Buy TrojanHunter at a discount! We’re currently running a promotion where you get $10 off TrojanHunter when yourder either a single computer license or a family license. This is a time limited offer that won’t last, so hurry if you want to save!
This is fascinating and well worth the watch (make sure you watch until the end!):
Hakin9 magazine has published a hilarious spoofed article about Nmap. Read all about it at http://seclists.org/nmap-dev/2012/q3/1050
So it appears that a build server at Adobe was compromised, and the criminals managed to make off with a code-signing certificate bearing a shiny “Adobe Systems Inc.” string.
The code signing certificate has already been utilized to sign malware. Adobe say they will shortly revoke the certificate and have it added to Verisign’s certificate revocation list.
Full details at http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html
Validating an email address using a regular expression can be tricky. If you wanted to follow the official RFC you would have to use the following monstrosity:
(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])
Obviously, that is a regular expression that is impossible to understand the meaning of, let alone a practical one to use in a real life web application. Consider that 99.9% of all email addresses use the following formats:
[email protected]
[email protected]
[email protected]
Throw in a few special characters that should be alloed, namely - . + and _ and we can create a regular expression to match almost any email address in use today. This is what we come up with:
[-0-9a-zA-Z.+_]+@[-0-9a-zA-Z.+_]+\.[a-zA-Z]{2,4}
This will match a character in the group [-0-9a-zA-Z.+_] one or more times, followed by an @ sign. Then we have the same group again, and a final dot followed by the top-level domain. We allow a top-level domain between two and four characters, upper case and lower case.
If you wanted to use this regular expression to verify an email address in PHP, it’s as simple as this line:
if (!preg_match("/[-0-9a-zA-Z.+_]+@[-0-9a-zA-Z.+_]+\.[a-zA-Z]{2,4}/", $email)) die("Invalid email address");
Enjoy, and leave any feedback you have in the comments section!
The recent 5.4 release of Foxit Software‘s proprietary PDF Reader addresses a DLL hijacking vulnerability that could be exploited by an attacker to compromise a victim’s system.
Read more at The H Security
Windows 8 is due to be released soon - the general release date has been set to October 26, 2012. In this post we will look at some of the new features of Microsoft’s latest operating system.
The big new thing is the Metro interface, a new user interface optimized for use on table PCs. Take a look at the screenshot to get a feel for what this will look like. If you’ve ever used a Windows Phone you’ll notice the similarities immediately.
There will be four major versions of Windows 8 available. These are:
The last one, Windows RT, is for use on tablet computers that use the ARM architecture (a special platform that uses a reduced instruction set processor). Windows 8 Enterprise and Windows RT will not be available for sale directly to consumers - the former only via volume licensing programs and the latter only if you buy a tablet computer with Windows RT preinstalled.
Metro design language
New applications using the new Metro design language will be available only through the Windows App Store. This move sees Microsoft adopting the strategy of Apple and their App Store. Developers will need to use a programming language that supports the new Windows Runtime application architecture. The applications will run inside a sandbox and will have restrictions on which APIs they can make use of. The full Windows API will not be available to application developers.
What this means is that many apps that could be developed on the old Windows API will not be deployable on the Windows Metro platform. For example, API calls such as VirtualAlloc() and VirtualProtect() will not be available to Metro applications.
New Features
Windows 8 features a new login screen. New login options optimized for tablet computers are a four-digit PIN and “picture password”, which allows you to login by drawing a gesture on an image.
Microsoft have also integrated with their Microsoft account to allow users to store data in the cloud, thus making files and personal settings available on any computer where users log in to their Microsoft account.
The new File Explorer replaces the old Windows Explorer and uses a ribbon-interface to make it easier for users to perform file and folder actions. File Explorer allows users to mount ISO, IMG and VHD files as virtual drives without the use of any third-party applications or drivers.
In summary, Windows 8 will be quite a shift from the old Windows XP/Vista/7 versions. Microsoft is moving towards a “walled garden” with their new Windows App Store. Whether this will ultimately benefit users and developers remains to be seen.
The blog is back online! Look forward to interesting posts very soon.
KISS My Firewall is an excellent firewall script for iptables. Unfortunately, it does not work out of the box on later versions of Fedora Core. Trying to run it, you’ll get the following error message:
Since the ip_tables, ipt_state, and/or ipt_multiport modules do not exist, KISS can not function. Firewall script aborted!
The reason for the message is that the files ip_tables.ko, ipt_state.ko and ipt_multiport.ko do not exist on Fedora, even if iptables is installed and working. The fix is simple. Go to line 140 in your kiss script file and comment out the following lines by adding a # hash character in front of them:
if [ ! -e "/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/ip_tables.$EXTN" ] || [ ! -e "/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/ipt_state.$EXTN" ] || [ ! -e "/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/ipt_multiport.$EXTN" ]; then
echo "Since the ip_tables, ipt_state, and/or ipt_multiport modules do not exist, KISS can not function. Firewall script aborted!"
exit 1
fi
After commenting these lines out the KISS script should run fine.
Today, the following email landed in our support mailbox:
Honourable trojan hunter. programs during the scan clearly shows that the magnifying glass does not reach the corners of pages. it is possible that computer viruses will remain in parts of the files?
The email had the following image attached:
It seems the user is concerned that files are not getting thoroughly scanned since the magnifying glass in the scan animation doesn’t completely sweep each file icon. Either that or he’s pulling our leg :)
