nach Berlin/Schönefeld kommen. Da bot sich “Die Bahn” einfach an. Also schaute ich im Internet nach den aktuellen Fahrplänen und guckte mir eine Verbindung aus. Der Umstieg vom Zug aus Forst nach Cottbus in den Zug von Cottbus nach Königs-Wusterhausen (KW) sollten von Gleis 3 nach Gleis 2 erfolgen. Man müßte also nur über den Bahnsteig in den anderen Zug “stolpern”. Continue reading

Posted in /dev/null, DE, Island/Iceland/Ísland | Leave a comment

“Das steht im Grundgesetz!” – “Das kann man ändern …”

Posted on 2006-10-15 by Oliver

Wieviel ist das Grundgesetz (GG) wert?

Heute sagte der Herr Otto (FDP) in der Runde bei Sabine Christiansen – welches ich, mangels Fernseher (ist schon unterwegs nach Island) in meinem eigenen Zimmer, zu gucken gezwungen war – auf den Kommentar von Herrn Ströbele (Bündnis 90/Grüne) hin, daß etwas ja so und so im GG stünde, daß man dies ja ändern könne. Ein sehr interessanter Einwand. Diese Arroganz der Politiker ist so beschissen, ich kann garnicht soviel fressen wie ich kotzen möchte. Continue reading

Posted in /dev/null, DE | 2 Comments

A “rogue state” commits its first nuclear test …

Posted on 2006-10-09 by Oliver

North Korea committed its first nuclear weopons test today. Oops, Mr. Bush junior, what now? Invade them or not? It’s a hard decision since the lifes of many US-Americans could be endangered – a horrible situation given the fact that a US-life is by magnitudes more valuable than the life of a North Korean citizen or the life of any non-US citizen.

Let me state it clearly: I condemn all nuclear weapons tests and usage Continue reading

Posted in /dev/null, EN | Leave a comment

So IE7 is coming. Who cares anyway?

Posted on 2006-10-08 by Oliver

IE7 is coming. But who cares? This company has given a sh*t on standards for the last 10 years, now all of us are supposed to fix our websites again just because they finally found out that there is a certain sense in standard-compliance? I don’t think so. On my website there is one single piece of special treatment for the old IE because it had a screwed box model – and frankly, I am excited how screwed it will look now that IE is going to be standard compliant :mrgreen: Continue reading

Posted in EN, IT Security, Software | 7 Comments

GEZ für Internet-PCs – warum ich nicht zahlen werde!

Posted on 2006-10-08 by Oliver

Abgesehen davon, daß ich quasi auswandere (ohne jedoch die Staatsbürgerschaft aufzugeben), würde ich unter keinen Umständen die GEZ-Gebühr für meinen PC bezahlen. Einer der Gründe ist schonmal, daß ich ganz simpel keinen der Streams (Audio oder Video) benutze oder zu benutzen beabsichtige. Abgesehen davon ist bei uns dafür gesorgt, daß wir in unserer Gegend mit unseren läppischen 56k-Modems ohnehin nicht in den Genuß von solchen Angeboten kommen, selbst wenn wir wöllten. Continue reading

Posted in /dev/null, DE | 7 Comments

Greylisting works amazingly well for me …

Posted on 2006-10-08 by Oliver

Yesterday I wrote a short comment about the Spamhouse case. Spamhouse is indeed very important as an antispam blacklist. However, for my server I can only state that since I moved to it (previously my domains were hosted together with other domains on a server managed by a German hoster) greylisting works amazingly well for me. In fact I did not have a single spam mail through my domains since I use greylisting. And not that you think I do not get many attempts from spammers – the frequency is something like one mail per minute.

Greylisting, however, eliminated all spam to these domains from my mailbox. It seems my mail provider does not use greylisting. Is it that greylisting requires a second connection attempt and that the mail queues of my mail providers SMTP would simply be too small to bear the spam and legit mail server connection attempts? It would really be interesting. Continue reading

Posted in Administration, EN | Leave a comment

Interesting view on the Spamhouse case …

Posted on 2006-10-07 by Oliver

… many people are blaming the judge in the US for Spamhouse’s problems. However, here is a different view on the case.

If you are not familiar. An US-based company has sued UK-based Spamhouse – well-known antispam fighters – because Spamhouse blacklisted the company’s domain as a spam source.

// Oliver

Posted in /dev/null, EN, IT Security | Leave a comment

Semesterticket der BTU Cottbus

Posted on 2006-10-03 by Oliver

Endlich (seit 2006-10-01) kann ich mein Semesterticket nutzen. Wie nützlich. Es gibt da nur kleinere Hindernisse, die aber all jene die nach Solidarität schrien und die zwangsweise demokratische Einführung des sogenannten “Semtix” forderten sicher nicht weiter stören werden. Continue reading

Posted in DE, Ich, der Zyniker | Tagged , , , , , , | Leave a comment

Using DDKWizard to create driver projects

Posted on 2006-10-02 by Oliver

Today I released a tool with the name DDKWizard. But before telling you some details let me rant about these other so-called “DDKWizards” a bit :mrgreen:. Let’s take this one first – it will create a project that lets you compile a driver with the Visual C++ compiler. What the heck? Don’t they know that the Visual C++ compiler is not supposed to be used to compile drivers?! After the NT4 and the W2K DDK (where VC6 had to be used for compilation) Microsoft has provided a compiler as a part of the DDK (and IFSKit, if you like). This is the only compiler to be used for drivers. Despite this problem – which all other wizards have – they do not really give you many choices to configure the project to your need and are limited with respect to the supported DDK(s) and so on. Continue reading

Posted in DDKWizard/DDKBUILD, EN, Programming, Software | Leave a comment

Gammelfleisch adé?

Posted on 2006-09-21 by Oliver

Wie’s aussieht, werde ich mich mal wieder aus dem Staub machen und Deutschland den Rücken kehren. Dann habe ich kein schmackhaftes Gammelfleisch mehr … aber dafür gibt’s hier Gammelrochen, Grönlandhai und verrußte Schafsköpfe 😉 … zum Glück aber auch Leckereien wie Skyr.

// Oliver

Posted in /dev/null, DE | 5 Comments

Brandenburger CDU ahoi!

Posted on 2006-09-16 by Oliver

Nehmen wir mal an, daß die Vorwürfe gegen Sven Petke Hand und Fuß haben …

… wieso zur Hölle (ups!) hat der Rest der CDU ein Problem damit? Schmeckt denen ihre eigene Medizin nicht? Ich meine mich zu entsinnen, daß es immer wieder die CDU ist, die auf die Privatsphäre der Bürger spuckt (na gut, die SPD auch mal hin und wieder). Auch Vorschläge ala “Fußfesseln für Schulschwänzer” kommen garantiert aus Richtung CDU oder von noch weiter rechts. Continue reading

Posted in /dev/null | Leave a comment