Cisco VPN on Linux OpenSuse 10.3

I found this guide quite useful :

http://linux.wordpress.com/2008/01/17/cisco-vpn-client-opensuse-103/

Don’t worry about the fact that the link is for a x86-64 version. It works on 32bit systems too.

However, after the installation completed, I could not connect because of an error saying “The profile specified could not be read.” (if you get a “couldn’t connect” message it’s because the vpnclient connect command should be executed as root).

Here are the things to do:

• move the profile under /etc/opt/cisco-vpnclient/Profiles
• check carriage returns of the file are in unix format
• do not use the “.pcf” extension in the sudo vpnclient connect yourPCFfile command

IE7, Javascript, the WebBrowser control and bugs

Problem
Internet Explorer 7 (IE7) has been released. Applications around the world are breaking. … Well at least mine failed.
If you use the WebBrowser control in .NET applications or shdocwv ActiveX control you may hit this issue.

If you load the html by navigating to “about:blank” and then using DocumentText, AND you are including a script (using for example <script src=”somefile.js” language=”Javascript” type=”text/javascript”></script>) your script will effectively not be included. The main symptom is a “Error: Invalid Character” message or simply script failure.

This means that your other scripts and events in the page will fail. Most probably this is a security measure (I have a theory about it but before that .. the solution).

Solution : embed the Javascript in the HTML. You hoped for something better right ? Anyway embedding the script in the HTML solves the problem and if you are setting DocumentText from your code chances are it’s either generated by an XSLT (in which you can use either a msxsl javascript to include a file or a couple of xsl:include / xsl:apply-template without many side effects) or from your code (in which case.. well you are the programmer who did it, find a clean solution ;)).

Now, why have they introduced this change?
Probably they fear the scenario where a Javascript injects in some way in the DocumentText the include of a local file (along with some copy of itself) and then uses the data which now is in DocumentText in some .. evil way. I’ll try to forge some proof of concept demo.. if that is possible at all of course.

Edit
I’ve found this discussion [forums.microsoft.com] which propose a number of other interesting solutions.

Another interesting page with registry keys (process wide) for IE7 is here [msdn.microsoft.com].

WMF day-0 exploit

There is a security breach in the WMF (an old vectorial file format) support of Windows.
This is peculiar because :

• It’s not protected by DEP by default
• Even when it is, DEP may fail to protect the system
• It may be used to infect any 32bit Windows as well as x64 an Itanium versions
• It will infect users of Firefox, Opera and other alternative browsers and/or mail clients
• If you have a local indexing service it may even infect systems using text only browsers or other get utilities
• Visiting a malicious link, downloading a file without even opening its folder, even letting some antivirus programs scan your email can lead to infection

You can read more about it in these places :

http://isc.sans.org/diary.php?storyid=975
http://www.f-secure.com/weblog/archives/archive-122005.html#00000753
http://www.microsoft.com/technet/security/advisory/912840.mspx
http://sunbeltblog.blogspot.com/2005/12/workaround-for-wmf-exploit.htm l

Update:
Here are some attacking scenarios not included in the posts I read about the problem :

• Malicious user copying infected files on a network share on a computer using an indexing service (it could be your file server if for whatever reason you have an indexing service running on it
• Malicious user copying infected files on a network share on a computer which for whatever reason reads an image from the disk on an overwritable location
• Internal malicious attacks on intranets
• Very easy trap with instant messaging and P2P applications (since with indexing apps it might kill on just having the file..)
• Malicious user overwriting the setup image of any software install disk shared on a network share
• Forums and other “upload your photo” websites. I can’t wait to hear the first user on any forum complaining about the avatar of user X being a malicious wmf renamed as png. Maybe we will not hear him because everytime he enters the forum to complain he has to reinstall Windows

Buffer overflow attacks bypassing DEP (NX/XD bits) - part 2 : Code injection

While the attack we’ve seen in the first part are indeed powerful, they are limited to simple calls to functions already linked by the program we’re going to attack. To appreciate full power we should exploit the technique used in the first part for injecting arbitrary code in the program.

The first experiment I tried was calling VirtualProtect to change the permissions on the stack. However it requires to know the exact address that was used in a previous call to VirtualAlloc to work properly, and I couldn’t find an immediate way to know that address. After that I investigated to check if I could trick the memory manager in changin permissions using VirtualAlloc. Doing this I found this wonderful blog article. Take your time and read it, it’s very interesting. Now, that’s time to try his trick on an executable.

Read more

Next Page →

• Recently Written

  • The Design of Everyday Things
  • ScummVM DS Patches - version 4
  • Current.com uses my photo of olympic torch
  • ScummVM DS Patches - version 3
  • …
  • Last.fm radio!
  • A little better MeasureString…
  • Patch for ScummVM on NDS
  • Spam from Carlcarlo
  • Picross is NP-Complete, too.

• Categories

  • Funny (maybe)
  • Gaming
  • Geeky side of life
  • Linux
  • Programming
    • .NET
    • C++
    • Code Snippets
    • Win32
    • x86/64 (amd64) specific
    • x86/ia32 specific
  • Rants
  • Security
  • Software releases
  • Sport Events
  • Uncategorized
  • Usability

• Archives

  • July 2008
  • June 2008
  • April 2008
  • March 2008
  • January 2008
  • December 2007
  • November 2007
  • August 2007
  • March 2007
  • February 2007
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • July 2006
  • May 2006
  • March 2006
  • February 2006
  • January 2006
  • December 2005
  • November 2005
  • October 2005
  • September 2005
  • August 2005
  • July 2005
  • June 2005
  • May 2005

• Admin

  • Login
  • WordPress
  • XHTML

• 
  

• About

  A blog about whatever gets on my computer or any other programmable device I own. From Linux to .NET.

• Social Networking

 


www.flickr.com

This is a Flickr badge showing public photos from Marco Mastropaolo. Make your own badge here.

• Blogroll

  • Ale+Ale - … Ale+Ale!
  • Blog di Paolone (it) - (Italian) Il blog di un amico :)
  • Bruce Eckel’s Free Electronic Books - Free Thinking in Java, C++, Patterns books. A must!
  • Code Project - Free code snippets for Windows
  • Dilbert - Where everyday work becomes comics
  • Eriadan (it) - (Italian) IL blog a fumetti
  • Freshmeat - Free (as in freedom) software for *nix systems
  • Full Frontal Nerdity - A comic for nerds and alikes
  • gotAPI - Language manuals and guides
  • IlTucci (it) - Blog di un caro amico!
  • Larry Osterman - Techblog of an experienced Microsoft developer
  • Lightforce Games (Flash&JS)
  • my del.icio.us page - my del.icio.us page
  • Online virus scanning - Online virus scanning
  • Order of the Stick - Best D&D Comic EVER!
  • pinvoke.net - Wiki for P/INVOKE from .NET languages (C#, VB.NET)
  • Programmers Heaven - Free programming resources
  • ScriptSpot (3dsmax) - Free scripts for 3ds max
  • Sourceforge - The biggest free (as in freedom) software library
  • SpamUsement - Great site, where everyday spam becomes funny comics :)
  • Sudoku di Repubblica (it) - Il sudoku di Repubblica! :)
  • Tom’s Bug Blog - Brain teasers for programmers