April 21, 2008 1:38 am by Markus.

Pretty interesting short-film: http://www.youtube.com/watch?v=bd4Gpi9ksXw

Posted in Society | Print | No Comments »

March 25, 2008 2:25 am by Markus.

I’m hosting a little phpBB installation and had some problems with the conversion script that comes with phpBB for the conversion of the forum. It seems that the timeout-values for PHP by 1and1 are set too conservatively. I found that adding the following lines to the “install/install_convert.php” file does the trick (credit for this trick) :

@set_time_limit(0);
@ini_set(’memory_limit’, ‘256M’);
@ini_set(’upload_max_filesize’, ‘128M’);
@ini_set(’post_max_size’, ‘256M’);
@ini_set(’max_input_time’, ‘-1′);
@ini_set(’max_execution_time’, ‘-1′);
@ini_set(’expect.timeout’, ‘-1′);
@ini_set(’default_socket_timeout’, ‘-1′);

Having the conversion script reload also seems to help a bit…

Posted in Fixing Stuff | Print | No Comments »

March 6, 2008 1:29 am by Markus.

An old security vulnerability in the Windows Firewire implementation has resurfaced. I wonder how long it takes until Microsoft figures out that if one can read/write arbitrary memory (including kernel-memory), then one can probably find encryption keys to “secured media content” …

Posted in Security | Print | No Comments »

February 28, 2008 10:46 pm by Markus.

I read an interesting article today about using psychological domain knowledge for improving recommender-system predictions. A very interesting idea…

Posted in Statistics, Machine Learning, Psychology | Print | No Comments »

February 12, 2008 1:24 am by Markus.

I was playing around with the VMWare player and an Windows XP image trying to establish a VPN connection with Microsoft’s VPN Client. It worked just fine, connected and then got stuck at “Verifying Username and Password”. After a while it aborted with a time-out error (was it error 638 or 721?). It turns out that GRE (General Routing Encapsulation) doesn’t deal well with multiple network address translations (e.g. using VMWare Networks with NAT and then my DSL-Router). It worked once I changed it to bridged network. This took me a couple of hours to figure out…

Posted in Fixing Stuff, Ramblings | Print | No Comments »

February 2, 2008 5:59 pm by Markus.

I had written long before I had a blog about doing copy protection the right way (read: so it requires some effort to remove it). With the more recent programing frameworks a couple of things changed. For one, all the new programing frameworks (.NET, Java) have cryptography support, which means it is far simpler to incorporate a license key scheme based on digital signatures. Personally I like using 512bit-DSA (Digital Signature Algorithm) for these purposes, because the key is long enough to stop amateurs from computing the secret key and short enough that a signature encoded as BASE32 could be typed in by someone. In the software you obviously only include your public key for verifying the signature of your license.

One issue with byte-code languages is that they are fairly trivial to disassemble (and produce very human readable code). Microsoft even included an MSIL Disassembler with .NET. Therefore the code needs to be obfuscated. One thing to try (not all obfuscater-programs support this) is to make the names as human-unfriendly as possible. Renaming classes to “A” and “B” is nice, but renaming them to “XfGkoAlPPqzz” and “XfGkoBlPPqzz” makes it even harder to read.

With a signature-based license key the hackers have only a few options left since they can’t write a key-generator. For one, they could patch a different key into the software for which they know the private key and generate signatures for this new key. It’s therefore important to use a hash of the real private key in some other ways in the program. For example, one could hash the private-key string with SHA/MD5 and use the result as a key for decrypting some data with a symmetric cypher such as AES. Another idea is to put the hash (or a checksum using the hash of some data and the public key) in some saved user data in order to prevent data-exchange between the cracked and legitimate versions of the software.

The second option is to find where the accept/reject decision is made in the program and to patch this comparison. Note that API-calls to the framework are fairly easy to find, even in obfuscated code. You should therefore have the API-call (for the crypto-functions as well as displaying any kind of error-message like “invalid license key”) far away from the comparison-operation so the hackers have to dig through more code. Also, I found that using a command-pattern makes for fairly unintelligible byte-code. Consider creating a class that encapsulates commands and has some Execute() method that can also return which command to execute next. Now, if you have a couple of commands in a List that are executed in a loop by invoking all the respective Execute() methods, then that is a bit harder to follow. Consider writing commands that can change entries in some global hash-table of strings, an If-Command, a Goto-Command, a MessageBox-Comand, a Verify-Signature-Command etc. With all those implemented, you can encode a little program by putting all those commands in a list. The important thing now is to encode the accept/reject decision (and one or two important parts of your software unrelated to the license-key) using the Command-Pattern, i.e. to write little programs in your “command-pattern-programing-language”. The If-Statement being used for the accept/reject will then be the same spot every other condition is tested in your code and can therefore not be patched without destroying other parts of the program. This forces the hackers to understand your command-pattern and to figure out what bytes they have to change to make this an unconditional jump. I found this fairly easy, clean and straight-forward to program (and debug) in a high-level language, yet fairly hard to understand in obfuscated byte-code.

Posted in Coding / Programming, Cryptography, Security | Print | No Comments »

January 8, 2008 8:34 pm by Markus.

After reading this article on Slashdot about NSI immediately registering every free domain that is searched for on their site, I went ahead and tried it myself. Indeed, seconds after searching for two random domain-names they were immediately registered (or locked). They even put a domain-parking page on it. Since this is all fully automated I can’t help but wonder what would happen if somebody were to search for all sorts of trademarked names, especially from companies that are fairly aggressive in suing for trademark infringements. I wonder if they thought about that …

Posted in Security, Ramblings | Print | No Comments »

January 7, 2008 10:22 pm by Markus.

Seems like I’m having a good start into the new year: some spammers are spoofing from-addresses from one of my domains. 1500 bounces is probably just the beginning …

Posted in spam | Print | No Comments »

December 11, 2007 1:37 am by Markus.

Just got back home from NIPS. The following papers I found pretty interesting:

• Random Features for Large-Scale Kernel Machines
• On Ranking in Survival Analysis: Bounds on the Concordance Index
• Efficient Inference for Distributions on Permutations

The workshop time I spend in the Learning Problem design and in the Security workshop. I also dropped by in “statistical networks” briefly, but there’s room for improvement in my current understanding of Gibbs sampling and the like. The consensus in the problem design workshop seemed to be that machine learning must become more modular. Also there was agreement that the application of machine learning in the real world requires some magic for transforming the problem into “features” and some more magic for transforming the prediction into something useful. It was stating the obvious a bit, however not much progress has been made in this area of making ML more accessible. I wrote about choosing the right features before, but currently it’s more of an art than a science. One thing I took from the security workshop was that features must be easily constructed (most detection apps must run in real-time). This means we are interested in features the attacker can hardly influence (think received-headers in Spam-emails that can not be suppressed), yet they must be easily to compute.

Also really cool was the “NIPS Elevator Process” joke-paper about hungry scientists on the way to lunch (don’t confuse it with the Chinese restaurant process) and the party crashers at the Gatsby party. Sophie and some friends of hers simply joined the fun. The fun part was people taking her random answers for her research topic seriously I got mistaken for one of the party crashers at one point, because I didn’t fit in with my clothing. I was actually planning on hitting a club in downtown Whistler, but didn’t get around to go in the end…

Posted in Data Mining, Machine Learning | Print | No Comments »

November 24, 2007 1:03 am by Markus.

I’m using many of the services Google has to offer, GMail being one of the many. I’ve noticed a couple of times now that when I logout from Google’s single-sign-on, but then go back to GMail (type in URL, not back-button) I’m still logged in despite that the Google main page or any of the other services. I can even access all sorts of old email so it’s not some strange cache-issue. I can’t quite reliably reproduce it, but it happens somewhat frequently.

I’m wondering whether Firefox does something strange in the way it clears cookies or does Google use an extra authentication-cookie for GMail that is not always deleted.

Posted in Security | Print | No Comments »