I think it is clear that my computer hates me. I left it on the night before last and when I looked at it yesterday I got the friendly “no operating system could be found” message. I didn’t freak out immediately as I have been the victim of cable gremlins in the past. After several hours of testing I concluded that the drive was indeed dead. It is recognized in the BIOS just fine but Spinrite (http://www.grc.com/spinrite.htm) and Western Digital tools both said the drive was dead. Spinrite indicated that there was a BIOS problem which leads me to believe that the problem is with the hard drive circuitry and not a physical platter problem. I have already gone to CompUSA and got another drive which I am using right now. This may delay some postings for a few days as it takes me some time to reinstall everything.
March 30, 2007
New Protocol Changes?
I first picked this up on Big Blue Ball in their newsletter (http://www.bigblueball.com/forums/yahoo-messenger-news/39852-yahoo-drop-support-y-messenger-7-5-april-2nd.html).
“As of April 2nd, 2007, we will no longer offer customer support for Yahoo! Messenger 7.0/7.5. We recommend that you upgrade to the latest version of Yahoo! Messenger. We will keep these help pages available online should you continue to use this version and have basic questions that these pages can answer.”
The administrators of Big Blue Ball speculate that this may mean another protocol change. I tend to disagree. The 8.x series of clients all use the same YMSG protocol as their predecessors. They may perhaps enforce the latest version of the protocol (15 vs. 12) but I don’t think this will make a great deal of difference as the authentication is identical. My guess is they are trying to make the Messenger Plug-Ins standard. Apparently a lot of developers and advertisers are writing plug-ins for Messenger and the support just isn’t there in earlier versions. Bottom line, I think it is about money from advertising not protocol changes.
More Install Problems
I just sent an email to Yahoo! technical support about the DEP problem. My best guess is that the installer is allocating a buffer in memory that does not have the execute bit set.
After disabling DEP I ran into another problem. The installer just plain crashes when I try to enter a different install directory. No errors, nothing, the window just disappears. I installed Yahoo! on the same machine and directory around two weeks ago so I guess Yahoo! upgraded the already buggy installer and added another bug. I ended up downloading the full file which Yahoo! makes it impossible to find. The full version can be found at http://download.yahoo.com/dl/msgr8/us/ymsgr8us.exe and I found the link at http://www.freakitude.com/2006/09/11/yahoo-messenger-8-full-standalone-installer/.
Off to send another message to Yahoo!
March 26, 2007
Massive Tutorial Update and the Original Trainer
I have published a massive seven new parts to the tutorials page! The new sections mostly cover the idea of how to create a booter program and if remote arbitrary code execution is possible through a booter.
Another great thing to check out is the code for the Yahoo! Trainer mentioned in the tutorial. This is the ancestor to the current YCC Trainer. I had forgotten but the original has a whole lot more features than the current. The big down side to the previous version is the code is not the best. The biggest reason that I started a whole new version is to make a solid learning tool. The original has a nice debug window that allows you to see all the packets coming in and going out, it can get your buddy list (usually), and you can even send IMs. If you are interested you should get it at http://www.ycoderscookbook.com/Files/Yahoo Login Sockets.rar.
March 25, 2007
Chat Sucks
Is anyone else having problem with chat. I haven’t fooled around with chat in a few months but as I try tonight it looks like a wasteland. YahElite took almost a minute so sign in and almost 3 to get to my usually chat room. Messenger also took almost as long. Had Yahoo just abandoned chat all together and make it a second class citizen?
Question of the Month
I just started a Question of the Month in the forums. The question for April is What Really Causes a Yahoo! Booter to work?
March 23, 2007
JavaScript Reframer Got Smarter
It looks like I finally got off my butt and fixed a site flaw that so many have complained about. When surfing in straight to a page other than the home page, the java script will no longer kick you out and make you start from home. The script that reframes the page is still there, just smarter. I would like to think Paul McFedries at http://www.mcfedries.com/JavaScript/reframer.asp for the code. I also added a link to OurChat forum.
I still need to get some more tutorials and fix the navigation in places.
March 21, 2007
Yahoo! Installers Behaving Badly
I just wiped my hard drive and I was installing Yahoo! Messenger when I was greeted by something not unusual but unexpected.
Image Removed
Above is the message Windows XP SP2 gave me when I tried to install Yahoo! Messenger using Yahoo’s own web installer. Since I have enabled DEP (data execution prevention) on Windows, I have seen a few of these pop up form time to time. What is unexpected is that a major software vender like Yahoo! allows this to happen. I thought for sure that with a user base as large as theirs, they would solve it very quickly, guess not. In the end I had to disable DEP, restart the computer, install Messenger, re-enable DEP, and then restart one more time. Nothing too big, just a gripe.
For those of you who do not know what DEP is, I have included several links below. DEP is a feature added into Windows XP SP2. It basically stops buffer overflows which has been the number one vector for computer exploits for the past 15 years. According to some (see Steve Gibson and Leo Laporte in Security Now!, episode 78 http://www.twit.tv/sn78) DEP is almost as important as having a firewall enabled on your machine. The downside is that unlike the SP2 firewall, DEP is not enabled by default. DEP may cause hassle on some older programs but it has actually demonstrated itself as a helpful security product on my PC (I will tell you about my adventures with PWDump2 one day).
Standard Microsoft Article:
http://support.microsoft.com/kb/875352
http://support.microsoft.com/kb/875351
TechNet Article:
http://technet2.microsoft.com/WindowsServer/en/library/b0de1052-4101-44c3-a294-4da1bd1ef2271033.mspx?mfr=true
Can Someone Get a Rootkit Certified?
It looks like the famous H.D. Moore is trying to get Metasploit Microsoft Certified for Vista in an article at physorg.com (http://www.physorg.com/news93262491.html). Apparently getting your software certified by Microsoft only costs $500 and is somewhat of a conveyer belt mindless system. The problem with this is Vista and XP, if enabled, only allows signed drivers to be installed. I suppose this is nothing new but having a signed driver gives the comfort of legitimacy to the users and in the case of Vista, gives legitimacy to the OS. Even though only allowing signed drivers is a good thing, it is not fool proof.
I think all in the security arena would agree that Metasploit is not a rootkit but I’m certain Microsoft would not like to have it certified. Maybe I should go ahead and get a few things certified while there is still a mad rush to be Vista compatible…
March 18, 2007
Reformatting
I have had an interesting week. During the first part I participated in the digital combat exercises. Our team done well and we placed second. At first I felt really bad but I found out that the winning team is professional pen testers so that made me feel a little better. The downside is my main computer arrived back at my house DOA. After a few days of tinkering and pulling components I finally got it back together. As I type this on my secondary computer I am reformatting my main computer. Hopefully this week I can start pushing out some more content to the site.
