Iljas Blag

Dear reader,
After a while of arguing with the maintainer of the previous blog website (aslpage.be) it became apparent that the blogs there would continue to suck for a long time and hence I was forced to find a better place for a blog. (You might ask why I dont run blogging software of my own and use that, the answer is simple, I’m a lazy cunt).

I did a backpost of all my blogpostings and hence there is no need to ever go back to aslpage.be should you want to read my blog.

I added a note at the end of the backposted blog entries showing you when I originally posted them. (Made some minor adjustments tho, see the previous blog didnt allow me to change anything about the blog entry after it was posted, this was one of the many reasons why it sucked so hard).

Vuln. databases really suck. It would appear that the only skill a vuln. database maintainer has is that of copypasting. So if the vendor doesnt give decent information (and they rarely do) the vuln. database will also give you shit information.

While I find it sad that most vendors dont want to give out technical information regarding vulns to protect their weakest customers (ever heard of darwin’s law ?) I find it unacceptable that vuln. database maintainers wont get off their lazy ass and do something about this. osvdb, security focus, secunia, frsirt, securitytracker, …. they’re all the same.

originally posted on 2005-11-07 16:08:12

So I got up this morning, and one of my co-workers goes “I want to write an exploit for that snort bug”. I go to fd and bugtraq, but no news there about that bug yet. So I look at my copy of snort on my box and check the backoriffice code myself.

Within 2 minutes I spot the bug. OMFG, do people still make these kind of retarded bugs in 2005 ? it’s something like this:

void f(int fd) {
char buffer[1024];
size_t len;

read(fd, &len, 4);
read(fd, buffer, len);
}

Ok, so the actual code is a bit more complex (not much tho) but I think this gives people a good idea of the bug that’s in snort.

Sadly, one can only assume that more of these kind of trivial bugs are in snort ….

originally posted on 2005-10-19 10:15:44

So,
couple of days ago I went out eating with some people here in sydney and decided we should get a kangaroo pizza.

The meat is pretty damn good. It’s very soft meat.

We also got crock pizza, but I didnt like that at all, tasts sort of like a sea food + chicken.

Anyways, Later this month I’ll prolly try a skippy steak, it should be good.

Oh, so yea I did make to to .au (for those who read the previous blog entry). They called me back right when I was typing the previous blog entry and got everything worked out.

originally posted on 2005-10-09 17:05:34

So I was supposed to go to ruxcon.

Yesterday, I call the travelagent, requesting to book a flight for me to sydney. she found one (duh, i looked earlier on their website and told her to get that one).
She books it, and right when she’s giving me my reservation nr the line goes dead. Turns out my calling credit was all out. I HAD 30 euro’s on it prior to calling. Apparently it costs me 1.6 euro’s PER MINUTE to call from germany. WHAT A STINKING RIPOFF.

so I recharge my cellphone online (putting 75 euros on it this time) call them again. OFCOURSE there was a queue, so i was on hold for 15 minutes (at 1.6 euro’s per minute). Finaly I get a guy on the phone and ask about my booking. after some minutes the guy tells me that he can enable the booking, but that I need a visa,
which I didn’t have. So I tell him not to enable it and hang up.

I surf to www.eta.immi.gov.au and 2 minutes later I have a visa. Call up the travelagent (AGAIN), yay, again a queue (mind you, still paying 1.6 euro’s per minute).
A finaly get some other guy on the line, explain the whole story and tell him I now have a visa. and then he goes “but you want a one-way ticket, we cannot do that, not even if you have this ETA”, at which point I offer to also book a flight back, but for some reason the guy doesnt want to do that and tells me he’ll check if I can get a one-way flight and will call me back in 5 minutes. He never called back. So 20 minutes later, I call them up again, waiting in queue, waiting, waiting, … noone picks up. Apparently they close at 19h (while their website www.connections.be specifically states that they are open till 21h).

Next day, I call them up again (this time from a normal phone), after being in their queue for a while I get the same lady on the phone I had the very first time. I tell her everything that happend and ask for a 2-way flight to sydney as soon as possible. She finds one, and I ask her to book it. She then tells me that I have to pick up the ticket at their travel agency since apparently this airline she booked me on didnt have electronic tickets. I tell her that’s impossible since i’m not anywhere near where they are right now. She then tells me that she’ll try to arrange something and will call me back in 15 minutes. While I’m writing this blog it’s about 1,5 hours later and I’m still waiting …

Oh, also I can’t seem to get the phone here working again (so I can’t call them back from their) and I won’t call them back from my cellphone since that is obsenely expensive (1.6 euro’s). Also getting more credit on my phone online is really y since this is done thru credit card and I have one with what’s called a digipass. Obviously I don’t have it with me (since I’m not in Belgium right now).

WAIT, while i’m writing this blog they called me back.

stay tuned …

originally posted on 2005-09-29 17:30:14

had no idea, but apparently MacOS X comes default with a port scanner. How evil

you can find a screenshot of it at:
http://ilja.netric.org/files/portscan.jpg

originally posted on 2005-09-16 04:20:53

overflow in all ircII based clients
does that include bx? ;P
yep
* ms has quit (Quit: [BX] Reserve your copy of BitchX-1.1-final for the ColecoVision today!)

originally posted on 2005-08-29 21:14:59

I was just reading over some code and came across the following:

int len;
len = snprintf(buffer, size, something, someargument);
buffer[len] = ”;

I’ve seen this kind of code in quite a lot of projects and it’s flawed !!!

From the snprintf manpage:
”
The functions snprintf and vsnprintf do not write more than size bytes (including the trailing ”). If the output was truncated due to this limit then the return value is the number of charac­ters (not including the trailing ”) which would have been written to the final string if enough space had been available.
”

So this is obviously wrong and there is a potential buffer overflow !!!

I like the idea of “read but don’t believe” but this is even worse, it shows that people can’t (or don’t bother to) even read a manpage.

At one time I was working on a paper about return values and how pretty much everyone get’s it wrong. (don’t ask for the paper, it got shot down). This was covered in there aswell.

originally posted on 2005-08-27 23:57:35

oh btw man, you know how I have been sending those abusive
emails off to intel telling them how they will lose my business if I
dont get my intel books
well yesterday I got two boxes full

originally posted on 2005-08-23 05:30:35

Recently people have been looking for security bugs in COM objects that are easely expoitable and callable from IE. A couple of days ago I took a quick peek at it myself while preparing a lecture about fuzzing. A SHOCKING amount of bugs were found. 2 bugs were found within the first 10 minutes of messing around.

There have been almost 50 of these bugs reported and fixed within the last couple of months.

Like with everything, This will soon become an overfished fishing tank. BUT it’s not right now, if you want some quick IE 0day, go look, they’re not hard to find!

Anyways, I’m guessing adleast 1 guy at microsoft is spending lots of time with trying to find bofs in com objects. and that within a year sp3 will be released with loads of fixes for these issues.

Originally posted on 2005-08-18 13:35:11