Archive

Archive for the ‘Security’ Category

BREAKING: Sri Lankan team members injured in Pakistan after a shoot-out on the way to stadium

March 3rd, 2009 1 comment

Our beloved Sri Lankan cricket team has been attacked in Pakistan en route to their stadium in Lahore.

Masked gunman have opened fire on the Sri Lankan cricket team’s bus in Pakistan’s eastern city of Lahore, killing at least eight people and wounding six players, officials say.

Lahore police chief Habib-ur Rehman said 12 gunmen on Tuesday attacked the convoy near Lahore’s Gaddafi stadium with rockets, hand grenades and automatic weapons and were involved in a 25-minute shoot-out with the security forces.

They appeared to be well-trained terrorists. They came on rickshaws,” he told reporters.

Not sure if that was a small joke but its no laughing matter.

Video from Reuters is available here. Thus far its known that the following players are injured:

From The Guardian article:

The attack, in Gulberg, a upmarket area of the city, happened around 9am local time. The gunmen remain at large, having fled from the scene.

Police cordoned off the area, saying they would kill or capture the terrorists. The team had been travelling towards the nearby cricket stadium.

The top policeman in Lahore city force, Habibur Rehman, said that there were around 12 gunmen, at least some of whom arrived in auto-rickshaws.

“Because the police were protecting them (Sri Lankan team), we were the main victims,” said Rehman. “They (the gunmen) looked like trained people. The security provided was good.”

A rocket launcher and grenades were recovered from the scene. The Sri Lankan team, which was playing a test match against Pakistan in Lahore, is to be evacuated immediately.

“This was a planned terrorist attack. They had heavy weapons,” said Salman Taseer, who heads the provincial government as Governor of Punjab, arriving at the scene. “These were the same methods and the same sort of people as hit Mumbai.”

The Sri Lankan Cricket Team from January, 2009

From the Reuters Article:

The group blamed by India, Lashkar-e-Taiba, came from Pakistan’s Punjab province, whose capital is Lahore.

Pakistani stocks were down over 2.47 percent in early trade on Tuesday following the attack on the cricket team bus.

The Karachi Stock Exchange benchmark 100-share index was 2.47 percent, or 140.22 points, lower at 5,541.022 on turnover of 16.8 million shares by 10:40 a.m. local time (12:40 a.m. EST).

“This is not only an attack on the Sri Lankan team but on Pakistan as Pakistan is being put in isolation due to these attacks,” said Shuja Rizvi, director broking at Capital One Equities Ltd. “Who would want to invest then in Pakistan?”

What is the world coming to :(

{lang: 'en-GB'}
Share

The Googles doesnt like ‘ASP Debugger’

February 26th, 2009 4 comments

I had a friend ask me about an ASP Debugger today, so after talking for a little while I promised to email him a few things when I got back into the office. Just when I had a tick, I thought I’d google the bastard to see what results I’d find – as I havent done ‘classic ASP’ development for quite sometime – I shudder to think writing like that again.

Anyway, fired up a new window in firefoxy, CTRL+L, {TAB}, type in ‘ASP Debugger’ without the quote. What do you get?

What, you reckon I'm a virus? How dare you, just WHO do you think you are.

What, you reckon I'm a virus? How dare you, just WHO do you think you are.

What the, however this only occurs searching through the firefox where as the normal google search doesnt seem to worry.

{lang: 'en-GB'}
Share

[XKCD] Security, in The Real World.

February 2nd, 2009 4 comments

…and you know it.

{lang: 'en-GB'}
Share

Microsoft releases IE8 Beta 1 and ASP.NET MVC RC1

January 28th, 2009 No comments

Wow, what a stinking hot day today was, utter chaos on our public transport system (which they are explaining and not making excuses about just incase you got con’nexed into thinking that) so it was nice to spend some time on the beach like the rest of the crowd.

More importantly, news in the virtual werld is that Microsoft have released Internet Explorer 8 RC1 for everyone to test against. Essentially its now feature complete and will behave like RC1 at final RTM. So give that a go, if you were a tester you’ll be glad to know that your pre-RC1 copies will upgrade. You wont be able to install it on Windows 7 though!

If you want to peak Inside Internet Explorer 8 theres a good interview on Channel 9 with Dean Haachamovitch and Jason Upton.

Then, theres the release of ASP.NET MVC Framework RC1. See the release notes and take a look.

{lang: 'en-GB'}
Share

xkcd: I am an iDiot

January 14th, 2009 2 comments

{lang: 'en-GB'}
Share

Windows Server 2008 R2 Beta Download

January 11th, 2009 1 comment

Now that the road to downloading Windows 7 Beta 1 and finding a key for Windows 7 Beta 1 have been travelled by most, its time to look towards Windows Server 2008 R2 Beta.

This release contains some significant updates to the virtualisation hypervisor in Windows Server (Hyper-Vwiki) and will only be offered as a 64-bit release sporting 256 processors (with 32 processors in VMs).

{lang: 'en-GB'}
Share

Window 7: Information about the leaked build from WinHEC China

December 13th, 2008 No comments

Found an interesting run down of some information about the leaked builds of Windows 7 from WinHEC China by Robert McLaws. Theres also some juicy bits about the much loved boot-screen in the upcoming Windows 7 release.

{lang: 'en-GB'}
Share

Breaking News: BD+ Broken

November 2nd, 2008 1 comment

BD+ is the DRM system for Blu-ray discs, as Wikipedia puts it:

BD+ is a component of the Blu-ray Disc Digital Rights Management system. It was developed by Cryptography Research Inc. and is based on their Self-Protecting Digital Content concept. BD+ played an important role in the past format war of Blu-ray Disc and HD DVD. Several studios have cited Blu-ray Disc’s adoption of the BD+ anti-copying system as the reason they supported Blu-ray Disc over HD DVD.

One of the more humorous observations was that unlike DVD (which used DeCSS for its copy protection system) and AACS which powered the bulk of the HD-DVDs of the time that BD+ would uphold its protection for atleast the next 10 years. This may have been one of the key factors in the HD-Wars, but alas it seems someone  has found a way of traveling into the future and finding the break.

Oopho2ei (who claims is not a professional programmer :O) from the Doom9 forums along with a few others (bmnot, schluppo, Disabled, evdberg) have (it seems) successfully broken the BD+ protection scheme in a grand total of 5 weeks and 3 days (started on the 24th of August). They have restored the BD+ protected “The Day After Tomorrow”:

I am glad to announce the first successful restoration of the BD+ protected movie “The Day After Tomorrow” in linux. It was done using a blue ray drive with patched firmware (to get the volume id), DumpHD to decrypt the contents according to the AACS specification and the BDVM debugger from this thread to generate the conversion table. The conversion table is the key information to successfully repair all the broken parts in m2ts files to restore the original video content. This small tool was finally used to repair the main movie file “00001.m2ts” according to the conversion table.

To verify the correctness i compared my 00001.m2ts with the one AnyDVD-HD creates and they both match. The MD5 hash of this 30GB large file is in both cases “0fa2bc65c25d7087a198a61c693a0a72″.

Breaking the code is no simple feat, Oopho2ei and team has had to reimplement the VM that runs the BD+ protection layer and realises that there’s a fair chance that it could be blocked at a later stage and may phone-home:

There has to be some kind of firewall around the virtual machine which validates all communication between the ( potentially hostile ) content code and the outside world (traps and events). Part of the rules which are enforced by that firewall are the parameter checks on every trap call. It’s obvious that the traps and the event handling itself has to be carefully implemented. I believe this additional effort is necessary to prevent the content code from breaking out of it’s sandboxed environment and do nasty things like gathering user information and “calling home” when it detects an unlicensed emulator. So because these additional security measures make things more difficult i suggested to test this code first with the easy traps.

Even a guy from SlySoft (who makes the ever popular AnyDVD-HD product) chimes in early on but backs off after realising he could well get the sacker.

I’ll just say: due to certain properties of BD+, once you’re past a certain point, you can handle it pretty much without reversing – BD+ itself then helps you out – on any player

Actually you’d have to know how BD+ really works, to know what I meant (and even then you probably wouldn’t ).
But if I start unraveling that, I’d be finding myself looking for a new job by next week

Love this bit in one of Oopho2ei posts:

I would like to stress again that this project wasn’t intended to circumvent copy protection and promote piracy. This can already be done using commercial software like AnyDVD-HD. Instead this project was an attempt to enable users of open source operating systems (like linux) to playback their BD+ protected discs without having to use proprietary software. Furthermore only two movies “I Robot” and “The Day After Tomorrow” have been proven to be handled correctly so far. Obviously there is still a lot of debugging to be done.

Classy! Download a copy of the BDVmDbg build for educational reasons and try PortableBDVM which comes in C99 source form.

{lang: 'en-GB'}
Share

Going Deep: Inside Windows 7 with Mark Russinovich

October 29th, 2008 No comments

If you like discussions about deep internals you’ll most definately have subscribed to the Going Deep series on Channel 9. Today they just released a fascinating interview with Kernel Guru, Mark Russinovich – of Sysinternals fame, who is now a Technical Fellow at Microsoft. One of my favourite books would have to be Windows Internals 4th Edition, and reference it quite frequently. Cant wait for the 5th edition!!!

One very important change in Windows 7 kernel is the dismantling of the Spin Lock Dispatcher and redesign and implementation of its functionality into separate components. This work was done by Arun Kishan (you’ve met him here on C9 last year). The direct result of this great work is that Windows 7 can scale to 256 processors and enabled the great Landy Wang to tune Windows Memory manager to be even more efficient than it already is. Mark also explains (again) what MinWin really is (heck, even I was confused. Not anymore…). MinWin is present in Windows 7.

There are some really interesting topics covered in this video, especially the content behind the scheduler and the thread dispatcher.

Channel 9 Going Deep: Inside Windows 7

Download Offline versions: WMV | WMV HD | MP4 (iPod) | ZUNE

{lang: 'en-GB'}
Share

Determining Gender based on browsing history.

July 29th, 2008 No comments

An interesting bit-o-javascript posted by Mike-On-Ads that exploits an age old trick of leaking out the browsers navigated history. Armed with the info a cunning developer can workout what gender the viewer is.

The blog posting on the site explains the method used and allows you to try it out. Give it a ago and see how accurate it is :-)

Here are my results:

Likelihood of you being FEMALE is 34%
Likelihood of you being MALE is 66%

Site Male-Female Ratio
slashdot.org 1.74
theage.com.au 1.13

Damn, I knew I shouldnt be browsing SlashDot that much, atleast it wasnt Cosmopolitan or Womens Weekly (ooops!). Unfortunately, only my current session records the history as I clear my page history when firefox closes. I’ll have to try it again and see if it changes.

{lang: 'en-GB'}
Share