jvoss@altsci.com
March 6, 2008
It's a pretty simple virus, so the lessons learned from analysis of this virus should carry over to more than just this virus. I tried to write it generically enough to fit any case, so when I analyze it I will compare it to other viruses and how things on the net work. I'll try to come from a neutral standpoint because the idea of demonizing or glorifying a virus are counterproductive to the task of learning what it is and why it is. I'll try to keep the philosophy in the next to last section clearly marked so people who wish can skip over it or skip to it if that's their prerogative.
Every virus needs to get onto a computer (host) somehow. Viruses of old days resided on floppies. These days they are much more often carried by computer networks, the internet being the largest. If you think of floppies and other medium as sort of sneakernet, then all viruses need a network. This method of transfer ends up running code on a system that is commonly unintended by the user. In the SSH Bruteforce Virus, I spread the virus using a dictionary password cracker that supports Secure Shell (SSH). This is very simple and uses an open source library for SSH (libssh-0.2). When my virus successfully logs into a remote system, it copies a tar archived version of itself to the victim. It extracts the archive and executes the payload script. The remote system now has an exact copy of the virus. This is the definition of a replication virus. At this point, the system is infected and can infect more systems.
Read more »
Oct 28, 2009
Click the links to my Toorcon Talk Video and Advanced Code Relationship Mapping Slides.
I don't have enough time to go into details. You can tell that it's me because the links are pretty obviously to video and my site.
Read more »DRM on MP3s
jvoss@altsci.com
Oct 20, 2009
I downloaded Incubus' new album and I noticed that if I had Java turned off (like any sane person should) it would direct me to a zip file download. The zip file only had 15 songs. I asked support about it and they were aloof, obviously they and their devs had never turned off Java after the first non-deluxe album. The Java downloader is unnecessary but there is an interesting property. The files are different from the ones in the zip file. At first I was certain that it was DRM. But it's pretty difficult to put DRM in one bit. That is what is happening here.
jvoss@ASLinWS01:~/src$ diff -u <(hexdump ~/sonygivememyfucking\ music/Incubus/Monuments\ And\ Melodies/05-Love\ Hurts.mp3) <(hexdump ~/music/NoBackup/Incubus_MonumentsAndMelodies/Incubus_05_LoveHurts.mp3)
--- /dev/fd/63 2009-10-20 10:11:14.315839749 -0700
+++ /dev/fd/62 2009-10-20 10:11:14.316840293 -0700
@@ -16,7 +16,7 @@
00000f0 2820 6562 6174 3620 202c 6544 2063 3731
0000100 3220 3030 2937 4c54 4e45 0000 0700 0040
0000110 3200 3733 3333 5433 4f50 0053 0000 0004
-0000120 0000 2f31 4132 4950 0043 3801 009b 0000
+0000120 0000 2f31 4131 4950 0043 3801 009b 0000
0000130 6d69 6761 2f65 706a 6765 0000 ff00 ffd8
0000140 00e0 4a10 4946 0046 0101 0101 012c 002c
0000150 ff00 00db 0043 090d 0a09 0a0a 0b0e 0e0b
The only thing I can think of is that they could have DRM'ed the zip file also and I am just seeing the session id incrementing. However, I think it is unlikely that they have DRM'ed the zip file. Does anyone have a copy of Incubus - Monuments and Melodies to test against?
Read more »
Oct 11, 2009
I will be covering three topics very poorly tonight. Don't worry, I'll lay it out step by step as well as I can.
First off, this philisophical topic is incredibly rich and complex. I could write a dozen good essays about it and I can't even start to write a good one tonight but I'd like to discuss it. You see in order to discuss what I want to discuss, I have to explain to the casual reader why it's important and what is going on, which makes a pretty decent introduction. On Thursday I went to a talk by ACLU-WA about the Patriot Act and current surveillience tactics by the federal and local governments. The ACLU and EFF both oppose the provisions of the Patriot Act as unconstitutional. I've talked about the problem of the Patriot Act a few times before. The Supreme Court is allowing the constitution to be raided by corrupt and ignorant politicians and law enforcement is abusing the laws they are sworn to uphold. In the name of anti-terrorism, they are arresting anti-war activists for attempted disorderly conduct. That's right here in Washington State. These peaceful activists will be suing the government before long for infringement of their civil rights. But as I have said before the judiciary doesn't seem to care about the constitution anymore. It's practically done for. In the EFF's lawsuit against the NSA, Obama and the Attorney General have claimed National Security yet again. Without reasonable proof there is no reason why a military agency (the NSA is part of DoD even if it's budget is secret) should be allowed to operate against US citizens, let alone be allowed to wiretap all citizens without any suspicion.
Read more »
