Today I get introduced to 2 good friends: the en2zh and zh2en. They both are very good translators which can translate english to chiness and vice versa.
Actually they are bots. A (ro)bot is a piece of software that acts as a chat contact and provide some fun or useful funtionality.
Just add en2zh@bot.talk.google.com and zh2en@bot.talk.google.com as a friend in Google Talk and send it a message to translate from English to Chinese and vice versa. You can also make more firends (bots) and there are 23 of them. See GoogleTalk for more information.
Apr 1, 2008
Mar 31, 2008
When FireFox 2.0 Meets with JavaScript
Just come across a Firefox extension, called FFsniFF. This is a NOT a password sniffer which can sniff password. See the reference links below for more information.
The question here is not whether it is a password sniffer or not, it is about how do I get rid of it once I installed since it is hidden from the FF Extension Manager? Chicken and egg problem.
Finally, I've no choice but to do it manually. Here's how I remove/disable it manually:
The question here is not whether it is a password sniffer or not, it is about how do I get rid of it once I installed since it is hidden from the FF Extension Manager? Chicken and egg problem.
Finally, I've no choice but to do it manually. Here's how I remove/disable it manually:
- Close your FF blowser and locate your FF user profile folder. Eg: %APPDATA%\Mozilla\Firefox\Mozilla\Profiles\[User Profile]\[random string].default\
- Go into subfolder "extensions\{66cdf40a-d0f2-46d0-abf4-eccba8205aef}\chrome". You should see a file called "ffsniff.jar"
- Find an unpacker (Eg. 7-zip) to unpack the "ffsniff.jar".
- Once unpack, go into "content\ffsniff\" folder and look for a file called "ffsniffOverlay.js".
- Edit the file with notepad. Goto the bottom (line 119), remark the line "hide_me();" with two slashes "//" (without the quote) in front.
- Save and close the file and put everything back to "ffsniff.jar".
- Start your FF broswer now and goto the Extension Manager, you should be able to see the extension called "FFsniFF 0.2".
- Now you can disable it.
- Disable FFsniFF Manually - J.Track
- http://jtrack.blogspot.com/2008/03/disable-ffsniff-manually.html
- FFsniFF Homepage
- http://azurit.gigahosting.cz/ffsniff/
- http://azurit.elbiahosting.sk/ffsniff/
- Vulnerability Summary CVE-2006-6585
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6585
- SecurityFocus
- http://www.securityfocus.com/archive/1/archive/1/454058/100/0/threaded
Mar 11, 2008
Image File Execution Options
Tags:
debugger
This is an old and interesting trick. See the reference below.
The "Image File Execution Options" is a registry key used to setup for debugger. To do so:
Start to smell something? Can we replace a well-known executable file with something malicious? For example, create a key for an antivirus and debugged by a malware.
Yes, you can. In fact it is a very common trick used by some malware to disable the well-known antivirus application. The main reason why this trick works is because Windows never verify that the debugger is truly a debugger.
Mark Russinovich and Bryce Cogswell use this technique to implement the "Replace Task Manager" feature of their Process Explorer utility. Get Process Explorer, enable the option in the "Options" menu, and check HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe - the debugger value points to procexp.exe.
What if I've two executable files pointing each other as debugger, like calc.exe and notepad.exe? What will happen then? Try yourself with this sample registry script:
The "Image File Execution Options" is a registry key used to setup for debugger. To do so:
- Start regedit.exe
- Goto HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- Create a key for your executable file. Eg. test.exe
- Create a new string entry under the key you created called "Debugger" and put full path to your debugger as the value.
Start to smell something? Can we replace a well-known executable file with something malicious? For example, create a key for an antivirus and debugged by a malware.
Yes, you can. In fact it is a very common trick used by some malware to disable the well-known antivirus application. The main reason why this trick works is because Windows never verify that the debugger is truly a debugger.
Mark Russinovich and Bryce Cogswell use this technique to implement the "Replace Task Manager" feature of their Process Explorer utility. Get Process Explorer, enable the option in the "Options" menu, and check HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe - the debugger value points to procexp.exe.
What if I've two executable files pointing each other as debugger, like calc.exe and notepad.exe? What will happen then? Try yourself with this sample registry script:
Some MSDN references:Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\calc.exe]
"Debugger"="c:\windows\notepad.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe]
"Debugger"="c:\windows\system32\calc.exe"
- Junfeng Zhang's Windows Programming Notes at http://blogs.msdn.com/junfeng/archive/2004/04/28/121871.aspx
- greggm's weblog at http://blogs.msdn.com/greggm/archive/2005/02/21/377663.aspx
- Image File Execution Options: Good, Evil, Fun at http://mygreenpaste.blogspot.com/2005/07/image-file-execution-options-good-evil.html
- Abusing "Image File Execution Options" at http://isc.sans.org/diary.html?storyid=4039
Feb 28, 2008
Top 10 of CIO Mistakes
Tags:
ism
Interesting article about the 10 mistakes that CIO consistently make to weaken enterprise security.
How many of them you find in your own company?
http://blackwhiteforest.blogspot.com/2008/02/cios-top-10-mistakes.html
Feb 16, 2008
Change Color for your BSOD
In case you don't know what is BSOD, see some BSOS through the ages.
In Windows 2000/XP/2003, each time the Windows Kernel crashes, a blue screen appears, giving the administrator some clues and information as to what has caused the error. This screen, because of its blue color and catastrophic nature, was nicknamed BSOD - Blue Screen Of Death.
Why blue - no one knows, but what I do know is the fact that the blue screen can be changed to a different color, thus creating your own YSOD or RSOD or even WSOD...
To do so follow these steps:
1. Hit Win-R (Run), and type "notepad %systemroot%\system.ini" (without the quote). Or you can run the command "sysedit" (without the quote).
2. In system.ini file, locate the [386enh] section in the file:
3. If not already present, create the following new entries:
and give it a value according to the following list:
4. Save SYSTEM.INI file and restart the computer.
If you want to test it (cause the system kernel to crash), try manual BSOD.
The reason behind this tweak is for people that have certain forms of visual impairment and are only able to use Windows when it is set to high contrast mode. This setting allows the BSOD to be set to high contrast colors as well, making it easier for the visually impaired to read the information in them.
Check this http://support.microsoft.com/kb/90740
In Windows 2000/XP/2003, each time the Windows Kernel crashes, a blue screen appears, giving the administrator some clues and information as to what has caused the error. This screen, because of its blue color and catastrophic nature, was nicknamed BSOD - Blue Screen Of Death.
Why blue - no one knows, but what I do know is the fact that the blue screen can be changed to a different color, thus creating your own YSOD or RSOD or even WSOD...
To do so follow these steps:
1. Hit Win-R (Run), and type "notepad %systemroot%\system.ini" (without the quote). Or you can run the command "sysedit" (without the quote).
2. In system.ini file, locate the [386enh] section in the file:
3. If not already present, create the following new entries:
MessageBackColor=
MessageTextColor=
and give it a value according to the following list:
For example, to have Red Screen of Death (white text):
- 0 = black
- 1 = blue
- 2 = green
- 3 = cyan
- 4 = red
- 5 = magenta
- 6 = yellow/brown
- 7 = white
- 8 = gray
- 9 = bright blue
- A = bright green
- B = bright cyan
- C = bright red
- D = bright magenta
- E = bright yellow
- F = bright white
MessageBackColor=4Note: Use CAPITAL LETTERS, i.e. F and not f.
MessageTextColor=F
4. Save SYSTEM.INI file and restart the computer.
If you want to test it (cause the system kernel to crash), try manual BSOD.
The reason behind this tweak is for people that have certain forms of visual impairment and are only able to use Windows when it is set to high contrast mode. This setting allows the BSOD to be set to high contrast colors as well, making it easier for the visually impaired to read the information in them.
Check this http://support.microsoft.com/kb/90740
Subscribe to:
Posts (Atom)