Archive for August, 2007
“Revolution” irssi theme
Aug 21st
Modifying the evolution-hack irssi theme with bits of the agon theme, I’ve put together a theme called “Revolution”.
It looks nice enough on terminals with dark backgrounds/light text. I might tone down the yellow colour used for the nick printing though.
Flash-based port scanner
Aug 16th
I noticed an interesting little tidbit over on TaoSecurity. It’s a proof of concept for a Flash-based port scanner that takes advantage of some seemingly braindead programming decisions on the part of Adobe.
Flash 9 has a socket event/exception that immediately thrown when trying to connect to a closed TCP port. For an open TCP port, flash writes some data to the socket that will never illicit a response. This behavior can be used to infer which ports are open and closed on a given host.
Given the massive popularity of flash video and such, it would be quite trivial to trick people into opening one of these things.
Don’t open this link!
Aug 8th
The author of the NoScript Firefox extension has highlighted a “mis-feature” in Java that allows an uncloseable, full-screen applet with no window decorations to be opened. There is a proof of concept applet available, but for the love of god don’t open it if you value your sanity.
Needless to say the possibilities for annoying ads and more insidious phishing scams are endless.