Tip 0.1: Wanna see the MFC source code?

You can see the source code of MFC (Microsoft Foundation Class library) by opening the file MFC.BSC in Visual Studio IDE. Simple isn't it? :)

eEye 0day tracking

another useful initiative from eEye : http://research.eeye.com/html/alerts/zeroday/index.html

Microsoft acquired Firefox!

Microsoft's IE (Internet Exploder) and Mozilla's Firefox are two major next-gen browsers today.

They even almost have released their new versions at the same time a couple of weeks ago, when Microsoft unveiled its IE7 while Mozilla released its Firefox 2, with each bundled with new security aware anti-phising feature, ease of use with their tabbed browsing, RSS Reading, etc.

Internet users were so excited about the development and they wanted to try them right away, which will win the competition. Reports showed that Firefox whipped IE (as always) based on the number of downloads after one week of the release. One comparison about the two browers performance was posted here.

Now..what do you think will happen if the two great browsers merge their technologies? Or shall I say, if Microsoft will acquire the Firefox? Introducing....MS Firefox 2007! :)

Well, actually they already did. Check this out! LOLs

Three interesting features are:
- msfirefox mail beta :-)
- TakeOver Technology ;-)
- AKobe Phlash ;-)

time to laugh..

after working, its time to relax..and laugh out loud wehehehe :)
aside from youtube, theres video.google.com, and metacafe

Its Snow Time!!

Yaho!! Its raining snow na! =)
Ganun pag dka sanay makakita ng snow hehehe manol!

Hay..past 12 na. Kain muna..=)

Webapplist.com

Some nice web applications like

- pdf conversion
- sending large files
- word processor
- online virus scanning etc.

Take a look at this site.

Fuzzers – The ultimate list

This is a list of programs or websites that offer fuzzing tools:

(L)ibrary (E)xploit API - lxapi - A collection of python scripts for fuzzing
Mangle - A fuzzer for generating odd HTML tags, it will also autolaunch a browser. Mangle found the infamous IFRAME IE bug.
SPIKE - A collection of many fuzzers from Immunity. Used to find the recent remote RDP kernel DoS against a firewalled XP SP2, and many others.
PROTOS WAP - A fuzzer from the PROTOS project for fuzzing WAP.
PROTOS HTTP-reply - Another fuzzer from the PROTOS dudes for attack HTTP responses, useful for broswer vulns.
PROTOS LDAP - For fuzzing LDAP, not as successful as the others from the PROTOS project
PROTOS SNMP - Classic SNMP fuzzer, found a vuln in almost every networking gear available at the time (2002).
PROTOS SIP - For fuzzing all those new VOIP SIP devices you see everywhere.
PROTOS ISAKMP - For attacking IPSec implementations
RIOT & faultmon - For attacking plain text protocols (Telnet, HTTP, SMTP). Used by Riley Hassell when he worked at eEye to discover the IIS .printer overflow and included in The Shellcoder's Handbook.
SPIKE Proxy - A semi-functional web fuzzer from the guys at Immunity that brought you the original SPIKE
Tag Brute Forcer - Awesome fuzzer from Drew Copley at eEye for attacking all of those custom ActiveX applications. Used to find a bunch of nasty IE bugs, including some really hard to reach heap overflows.
FileFuzz - A file format fuzzer for PE (Windows) binaries from iDefense. Has a pretty GUI. I've recently used it to find bugs in Word.
SPIKEFile - Another file format fuzzer for attacking ELF (Linux) binaries from iDefense. Based off of SPIKE listed above.
notSPIKFile - A ELF fuzzer closely related to FileFuzz, instead of using SPIKE as a starting point.
Screaming Cobra - Name makes the fuzzer sound better than it really is, but is good for finding CGI bugs. Also, its a perl scrpt so easy to modify or extend.
WebFuzzer - A fuzzer for (guess what?) web app vulns. Just as good as some of the cheap commercial web fuzzers.
eFuzz - A generic TCP/IP protocol fuzzer. Easy to use, but maybe not as full featured as some others on this list.
Peach Fuzzer - A great fuzzer written by Michael Eddington. Peach Fuzzer is more of a framework for building fuzzers.
Fuzz - The ORIGINAL fuzzer developed by Dr. Barton Miller at my Alma Matter, the University of Wisconsin-Madison in 1990. Go badgers!
Fuzzball2 is a little fuzzer for TCP and IP options. It sends a bunch of more or less bogus packets to the host of your choice.
Fuzzer version 1.1 is a multi protocol fuzzing tool written in Python. It can be used to find new SQL injection, format string, buffer overflow, directory traversal, and other vulnerabilities. Written with portability in mind.
Scratch is an advanced protocol destroyer ("fuzzer") which can routinely find a wide variety of vulnerabilities from a simple packet. scratch does complex parsing of binary files to determine what to fuzz with what data. scratch also comes with a framework for fuzzing binary protocols such as SSL and SMB.

>Some websites/links:
http://software.tripbit.net/mistress/
http://www.cirt.dk/tools/fuzzer/fuzzer.txt
http://metasploit.blogspot.com/2006/03/browser-fuzzing-for-fun-and-profit.html
http://www.digitaldwarf.be
http://antiparser.sourceforge.net/
WSFuzzer - claims to test SOAP based web services.
www.musecurity.com
http://www.secdev.org/projects/scapy/

>ActiveX/COM fuzzers:
AXFuzz A tool from Shane Hird for "fuzzing" the IDispatch interface of the components, as well as any IDispatch interfaces returned from the methods, by calling every method with garbage values, or overly long BSTRs.
COMRaider David Zimmer of iDefense has released this tool designed to fuzz COM Object Interfaces. COMRaider includes:
- capability to easily enumerate safe for scripting objects
- ability to scan for COM objects by path, filename, or guid
- integrated type library viewer
- integrated debugger to monitor exceptions, close windows,log api
- external vbs script allows you to easily edit fuzzer permutations
- built in webserver to test exploits on the fly
- distributed auditing mode to allow entire teams to work together
- ability to upload crash files to central server for group analysis
- automation tools allowing you to easily fuzz multiple libraries
- individual classes, or specific functions.

You can watch a video tour of COMRaider in http://labs.idefense.com/doDownload.php?downloadID=24

Hamachi A community-developed utility for verifying browser integrity, written by H D Moore and Aviv Raff. Hamachi will look for common DHTML implementation flaws by specifying common "bad" values for method arguments and property values. Hamachi has found flaws in Firefox 1.0.7, Mozilla 1.7, Konqueror 3.5.1, Opera 8.5, Safari, and Internet Explorer!.

Original text taken from: http://www.infosecinstitute.com/blog/2005/12/fuzzers-ultimate-list.html
------
Update:
AxMan - http://metasploit.com/users/hdm/tools/axman/

iWoz: Computer Geek to Cult Icon

Book excerpt: Wozniak describes prankster days, harrowing adventures

The following is an edited chapter from Apple co-founder Steve Wozniak's book, ``iWoz: Computer Geek to Cult Icon,'' ($25.95), to be released Monday by W.W. Norton and Co. In it, Wozniak describes his prankster side, playing with a device called a ``Blue Box,'' that allowed a person to make free telephone calls.

Losing my Pinto changed my life completely. One of the major parts of my life at Berkeley was taking groups of people down to Southern California or even as far south as Tijuana, Mexico, on weekends. Actually, my first thought after the crash wasn't, ``Oh, thank God I'm alive,'' but ``Man, now I'm not going to be able to take my friends on wild adventures anymore.''

The car crash was the main reason that, after this school year, my third year at Berkeley, I went back to work instead of coming back to school. I needed to earn money, not just for the fourth year of college but also for a new car.

If I hadn't gotten in the car accident that year, I wouldn't have quit school and I might never have started Apple. It's weird how things happen.

* * *

But for the rest of the year at Berkeley, I kept playing with my Blue Box. Captain Crunch's design had given me an idea: to add a single little button where I could preprogram a ten-digit number.

The number I chose to dial was this weird .. Read more..

Windows Explorer alternatives

Most of computer users are not-so satisfied with the built-in Windows Explorer from Microsoft.
So if you're one of them, or atleast just curious if there are some alternative out there, you can try others as well. For sure, you will find some alternatives that will suit your preferences or needs in file management in Windows.

And there's a comprehensive review for atleast 15 alternatives to Windows Explorer Take a look on this link.

Your iPod could be infected

Yes, you'll never know if your electronic gadget (like iPod,MP3 players, etc) is free from malicious programs like virus or trojan, as some of the manufacturers are not having such measures to make sure their products are virus-free before releasing to the public. More on this story here

Its just as simple as scanning for known viruses or atleast making sure that their source or builds are free from malicious programs. Or better yet, they must start thinking of hiring professionals that can handle this and avoid ridiculous story in the future.
..another opportunity for people like us *grin*.

MS Office vs Free Office!

Lots of MS Office's competitors are emerging nowadays. Of course the OpenOffice is the most popular, and now there are others like thinkfree and google.com is showing some interest to compete in this field against the software giant.

All of us have different opinions and preferences, but for me, which is free, supports several formats (like pdf, html,etc), and more secure, got my vote!

Below you can find some good comparisons between these office application offerings. Its up to you which you like ;)

http://www.techsoup.org/learningcenter/software/printpage4765.cfm

http://www.eweek.com/article2/0,1759,1909855,00.asp

Google (ha|ro)cks!

nice additional tool to "us" indeed =) http://www.google.com/codesearch/advanced_code_search

bling! naisip nyo ba, naisip ko?? hehe..

English-Tagalog Vocabulary!

wala lng.. natawa kc ako sa joke nato! =)

-------------------------------------------------------------------------------------
English-Tagalog Vocabulary Iba To!!

ENGLISH-TAGALOG DICTIONARY à iba ‘to! (updated version)

01) Contemplate - kulang ang mga pinggan

02) Punctuation - pera para maka-enrol (pang-tuition)

03) Ice Buko - nagtatanong kung ayos na ang buhok (“Ayos buhok ko?”)

04) Tenacious - sapatos na pang tennis (tennis shoes)

05) Calculator - tawagan kita mamaya (Call you later)

06) Devastation - sakayan ng bus (The bus station)

07) Protestant - Tindahan ng prutas (Fruit stand)

08) Statue - Ikaw ba yan? (“Is that you?) 0

9) Tissue - Ikaw nga! (“It’s you!”)

10) Predicate - Pakawalan mo ang pusa (Free the cat)

11) Dedicate - Pinatay ang pusa (Dead the cat)

12) Aspect - Pantusok o pandurog ng yelo (Ice pick)

13) Deduct - Ang pato (The duck)

14) Defeat - Ang paa (ng pato?) – (The feet)

15) Detail - Ang buntot (ng pato?) – (The tail)

16) Deposit – Gripo (The faucet) -> (Call DIPLOMA if DEPOSIT is leaking)

17) Diploma – Taga-ayos ng gripo (The plumber)

18) City - Bago mag-utso; A number to follow 6 -> (Siete)

19) Cattle - Doon nakatila ang Hali at Leyna (Castle)

20) Persuading - Unang Kasal (First wedding)

21) Depress - Ang nagkasal sa PERSUADING (The priest)

22) Defense - Ginamit ng mga pangsulat sa kontrata sa PERSUADING (The pens)

23) It Depends - Kainin mo ang bakod (Eat the fence)

24) Shampoo - Bago mag-labing-isha (Sampu)

25) Delusion – Ginagamit pangpadulas (Lotion)

26) Delivery - Walang bayad. (‘Di,…. libre)

27) Profit - Patunayan mo (Prove it)

28) Balance Sheet - What comes out after eating a balance diet

29) Backlog - bacon saka egg (Bac-log, bacon at itlog)

30) Beehive - magpakatino ka (Behave)

31) CD-ROM - tingnan mo ang kwarto (See the room)

32) Debug - ang ipis (The bug)

33) Defrag - ang palaka (The frog)

34) Defense - ang bakod (The fence)

35) Defer - ang balahibo (The furr)

36) Deflate - ang plato (The plate)

37) Detest - ang eksamin (The test)

38) Devalue - 'yon ang susunod sa letrang V (Double u)

39) Devote - ang boto (The vote)

40) Dilemma - brownout!, a! (“Dilim, a!”)

41) Effort - 'dun nagla-land ang efflane (Airport)

42) Forums - apat na kwarto (Four rooms)

43) July - nagsisinungaling ka ba? (“Do you lie?”)

44) Liturgy - what comes after litur F (The letter G)

45) Thesis - ito ay.…. (This is…..)

46) Neophyte - bagong laban (new fight)

47) Lullaby - Lola, aalis na ako ("Lola, bye")

48) Crustacean - binibisitahan tuwing cuaresma (cross station)

-------------------------------------------------------------------------------------

Budapest, New Frontier

I just want to share with you how to live and work here at Budapest, at least based on my two weeks tenure. I remember my arrival here at Budapest two weeks ago, it was kind of odd feeling because it’s different from other places I’ve been before the past few years. Aron and Peter picked me up from the airport around 9 or 10PM, and we headed to “my” apartment after a stick of cigarette. Yes, they provided me a two-room apartment in Bodafoki ut, where I can share the flat with the other colleague which is expected to be here before the end of October. Yahoo, me kasama nako! =)

At the apartment, they’ve bought some good tasting pizza ala Hungarian style, with matching diet coke in can. To my surprise, the refrigerator was filled with assorted items like sausages, cheese, yogurt, juice, bread, bottled water, beer and among others, which is good enough for 3-4 days of consumption. Not bad. After they've showed me the amenities and taught me how to use this and that, they already went home, past 12 midnight and I need to rest from a more or less 15 hrs flight from Manila to Amsterdam, then to Budapest. Oh before I forget,

they also gave me a new cell phone to use, but no international call please! Damn, my tired body was not about to give up, and my eyes were not closing the way I wished. So I immediately unpacked my laptop and checked the wireless connection. After one or two minutes of configuration, I was already surfing the net, chat here, chat there, check mails, send SMS to my family and other peeps in the Philippines. That was about 3 hours. Then, finally my eyes gave up and I got to sleep for some papers to process the following morning.

Aron (Office director/HR Manager), and Peter (Technical director/CTO) are such a good example how Hungarians are nice people and hospitable to foreign guests. Based on the statistics, Hungary has the least crime rate against foreigners. Well, good to hear that if that’s true. At least that’s how I feel the way they treated me. Or maybe just for the first few months? Let’s see... =)

Living in another country is always an exciting and an adjustment as well. In the office, I could hardly talk with most of my officemates, not because I’m not good in English (hehe), but basically because they could hardly speak English than I do =). Their native language is Hungarian (a Finno-Ugric), which is relatively different from any other European languages. But most of them know German language, and maybe other European languages. I tried to buy Angol to Magyar (English to Hungarian) dictionary, but I know its not gonna be easy to learn their language. Good thing is, Aron and Peter are very accommodating to me.

English to Hungarian Dictionary

Now, let’s talk some info about Hungary (Magyarország), and its beautiful capital of Budapest (bʊdɑpɛʃt). It is a landlocked nation in Central Europe, being surrounded by Austria, Romania, Croatia, Slovenia, Slovakia, Ukraine, and Serbia.

The Budapest (“Paris of the East”), long time ago were two separate cities, partitioned by the famous Danube river (or simply Duna). The lovely Buda to the West is the hill side, while the Pest is the urban plain side to the East.

Budapest and Danube River


Budapest Arena

What about the food? You may ask. Well, Hungary had produced some great Mathematiciaans and scientists, but they also have unique way of cuisine. If Filipino has adobo as unofficial national dish, Hungarians offer their goulash, a soup with potato and meat. At first glance you might call most of their food “patyam” (or patyambahan in tagalog) style of cooking, as they seem to just mix everything in there. But most of them taste good, though a bit salty most of them. I’ve also noticed that potato is very prominent in their recipes. So I’ve learned to grocery and cook my own food at home and during weekend. Thanks to google for providing me lots of help in my cooking chores =)

Mushroom chicken, rice, cucumber with diet coke =)

Their house architecture is also remarkable. Some are even more than a hundred years old, but able to maintain the gothic architectural design, which truly amazing! Some of the places I’m looking forward to experience or see are: the Castle District (the royal house) at the Buda hill, overlooking the Pest and the Danube river, the Budapest’s business center (maybe the noisiest and busiest place in Budapest – gimik time!), Budapest’s Stock Exchange (as others say “Europe’s biggest and most architecturally obnoxious trading room”), the Lake Hévíz (largest thermal lake in the world), Lake Balaton (largest lake in Central Europe), and maybe there are other places in Hungary that worth the visit.

Ok folks, got to go now. Its almost 12 midnight so.. Lets continue this with some techie stuff.

To be continued..

Welcome Aboard!

One boring night, while away, I tried my imagination to create this blog site to keep in touch with my friends, family and enemies as well. This is open to everybody who wants to speak something, or anything under the sun as they say.

So lets start rockin! =)

~cycl0nedude