Having Fun with Bugs

Ups :-)
It is a little bit embarrassing, but software bugs can also happen to me. Bugs in web applications can lead to something like that showing up in search engine results:

error message in search engine

That error message was caused by an flaw on how I handled the
input from the HTTP Accept-Language line, if it was missing my code run into the above error.

So, that example proves one thing - it is very hard to review and audit your own code for flaws and security holes.

21C3 Video Recordings

Wow, it finally happend - the video recordings from the 21th Chaos Communication Congress are in the Torrent! Just have an look at the offical BitTorrent tracker.

Well I have my own list of favorite talks:

  • 013 The Art of Fingerprinting
  • 019 Verdeckte Netzwerkanalyse
  • 057 SUN Bloody Daft Solaris Mechanisms
  • 070 Fnord-Jahresrueckblick
  • 074 Hacker-Jeopardy
  • 097 Das Literarische Code-Quartett
  • 105 Honeypot Forensics
  • 109 Anti-Honeypot Technology
  • 123 Gentoo Hardened
  • 146 Mehr Sicherheit fuer HostAP-WLANs
  • 176 Passive covert channels in the Linux kernel
  • 308 MD5 To Be Considered Harmful Someday

To play the videos I had to make some small adjustments to mplayer. The AVI-Files use H.264 as videocodec and AAC (MPEG4) ID 0x706D as audiocodec. To get the audio I had to register libfaad2 for the ID 0x706D to hear the audio within mplayer. But that was all I had to do.

Software Releases of the Week

Ok, here are some new Software Releases I stumbled into this week:

  • WordPress 1.5.1
    It is mainly a maintenance release with a lot of bugs fixed. To get the feeds working (RSS2 etc.) I needed to patch wp-blog-headers.php (see ID1323: Feeds return 304 when no new posts have been made Description Bug).
    I am using an paranoid setup with to different websites (wp-admin on localhost and only public stuff on the internet) I had to patch wp-includes/functions.php to reflect some changes for the get_settings('home'||'siteurl') function to get correct absolute URLs throughout the links.
  • Bugzilla 2.18.1
    No big deal in updating that, checksetup.pl a few times and guess what - after starting mysqld - bugzilla just worked fine :-D.
  • Gaim 1.3.0
    Hehe, the usual security issues CAN-2005-1261 and CAN-2005-1262 .
  • GNU ddrescue 1.0-pre1
    That tool saved my life several times during recovery from a bad harddisc. So make sure that you always have a copy of it on your rescue cdrom. It is much much faster than normal dd when it comes down to bad blocks.
  • Metasploit Framework 2.4
    If you have some time and some vulerable test systems you have to try that one out by yourself!
  • Rootkit Hunter 1.2.6
    *little bit ashamed* that tool was new to me, I used chkrootkit and AntiExploit before.
  • Clover 1.3.7 and Spike PHPCoverage 0.6
    Wow, two releases of test coverage software in one week, so if you have to perform some coverage analysis during for your tests you may want to check them out.
  • John the Ripper 1.6.38
    In case you lost/forgot your password John may help you to "remember" it.
  • Grand 0.7.1
    Got lost with your target dependencies in Ant? Grand uses Graphviz to produce some nice pictures for you.

A Webmasters Struggle

Well, if you ever tried to put a website on-line you know that doing so can be a really tiresome business. Starting by Webdesign which looks completely different in Internet Explorer or Mozilla Firefox. Going over to producing content that makes some sense when reading it.

I like to surf and read websites of companies doing similar business then I do. It is always quite interesting to see how different companies represent them self on the web. You get the really stylish websites with sexed up content. But it is like canned food, nice picture on the label but the food inside is already death. On the other hand you also get websites which may not have spend thousands of euros on webdesign and content, but you get the feeling there is some activity behind the curtain with content evolving over time.

In April 2005 my website got an average of 12 visits per day. To change that I decided to become one of the later websites. Lots of typos, bad design but more or less up to date content. So it will become a very interesting year to see how the traffic to my website will change in the next month.