Archive for May, 2012

Microsoft has already ruffled more than a few feathers with the exclusionary potential of its forthcoming Windows 8 operating system, and this past week the open source community has been up in arms again.

The cause this time has been its Visual Studio 11 product line, new details about which the company published earlier this month.

Specifically, it looks like the free, Express version of the upcoming new product–widely used by many developers to create open source desktop applications for Windows–will no longer offer support for desktop-style applications. Rather, users of Visual Studio 11 Express will only be able to develop Metro applications.

Metro Only

“Visual Studio 11 Express for Windows 8 provides tools for Metro style app development,” notes Microsoft’s Visual Studio website. “To create desktop apps, you need to use Visual Studio 11 Professional, or higher.”

Visual Studio 11 Professional, of course, is far from free, with its $499 price.

Microsoft’s Visual Studio 2010 Express products will still be available for free download, the company notes, but they lack a number of key features coming to Visual Studio 11, including improved standards compliance.

Another version called Visual Studio 11 Express for Web will focus on HTML and JavaScript websites.

Meanwhile, to make sure there’s no cheating, the Windows SDK for Windows 8 no longer ships with a complete command-line build environment, Microsoft says.

A Strike Against Open Source

Now, it’s no mystery why Microsoft would want to push developers towards Metro, apps for which will obviously play a key role in the adoption of the forthcoming OS.

Taken in conjunction with the Secure Boot restrictions that appear to be on the way in Windows 8, however, it’s hard to see this latest move as anything other than a strike against open source software.

Bottom line? Microsoft may be pledging new allegiance to open source, but such steps are a bit difficult to take seriously when moves like this are happening at the same time.



Image: iStockphoto


Diagram: Drew Endy
REWRITABLE DNA MEMORY: When patches of DNA whose endpoints are the attachment sites attB and attP encounter the integrase protein [Int, in the red box], they’re flipped upside down, changing the DNA memory’s state from the equivalent of a “0” to a “1”. When they subsequently encounter integrase plus another type of protein called excisionase [Xis, white box], the DNA patches reset to “0”. Click on the image to enlarge.

23 May 2012—Bioengineers looking to turn microbes into manufacturers have longed for a kit of components as regular and predictable as those used by electrical engineers. But biology is a lot messier. Now a group of engineers at Stanford University say they’ve managed to make one such component—the genetic equivalent of a reliable memory device. In a reportpublished this week in Proceedings of the National Academy of Sciences, they detail how they developed rewritable DNA memory that works in living cells and can keep its data even as cells divide and multiply. DNA memory already exists but has been limited to write-once versions that can record only as many cellular events (such as cellular divisions) as there are bits. But the reversible storage system the Stanford researchers have ginned up is capable of being expanded to record a potentially huge number of events—2n events, where n is the number of bits.

In the short term, say its inventors, this improved biological memory could enhance the study of how we age and how cancer grows. But much further out lies the possibility of reprogramming cells to slow the aging process or to act as sentries that prevent cancer’s uncontrolled cell division.

The rewritable recombinase addressable data (RAD) module created by the Stanford bioengineers is a segment of DNA that switches between states when the bacteria carrying it encounters specific proteins. A class of proteins called “integrases” scan DNA sequences until they find two specific sequences (attachment sites called attB and attP) and bind to them. The integrase then cuts out the DNA strand between those sites, flips it over, and reattaches it so that string of base pairs reads in reverse. This chemical process, which the researchers refer to as “setting,” also changes the characteristics of the attachment sites attB and attP. (They become attL and attR, respectively.) This upside-down state, says the Stanford team, is the equivalent of a 1 in an electronic memory device.

Adding integrase mixed with another class of protein called “excisionases” reverses the process, “resetting” the DNA strand to its original, or 0, state. (Excisionase alone has no effect that anyone is aware of.) Drew Endy, a Stanford assistant professor of bioengineering, who led the research, says that the major technical hurdle the group had to overcome was avoiding what’s called “bidirectionality.” That is the tendency for some recombinase proteins (the respective versions of integrase and excisionase that the researchers chose are two of many) to cause the RAD module to flip, and then to cause it to flip back to its previous state before the change in state is recorded.

But in the end, say the researchers, they created a system of DNA registers that switch when, and only when, they’re in the presence of the protein-based inducers. As important, they note, is that the states can be switched repeatedly with no performance degradation.

“Developing biological systems, especially those based on DNA and cells, that ‘compute’ like digital computers has been challenging,” says Steven Benner, a distinguished fellow at the Foundation for Applied Molecular Evolution in Gainesville, Fla. Benner explains the nature of the challenge, noting that “biological molecules, like all molecules, intrinsically do ‘analog’ computation better than ‘digital.’ [The Stanford researchers’] latest work is a big step toward getting digital behavior from structures that are, fundamentally, not digital.”

Asked how much data the device they demonstrated is able to store, Endy proudly reports that it is currently capable of storing 1 bit, as in roughly a hundred billionth of the amount of data that can be stored on a key-fob-size USB flash drive. Though the DNA memory device’s capacity is relatively minuscule, “its purpose is not to compete with silicon, but to get access to data storage in places where silicon doesn’t work,” says Endy.

In fact, says the Stanford researcher, 8 bits is more than enough to keep track of changes in any replicating biological system. With that capacity, he envisions applications such as a fail-safe element in cellular therapeutics. When, say, a cancer patient is injected with living cells reengineered to attack a tumor, the RAD module could be set to control the rate and number of cell divisions so that the cure doesn’t morph into a curse.

With all the threats that Internet access can present to your users and your data, web security software is one of the most valuable investments you can make in your information security. Any solution should offer the following key protections:
1. Site blocking
2. Antivirus
3. Reporting and logging

GFI WebMonitor offers all that and more. GFI WebMonitor Unified Security includes both the web filtering and anti-malware capabilities, and can be installed as a standalone server or as an add-on to ISA or TMG. This web security suite can be installed on its own server or as a plug-in for TMG, and GFI offers a free 30-day-trial so you can evaluate it risk-free.
Installation: The installer for the TMG plug-in is straight-forward only requires a service restart, not a reboot. During the installation, you can choose to enable the optional HTTPS traffic inspection, which functions by dynamically creating certificates and acting as a kind of Man-in-the-Middle to HTTPS sessions. If you have Active Directory you can install the root certificate to the domain, so you can perform HTTPS inspection without having to touch user workstations.

If TMG is the default gateway in your office, there nothing else to do to start protecting users. If not, or if you are going to use the standalone version, you can use a Group Policy Object to configure client browsers to use GFI WebMonitor as their web proxy.

GFI WebMonitor installs with antivirus protections enabled, but website filtering disabled. The net result is that you get protection against malware automatically, but don’t block any websites until you opt in for that protection. This keeps the potential for business disruption to a minimum, which is very important when first implementing any web security solution.
Content filtering: Implementing content filtering is straightforward. There are several out-of-the-box categories for websites to block based on topics like adult content, hacking sites, etc. In addition to the category lists, GFI has a database of sites based on reputation which is updated like a/v definitions.

Sites that were safe yesterday but got hacked last night can be blocked today; protecting users from hacks before the hacked site even knows they have a problem. And you can customize your controls exactly the way you want through both white and black lists.
More on antivirus: The antivirus capabilities of GFI WebMonitor includes multiple engines for scanning, as well as the ability to block/permit downloads by file type. If you use one antivirus product on your workstations, using two others in WebMonitor covers all your bases. GFI WebMonitor is able to scan not only regular file downloads, but also the “hidden” file downloads that many websites use to deliver media content or plug-ins.
Bandwidth Policies: A great feature of GFI WebMonitor is Bandwidth Policies. Instead of completely blocking access to streaming media, you can control how much bandwidth streaming consumes.


That way, users can visit YouTube for a how-to video or a vendor’s website for training content, without consuming so much bandwidth that your corporate website or email system is impacted.
Logging and reporting: GFI WebMonitor also provides rich logging and reporting. You can run queries, generate scheduled or on-demand reports, and choose whether to anonymize usernames or not. This enables you to look at activity without violating user’s privacy, but also investigate completely when the situation calls for it.


Overall, GFI WebMonitor is a very strong part of any defense in depth strategy. It is easy to install, easy to configure, and provides great protection for users.


Oracle has recommended workarounds for a zero-day Oracle Database flaw that was not fixed in the company’s April critical patch update. Oracle issued a security alert for Oracle TNS Poison, the vulnerability, disclosed by researcher Joxean Koret after he mistakenly thought it had been fixed by Oracle, allows an attacker to hijack the information exchanged between clients and databases.
Koret originally reported the vulnerability to Oracle in 2008, four years ago! and said he was surprised to see it had been fixed in Oracle’s most recent Critical Patch Update without any acknowledgment of his work.

This vulnerability is remotely exploitable without authentication, and if successfully exploited, can result in a full compromise of the targeted Database,” the company warned.
This security alert addresses the security issue CVE-2012-1675, a vulnerability in the TNS listener which has been recently disclosed as ‘TNS Listener Poison Attack’ affecting the Oracle Database Server. This vulnerability may be remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to impact the confidentiality, integrity and availability of systems that do not have recommended solution applied”, Oracle wrote.
A TNS Listener feature known as remote registration dates back to at least 1999 with version 8i of the Oracle Database. By sending a simple query to the service, an attacker can hijack connections legitimate users have already established with the database without the need of a password or other authentication. From then on, data traveling between legitimate users and the server pass through the connection set up by the attacker.
Oracle released a critical update for versions 10g and 11g database products fixing this vulnerability.


Skype is warning users following the launch of a site devoted to harvesting user IP addresses.The Skype IP-Finder site allowed third-parties to see a user’s last known IP address by simply typing in a user name.
A script has been uploaded to Github that offers these options. According to the page, it can be used to lookup IP addresses of online Skype accounts, and return both the remote and the local IP of that account on a website.
The script is for instance available on this site. Just enter the user name of a Skype user, fill out the captcha, and click the search button to initiate the lookup. You will receive the user’s remote IP and port, as well as the local IP and port.

Adrian Asher, director of product Security, Skype “We are investigating reports of a new tool that captures a Skype user’s last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are takings measures to help protect them.”
The proof of concept is fairly simple. All an attacker needs to do is download a special Skype variant and alter a few registry keys to enable debug-log file creation.When adding a Skype contact, before sending the actual request, the victim’s information card can be viewed. At this point, the log file records the user’s IP address.
The software, posted on Pastebin, works on a patched version of Skype 5.5 and involves adding a few registry keys that allow the attacker to check the IP address of users currently online. Services like Whois will then give some other details on the city, country, internet provider and/or the internal IP-address of the target.
This particular flaw was discussed in a paper presented by an international team of researchers in November at the Internet Measurement Conference 2011 in Berlin.
There is currently no way of protecting yourself against the lookup of the IP address, other than not logging in to Skype when the software is not needed. The only other option would be the use of a virtual private network or proxy to hide the IP address from users who look it up.

oclHashcat-plus is Worlds first and only GPGPU based rule engine and Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker.


  • Free
  • Multi-GPU (up to 16 gpus)
  • Multi-Hash (up to 24 million hashes)
  • Multi-OS (Linux & Windows native binaries)
  • Multi-Platform (OpenCL & CUDA support)
  • Multi-Algo (see below)
  • Low resource utilization, you can still watch movies or play games while cracking
  • Focuses highly iterated, modern hashes
  • Focuses single dictionary based attacks
  • Supports pause / resume while cracking
  • Supports reading words from file
  • Supports reading words from stdin
  • Integrated thermal watchdog
  • 20+ Algorithms implemented with performance in mind
  • … and much moreAlgorithms
    • MD5
    • Joomla
    • osCommerce, xt:Commerce
    • SHA1
    • SHA-1(Base64), nsldap, Netscape LDAP SHA
    • SSHA-1(Base64), nsldaps, Netscape LDAP SSHA
    • Oracle 11g
    • SMF > v1.1
    • OSX v10.4, v10.5, v10.6
    • MSSQL(2000)
    • MSSQL(2005)
    • MySQL
    • phpass, MD5(WordPress), MD5(phpBB3)
    • md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
    • MD4
    • NTLM
    • DCC, mscash
    • SHA256
    • descrypt, DES(Unix), Traditional DES
    • md5apr1, MD5(APR), Apache MD5
    • SHA512
    • OSX v10.7
    • DCC2, mscash2
    • Cisco-PIX MD5
    • WPA/WPA2
    • Double MD5
    • vBulletin < v3.8.5 vBulletin > v3.8.5
    • IPB2+, MyBB1.2+
    • LM
    • Oracle 7-10g