Geek quote of the day – 2011.02.15

God is real, unless declared integer


4li3n’s after midnight useless news and links – 2011.02.14 (*Good-things-come-in-50s* edition)

[ONLINE] 42k cleartext passwords -> ,
[TOOL] Gibber: Off-the-Record Instant Messaging (formerly OtRChat) ->
[UPDATE] BeEF v0.4.2.2-alpha ->
[METASPLOIT] Metasploit Framework 3.5.2 Released ->
[METASPLOIT] armitage.bat does not work with Metasploit 3.5.2 on Windows. Download for a fix ->
[VIDEO] Lost iPhone? – Lost passwords! (Thanx Vag Mour) ->
[UPDATE] Netsparker is out ->
[NEWS] Chinese hackers infiltrated five energy firms -> , ,
[INFO] More on Project Ubertooth -> ,
[ADVISORY] SQL Injection in WP Forum Server wordpress plugin ->
[ADVISORY] SQL Injection in WP Forum Server wordpress plugin ->
[ADVISORY] SQL Injection in WP Forum Server wordpress plugin ->
[ADVISORY] XSS in IWantOneButton wordpress plugin ->
[ADVISORY] SQL Injection in IWantOneButton wordpress plugin ->
[INFO] Free Tools for Managing Windows Server 2008 from Windows 7 ->
[INFO] IE9 Release Candidate Available for Download ->
[INFO] CSRF: Flash + 307 redirect = Game Over ->
[NEWS] eHarmony Hacked ->
[ONLINE] Signal is the radio station dedicated to hackers, hacking, hacks and everything related ->
[UPDATE] Snort has been released ->
[TOOL] SQueRT 0.8 has been released ->
[TOOL] Web Exploitation Framework ->
[INFO] Advanced sign-in security for your Google account ->
[TUTORIAL] Metasploit WMAP 1.0 (in Italian) ->
[INFO] Founder of Tor on Why Tor does not yet use a fully distributed model ->
[POST] Exploit Kits – A Different View ->
[EXPLOIT] Linux Kernel ‘ib_uverbs_poll_cq()’ Integer Overflow Vulnerability ->
[NEWS] Google extensions could aid Java security ->
[POST] Browser plugins and security considerations ->
[POST] In depth analysis – decoding HTML Style tag based malicious Iframes ->
[POST] Blackhole exploits kit attack growing ->
[DRAFT] Analysis of 64 Translation ->
[POST] Web 2.0 FBI backdoors are bad for national security ->
[INFO] Build Your Own FreeBSD Update Server ->
[POST] Facebook open JavaScript hole ->
[UPDATE] Nmap 5.51 Released ->
[FUN] Why IT people seems to have a lot of spare time ->
[POST] How to analyze suspicious PDF files using PDF Stream Dumper ->
[TOOL] ArcOSI: ArcSight Open Source Intelligence Utility to track malware ->
[TOOL] Sandbox: Sandbox your JSONP calls to improve mashups security ->
[POST] Finding the Heap of an iPhone Application ->
[POST] XSS in android google mail app ->
[INFO] Microsoft’s Patch Tuesday breaks VMware clients ->
[UPDATE] Dradis v2.6.1 is released ->
[UPDATE] VERA v0.31 is released ->
[INFO] Java Midi Malware ->
[0DAY] Mac OS X ftpd 0day ->
[CHALLENGE] Crack The Code Challenge ->
[INFO] Android Reverse Engineering ->
[INFO] Encrypt Files And Folders In Ubuntu Using Seahorse ->

4li3n’s after midnight useless news and links – 2011.02.08 (*H1N1* edition)

After five days of high fever it only makes sense an edition (almost) five times long!

[POST] How To Forensically Sound Mac Acquisition In Target Mode ->
[WIKI] MeeGo Security Architecture ->
[POST] Getting started with Malware reverse engineering ->
[UPDATE] Process Hacker v2.11 released ->
[EXPLOIT] Majordomo2 – Directory Traversal (SMTP/HTTP) ->
[TOOL] GoogleDiggity (The Google Hacking project) v0.2 and Sharepoint queries -> ,
[POST] Pentesting IPv6 vs IPv4 ->
[UPDATE] THC-Hydra v6.1 released ->
[DISTRO] Blackbuntu CE 0.2: The pentest distribution ->
[ADVISORY] Path disclosure in Coppermine ->
[ADVISORY] DoS (Denial of Service) Risk in FlatnuX ->
[ADVISORY] Path disclosure in FlatnuX ->
[TOOL] WS-Attacker: A Framework for Web Services Penetration Testing ->
[POST] Beware the HTTP path parameter ->
[POST] Taco tries, fails to give your PC food poisoning ->
[STORY] Hacker told he must pay back £124k ->
[INFO] Pwnie Express: SheevaPlug microserver loaded with pentesting goodness ->
[TUTORIAL] Hacking Linux with Armitage ->
[UPDATE] Nix Brute Force 1.1.0 released ->
[POST] Exploiting Networks with Loki on Backtrack 4 R2 ->
[NEWS] Microsoft will be addressing 3 of the known 0day bugs in next week’s release ->
[PAPER] NIST Guide to Security for Full Virtualization Technologies ->
[POST] How I Discovered a Security Vulnerability in Twitter ->
[DISCLOSURE] HTC Peep: Twitter Credentials Disclosure ->
[POST] Accessing Your Virtual Machine or Mac From Your iPad ->
[VIDEO] Ubertooth: Custom Bluetooth Hacking Hardware ->
[PODCAST] Infosecplace #01-2011 ->
[METASPLOIT] Metasploit goes web (WMAP) ->
[PAPER] Attacking Server Side XML Parsers (PDF) ->
[ADVISORY] OpenSSH v5.8 was released to fix an information disclosure vulnerability ->
[NEWS] Reader X spoils new PDF attack ->
[NEWS] Hackers Penetrate Nasdaq Computers ->
[NEWS] DARPA seeks security expertise from a nontraditional source: the hacker community ->
[DISCLOSURE] Google Analytics XSS Vulnerability ->
[ONLINE] Linux Shell Scripting Tutorial v1.05r3 – A Beginner’s handbook ->
[FUN] Top 20 Things Programmers Say When Their Programs Dont Work ->
[POST] Stack Overflow: Automatic write() discovery ->
[INFO] Nmap 5.50 on Android ->
[POST] Building the ultimate bad arse CUDA cracking server ->
[ONLINE] Shmoocon 2011 Video collection ->
[POST] Trojan in Microsoft Update Catalog – A Bunny Bites Back ->
[POST] 7 Security tips for secure coding your HTML 5 applications ->
[NEWS] HBGary Federal Hacked by Anonymous ->
[NEWS] pwned ->
[POST] How to sniff Microsoft keyboard traffic with your thenexthope badge and GoodFET firmware ->
[POST] When fuzzers miss ->
[ONLINE] PDF Security links, 2010: Analysis and Tools ->
[POST] Java JFileChooser Programmatic Manipulation Vulnerability ->
[EXPLOIT] Android 1.x/2.x the real youdev feat. init local root exploit ->
[POST] Nagios: Total Network Visibility ->
[DISCLOSURE] Android 2.3 (Gingerbread) Data Stealing Vulnerability ->
[PRESENTATION] USB autorun attacks against Linux (from ShmooCon 2011) ->

Access Any Website Or Forum Without Registering (by Nakodari via

Visit any forum or website to find something useful and they will ask you to register. Every time a forum asks me to register, I simply close the site. You would probably do the same. But this time, lets face it.

Before I begin, you should know how things work. All websites and forums will block unregistered users, but they won’t block Google Bot. What we will do is to switch our User Agent to that of Google Bot and freely browse any website or forum without registering.

First grab the add-on for Firefox called ‘user agent’ here and install it. Now go to Tools > User Agent Switcher > Options and then again to Options.

user agent switcher options


Select User Agent from the left sidebar and click Add. Now in the description field type:

and in user agent field type:

Googlebot/2.1 (+

as shown in the screenshot below.

adding a new user agent

Select Google Bot as your User Script by going to Tools > User Agent Switcher.

selecting google bot as user agent

Now browse any website or forum without registering. Alternatively you can also check out BugMeNot, it is a free online service where people share login information of thousands of websites and forums. Enjoy!

Original post:

4li3n’s after midnight useless news and links – 2011.02.03 (*another futile* edition)

Breaking the post barrier tonight with 60 links! Many reasons to be happy! Enjoy!

[ZINE] Hakin9 #02/2011 – Network Security ->
[POST] The Honeypot Incident – How strong is your UF (Reversing FU) ->
[NEWS] Navit: open source car navigation software for Linux, Windows systems and portable devices ->
[VIDEO] TiGa’s Video Tutorial Series on IDA Pro ->
[POST] The Importance of HTTP Headers When Investigating Malicious Sites ->
[POST] Using XSS to steal access ->
[POST] Java Hangs When Converting 2.2250738585072012e-308 ->
[VIDEO] Worlds worst hacker ->
[VIDEO] Hacker Shows Cool New Trick For the Wii ->
[POST] Flash 10.1 on the Nokia N900 (Maemo) ->
[INFO] Fake Failed Package Delivery Notifications Spread SpyEye ->
[INFO] Access Any Website Or Forum Without Registering ->
[ADVISORY] Path disclosure in Xaraya ->
[ADVISORY] Multiple XSS vulnerabilities in Photopad ->
[ADVISORY] Information Disclosure in Arctic Fox CMS ->
[ADVISORY] Path disclosure in ArtGK CMS ->
[ADVISORY] Multiple XSS vulnerabilities in Gollos ->
[ADVISORY] Multiple XSS vulnerabilities in Wikipad ->
[ADVISORY] File Content Disclosure in Wikipad ->
[PS3] Official PS3 firmware v3.56 has a rootkit ->
[INFO] Maemo (N900) Must Have Repo List ->
[INFO] Google: Bing Is Cheating, Copying Our Search Results ->
[PAPER] Hunting rootkits with Windbg (PDF & Script) ->
[NEWS] Microsoft Blames Yahoo Mail For Windows Phone 7 Data Leak ->
[ONLINE] Deroko of ARTeam – Tools and Code Repo ->
[METASPLOIT] Revision #11692: add exploit for VLC media player WebM (CVE-2011-0531) ->
[POST] BinDiff 3.2.1… fun! ->
[POST] Grepping for bugs in PHP ->
[DISTRO] SIFT 2.0: 2010 Toolsmith Tool of the Year ->
[POST] Suricata IPS improvements ->
[NEWS] Microsoft offers FixIt tool to address newest vulnerability ->
[POST] Using nt!_MiSystemVaType to navigate dynamic kernel address space in Windows7 ->
[METASPLOIT] Feature #3638: Slow HTTP POST Denial Of Service ->
[SCRIPT] Cool scripts to use with Backtrack 4 ->
[ONLINE] Malware and attack analysis tools ->
[POST] Google Vulnerability Reward Program: XSS Vulnerability in Google Code Static HTML ->
[PAPER] Attacking Server Side XML Parsers (PDF) ->
[POST] Scary, Scary Mobile Banking ->
[VIDEO] Using Social Networks to Find, Profile and 0wn Your Victims! (Shmoocon 2011) ->
[POST] Turning your N900 (Maemo) Device into SMS Based Botnet as Easy as 123 ->
[INFO] NINJA-IDE: A Real Python IDE ->
[TOOL] NPE File Analyzer v1.0.0.0 released ->
[TOOL] ProcDump v3.02 released: command-line tool to monitor app CPU spikes ->
[TOOL] Web Browsers Traces Eraser v1.2.0.0 released ->
[INFO] SMS and the PDU format ->
[POST] Do-Not-Track (How about piggybacking on the User-Agent?) ->
[UPDATE] Netbios Share Scanner updated to v0.3 ->
[INFO] GPU speed estimations for MD5/SHA1/Office 2007/WPA/WinZip/SL3 ->
[UPDATE] Cain & Abel v4.9.38 released ->
[NEWS] Facebook flaw allowed websites to steal users’ personal data without consent ->
[TUTORIAL] Hacking Linux with Armitage ->
[POST] 900m Internet Explorer users vulnerable to data-stealing hack ->
[ONLINE] Malware Removal Guide for Windows ->
[INFO] Evading CSRF protection using XSS ->
[EXPLOIT] Android 1.x/2.x HTC Wildfire Local Root Exploit ->
[SCRIPT] Python memory leak detector ->
[SCRIPT] SL4A: Scripting Layer for Android ->
[POST] Tracking Malicious IP & Users with OSSEC ->
[POST] Hackxor hacking game (beta) ->
[NEWS] Announcing Pwn2Own 2011 ->

Java Hangs When Converting 2.2250738585072012e-308 (by Rick Regan via

Konstantin Preisser made an interesting discovery, after reading my article “PHP Hangs On Numeric Value 2.2250738585072011e-308”: Java — both its runtime and compiler — go into an infinite loop when converting the decimal number 2.2250738585072012e-308 to double-precision binary floating-point. This number is supposed to convert to 0x1p-1022, which is DBL_MIN; instead, Java gets stuck on 0x0.fffffffffffffp-1022, the largest subnormal double-precision floating-point number.


Read the whole post: