Open source software security

Microsoft Takes My xBox And My $20

Microsoft, how do I hate you? My beautiful xBox 360, that I used to slaughter heathens, chat with my friends, and hear prepubescent boys swear like sailors died a few weeks ago after a brief and fatal struggle with e74. That is the red ring of death. I packaged up my console and shipped it off for repair. Three weeks later my xBox was returned to me!

Windows XP Service Pack 3

This past Tuesday (May 6, 2008) Microsoft made Windows XP Service Pack (SP) 3 available. Automatic updates should find and download this update. In reviewing the documentation I found that SP 3 does little to actually improve XP, but some bug fixes are included. It seems like the main gist of SP 3 is to add Vista compatibility. The official Microsoft release notes can be found at http://www.microsoft.com/downloads/details.aspx?FamilyID=68c48dad-bc34-40be-8d85-6bb4f56f5110&displaylang=en.

Overriding Windows DNS

Windows DNS queries annoy the hell out of me. Sometimes when I add a new DNS entry Windows simply refuses to find it. You query it using an nslookup and things are fine, but when you point a web browser at the location things just bork up. You can manually add entries to your hosts file by editing the file C:\WINDOWS\system32\drivers\etc\hosts. The windows hosts file works in much the same way as the /etc/hosts file on a *nix system. Windows checks this file *first* before consulting DNS to resolve names to IP addresses. This functionality is handy if you want to force a specific URL to resolve to an IP address independent of DNS. For instance, if you wanted to test out a site, but couldn't (or didn't want to) modify the DNS entry for that URL, one hacky solution is to simply modify your Windows hosts file. For instance, let's say I wanted to add a manual resolution for the domain test.mydomain.com. I could do this by adding the entry to the Windows hosts file like so:

Scripting GPG Encryption on Windows

Often times your Windows machine generates a number of files that you might want to encrypt. While storing these files on an encrypted drive is often a suitable solution, there are times when a file or folder level encryption is more utilitarian. Using GPG file level encryption allows you to distinctly identify files by filename while still protecting their content.

Adios Windows

So I finally kicked Windows to the curb at home yesterday. It's part of an ongoing experiment and my way of celebrating the Windows Vista release. Actually, I've been crushing on this project for my MCIT course at Penn and my home workstation keeps crashing. I get up and go to grab a snack and when I come back the machine has rebooted (and been so ungracious as to not even save any of my work). After this went on for several days I finally decided to investigate. Well, actually, that's a bit of a misrepresentation. I looked at what paltry logs Windows offers and they didn't have any clue. Occasionally I'd get a "Windows has recovered from a serious error." when I logged back in after the reboot.

Posting to MySQL with TextPad

I learned how to do something pretty nifty today and figured Id share. I own a copy of TextPad - meaning I actually paid for it because its just so darned useful. Id highly recommend it for anyone who has to do any work with text files on a windows machines. The fact that you can record macros alone makes it well worth the cost in my book.

Free AntiVirus for Windows

ClamWin is one of several free antivirus programs availabe for Windows. What makes ClamWin unique is that it is GPL software. This means that it is free, and open source. ClamWin runs in your system tray, and can perform regularly scheduled system scans in addition to scanning Microsoft Outlook e-mail, and allowing you to right click any file and select 'Scan with ClamWin Free Antivirus'.

Writing Windows Buffer Overflows

Writing a buffer overflow attack against a Windows program present several challenges that make it a bit more difficult than writing exploits on a Linux platform. In addition to not having popular tools such as gdb (the GNU Debugger) an attacker is faced with a closed box. Not only are most Windows applications closed source, but the operating system itself doesn't provide much transparency. When taken together this makes an attackers job fairly daunting.

Introduction

Installing Nikto on Windows

Nikto is a fast, extensible, free open source web scanner written in Perl. Nikto is great for running automated scans of web servers and application. Because Nikto relies on OpenSSL it is most easily installed and run on a Linux platform. The following tutorial will show you the many convoluted steps needed to install Nikto on Windows XP.

MS-DOS (Batch File) Shorts

I wrote this article to cover some shortcuts, tips, and batch files I've had to use over time at the MS-DOS command prompt. Topics covered include renaming directories, counting files, mounting a network share, and other tasks at the command prompt.

Microsoft Office Encryption 2003 and 2007

This article was designed to address some nagging questions about utilizing Microsoft Office encryption as well as compatibility issues between Office 2003 and Office 2007. There isn't a lot of good documentation online about the differences between Office 2003 and Office 2007 encryption schemes, but there have been some notable instances of weaknesses being pointed out in Microsoft encryption schemes.

Web Hacking Lesson 4 - File Include Vulnerabilities

PHP file include vulnerabilities are some of the most destructive that an attacker can exploit. By allowing an attacker to include remote PHP code in the compilation of your scripts, or by allowing the attacker to include arbitrary code from your filesystem, a web application can malfunction badly and lead to a system compromise. This article is the fourth installment of the Web Hacking Lesson series that accompanies a sample PHP/MySQL application that can be downloaded for live exercises.

Overriding Windows DNS

Quick instructions about how to modify your local DNS entries on a Windows system. This can be especially handy if you want to work on local IP addresses but utilize a name rather than a number. It also allows you to override DNS settings.

Mounting an NTFS Partition for Use in Mandriva

Linux workstations are often configured as multiple operating system booting machines. This means that the machine will often have separate partitions with various operating systems allowing the user to boot into Linux or Windows (or another operating system). It is ideal to use a data partition so that both operating systems had access to the files stored there.

GnuPG on Windows

GPG is the free, open source alternative to proprietary PGP encryption. It is easy to use and just as secure. Installing GPG on Windows allows you to encrypt files and emails as well as letting you examine and apply digital signatures.

Password Recovery on Windows XP

Resetting or decrypting Windows XP passwords is as fast as booting from a CD. With proper tools it is easy to recover forgotten passwords or reset the administrator password on a Windows XP system.

Installing Perl on Windows

A quick guide to installing Active Perl on your Windows machines, including instructions on how to download and install extra packages from CPAN.

MS-DOS Tricks and Shorts

A few simple tricks to that help to make life on the MS-DOS command prompt a little more livable, including concatenating files, creating files, and searching files.

Using the MS-DOS Command Prompt

A short instructional article on using the Command prompt. Some basic tools as well as a few tips and tricks I've found useful over the years.

Simple Windows XP Backup Script

The following was a quick Perl based backup script I could use to back up my working documents and projects to make sure I didn't lose anything if I experienced a random crash. Perl provides enough power and flexibility to be discriminating with respect to which files and folders I actually copy to limit system load.

MS Acces to Oracle via ODBC

Instructions on connecting Microsoft Access to Oracle using ODBC. Useful for transitioning users from local Access applications and databases to a centralized Oracle data repository.

Setting Up a WAMP System

A short guide to setting up an Apache, MySQL and PHP system on your Windows machine including common errors.

Unwanted Systray Items

The Windows system tray can give you a quick overview of programs running in the background on your machine. Sometimes you would like to disable those programs but there is no obvious way to do so. If right clicking the icon does not reveal options to disable the program you may have to resort to the system configuration utility.

NT Port Filtering

Instructions for using native NT/2000 features to implement a simple firewall.

NT Security Tools

A few good security tools for Windows, reviews, and links to download them.

Madirish Tutorial 11 (Brute Forcing)

Breaking in - using a brute forcer to find a username and password for the target system. This article uses brutus specifically (from hoobie.net) to break into a Windows 2000 FTP site.