hackinSTACK

I must have the worst luck on earth with DirecTV. It seems like every time I turn around something is broken, needs updating or I have to “call the service center regarding your subscription.” The latest is my Tivo giving up the ghost… No power light, no waiting screen, just the quiet hum of the fan and darkness…

I tried checking the power with my digital voltmeter and got both +5v and +12v from the PS to HDD connector. This only leaves the motherboard power which I could not find really reliable information on. After consulting Google for awhile it turns out my symptoms may still be the PS. So I ordered a new power supply from Weaknees. (great company, quick and painless ordering online)

I guess we will just have to wait and see how this one turns out…

How do I know I have a long-lasting career in security ahead of me… when days like today come up and I see developers re-creating bugs from 1997.

This is actually code I reviewed today…

FileExt = Mid(FileName, InStrRev(FileName, ".&quot  + 1)

Select Case UCase(FileExt)

  Case "ASP", "ASA", "ASPX", "ASAX", "MDB":

  Response.Write "Invalid file name."

  Response.End

End Select

The problem may not be immediately obvious if you weren’t familiar with the l0pht advisory up top, but it breaks down like this…

You make a request for file “xyz.asp.” (notice the trailing dot) the code above says “well, ‘.asp.‘ is not the same as ‘.asp‘ so i’m going to pass this through to the OS” the OS then turns around and says “I don’t know what this ‘xyz.asp.‘ file is, but I have ‘xyz.asp‘ - I’ll give him that instead” You see, the trailing period is ignored by the OS and truncated in 99% of the cases I have seen. Any other option such as ? or / or \ would most certainly be caught by the URL processor or the OS, but this one slips through…

Pretty interesting… in the end, this example allowed me to browse the source to any ASP file on the website, the *exact* functionality the developers were trying to prevent.

I am in a bit of a post-apocalyptic phase right now… It could be because it is -3 and dark ‘n gloomy on my walks to work in the morning, or it might be because we are at war and deep down I feel like the end is near, or simply because I’m a product of media over-saturation (hey, the TV is a better companion than the cat on the days I work from home) but I digress…

The movie was quite simply, one of the best I’ve ever seen. Yes, I know the graphics were a bit cheesy, but I think this was to keep it within the PG-13 rating as the intensity of the horror scenes, mixed with the realism of accurate makeup effects would have certainly driven it into the R territory… (thus providing a higher barrier of entry to the teens and less of the almighty dollar in the pockets of our beloved MPAA)

Regardless…. I was awestruck by the flick and had to read the original book by Richard Matheson. Sadly, I was a little disappointed with the original. I knew the Francis Lawrence storyline differed immensely, aside from some of the most abstracted of the main plot themes (Neville’s medical curiosity, Sam the dog and most of all - the walking undead) but I was hoping the book would incorporate at least *some* of what I loved out of the movie theme.

In the end… if you loved the movie, you might be a little let down by the book. Although it has a great theme in-and-of itself, the two do not really share all that much amongst each other. On the other hand, if you hated the movie, the book might come as a surprise for you.

Since I’m a die hard about my vampire novels, I have to admit - I found reasons to like both the original and the adaptation… Also, it *is* a short story, so it’s not much to read… I ripped through it in a commute to work and back, about 4 hours..

So… it’s been awhile since I posted last… the holidays were hectic and I had a lot going on… For those of you that are interested, I’m currently in the process of buying a condo here in Chicago, IL. I love the place I am in, but I spend way too much time near wrigleyville and southport to stay here and the prices are good right now.. So far it looks like I will be around the Uptown/Ravenswood area…

I’m also seriously considering adopting a German Shepherd as I will be across the street from one of Chicago’s most popular “dog beach” and one of their largest dog parks. I have contacted a couple rescues and there is currently a female black and tan in KY (her name is “shadow”) that I’ve been in touch with them about. Finally a woman in my life that I know will always be there to cuddle up with at night!

So… lots going on, but I’ll try to keep everyone up to date…

I made a DIY softbox tonight to practice some macro photography with. The idea is not original to me, but I got it off an excellent post at the Strobist website. My example is not the greatest in the world, but it worked fairly well for a first attempt.

Here is a picture of the box itself…

You can end up getting some pretty impressive shots with a little patience and twiddling of camera settings…. Except foolish me didn’t save them… next time I will be more prepared… it was about 1am at this point though…