Create Smart Spam

Ah spam, isn’t it wonderful?  Akismet is doing a pretty good job protecting me, but it blocked out a lot of you guys.  After check for legit comments that were blocked through Askimet I found out how popular I really was (heh).  Mostly though, there was just some really annoying shit.  You would think that by now companies would make intelligent spam bots, but no.  Using some natural language processing think of all the great things marketeradvertiserspammerannoying people could do.  I mean seriously spend a little time and develop a good application.  All you have to do is search for keywords, make an intelligent remark, and link to a site that redirects to your spam site (things look in URLs too).  You could use a service such as TinyURL (yes I know it is against the “Terms of Service”) to spam, or you could create your own redirection service with no limits on spam.  Seriously, write something intelligent or do not do it at all.  At least I can get a good laugh out of it!

~Ivan

Passwords and How They are Stolen

I posted a comment on  Angry 365 Days a Year about passwords.  The entry was entitled Passwords suck.  Most people don’t know a lot about passwords and password stealing.  My comment on the post was on how the passwords can be stolen:

Here are some of the ways people get passwords:
1) The downloading of keyloggers.
2) Hackers (if they have a known target) can port scan (check the open ports on a computer), find ports with vulnerabilities, and transfer data (such as a keylogger or R[emote]A[ccess]T[rojan]) through to the computer.
3) Hackers connect to a server of an email service, messenger service, etc., and run a brute force/dictionary attack. This is done by writing a program to continually try and rearrange letter combinations (brute force), or test all the words in the dictionary.

I forgot to mention shoulder surfing. Shoulder surfing might be the most common of all. People looking over your shoulder while you type your password is a serious security risk.  Another method is social engineering, which is someone tricking you into giving away your password (usually by pretending to be tech support).  A very similar way of getting passwords is phishing, by asking for passwords or personal information in email (or connecting you to a false site that will look authentic). Here’’s a little guide to making strong passwords:

 1)  Do not use words, known phrases, names, numbers, or personal information as passwords.
2) Use random letters and numbers in your password.
3) Use a mixture of uppercase and lowercase letters in your password.
4) If possible use special symbols such as $%.! in your password.
5) If you write your password down, do not put it out in the open. Shred the paper if you throw the password away.
6) Never trust anyone who wants your password.
7) Never put your password in plaintext on your computer (unencrypted text).

Here are some examples of weak passwords (in red) and strong passwords (in blue):

jimmy
girlfriend
11684
472385
mydoggie
1337

fo25vPEvMg42
dUI1OhanLINd5Ay
tym81MPty64
qmJ50cX85

Hopefully you can apply these tips to your passwords.

Cheers,

Ivan

MyPodcast.com, Free Podcasting Service

Okay, this is cool.  I recently found out about MyPodcast.com, a free podcasting service.  The only other way to do free podcasting (with unlimited bandwidth and space), is PodShow.com, and using Archive.org with a blog frontend.  I’m not a big fan of PodShow, and although I love the Internet Archive it’s hard to use it and a blog together.  It becomes difficult to manage.  I really love how the site doesn’t revolve around social networking (like many new podcasting services) and it integrates a blog (most services do).  If I ever do decide to Podcast, I’ll probably go there.

Cheers,

Ivan

Formats

Cracking formats doesn’t seem be too hard.  I figured out most of the simple 16-color bitmap this afternoon using a hex editor.  It’s pretty simple.  Create a bunch of files of a format of your choosing.  Open these up in a hex editor (my pick is XVI32, a great freeware editor), and take a look at how the file is structured.  Find out what numbers represent and changes that take place in the hex when you change the file (coloring pixels, changing width, etc.).  Then you can see what parts of the file do.  Find out what changing numbers represent, when you mess around with the files these will change.  You have to see how these changes will work in the file.  A description of file size might only take up one byte in one instance, but if the file gets bigger it might take up a few bytes.  Of course, most formats have been explored already, and in great depth.  I ran into a few problems with my hacking of the bitmap, because I was forgetting the whole issue of palettes and compression, but you can learn a lot about a file by looking at it in a hex editor.  Change things with the hex, and look at changes in the file.  When you discover functions of the hex, make sure you write it down.  Here’s some documentation I did on bitmaps.  I have a more full explanation of what I discovered on another computer, but here’s a template for your file:

–Bitmap File Info–
Byte Structure:
Header- 42|4D|C6
File Size- 3rd address and more, ab|cd=cd|ab
Height- 12th address
Width- 16th address
Pixels, bytes before final 3 bytes-Stores two pixels per byte. End of file starts at top-right.

Colors:
0- Black
1- Dark Red
2- Dark Green
–EOF– 

If you’re interested in the bitmap format there are some very good guides, here’s one that is very informative and useful if you need to use the bitmap format.  For more information on formats visit Wotsit, or if you want to get into reverse engineering see this excellent wikibook.

Cheers,

Ivan

Windows Live Messenger Has a New Protocol Underway

I’ve been messsing around with some protocol stuff in Windows Live Messenger (formerly known as MSN). The current version of the protocol is MSNP15. This does not stand for Microsoft Network (MSN) Protocol, but stands for Microsoft Notification Protocol. Sending a VER message to the server checks to see if you have an acceptable version of the protocol to connect with. Versions below seven do not return proper responses (those were never used in public programs), but all other protocols that have been used respond correctly.  MSNP16 resepons correctly, even though the current version is MSNP15!  What I think this means is that the next version of the protocol is underway and there may be some new features in the upcoming Windows Live Messenger release. The Windows Live Messenger team has been hard at work giving us a great product. I love Messenger and I think it provides a very nice work environment. It just looks and runs so much better than AIM (although AIM Pro has some features I really love). One thing I really love about the development cycle is that they get personal with the program’s users. I found this information out thanks to Python and connected to the server with the built-in socket module that provides a “low-level networking interface” (a.k.a. the TCP/IP protocol used to connect Windows Live Messenger). Here’s the code I used to do this:

#Start Code
import socket
HOST = ‘messenger.hotmail.com’ # The remote host
PORT = 1863 # The same port as used by the server
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
s.send(‘VER 0 MSNP16 CVR0\r\n’)
data = s.recv(1024)
s.close()
print ‘Received’, repr(data)
#End Code

I’m going to be working on a little text-based Windows Live Messenger in Python.

Cheers,

Ivan

Edit:

Turns out someone discovered this before me by using netcat.