This is a mirror of official site: http://jasper-net.blogspot.com/

Stiltwalker reCAPTCHA killer

| Saturday, June 16, 2012
Stiltwalker is a proof of concept tool that defeats Google's reCAPTCHA with an insanely high accuracy (99%). We have released all of our research, code, tools and examples used in the reCAPTCHA domination. You can get the slides here and the video is at the bottom of the page.

We accomplished this with a combination of Machine Learning, hashing methods, keyspace reduction tactics, and taking advantage of an overall limited number of captchas. Specifically, Stiltwalker goes head to head against reCAPTCHA'S audio captcha system and defeats all but a sliver of it's challenges.

For all questions, comments, and fuckyous, please email the team at stiltwalker@dc949.org

We developed everything using Ubuntu 10.04, Ubuntu 11.04, and Debian 6, however it should work on any Linux distribution without too much effort. The one thing we noticed when testing it on Ubuntu 12.04 is that it comes with a slightly different version of SoX, which has some changes which drops accuracy from 99% to around 60%. So for best results, you'll want to use SoX v14.3.0 (or v14.3.1), but we'd advice to steer clear of v14.3.2 unless you want to collect tens of thousands of samples, solve them manually and then train the neural net using this version of SoX. If you go through the hassle of retraining, the newer version of SoX should work just fine.

So, for those running [any version of] Ubuntu, the easiest way to get started will be to just add our repository to /etc/apt/sources.list like so (if you're using something other than lucid, just change the codename accordingly):

deb http://repo.dc949.org/ lucid main

Now you're just a simple `apt-get update` and `apt-get install stiltwalker stiltwalker-md5solver stiltwalker-phashsolver stiltwalker-training` away from having everything you need.

For those of you who don't have Ubuntu, you'll have to download the tar.gz version (and optionally the 380 MB md5 files) and make sure you have all the dependencies (octave, python2.7, curl, sox, libsox-fmt-all, libphash0-dev, libphash0, cimg-dev). As an aside, you can use python 2.6, but you'll need to go out and get python-argparse and python-imaging as these libraries aren't included by default until 2.7.

So at this point you should have everything you need to get started, so now what? Well, you can play with our sample programs like complete.py. One way to run it would be thusly:

python complete.py -s 1 md5 -s 1 neural 32 theta_values_both_32_1536_500.mat -l 5

This will solve 5 captcha (from the recaptcha demo page) using the md5 solver, and if that can't find the answer, it'll use the neural network. For more help, use --help and check out all the options.

Read more: Defcon Group 949

Posted via email from Jasper-net

Publicly available PCAP files

| Wednesday, June 13, 2012
This is a directory over various packet capture repositories which are freely and publicly available on the Internet. Most of the sites listed below share their PCAP files as full content, but some do unfortunately only have truncated frames.
PCAP Repositories

Wireshark Sample Capures

OpenPacket.org Capture Repository (maintained by JJ Cummings created by Richard Bejtlich)

Captures from the "2009 Inter-Service Academy Cyber Defense Competition" served by Information Technology Operations Center (ITOC), United States Military Academy

Over 4 GB of network forensic training data from DEEP (Digital Evaluation and Exploitation Department of Computer Science, Naval Postgraduate School). Case details can be found at Jesse Kornblum's blog.
http://domex.nps.edu/corp/scenarios/2008-nitroba/ (Read more on the Digital Corpora website)

PacketLife.net Packet Captures (Jeremy Stretch)

MOME database

EvilFingers PCAPs

Laura's Lab Kit v.9 ISO image

Read more: SourceForge.net
QR: Inline image 1

Posted via email from Jasper-net

LinkedIn Leaked hashes password statistics (@StefanVenken)

| Monday, June 11, 2012
Based on the leaked 6.5 Million hashes, 
1.354.946 were recovered within a few hours time with HashCat / Jtr and publicly found wordlists on a customer grade laptop.

This report was created with pipal from @Digininja 

Total entries = 1354946
Total unique entries = 1354946

Top 10 base words

link = 1808 (0.13%)
alex = 1215 (0.09%)
mike = 1146 (0.08%)
june = 1065 (0.08%)
july = 891 (0.07%)
john = 882 (0.07%)
chris = 766 (0.06%)
love = 749 (0.06%)
april = 725 (0.05%)
mark = 669 (0.05%)

Password length (length ordered)

6 = 281193 (20.75%)
7 = 211946 (15.64%)
8 = 444338 (32.79%)
9 = 203826 (15.04%)
10 = 121783 (8.99%)
11 = 51138 (3.77%)
12 = 24377 (1.8%)
13 = 9237 (0.68%)
14 = 4237 (0.31%)
15 = 1688 (0.12%)
16 = 1112 (0.08%)
17 = 37 (0.0%)
18 = 22 (0.0%)
19 = 7 (0.0%)
20 = 8 (0.0%)
21 = 3 (0.0%)
22 = 4 (0.0%)
23 = 4 (0.0%)
24 = 2 (0.0%)
27 = 2 (0.0%)
34 = 2 (0.0%)
40 = 2 (0.0%)

Password length (count ordered)

8 = 444338 (32.79%)
6 = 281193 (20.75%)
7 = 211946 (15.64%)
9 = 203826 (15.04%)
10 = 121783 (8.99%)
11 = 51138 (3.77%)
12 = 24377 (1.8%)
13 = 9237 (0.68%)
14 = 4237 (0.31%)
15 = 1688 (0.12%)
16 = 1112 (0.08%)
17 = 37 (0.0%)
18 = 22 (0.0%)
20 = 8 (0.0%)
19 = 7 (0.0%)
23 = 4 (0.0%)
22 = 4 (0.0%)
21 = 3 (0.0%)
34 = 2 (0.0%)
24 = 2 (0.0%)
27 = 2 (0.0%)
40 = 2 (0.0%)

Read more: Pastebin
QR: Inline image 1

Posted via email from Jasper-net

LZ4

| Sunday, June 10, 2012
This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "msg-4672-14.txt"
is on the list of unacceptable attachments for this site and has been
replaced by this warning message.

Due to limitations placed on us by the Regulation of Investigatory Powers
Act 2000, we were unable to keep a copy of the original attachment.

At Sun Jun 10 00:13:09 2012 the virus scanner said:
No programs allowed (msg-4672-14.txt)

LZ4 description

LZ4 is a very fast compressor, based on well-known LZ77 (Lempel-Ziv) algorithm.
Originally a fork from LZP2, it provides better compression ratio for text files and reaches impressive decompression speed, in the range and beyond 1GB/s per core (!), especially for binary files. These speeds are scalable with multi-threading modes, quickly reaching RAM speed limits on multi-core systems.

LZ4 compression format is detailed in a dedicated post.

LZ4 is available as a C Open Source project, hosted on Google Code, under a BSD license.
A port of LZ4 in C# language is provided by Clayton Stangeland at GitHub.
A JNI wrapper of LZ4 for Java language is provided by Binglin Chang at GitHub.
A binding for Python has been created by Steeve Morin, available at Pypi.
A binding for Perl has been created by Gray, available at Cpan.
A binding for Ruby has been created by Komiya Atsushi, available at RubyGems.
A binding for Haskell has been completed by Mark Wotton, available at Haskell Hackage 
A port of LZ4 in Go language is provided by Branimir Karadzic at GitHub.
A wrapper of LZ4 for LUA language is provided by Christophe Delord at cdsoft.

The -c1 mode serves as a living demo for MMC (Morphing Match Chain) search algorithm (explained here).
The -c2 mode is equivalent to lz4hc.

Download :
v1.3 : Windows LZ4 installer (setup)
v1.3 :  LZ4 Command Line Utility for Windows (stand alone zip, no installation)
What's new :
- c0 mode : small compression improvement
- c2 mode : small compression improvement
- c2 mode : large compression speed improvements
- improved i/o performance

QR: Inline image 1

Posted via email from Jasper-net

How Can I View MSMQ Messages and Queues?

|
I’m working with NServiceBus to send messages to and from different parts of my application.  NServiceBus is a mature tool that sits on top of MSMQ and provides a great developer experience for working with a number of different scenarios.  One thing that’s challenging when working with queues is figuring out where a message went when it doesn’t show up at the other end of the message bus.  Where did things go wrong?  How can I see the messages in the queue for MSMQ?  Is the queue set up and working?

It turns out that there is built-in support for viewing details of MSMQ baked into the MMC snap-in, though it’s not immediately obvious where to find it.  It’s actually under Computer Management > Services and Applications > Message Queuing.  Once you get that far, you’ll see a listing of Outgoing Queues, Private Queues, System Queues, and Triggers.  You most likely are interested in Private Queues.  Here’s a listing of my Private Queues on my dev machine at the moment:

Inline image 2

If you want to look at a particular message (that no application has picked up), you can drill down into the queue and inspect the Queue messages.  Double-clicking on one will show you details of its contents:

Read more: Ardalis
QR: Inline image 1

Posted via email from Jasper-net

Visual Studio 2012 and WinDbg Integration

|
Microsoft has always provided two primary debugging experience: Visual Studio and Debugging Tools for Windows (a.k.a WinDbg). Each debugger provided a very different debugging experience (both from a capabilities point of view as well as usability). WinDbg was most commonly used when you had the need for low level debugging and was also not very user friendly requiring a steep learning curve. Visual Studio on the other hand was a very user friendly type of debugger but not always suited for low level type of debugging. Fortunately, with the introduction of Visual Studio 2012 (beta) both experiences are now folded into the Visual Studio debugger.

To start using the powerful WinDbg commands and extensions in Visual Studio 2012 it requires that you install the WDK on top of Visual Studio 2012. Once the install is completed you will notice a new transport as shown below:

Inline image 1

In the transport dropdown there will be several new choices including Windows User Mode Debugger which is what you want to pick to enable the WinDbg experience. Once you select your process and click attach the debugger immediate window will be displayed and serves essentially the same purpose as the WinDbg command window:

Read more: MarioHewardt
QR: Inline image 2

Posted via email from Jasper-net

BackgroundWorker Helper using Lambda Expressions

|
Introduction

I have found that using Lambda Expressions with the BackgroundWorker makes maintenance much easier since you can have everything together in a single method. You can implement the BackgroundWorker using Lambdas without any sort of helper class very easily:

using (var backgroundWorker = new BackgroundWorker())
{
    Debug.Print(string.Format("Start BackgroundWorker {0}", 
         sw.ElapsedMilliseconds));
    backgroundWorker.DoWork += (s, e) =>
        {
          var baskets = FoxDataAccess.GetOrderBaskets().
            Select(i => new StaggedBlotterOrderBasketViewModel(i));
          var mainList = new ObservableCollection
            <StaggedBlotterOrderBasketViewModel>(baskets);
          e.Result = mainList;
        };
    backgroundWorker.RunWorkerCompleted += (s, e) =>
        {
          Debug.Print(string.Format("Completed BackgroundWorker {0}", 
            sw.ElapsedMilliseconds));
          _mainList = (ObservableCollection
            <StaggedBlotterOrderBasketViewModel>)e.Result;
          RaisePropertyChanged("MainListSource");
          Debug.Print(string.Format("Converted Basket Data {0}", 
            sw.ElapsedMilliseconds));
          IsBusy = false;
        };
    backgroundWorker.RunWorkerAsync();

However, using a helper can slightly reduce the code and do exactly the same thing:

Read more: Codeproject
QR: Inline image 1

Posted via email from Jasper-net

Quick Ways to Boost Performance and Scalability of ASP.NET, WCF and Desktop Clients

|
Introduction

There are some simple configuration changes that you can make on machine.config and IIS to give your web applications significant performance boost. These are simple harmless changes but make a lot of difference in terms of scalability. By tweaking system.net changes, you can increase the number of parallel calls that can be made from the services hosted on your servers as well as on desktop computers and thus increase scalability. By changing WCF throttling config, you can increase the number of simultaneous calls WCF can accept and thus make most use of your hardware power. By changing ASP.NET process model, you can increase the number of concurrent requests that can be served by your website. And finally, by turning on IIS caching and dynamic compression, you can dramatically increase the page download speed on browsers and overall responsiveness of your applications.

System.net Changes

By default, system.net has two concurrent connections per IP allowed. This means on a webserver, if it’s calling WCF service on another server or making any outbound call to a particular server, it will only be able to make two concurrent calls. When you have a distributed application and your webservers need to make frequent service calls to another server, this becomes the greatest bottleneck.

Inline image 1

Similarly, if you have a desktop application which is trying to make several webservice calls to the server, the system.net setting on the client computer’s machine.config will only allow two concurrent calls to your webserver. If your app makes many concurrent calls to your webserver, then this becomes the main bottleneck. No matter how fast your client app and server are, the two concurrent limit will kill it.

Read more: Codeproject
QR: Inline image 2

Posted via email from Jasper-net

New DoS tool lets a single PC bring down an Apache server

|
Recently discovered malware circulating online gives miscreants a small arsenal of denial-of-service attack tools, including a relatively new one that allows a single PC to take down an Apache webserver, a researcher said.

MP-DDoser, as documented in a blog post by Arbor Networks researcher Jeff Edwards, implements an exploit known as "Apache Killer," which first came to light last August. Researchers said then that it worked by sending Apache servers multiple GET requests containing overlapping byte ranges, consuming all memory on a target system. The Arbor post suggested the technique worked against other webserver applications.

"The core of the attack involves the sending of a very long-range HTTP header that is intended to bring webservers (especially Apache) to their knees by forcing them to do a great deal of server-side work in response to a comparatively small request," Edwards wrote. "It is therefore one of the more effective low-bandwidth, 'asymmetrical' HTTP attacks at the moment."

MP-DDoser, aka IP-Killer, also contains other denial-of-service exploits, including one that closely resembles "Slowloris," another attack that allows a single PC to bring large websites to their knees. Apache Killer has also been incorporated into another DoS bot known as Armageddon.

Read more: Ars Technica
QR: Inline image 1

Posted via email from Jasper-net

Create a working compiler with the LLVM framework, Part 1

|
   The LLVM (formerly the Low Level Virtual Machine) is an extremely powerful compiler infrastructure framework designed for compile-time, link-time, and run time optimizations of programs written in your favorite programming language. LLVM works on several different platforms, and its primary claim to fame is generating code that runs fast.

   The LLVM framework is built around a well-documented intermediate representation (IR) of code. This article—the first in a two-part series—delves into the basics of the LLVM IR and some of its subtleties. From there, you will build a code generator that can automate the work of generating the LLVM IR for you. Having an LLVM IR generator means that all you need is a front end for your favorite language to plug into, and you have a full flow (front-end parser + IR generator + LLVM back end). Creating a custom compiler just got simplified.

Getting started with the LLVM

Before you start, you must have the LLVM compiled on your development computer (see Resources for a link). The examples in this article are based on LLVM version 3.0. The two most important tools for post-build and installation of LLVM code are llc and lli.
llc and lli

Because LLVM is a virtual machine (VM), it likely should have its own intermediate byte code representation, right? Ultimately, you need to compile LLVM byte code into your platform-specific assembly language. Then you can run the assembly code through a native assembler and linker to generate executables, shared libraries, and so on. You use llc to convert LLVM byte code to platform-specific assembly code (see Resources for a link to more information about this tool). For directly executing portions of LLVM byte code, don't wait until the native executable crashes to figure out that you have a bug or two in your program. This is where lli comes in handy, as it can directly execute the byte code. lli performs this feat either through an interpreter or by using a just-in-time (JIT) compiler under the hood. See Resources for a link to more information about lli.

llvm-gcc

llvm-gcc is a modified version of the GNU Compiler Collection (gcc) that can generate LLVM byte code when run with the -S -emit-llvm options. You can then use lli to execute this generated byte code (also known as LLVM assembly). For more information about llvm-gcc, see Resources. If you don't have llvm-gcc preinstalled on your system, you should be able to build it from sources; see Resources for a link to the step-by-step guide.

Hello World with LLVM

To better understand LLVM, you have to learn LLVM IR and its idiosyncrasies. This process akin to learning yet another programming language. But if you have been through C and C++ and their quirks, there shouldn't be much to deter you in the LLVM IR. Listing 1 shows your first program, which prints "Hello World" in the console output. To compile this code, you use llvm-gcc.

Listing 1. The familiar-looking Hello World program

#include <stdio.h>
int main( )
  printf("Hello World!\n");
}

To compile the code, enter this command:

Tintin.local# llvm-gcc helloworld.cpp -S -emit-llvm 

After compilation, llvm-gcc generates the file helloworld.s, which you can execute using lli to print the message to console. The lli usage is:

Tintin.local# lli helloworld.s
Hello, World

Read more: IBM
QR: Inline image 1

Posted via email from Jasper-net

Differences Between NHibernate and Entity Framework

|
Introduction

NHibernate and Entity Framework are two of the most popular O/RM frameworks on the .NET world. Although they share some functionality, there are some aspects on which they are quite different. This post will describe this differences and will hopefully help you get started with the one you know less. Mind you, this is a personal selection of features to compare, it is by no way an exhaustive list.

History

First, a bit of history. NHibernate is an open-source project that was first ported from Java’s venerable Hibernate framework, one of the first O/RM frameworks, but nowadays it is not tied to it, for example, it has .NET specific features, and has evolved in different ways from those of its Java counterpart. Current version is 3.3, with 3.4 on the horizon. It currently targets .NET 3.5, but can be used as well in .NET 4, it only makes no use of any of its specific functionality. You can find its home page at NHForge.

Entity Framework 1 came out with .NET 3.5 and is now on its second major version, despite being version 4. Code First sits on top of it and but came separately and will also continue to be released out of line with major .NET distributions. It is currently on version 4.3.1 and version 5 will be released together with .NET Framework 4.5. All versions will target the current version of .NET, at the time of their release. Its home location is located at MSDN.

Architecture

In NHibernate, there is a separation between the Unit of Work and the configuration and model instances. You start off by creating a Configuration object, where you specify all global NHibernate settings such as the database and dialect to use, the batch sizes, the mappings, etc, then you build an ISessionFactory from it. The ISessionFactory holds model and metadata that is tied to a particular database and to the settings that came from the Configuration object, and, there will typically be only one instance of each in a process. Finally, you create instances of ISession from the ISessionFactory, which is the NHibernate representation of the Unit of Work and Identity Map. This is a lightweight object, it basically opens and closes a database connection as required and keeps track of the entities associated with it. ISession objects are cheap to create and dispose, because all of the model complexity is stored in the ISessionFactory and Configuration objects.

QR: Inline image 1

Posted via email from Jasper-net