[SecurityRatty] tag: convert

Hand Grenades as Weapons of Mass Destruction

Wed, 01 Oct 2008 02:37:22 +0000

I get that this is terrorism:

A 24-year-old convert to Islam has been sentenced to 35 years in prison for plotting to set off hand grenades in a crowded shopping mall during the Christmas season.

But I thought "weapons of mass destruction" was reserved for nuclear, chemical, and biological weapons.

He was arrested in 2006 on charges of scheming to use weapons of mass destruction at the Cherryvale Mall in the northern Illinois city of Rockford.

Like the continuing cheapening of the word "terrorism," we are now cheapening the term "weapons of mass destruction."

The Commercialization of Anti Debugging Tactics in Malware

Mon, 29 Sep 2008 12:55:54 +0000

Commoditization or commercialization, Themida or Code Virtualizer, individually crypting or outsourcing to an experienced malware crypting service offering discounts on a volume basis next to detection rates of the crypted binary offered by a trusted online scanner that is NOT distributing the samples to the vendors? These are just some of the questions malware authors often ask themselves, while others distribute pirated copies of Code Virtualizer urging everyone to start taking advantage of commercial anti-reverse engineering tools to make their malware harder to analyze. Once again, just like we've seen before, a legitimate commercial application can come handy in the hands of the wrong people :

"Code Virtualizer will convert your original code (Intel x86 instructions) into Virtual Opcodes that will only be understood by an internal Virtual Machine. Those Virtual Opcodes and the Virtual Machine itself are unique for every protected application, avoiding a general attack over Code Virtualizer. Code Virtualizer can protect your sensitive code areas in any x32 and x64 native PE files (like executable files/EXEs, system services, DLLs , OCXs , ActiveX controls, screen savers and device drivers).

Code Virtualizer can generate multiple types of virtual machines with a different instruction set for each one. This means that a specific block of Intel x86 instructions can be converted into different instruction set for each machine, preventing an attacker from recognizing any generated virtual opcode after the transformation from x86 instructions. The following picture represents how a block of Intel x86 instructions is converted into different kinds of virtual opcodes, which could be emulated by different virtual machines.

When an attacker tries to decompile a block of code that was protected by Code Virtualizer, he will not find the original x86 instructions. Instead, he will find a completely new instruction set which is not recognized by him or any other special decompiler. This will force the attacker to go through the extremely hard work of identifying how each opcode is executed and how the specific virtual machine works for each protected application. Code Virtualizer totally obfuscates the execution of the virtual opcodes and the study of each unique virtual machine in order to prevent someone from studying how the virtual opcodes are executed."

With Cyber-as-a-Service business model becoming increasingly common, the entire quality assurance model in respect to malware is slowly maturing from individual malware crypting propositions, where the seller of the service is basically taking advantage of a diverse set of public/private tools, into DIY web services offering crypting discounts on a volume basis, and perhaps most importantly - improving the customer's experience by letting him take advantage of the inventory of crypting tools and bypassing verification services. Within the tool's inventory are naturally lots of (pirated) commercial anti-reverse engineering tools.

As we've seen before, whenever someone starts commercializing what used to be a self-selving process, others will either follow, or disintermediate their services by persistently releasing crypting tools for free in the wild. At the end of the day, it's all a matter of how serious they're about commercializing this market segment, and taking into consideration that a spamming vendor is offering malware crypting services "in between" the rest of the services in their portfolio, this underground cash cow is yet to prove itself in the long term.

Null Strings in ASP.NET Declarative DataSource Updates

Fri, 29 Aug 2008 11:42:47 +0000

I just spent about 15 minutes debugging a problem where a document was getting unexpected nulls where empty strings should have been. Indeed controls like the TextBox have code in them that allows you to set the Text property to null and the TextBox will convert that into an empty string. So it's a bit counterintuitive that the declarative data source works the opposite way by default.

When you use a declarative data source to perform a parameterized update that contains string parameters, consider setting ConvertEmptyStringToNull='false' on your elements, because it's true by default! In other words, if a text field contains an empty string, it'll be sent to your declarative data source not as string.Empty, but as null.

Now I don't know about you, but I don't like dealing with nulls if I can avoid it. Especially strings. Unless there's a clear need to have a null state, I avoid them like the plague not only in my database designs but also in my XML schema designs. Hopefully this helps somebody out!

Serializable XmlDocument

Mon, 18 Aug 2008 22:58:00 +0000

It's surprising that XmlDocument isn't marked [Serializable], because it's very natural to serialize one into a stream. I wanted to put an object into ASP.NET ViewState the other day, and quickly ran into this roadblock, because part of the object included an XmlDocument, which is not serializable. A quick search revealed that most people deal with this problem by storing a string instead. Indeed, that was where I started, but I quickly realized that there are multiple places in my code where I want to do this sort of thing, and I don't want to have to mess with it in each data structure that contains an XmlDocument.

So I put together a simple class that holds an XmlDocument and implements ISerializable and called it SerializableXmlDocument. I'm sharing the source code here in the hopes that

a) somebody will find it useful, and

b) somebody smarter than I am will point out how I screwed it up and help me make it better.

SerializableXmlDocument includes implicit conversion operators to make it easy to convert to/from an XmlDocument. It holds the actual document in a property called Value. This "isomorph" pattern is one that I picked up from Craig.

While writing this code, I also wrote a helpful extension method for getting a byte array out of a MemoryStream that is exactly the length of the data written to the stream so far (CopyUpToSeekPointer). So don't go looking in the docs for MemoryStream for this method :) This is obviously not the most efficient way to consume bytes written to a MemoryStream since it copies the data into a new byte array, but it's very convenient in many scenarios.

Here is SerializableXmlDocument.cs:

using System;
using System.Runtime.Serialization;
using System.Xml;
using System.IO;

namespace Pluralsight.Samples
{
    [Serializable]
    public class SerializableXmlDocument : ISerializable
    {
        public SerializableXmlDocument() { }
        public SerializableXmlDocument(XmlDocument value)
        {
            this.Value = value;
        }

        public XmlDocument Value { get; set; }

        #region ISerializable implementation
        public SerializableXmlDocument(SerializationInfo info,
                                       StreamingContext context)
        {
            byte[] serializedData = (byte[])info.GetValue("doc",
                typeof(byte[]));
            if (null != serializedData)
                this.Value = Deserialize(serializedData);
        }

        public void GetObjectData(SerializationInfo info,
                                  StreamingContext context)
        {
            byte[] serializedData = null;
            if (null != Value)
                serializedData = Serialize(Value);
            info.AddValue("doc", serializedData);
        }
        #endregion

        #region implicit conversion to/from XmlDocument
        public static implicit operator SerializableXmlDocument(
            XmlDocument doc)
        {
            return new SerializableXmlDocument(doc);
        }
        public static implicit operator XmlDocument(
            SerializableXmlDocument sdoc)
        {
            return sdoc.Value;
        }
        #endregion

        #region Xml serialization helper methods
        private static byte[] Serialize(XmlDocument doc)
        {
            MemoryStream stream = new MemoryStream();
            doc.Save(stream);
            return stream.CopyUpToSeekPointer();
        }
        private static XmlDocument Deserialize(byte[] serializedData)
        {
            XmlDocument doc = new XmlDocument();
            doc.Load(new MemoryStream(serializedData, false));
            return doc;
        }
        #endregion
    }
}

...and here's the CopyUpToSeekPointer extension method for MemoryStream:

using System;
using System.IO;

namespace Pluralsight.Samples
{
    public static class MemoryStreamExtensionMethods
    {
        public static byte[] CopyUpToSeekPointer(
            this MemoryStream stream)
        {
            // copy only the part of the buffer
            // that contains the serialized document
            long length = stream.Position;
            byte[] buffer = stream.GetBuffer();
            byte[] result = new byte[length];
            for (int i = 0; i < length; ++i)
                result[i] = buffer[i];
            return result;
        }
    }
}

...and here's a sample object that uses SerializableXmlDocument:

using System;

namespace Pluralsight.Samples
{
    [Serializable]
    public class Item
    {
        public string Name { get; set; }
        public SerializableXmlDocument Data { get; set; }

        public void Print()
        {
            Console.WriteLine("Name: {0}", Name);
            Console.WriteLine(Data.Value.OuterXml);
        }
    }
}

...and here's a sample program that creates an instance of Item, serializes it, then deserializes it, printing diagnostics along the way to show that it's working properly.

using System;
using System.Xml;
using System.Runtime.Serialization.Formatters.Binary;
using System.IO;
using Pluralsight.Samples;

class DemoProgram
{
    static void Main(string[] args)
    {
        XmlDocument doc = new XmlDocument();
        doc.LoadXml("text");

        Item item = new Item
        {
            Name = "Testing 123",
            Data = doc,
        };

        // print object before serialization
        item.Print();

        BinaryFormatter formatter = new BinaryFormatter();
        MemoryStream stream = new MemoryStream();
        formatter.Serialize(stream, item);

        byte[] serializedItem = stream.CopyUpToSeekPointer();

        Console.WriteLine("Serialized data (base64): {0}",
            Convert.ToBase64String(serializedItem));

        item = (Item)formatter.Deserialize(
            new MemoryStream(serializedItem, false));

        // print object after deserialization
        item.Print();
    }
}

Here's the output of the previous sample program:

Flame away!

Republican National Convention venue gets network makeover

Tue, 12 Aug 2008 20:00:00 +0000

What does it take to convert a hockey arena into a site that can handle the technology demands of the Republican National Convention? Roughly 25 miles of cabling, for starters.

Download Hyper-V RTM for WIndows server 2008

Thu, 26 Jun 2008 20:02:47 +0000

I converted my office fileserver to Windows Server 2008 (WS2008) a while back and I've never been happier - WS2008 is my favorite product ever. Nicely modular, pretty much everything turned off by default and some great tools for enabling just the components your need for a particular role.

There is one more step I've been wanting to take and that is to enable the Hyper-V role and convert my fileserver over to just one virtual machine on the box, so I can set up other VMs on the same box. Today, I was excited to see Microsoft Releases Hyper-V on CNET. Here is a summary of the key links (note that it is only available for the 64-bit versions of WS2008):

Check back with my and I'll let you know how things go and share any tips I have for what to do or not do, as well as my review of how easy/hard it is.

Regards ~ Jeff

Eleventh Hour Rescue for Phila. Network?

Tue, 17 Jun 2008 01:39:29 +0000

Local investors poised to assume control of Philadelphia Wi-Fi network: The Philadelphia Inquirer says two local businessmen will form a new company to create a for-profit service that will have a combination of fees and advertising support. One of the two was briefly the head of the non-profit Wireless Philadelphia that technically is responsible for the network; the other, a former Verizon executive. Their announcement is expected later today.

Can they succeed where EarthLink (and others) failed? Possibly. If they get the same deal that EarthLink previously offered, they're getting a lot of equipment for free and a quantifiable set of problems. I had written earlier it wasn't a good deal for Phila. to accept the network, but a private operator that's locally based and is trying to do good and get a return on its investment may be able to raise money and set more modest goals. Starting from scratch is a non-starter for any firm at this point.

What they desperately need to do if they acquire the network is immediately bulk out several critical square miles, convince the city to buy some service right away (point-to-point dedicated connections to replace wirelines comes to mind, but will an ex-Verizoner be able to convert municipal revenue that's going to his old employer without qualms?), and show that the network can work.

The advertising part is interesting. MetroFi has shown that their particular flavor of ad-supported Wi-Fi doesn't work. But their goal wasn't crossing a digital divide, and the Portland, Ore., network was never given high marks by local users as to its robustness and reach.

30 tech myths debunked

Thu, 24 Apr 2008 20:00:00 +0000

Go to the Start menu, click on Run and type "convert C:\windows mac_OS" and wait for 10 minutes and restart. This hidden command will convert your regular Windows PC into a Macintosh with Leopard. You didn't really believe this, did you? For the record, that is just plain impossible. But then, there are several myths floating around about PCs and gadgets that actually seem plausible. Some are just bad practical jokes (like e-mails saying Microsoft or AOL would donate money for every forward sent) while some are distorted facts. Even for a techie, it sometimes becomes difficult to tell fact from fiction -- so here is a collection of some popular misconceptions and our explanations to help clear the air.

Text to Speech to MP3 with the freeware program DSpeech

Wed, 23 Apr 2008 21:22:10 +0000

New Video:Text to Speech to MP3 with the freeware program DSpeech
This video is on Dspeech, a freeware tool that uses Microsoft's SAPI (Speech Application Programming Interface) to convert text to spoken word. What's special about it is it lets you make an MP3 of the text, so you can listen to it on your computer, in you car or on your MP3 player. It's great for listening to study notes.

As an unrelated side note, a friend of mine want's me to mention his humor page on celebrities, politics and gadgets. Hope you enjoy it.

Text to Speech to MP3 with the freeware program DSpeech

Wed, 23 Apr 2008 21:22:10 +0000

[SecurityRatty] tag: convert

Hand Grenades as Weapons of Mass Destruction

The Commercialization of Anti Debugging Tactics in Malware

Null Strings in ASP.NET Declarative DataSource Updates

Serializable XmlDocument

Republican National Convention venue gets network makeover

Download Hyper-V RTM for WIndows server 2008

Update for Windows Server 2008 x64 Edition (KB950050)

Hyper-V FAQ

How to Install Hyper-V

Eleventh Hour Rescue for Phila. Network?

30 tech myths debunked

Text to Speech to MP3 with the freeware program DSpeech

Text to Speech to MP3 with the freeware program DSpeech