SANS Internet Storm Center - Advanced obfuscated JavaScript analysis
Topic: Technology
7:08 pm EDT, Apr 9, 2008
When we got contacted by ISC reader Greg in Hungary, whose web server had been hacked and adorned with a couple of obfuscated JavaScript files, we expected a variant of the "nmidahena" injection and a closed case. JavaScript is an interpreted language, and while the obfuscation attempts we see are getting more creative, the scripts can usually still be coerced quite easily into divulging their secrets. ISC handler Lenny Zeltser teaches the SANS course on malware analysis, and ISC handler Bojan Zdrnja wrote the portion on JavaScript analysis for that course, so we are usually able to make short work of bad stuff.
Cool example of self-defending javascript malware.
What Software Development can learn from Formula One
Topic: Technology
10:52 am EDT, Mar 23, 2008
The F1 World Championship started in 1950. Early years were notoriously dangerous, including spectators who stood on the kerb of whichever road it was they were racing down. Essentially it was all-or-nothing: if everyone kept on the track, no-one got hurt; if someone went off then lack-of-limbs was the best case scenario. ... So what has this got to do with software? Well, I think there are direct parallels; the history of software is very similar. Thankfully, very little software is responsible for life-and-death issues, although there has been many instances of deaths being directly attributed to faulty software; the failures of software are mostly financial. Money is lost due to either: a) projects being abandoned or significantly over-running; or b) faulty or inefficient software in production. ...
So, how can the software development process improve? How did Formula 1 get to it's current very good safety record? The answer, isn't technical. Technology changes like HANS devices, etc., definitely have worked; but most of the shocking incidents of the 1970's and early 1980's were avoidable. They were caused by lack of preparation (e.g. fire-extinguishers around the track), or lack of communications (e.g. between cars and marshals).
1. Lack of complacency; no-one goes round saying "but why would two cars crash? You need to make a case before I can approve that new helmet".
2. Lack of buck-passing: Race control, from a safety point-of-view, is the ultimate responsibility of one man. He doesn't need to get approval from Bernie Ecclestone before calling out a Safety Car; he has the power. Whilst sporting decisions are made by a panel of stewards, safety issues are dealt with immediately. ...
The moral of the story: responsibility is meaningless without power. If you genuinely want quality, you have to have in your team a single "quality manager" - a person who will be rewarded or sacked based on the fitness-for-purpose of the end deliverable. And, which is even more important, this person must not be in a position where he can be over-ruled on quality issues by other managers.
We recently started taking that approach to quality assurance at work. A single QA person can stop a release. They no longer report to the development manager of the product they're responsible for assuring quality in. Hopefully this will mean less fiery, fiery deaths.
eEye Digital Security tomorrow will make its first foray into the Web vulnerability space -- with a new member of its Retina Security Scanner family that roots out Web application flaws. ... Retina Web Security Scanner officially ships tomorrow and list pricing begins at $6,995.
Irony is a new-generation .NET compiler construction kit. It utilizes the full potential of c# 2.0 and .NET Framework to implement a completely new and streamlined technology of compiler construction. Unlike most existing yacc/lex-style solutions Irony does not employ any scanner or parser code generation from grammar specifications written in proprietary meta-language. In Irony the target language grammar is coded directly in c# using operator overloading to express grammar constructs. Irony's scanner and parser modules use the grammar encoded as c# class to control the parsing process. See the expression grammar sample for an example of grammar definition in c# class, and using it in a working parser.
The Lenovo X300, The Macbook Air, and a Big Manila Envelope
Topic: Technology
10:17 am EST, Mar 2, 2008
Fits in a manila envelope like a hand in the OJ glove.
I would of bought an X300 last summer when I was shopping for a Thinkpad. I wanted a X-series but with higher screen resolution. Finally Lenovo offers what I wanted.
This Psychologist Might Outsmart the Math Brains Competing for the Netflix Prize
Topic: Technology
10:21 pm EST, Feb 28, 2008
At first, it seemed some geeked-out supercoder was going to make an easy million.
In October 2006, Netflix announced it would give a cool seven figures to whoever created a movie-recommending algorithm 10 percent better than its own. Within two weeks, the DVD rental company had received 169 submissions, including three that were slightly superior to Cinematch, Netflix's recommendation software. After a month, more than a thousand programs had been entered, and the top scorers were almost halfway to the goal.
But what started out looking simple suddenly got hard. The rate of improvement began to slow. The same three or four teams clogged the top of the leaderboard, inching forward decimal by agonizing decimal. There was BellKor, a research group from AT&T. There was Dinosaur Planet, a team of Princeton alums. And there were others from the usual math powerhouses — like the University of Toronto. After a year, AT&T's team was in first place, but its engine was only 8.43 percent better than Cinematch. Progress was almost imperceptible, and people began to say a 10 percent improvement might not be possible.
Then, in November 2007, a new entrant suddenly appeared in the top 10: a mystery competitor who went by the name "Just a guy in a garage." His first entry was 7.15 percent better than Cinematch; BellKor had taken seven months to achieve the same score. On December 20, he passed the team from the University of Toronto. On January 9, with a score 8.00 percent higher than Cinematch, he passed Dinosaur Planet.
I always thought the Netflix challenge would require less technology and more of that je ne sais quoi. This guy applies psychology to set theory with impressive results.
How Crypto Won the DVD War | Threat Level from Wired.com
Topic: Technology
9:31 pm EST, Feb 26, 2008
Support from studios has been widely cited as the reason for Blu-ray's victory, but few consumers know that the studios were likely won over by the presence of a digital lock on movies called BD+, a far more sophisticated and resilient digital rights management, or DRM, system than that offered by HD DVD.
That is interesting... But we all know that first there will be blu-ray software, second there will be blu-ray burners, third there will be blu-ray decrypters.
The Windows Client-Server Communication Protocols can be implemented in a range of server applications to communicate or interoperate with Windows-based client operating systems and other compatible server or client software. This document describes the technical relationships among these protocols.
Wiperless windshields in your future? Thanks, nanotech.
Topic: Technology
10:31 pm EST, Feb 24, 2008
The first layer protects from sun and repels water, the second layer features "nano-dust" to push dirt to the edges of the windshield and is activated by the third layer which senses the dirt, while the whole kit is powered by the fourth layer which conducts electricity to keep it going. The tech could be ready for mass production within 5 years, but there's already a working prototype in the Hidra concept car.
