perfect-co.de

While idly browsing pastebin (yes, sometimes I do that), I found something interesting. It’s some mildly obfuscated PHP scripted malware. Curious what it might do, I started reverse engineering it and found what must be the worst coded trojan ever.

Continue Reading

At work I’m stuck with Microsoft Office XP Professional. My previous workstation was one that belonged in a museum (and now luckily is) and had no problems activating Office XP. With my new and shiny workstation (running Windows 7 Professional 64-bit), activating the software was impossible.

After some googling I found a forum with a post suggesting to contact Microsoft Support via chat. The following is my conversation with “Herbert” from Microsoft support…

Continue Reading

I wrote an upgraded variant of the Apache killer script propagated on Full Disclosure capable of HTTPS requests. Also, other than its descendant, it can follow a server’s initial response for redirection which the original script interprets as the server not being vulnerable.

Script is available here: Apache Vulnerability Check (175)

This script merely checks for vulnarabilities but will not exploit them.

As of version 5.3 of PHP, certain features and functions are considered deprecated. It comes with the territory. In major version changes, new features are added while old stuff is discarded. Unsurprisingly – and lucky for me, with that change in versions comes yet another WTF for me to rant about.

Continue Reading

I recently installed V.J. Catkick@’s Twitter Plugin for WordPress. Shortly thereafter I noticed my HTML validator Firefox Plugin changing from a pleasing green check mark to a nasty red cross complaining about (X)HTML validation errors.

Continue Reading

Strong passwords are a necessity when it comes to securing almost anything. This article shows how you can go that extra mile to securing access to an OpenSSH enabled server using not passwords but by flashing a badge… Continue Reading

I seriously have to double-check my upgrading policies. Only thanks to WordPress’ new requirements have I decided to finally update this server.

Though I had to say goodbye to 526 days of uptime, I kinda feel better now knowing it’s not running on Debian Etch anymore.

Listening to youtube playlists for a long time can yield unexpected results…

While listening to the playlist “YouTube Mix for Vitalic”, after the transition from song 38 to 39, youtube showed me this:

Continue Reading

To those trying to install the new Debian Squeeze distribution and being owners of an Intel 82579V Gigabit Ethernet adaptor to which appropriate driver files are missing from the installation disks (I tried netinst and KDE-disk1), I present a compiled kernel module for AMD64. Continue Reading

As the first entry to the list of my PHP-related WTFs, I present:

The whitespace of death

This one has taken me almost a full hour to sort out. There may be some good features to PHP, yet this one I don’t think is even one. It should be considered a bug. As my experience has grown in reporting bugs myself or trying to report a bug, I reconsidered and chose not to report it as a “bug”.

Continue Reading