Talking with Herbert from Microsoft

At work I’m stuck with Microsoft Office XP Professional. My previous workstation was one that belonged in a museum (and now luckily is) and had no problems activating Office XP. With my new and shiny workstation (running Windows 7 Professional 64-bit), activating the software was impossible.

After some googling I found a forum with a post suggesting to contact Microsoft Support via chat. The following is my conversation with “Herbert” from Microsoft support…

(more…)

Apache Range header vulnerability script

I wrote an upgraded variant of the Apache killer script propagated on Full Disclosure capable of HTTPS requests. Also, other than its descendant, it can follow a server’s initial response for redirection which the original script interprets as the server not being vulnerable.

Script is available here: [Download not found]

This script merely checks for vulnarabilities but will not exploit them.

The whitespace of death

As the first entry to the list of my PHP-related WTFs, I present:

The whitespace of death

This one has taken me almost a full hour to sort out. There may be some good features to PHP, yet this one I don’t think is even one. It should be considered a bug. As my experience has grown in reporting bugs myself or trying to report a bug, I reconsidered and chose not to report it as a “bug”.

(more…)

yasco released

My first release of a project is yasco. yasco (yet another source code obfuscator) is a medium-weight Javascript source code obfuscator written in Perl.

yasco has been made available on Google Code. Details on the project’s page.