Three threats were found – a patch to a program (“probably a variant of Win32/HackTool.Patcher.A application“), the SDFix.exe (“Win32/PrcView application“) and… and (another) MP3 infected with “a variant of WMA/TrojanDownloader.GetCodec.get trojan“. OK, it was not the same MP3 file I have sent to that friend of mine but… wait! It’s an MP3! Well it seems like a trojan (you know not every piece of malicious is code “a virus”) that “infects” audio files with a tag pointing the player to the download page of a “suitable” codec – probably one that plays arbitrary code on your system. However I am not aware if MP3 files have any support for such tags and I seriously doubt trojans convert MP3s to WMAs (Windows Media Audio) before infecting them but… You’d better have this in mind when a player asks you to download a codec.

I am now seriously considering the possibility to infect an MP3 with a virus: remember that old joke about an Albanian virus spread as the following instant message: “Hi, I am an Albanian virus but because of poor technology in my country unfortunately I am not able to do harm your computer. Please be so kind to delete one of your important files yourself and then forward me to other users. Many thanks for your cooperation! Best regards, Albanian virus“. Now imagine the same virus spread as an MP3 with someone reading this message with a cute broken English accent in background. Or maybe a WMV (Windows Media Video) with a guy asking for help?

Meanwhile I have quick-tested a few online virus scanners on my Windows 7 RC. Here are some results (in a pseudo-random order):

• ESET Online Scanner – ActiveX but still very configurable and actually finds harmful code;
• Kaspersky Online Scanner – Java! Yuppie! But JRE (x64) fails to install correctly on Windows 7;
• Norton Security Scan – ActiveX. Runs but is not configurable at all;
• McAfee FreeScan – ActiveX as well. Restricted to scanning “Drive C”, “My Documents” and “Windows Files” online;
• F-Secure Online Scanner – ActiveX. A very configurable piece of software! It seemed pretty… before it crashed. Twice!;
• BitDefender Online Scanner – ActiveX but tried to make it run my Internet Explorer as Administrator. No thanks!;
• Avast! Online Scanner – Ridiculous! Allows me to check any uploaded file of up to 512kB.

Although ESET Online Scanner still rocks my world Kaspersky seems to be the only online scanner (except Avast! Ha-ha-ha!) that doesn’t run as an ActiveX control. I am not sure if it workarounds all Java applet security restrictions successfully and if this applet is as functional as the ActiveX controls but it means you can run an online scan with any browser supporting Java. An important thing to know in case of restoring a PC infected with a viruses disabling Internet Explorer.

Good night!

Some time ago I decided to do my development in virtual machines so I could easily reinstall my boxes and/or migrate my work to another PC. I’ve tried different solutions and I decided to use Microsoft Virtual PC 2007. Unfortunately I’ve always had problems with the guest operating system being not as responsive as expected when hosted on my laptops. At first I thought it was my laptop configuration (HP Compaq nc6320) but after I bought a new one (HP Compaq 8510w) nothing changed compared to my old one. It seemed like some power management issue (it was like the processor was downclocking although the virtual machine was active) but playing with the Power Options didn’t help. My simple (but really ugly) workaround was to keep the processors busy by running some BOINC projects.

I was almost right. As pointed out in Ben Armstrong’s blog HP laptops seem to be one of those that “stop their system timers when entering low power modes” which effectively downclocks the virtual machine’s CPU – this could be easily seen with tool like CPU-Z. In this case the (temporary?) solution is to enable an idle thread of the Virtual PC process to keep the processor busy by doing some useless for the society tasks and drains your battery… In fact the solution (described in details below) is better than BOINC because Virtual PC is a single CPU process and the idle thread occupies exactly the same CPU. When using BOINC on a multi-processor (or multi-core) system however you have two options: 1. launch it on one CPU and pray it will run on the same CPU/core Virtual PC does; or 2. launch it on all available CPUs/cores and pray for  battery life. So the more environment-friendly solution is:

1. Stop all running virtual machines and the Virtual PC Console;
2. Locate and open your Virtual PC’s Options.xml (usually in “%AppData%\Microsoft\Virtual PC\Options.xml“) with a text/XML editor of your choice;
3. Find the last “</virtual_network>” tag and add the following section (if missing) after it:
   <virtual_machines>
   <enable_idle_thread type=”boolean”>true</enable_idle_thread>
   </virtual_machines>
4. Save and close the file. Launch a virtual machine.
5. Your laptop’s fans shoud launch automatically.

I wonder if HP intend to fix this behaviour in some future BIOS updates…

The process is not that sophisticated but requires some knowledge. It is not newbie friendly. The iPhone Linux is not newbie friendly either. It is just a working kernel with a busybox distribution. Only some core drivers are ported but you don’t have at the moment any touchscreen, sound, wireless, GSM and accelerometer support. You’re only stuck to a USB Serial Console and all you can do is start writing drivers and applications… Have fun!

There are some things that really impressed me in that machine. Yeah, maybe all that stuff is normal for a server but I’m really not into this business so… In the first place it was the configuration itself – four Xeon processors, three hot-swap hard drives, three hot-swap power supplies, six hot-swap fans, individual VRMs for each processor and the memory board… and the best one – IBM Remote Supervisor Adapter. This fabulous device is like a mini-computer plugged in a special slot on the board and it integrates completely with the server – gives you a web- or telnet-based interface for complete machine maintenance (accessing the keyboard and the display, (re)booting, upgrading firmwares, various sensor information, watchdogs, e-mail notifications…). VNC/telnet access the physical console is a “dream come true”!

Unfortunately this incredible seems out of support – a device with this machine type and serial number does not exist in IBM’s database (weird, huh?). And it seems the motherboard is blown out – Icaci and I spent almost a whole afternoon in disassembling various parts and just refuses to boot – no beeps, no LEDs blinking. Completely dead! I was told IBM’s original motherboard for such machines cost at least $1′000 which is a price I would not afford even for this peace of hardware. I found cheap machines of this type in the Internet but buying one would cost me incredible transportation fees (remember the 32 kg weight? ).

So any idea on where a spare motherboard could be found for a reasonable price? I’m giving away a few beers for useful information on that…

I was impressed by Julie Lerman’s presentations on The ADO.NET Entity Framework so you should (I mean should) stay tuned for the upcoming books on that topic as it is something really great you get for free. It is actively being developed and opened for any suggestions. You can find many resources on the topic at LearnEntityFramework.com as well as in the literature that is about to be released in the next few months.

Another speaker who pinned my attention was Miguel Castro. Windows Communication Foundation is here to stay and Miguel made that obvious. I’m about to look into how to workaround the problems we have with using WCF and replace .NET Remoting. Miguel also presented us some tips & tricks about using HTTP handlers in our ASP.NET applications to secure our file downloads. Sadly his sense of humor is not recognized the States but we really enjoyed it. We all enjoyed Lilly too but that’s another topic…

A software that I’m looking forward to see is Telerik OpenAccess ORM presented by Jan Blessenohl. Although I’m not the biggest fan of the company that actually organized DevReach 2008, it seems that OpenAccess is something that will come in handy as a replace of my own ORM library that I really hate using. I was able to take of Jan’s time to answer the whole bunch of questions I had prepared during the session and it seems custom serialization for individual object properties is the only thing that will keep me away from incorporating OpenAccess in our products. I’m personally looking with great curiosity at its launch date somewhere in the beginning of November.

Carl Franklin was also there with some great presentations. Although I was not that impressed by the simple program you can chat with, I was stunned by the idea to manipulate MIDI devices (over the wire) using .NET applications. No! I was stunned by the fact I hadn’t played with writing such code as I already have a digital piano with a MIDI interface. However I promise I’ll create a program for writing C# code using a MIDI keyboard as soon as I have the time to!

There are also so remarks that would like to mention as I intentionally entitled this post “DevReach v0.8″ (instead of 2008 or ‘08). There are a few things that need to be done in order to get to a stable 1.0 release. Nevertheless I guess the feedback from the attendees will point the guys who organized this awesome event to the problems they have to solve in order to make it perfect.

1. The venue. Unfortunately it is a lesson that was not learnt. The Inter Expo Center is too far from (the center of) the city and with almost no public transportation available (incl. taxies). It really makes some sense to rent a bus for the attendees from the center (with a few stops in between) or at the least call a few taxies at the end of the conference.
2. The venue again. Some of the halls were really, really small. The idea for real-time streaming of the presentations in another hall is good but no one really likes to be away from the event without the ability to take part in it (e.g. asking questions).
3. The catering. It gets worse with every single conference I visit. Yeah, the catering at Microsoft Days 2007 definitely holds the record as had to go to McDonald’s in order to get some “lunch” as there was just no food left when we made it out of the presentation. But this one was really awful – we had to eat all of that cold and not tasty at all crap for whole two days and I would gladly trade my lunch for a cheeseburger… Oh, no onions? Not an option. I was really considering ordering something from the nearest (1-2 km) restaurant. The guys from the catering company sometimes left their place leaving us doing ourselves coffee and tea with broken machines.
4. The registration took some time too. We were at a developers’ conferences after all and it was kind of funny to see a single girl look up our names in a printed list on her table instead of having 2-3 girls with computers in front of them. So… the opening session and the first presentation started a bit late. I hope we haven’t missed something.
5. The wireless Internet access was a bit unstable and the bandwidth was low. That almost killed one of the coolest presentations of Carl Franklin.

So… that’s it!

Disclaimer

• A method that worked for my iPhone follows;
• This method may not work for your iPhone;
• If you want to do it do it at your own risk;
• A successful outcome is not guaranteed;

Prerequisities:

• Download the 1.1.4 firmware from Apple’s website;
• Download the 1.2.0 custom firmware from The Pirate Bay;
• Download and install WinPWN 1.0 from their website;
• Download and install iTunes 7.7 from Apple’s website;

Make Sure the iPhone is Pwned:

• Launch WinPWN;
• Click the “Browse .ipsw” button and choose the vanilla 1.1.4 downloaded from Apple’s website;
• Click the “iPwner” button to proceed:
• It automatically puts your iPhone in Recovery Mode. If it fails:
  • Try disconnecting and connecting the iPhone;
  • Put your iPhone in Recovery Mode manually:
    • Turn your iPhone off;
    • Hold both the “Sleep/Wake” and “Home” buttons for 20-30 seconds until a yellow triangle appears;
• A message informing that you iPhone is being Pwned should appear;
• A message “Your iPhone is being pwnd. Please wait for reboot.” should appear;

Make Sure the iPhone is Neutered:

• Launch the “Installer” application on your iPhone;
• Install the “BootNeuter” package (available from iClarified source);
• Launch the “BootNeuter” application;
• Select a Bootloader Version (I choose 4.6);
• Enable “Neuter”, “FakeBlank” and “Unlock” options;
• Click “Flash” and “Flash It!”;
• Wait until your Bootloader and Baseband are flashed;

Optionally Put Your iPhone in DFU Mode

• Turn off your iPhone;
• Hold the “Sleep/Wake” and “Home” simultaneously for 10 seconds;
• Release the “Sleep/Wake” and while still holding the “Home” button until the device is detected;
• Wait until iTunes is launched (if not already);
• A message is displayed “iTunes has detected an iPhone in recovery mode…”;
• Click “OK”;

Restore Your iPhone

• Go to your iPhone in iTunes (if not there already);
• While holding the Shift key of your keyboard, click the “Restore” button;
• Pick the custom 1.2.0 firmware you have downloaded;
• Click “OK”;
• Wait until your iPhone is restored;
• After your iPhone is rebooted:
  • BootNeuter starts automatically and flashes your baseband;
  • Your iPhone reboots again;

Troubleshooting

• In case an error 160x occurs during the restore process try the guidelines in Apple’s Knowledge Base;
• If you’re experiencing problems restoring in DFU Mode:
  • Get back to Normal Mode (by holding the “Sleep/Wake” and “Home” buttons simultaneously for some time);
  • Try restoring in Normal Mode;
• In case your iPhone gets bricked try downgrading to 1.1.4;

Have fun!

Note that Pwnage Tool runs on MAC OS only but its Windows derivate – WinPWN is expected to be released very soon. You should also note that the tools works with the following devices with 1.2.0 (also known as 2.0) firmware:

• iPhone 1st generation (w/ unlock);
• iPhone 2nd generation (w/o unlock);
• iPod Touch.

So iPhone 2nd generation unlock is still not available but is expected in future Pwnage Tool releases.

Naturally the download site went down almost immediately and a few mirrors were set up:

• http://www.iphone-hacks.com/downloads/file/110
• http://rapidshare.com/files/130983920/PwnageTool_2.0.zip
• http://thebigboss.org/repofiles/nonrepo/PwnageTool_2.0.zip

During the long awaited iPhone 2.0 unlock I came across some interesting websites to bookmark:

• http://blog.iphone-dev.org/ – The iPhone Dev Team unofficial blog – an interesting source of iPhone Dev Team news;
• http://iphonejtag.blogspot.com/ – Geohot’s iPhone blog – the guy that originally hacked the iPhone has created a place to share his advanced experience in hacking the iPhone;
• http://www.iphonelinux.org/ – iPhone Linux – a project aimed at getting rid of Apple’s software on this fabulous piece of hardware. If you are able to contribute to this project, please do so!;

I can’t wait to go to work tomorrow and get my hands on iCaci’s MacBook!

Thanks to all who helped for this Pwnage Tool release!

It has been almost two years since I bought my first laptop and decided to do something about getting rid of any desktop PCs in my room.  Unfortunately I don’t think the hard drive of my laptop is reliable enough as a storage and in fact it is not that large (100 GB are not much nowadays). I’m tired of always looking for the right CD/DVD, buying blank ones and turning on my desktop machine when I want to find something stored in its 200 GB hard drives…

Some time ago I tried the cheapest solution – putting hte larger hard drive in a USB enclosure. Unfortunately I wasn’t a successfull one – the RaidSonic Icy Box IB 351U-B I bought couldn’t power up my 120 GB IBM Deskstar hard drive. Then I found some information about Linksys NSLU2 but was adviced in a comment not hurry and wait for Linksys NAS200 to become available. And I waited…

Meanwhile a friend of mine told me that Buffalo have cheap linux-based alternatives to Linksys’s wireless routers (sadly Linksys have switched to VxWorks). When I noticed that NAS200 had finally arrived I remembered what Victor had told me and I searched for a Buffalo alternative to NSLU2 and NAS200. I needed a reliable network storage with a good capacity. And of course at a reasonable price. So this is what I found (and bought) is Buffalo LS-W1.0TGL/R1 – a relatively small (100 x 163 x 225 mm) device with two SATA hard drives (500 GB each), one gigabit network adapter, two USB 2.0 ports (for additional storage) and both RAID 0 (stripping) and RAID 1 (mirroring) capability. Several protocols are supported for accessing your shared folders – Samba (Workgroup, Domain and Active Directory setup support), FTP, HTTP(S) as well as DLNA Media Server.  The access restriction is UNIX-based (it’s a Linux box, remember?).

I compared the prices of this solution with those with NSLU2 (incl. two external USB enclosures and two 320 GB hard drives) and NAS200 (incl. 320 GB hard drives) and the Buffalo solution turned out to be just a bit more expensive – a price that I gladly paid for the comfort of having a relatively small and integrated solution (with only power and network cables) with larger storage.

OK. That’s what you would read from the brochure. The really interesting thing here is Buffalo release the sources of their firmware (as the GPL license requires them) and it can be optionally replaced with other. You can currently choose between FreeLink (Debian based) and GenLink (Gentoo based), each of them having some features in additional to the original firmware’s ones. More on these and many other handy stuff about Buffalo’s NAS devices can be found at NAS Central.

Fine! My PC is now on sale… stay tuned for a post on that.

И така… докато се продадоха, заедно с PowerNet на някакъв офшорен консорциум, когато всичко заспа… буквално! Капакът беше хубава сутришна сутрин, когато се събуждам около 9:30 и установявам, че липсва дори на Какъвто-и-да-е-Интернет, връзка точно тогава ми трябваше (имам навика да работя и през уийкенда). Започва едно бясно въртене на телефони, където услужливата централа отново ме препращаше към несъществуващ оператор, след което затваряше. Някъде около 12:30 Някакъв-си-там-Интернет се появи, но аз вече бях достатъчно бесен и около час по-късно успях да се свържа. Младежът, който вдигна, направо се ошашка с мен – след като остана без отговор на въпроса за молитвата, която трябва да казвам сутрин, за да разчитам на наличието на Интернет, последва километрична тирада за безобразното отношение на фирмата към клиентите им… Оказа се обаче, че въпросният младеж е от поддръжката на PowerNet, към централата на които от Bol.bg са пренасочили обажданията. А и не само тях – оказа се, че проблемът, който съм имал, е бил отстранен от техен екип, та… явно и той не беше особено доволен от ситуацията. Оплюхме порядъчно екипа на (главо-)Bol.bg, пое ангажимента нещата да се оправят, а и аз поех своя – да дам своя принос към решаването на проблема…

… от вече две седмици съм щастлив клиент на Онлайн директ и се радвам на близо 50 Мбит peering свързаност (и респективно към офиса ни, където ползваме услугите на същия доставчик), близо 25 Мбит – международна свързаност, 50% гарантирана скорост, денонощна поддръжка, подсещания за плащане по e-mail и SMS, както и online плащания през epay.bg. А, и безплатен NOD32! И симпатична мацка в офиса.

Баси рекламата се получи… трябва да почерпят. А, ако пропуснат, аз няма да пропусна да ги насоля още при първата издънка. А всеки се дъни…

There were a few things that I paid attention to:

• Spammers predominantly use secondary mail exchangers. Quote clever decision – secondary mail exchangers often have no way to check if a mailbox is not available or not and accept the e-mail for delivery. They usually don’t do the spam filtering as it is often a local delivery task so it’s not their job. What I mean… spam is more likely to be accepted by a secondary mail exchanger. Even if a message gets bounced by the primary mail exchanger it is not of importance to the spammer;
• In my setup I had disabled DNS blacklist checks in Postfix as SpamAssassin did them. However my SpamAssassin marks unsolicited e-mails as spam but lets them pass through. So blacklisted senders were able to send spam to domains I relay for instead of being sent a “554 Transaction failed.” error code. That’s why I added DNS blacklist checks in Postfix itself (a main.cf snippet below);
• A few weeks after moving a domain to Google Apps and changing the MX records accordingly I still have receive spam relayed through my servers for this domain. I intentionally didn’t remove the domain from the list of domains I relay for because I don’t want a mail to be lost because of unexpired DNS entries. It seems spammers are aware of such techniques and save old MX records. Fine! I removed the obsolete domains out of my relay list…
• … but the last one presupposes there are system that keeps sending spam for a very long period of time (a few weeks!). If they are hacked why the f*ck their administrators get paid for?! If not, it’s intentional… and their ISPs obviously support spam. I suppose it’s the latter and that’s why wide ranges are blacklisted. Hah! And that’s why my mail queue has almost no requests in it after the change in Postfix.

For those of you interested in the Postfix setting (or just the DNS blacklist I use) here is what my “smtpd_recipient_restrictions” option in main.cf looks like:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_rhsbl_client blackhole.securitysage.com,
reject_rhsbl_sender blackhole.securitysage.com,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client proxies.blackholes.wirehub.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client multihop.dsbl.org,
permit