Entries by christian

After a couple of requests about TrumanBox 0.1.03 which is available at trumanbox.s6y.org I would like to point you to trumanbox.sourceforge.net where you may find the latest development version provided via subversion. It has many new features and many parts of the code have been rewritten/-structured by Lothar Braun who continued development since July 2009. The only reason for keeping the version at trumanbox.s6y.org online is that it was pretty stable, when I submitted it as a result of my thesis work in July 2007.

As I have mentioned in my previous posting I have had a look at RFI attacks some time ago and planned to publish my results. Since those results were quite outdated we decided to alse collect come new data. Here one of my colleagues had a great idea, which he has also published on his blog. By proposing certain .htaccess configurations we allow others to easily protect themseleves from being rfi attacked while in the same time increasing our data feeds regarding RFI attacking attempts. By now we have put some more work on this and came up with a simple "rfi project" page where we also present some statistics. If you would like to contribute you can do so here. If there are any questions don't hesitate to drop us a line...

While enjoying my first coffee this morning I read about one "Quick RFI Analysis" Jose Nazario published on "The Arbor Networks Security Blog". This reminded me of some research I have been doing at the beginning of last year. Remote File Inclusion (RFI) is an attack usually exploiting vulnerabilities within PHP scripts, allowing to include PHP code from another (remote) server. Even though RFI is well known already for a couple of years it still seems to be an issue, particularly since, as Jose writes in his Quick RFI Analysis: "AV is rarely ever invoked". I am going to publish some of my results in this field as soon as I find some time...

In my last blog entry I have written about some problems I have had with FileVault because of having to less free disk space left. After that experience I found lots of comments reporting problems all related to FileVault. Hence I decided to turn off FileVault and use encrypted container files instead. Again lack of free disk space turned out to be a problem. Right after I triggered the decryption of my home directory by pushing the "Turn off FileVault" button I was prompted to free some disk space, namely almost 100 GB!!! This is the amount of free space the decryption process needs while turning off FileVault. Quite a lot, considering that the size of the whole hard drive is 250GB. Hence, I recommend to think twice before turning on FileVault.

Just a couple of days I have had a pretty anoying experience regarding File Vault. I have been working on a virtual machine within Paralles, when all of a sudden the machine paused with a pop-up window. It said something about too less space left on the hard drive and I should delete some files in order to continue, or then switch off the virtual machine. Thus I started deleting some bigger files. But still same pop-up appears and by the way it told me the amount of space left on my hard drive, which did not change, even though I deleted few GB of data. Hence I had no option and had to shut down the virtual machine without being able to save my work I have had done so far. The problem here: File Vault does not free space before you log out. Right after logging in again, the disk space was deallocated and I was able to continue my work. Even though I only lost work of the last half an hour before that happening, it was pretty annoying anyway...

Today, early in the morning, for some of us possibly rather the late yesterday evening, I received spam requesting "message disposition notifications" (MDNs). This was the first time I have seen that kind of technique in spam. More spam with the same kind of header fields I received later this day, made me wondering, if this is a new trend in spamming and if there are any further ideas behind? Any comments?

Last week I uploaded the result of my thesis - TrumanBox. Even though it is more than one year ago, I still get requests for the source code every now and then. Hence I uploaded a small website providing the source code and the corresponding thesis. Both can be found here.

On 16th of March I recognized some interesting spam, which I have not seen before in my inbox. Even though the spam email did not advertize any new product, the way of presenting the content was new: ASCII art. So one more approach in defeating content filters.Here you may find a screenshot of the particular part of the message body.