Filipino Programmer | Philippines

Just another Filipino Programmer’s blog by Nick Fernandez III, on web development using PHP in LAMP framework and random information about everything I would tought interesting on and off the IT world.

Random Bytes:
The nice thing about standards is that there are so many to choose from.

Archive for the ‘Security’


iPhone Hacked?

Posted by filipinoprogrammer | 1,998 Views
Published July 9th, 2007 in Apple, Security | 1 Comment »

iPhone hype is all over, I have read and wrote a few articles about iPhone lately from the announcement to the release we can say that iPhone and Apple had lived up to its hype. In this article I will enumerate “iPhone Hacked” related stories, which is generating public awareness from the time of iPhone release date. Here are a few stories that caught my attention:

iPhone Independence
This blog claims that he could activate the iPod + WiFi capability of iPhone without the phone functionality of a unactivated iPhone. It means you can use your iPhone as iPod and a Wi-Fi device, without paying for AT&T’s two-year service plan. Jon Lech Johansen the DRM-hacking Norwegian programmer stated that :

Note that this application will not do anything unless you understand the magic numbers as well as add the hosts entry.

Since I iPhone is not yet available on my location, I could not confirm if this hack really works. Wondering what does the numbers mean? 

Magic iTunes 7.3.0.54 numbers:
Offset 2048912: 33C0C3
Offset 257074: 28
Offset 257013: 33C9B1

I assume this are hex locations of iTunes 7.3.0.54, you need a hex editor. For example offset 2048912 should be replaced by 33C0C3, and so forth. 

Add 127.0.0.1 albert.apple.com
to c:\windows\system32\drivers\etc\hosts

This is fairly simple, it means that instead of contacting albert.apple.com which is the activate server for AT&T and directing it to your local PC. The Phone Activation Server v1.0 is need to be installed along with MS .NET Framework 2.0 to emulate the AT&T server on your local PC.
(more…)

Bookmark This!

del.icio.us Digg Google StumbleUpon Technorati

PHP Image Exploit

Posted by filipinoprogrammer | 593 Views
Published June 25th, 2007 in Programming, Security | No Comments »

This exploit has been discovered which enables malicious users to upload valid PHP codes disguised is image files. Websites vulnerable to this attacks are website which accepts uploads of images, although this kind of exploit it is not exactly new, I am afraid some sites are still vulnerable due to bad security practices of their developers. Basically uploaded files are moved to a given directory. If the site then serves the uploaded images directly on their server, the malicious file can be executed via url.
The basic solution to avoid this problem is to either serve images only with actual extensions of image files (.gif, .png, .jpeg), or protect the upload directory to avoid direct requests to where the images are located.

Depending on your PHP setup, it may or may not be easy to protect your uploaded images directory. In Apache it can be done using a .htaccess file with lines like this:

<Files images>
deny from all
</Files>

Alternatively you can use other PHP functions to serve image files as images, and so, avoid triggering the execution of PHP scripts embedded in image files like these readfile.

$file = 'image.gif.php';
Header('Content-Type: image/gif');
readfile('images/'.basename($file));

Note the use of basename function to avoid injection of malicious paths. This way, only files from inside the images directory will be served, even if the original file named was forged to steal server sensitive files like /etc/passwd .

Bookmark This!

del.icio.us Digg Google StumbleUpon Technorati

MPack - The Italian Job

Posted by filipinoprogrammer | 1,749 Views
Published June 19th, 2007 in Security | 1 Comment »

Online criminals have recently launched a wide spread web attack, which turns legitimate websites into weapons, security vendor. The attack began late last week and by Monday morning, more than 10,000 Web sites had been compromised, according to security firms Trend Micro Inc. and Websense Inc. 80 percent of the infections are on Italian Web sites.

Almost all of the Web sites we saw this weekend were in Italy; We were referring to it as ‘Italian Job 3,’ in-house.

Most of the infected Web sites are legitimate, “These aren’t porn sites, they aren’t gambling sites; they are hotels, fish-and-tackle sites, tourist information”

said David Perry, global director of education with Trend Micro.

Even local Italian government Web sites have been infected, and most of the affected sites are hosted by one of Italy’s largest Web service providers

Infected Web sites contain a short piece of HTML “iFrame” code that redirects the victim’s Web browser to a server that attempts to infect the victim’s computer using a tool called “MPack“.

It is a piece of code, usually hosted on victim’s server, written in PHP. It uses a variety of exploits and automatically chooses which exploits are needed on each target computer. MPack creators call themselves “Dream Coders Team”.

Bookmark This!

del.icio.us Digg Google StumbleUpon Technorati


Filipino Programmer | Philippines
The views expressed here reflect the views of the author alone. 		HOME SUBSCRIBE WORK EXPERIENCE ABOUT ME


Filipino Programmer | Philippines © 2007 All Rights Reserved. Using WordPress Engine
Entries (RSS) and Comments (RSS).

Creative Commons License