Here's an old tweet of mine:
Why does it not appear when searching for WideCharToMultiByte:
What am I missing here? Shouldn't a tweet appear in the search result when using one of the the words from the tweet as a search term?
Some of my tweets are coming up in the search result though. For example, a search for freefixer shows some of my tweets.
Sunday, 31 May 2009
Friday, 29 May 2009
System Security - How a faked anti-spyware program tricks its way onto user's systems.
I ran into System Security a few days ago. This is one of many rogue anti-spyware programs that pops up a now and then. I've captures some screenshots to show how users are tricked into installing this application:
While browsing some web pages the following dialog from Internet Explorer popped up. It falsely claimed that my system needed a "anti viruses check". The system is 100% clean.
If you click OK, the following will appear:
The the observant user will notice the above is just a web page that, tries to mimic the user interface of Windows XP. Web pages cannot access the local disk to scan for malware files.
If you click OK, you will get another faked scan result:
If you click "Remove all", you will get the actual installation file (install.exe):
Now it get dangerous. So far, System Security has not been able to access the system. All scan results and warnings are just faked. But if you choose to install the file install.exe you are in trouble. System security will get access to your computer:
Now that System Security got access to the system it will start showing scan results and warnings, all for the purpose of getting you to buy the program:
Here it falsely claims that some keylogger named Lsas.Blaster.Keylogger is sending my credit card information to a remote server:
While browsing some web pages the following dialog from Internet Explorer popped up. It falsely claimed that my system needed a "anti viruses check". The system is 100% clean.
If you click OK, the following will appear:
The the observant user will notice the above is just a web page that, tries to mimic the user interface of Windows XP. Web pages cannot access the local disk to scan for malware files.
If you click OK, you will get another faked scan result:
If you click "Remove all", you will get the actual installation file (install.exe):
Now it get dangerous. So far, System Security has not been able to access the system. All scan results and warnings are just faked. But if you choose to install the file install.exe you are in trouble. System security will get access to your computer:
Now that System Security got access to the system it will start showing scan results and warnings, all for the purpose of getting you to buy the program:
Here it falsely claims that some keylogger named Lsas.Blaster.Keylogger is sending my credit card information to a remote server:
Thursday, 28 May 2009
Schedule Blogger Post
Wednesday, 27 May 2009
Viewing a Certificate Revocation List (CRL)
A certificate revocation list contains serial numbers for certificates that has been revoked. A revoked certificate should not be trusted. The revokation lists are available at each Certificate Authority, such as Verisign.
I had problems finding information on how to view the contents of a .crl file, so hopefully this will help you. To view the revocation list in plain text, you can use the openssl command line tool:
I had problems finding information on how to view the contents of a .crl file, so hopefully this will help you. To view the revocation list in plain text, you can use the openssl command line tool:
openssl crl -inform DER -in Class3Commercial.crl -text -noout
Certificate Revocation List (CRL):
Version 1 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /O=VeriSign, Inc./OU=VeriSign Trust Network/OU=www.verisign.com/
repository/RPA Incorp. by Ref.,LIAB.LTD(c)98/CN=VeriSign Class 3 CA - Commercial
Content/Software Publisher
Last Update: Apr 15 10:00:08 2009 GMT
Next Update: Apr 25 10:00:08 2009 GMT
Revoked Certificates:
Serial Number: 010E4C379581BA0566F7C99FB5924E20
Revocation Date: Nov 28 17:46:46 2000 GMT
Serial Number: 0110E0DF875EDB73D8F276C87615D025
Revocation Date: Sep 13 21:08:20 1999 GMT
Serial Number: 0118A8D557A89E6B3BBA6DFA5119C8D9
Revocation Date: Jan 25 21:37:21 2000 GMT
Serial Number: 012FADDC287FE873AF9771C160774F0E
Revocation Date: Jul 13 23:31:00 2001 GMT
...
Labels:
certificate revocation list,
crl,
openssl,
PKI
Is there any C++ syntax highlighter that outputs data suitable for pasting into a HTML document?
Anyone know of some tool that given a .cpp or .h file outputs data suitable for pasting into a HTML document?
What I want is something like this:
Input:
Output:
By having spans marking up the keywords, comments and other parts of the code, it's all about adding some CSS code to the stylesheet to have the c++ code highlighted.
What I want is something like this:
Input:
//My class
class A
{
};
Output:
<span class="cplusplus-comment">//My class</span>
<span class="cplusplus-keyword">class</span> A
{
};
By having spans marking up the keywords, comments and other parts of the code, it's all about adding some CSS code to the stylesheet to have the c++ code highlighted.
Tuesday, 26 May 2009
How to get the service pack number using the WIN32 API
To get the service pack number on a Windows machine you can call the GetVersionEx function and pass a pointer to a OSVERSIONINFOEX struct. OSVERSIONINFOEX has two members, wServicePackMajor and wServicePackMinor, which holds the service pack information.
Monday, 25 May 2009
How to block outbound connections with the Windows Firewall
The Windows Firewall for Vista and Windows 7 allows you to block outbound connections, something that Windows XP didn't. To block outgoing connections:
- Press the Start button.
- Open Control Panel.
- Click on Administrative Tools.
- Click on Windows Firewall with Advanced Security.
- Click on Windows Firewall Properties.
- Select the Private Profile tab. (or the Public or Domain tab if you are on that type of network.)
- Choose Block in the drop down for outbound connections.
Wednesday, 20 May 2009
What's your brain age?
Ran into this memory game the other day. According to the site it will
Once you've finished a round it will estimate your "brain age". Seems I cannot get below 24. I suppose that's pretty decent since I'll be 34 in a few months :)
How do you score?
http://flashfabrica.com/f_learning/brain/e_brain.html
And here's someone with true skills:
activate prefrontal region of the brain, it will prevent memory loss and cultivate memory ability and concentrationTrue or not, I don't know, but the silly game can be quite fun.
Once you've finished a round it will estimate your "brain age". Seems I cannot get below 24. I suppose that's pretty decent since I'll be 34 in a few months :)
How do you score?
http://flashfabrica.com/f_learning/brain/e_brain.html
And here's someone with true skills:
Tuesday, 19 May 2009
seaport.exe
The SeaPort.exe file is signed by Microsoft and looks legitimate to me. Is there some malware/trojan/spyware out there that use the SeaPort.exe name, or is there any other reason for removing this file? More than 75% of the visitors FreeFixer file library visitors say they remove this file:
Does Windows Firewall block outgoing connections on Windows XP?
No, according to Wikipedia:
XP's Windows Firewall cannot block outbound connections; it is only capable of blocking inbound ones.
Sunday, 17 May 2009
Wednesday, 6 May 2009
prnet.tmp
About two week ago a FreeFixer user added prnet.tmp to the online file database. I've not had the chance to analyze this file myself, but from the large number the searches it must be a major problem right now.
This file is dropped in C:\WINDOWS\system32\ and adds itself to the registry under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, prnet, which starts the prnet.tmp process every time a user logs on to the machine. Those infected by this malware reports a large numbe of unwanted pop-up windows.
If you need assistance to remove prnet.tmp, please post a FreeFixer log at the FreeFixer User Group.
This file is dropped in C:\WINDOWS\system32\ and adds itself to the registry under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, prnet, which starts the prnet.tmp process every time a user logs on to the machine. Those infected by this malware reports a large numbe of unwanted pop-up windows.
If you need assistance to remove prnet.tmp, please post a FreeFixer log at the FreeFixer User Group.
View the raw HTTP request body in PHP
I'm currently working on a bug where some Japanese characters are not appearing correctly on the FreeFixer web site. In the process of tracking down the problem I needed to view the raw HTTP request body that FreeFixer sends when posting information about a file or some registry data. In PHP, this can be done by calling the http_get_request_body() function. Unfortunately, this function requires a PECL extension which was unavailable in my current setup. However, this solved the problem:
$request_body = @file_get_contents('php://input');
$request_body = @file_get_contents('php://input');
Tuesday, 5 May 2009
WordPress' .htaccess file explained
If you have configured your WordPress system to use pretty permalinks the following will be added to the .htaccess file:
This line checks if the mod_rewrite module is available on the server. If not, none of the enclosed Rewrite commands will be processed.
RewriteEngine On
This directive enables the runtime rewriting engine.
RewriteBase /
Let's the server know that the .htaccess was reached via / and not through any other path prefix.
RewriteCond %{REQUEST_FILENAME} !-f
This condition is true if the the path REQUEST_FILENAME not refers to an existing file.
RewriteCond %{REQUEST_FILENAME} !-d
This condition is true if the the path REQUEST_FILENAME not refers to an existing directory
RewriteRule . /index.php [L]
If the two RewriteCond's listed above evaluated to true the server will load index.php. [L] indicates that no further rewrite rules should be processed.
If any of the RewriteCond's evaluated to false, the server will load the actual file or directory instead of index.php.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Explaining the .htaccess, row by row
<IfModule mod_rewrite.c>This line checks if the mod_rewrite module is available on the server. If not, none of the enclosed Rewrite commands will be processed.
RewriteEngine On
This directive enables the runtime rewriting engine.
RewriteBase /
Let's the server know that the .htaccess was reached via / and not through any other path prefix.
RewriteCond %{REQUEST_FILENAME} !-f
This condition is true if the the path REQUEST_FILENAME not refers to an existing file.
RewriteCond %{REQUEST_FILENAME} !-d
This condition is true if the the path REQUEST_FILENAME not refers to an existing directory
RewriteRule . /index.php [L]
If the two RewriteCond's listed above evaluated to true the server will load index.php. [L] indicates that no further rewrite rules should be processed.
If any of the RewriteCond's evaluated to false, the server will load the actual file or directory instead of index.php.
Friday, 1 May 2009
How to start a command prompt in administrator mode on Windows 7
Some days ago, while playing around with Windows 7, I needed to run a couple of command line programs with administrator privileges. To start a command prompt in elevated mode, type cmd.exe in the run box and instead of pressing enter, press CTRL + SHIFT + ENTER. This key combination works on Windows Vista too.
Subscribe to:
Posts (Atom)