Current botnets use a pseudo-random sequence of domains to host their moving C&Cs. This post shows the drawbacks of this clever approach and proposes a little enhancement to the names generating algorithm.
Archive of entries posted on February 2010
Microsoft censors cryptome.org
In a vain effort to suppress an internal document detailing their cooperation with law enforcement agencies (“Global Criminal Compliance Handbook”), Microsoft had the domain name of the venerable website cryptome.org suspended by invoking the infamous DMCA… resulting in the usual Streisand effect.
Good Bye, Kamp DSL!
Since Kamp Netzwerkdienste GmbH are giving their private DSL customers the boot, I’ve decided to give Manitu a try. Interestingly, multihoming Kamp and Manitu on the same T-DSL link from the Deutsche Telecom (T-Com) is impossible: one can use only one ISP at a time, even though one can setup one as the primary, and the other as the backup ISP, should an ISP drop its PPPoE tunnel in the T-DSL backbone.
Self-modifying Code in FreeBSD Assembly
Self-modifying code, while rarely a good idea, is possible if the operating system allows us to remove the read-only protection on the code pages (.text section). FreeBSD provides the mprotect(2) system call to do just that. This post contains an assembly language example that makes use of it on FreeBSD/amd64 and FreeBSD/i386. The techniques shown here can be used to create true self-modifying code.
Observer Effect in FreeBSD Assembly
When a program behaves differently inside and outside of a debugger session, we may have an instance of the famous observer effect in information technology. This post illustrates this effect with a simple program in FreeBSD assembly.
Return Values of FreeBSD Syscalls in Assembly
This post shows how to write “hello, world!\n” into a file with FreeBSD assembly language. We learn that FreeBSD/amd64 and FreeBSD/i386 save the return value of syscalls in %rax or %eax if no error occurs. In case of errors, errno is saved in %rax or %eax, and the carry flag is set.
Printing woes on FreeBSD 8 with CUPS
FreeBSD 8′s new USB stack caused CUPS to stop printing on USB printers. Fixing permissions on the /dev/ugen* and /dev/usb/* device nodes corresponding to the printer solves the problem.