hack0r.net

This bot allows you to subscribe to RSS feeds and create add feeds if they doesn’t already exist. It will send you a jabber message when a new entry is made in a feed you subscribed to.

I have written the base of this bot a few weeks ago. But now I have ported it from files to mysql and did some minor design changes. The previous version had some bugs, which I hope were raised, because of race conditions while reading and writing files. It happened more than once, that the feeder did send a complete feed again. Hopefully this is resolved now. The broadcaster previously released bases mainly upon this bot.

The source can be found here. You will need the xmpp and feedparser modules for Python. Again, feel free to edit and/or use the code. If you implement some fancy new features or find any bugs and security issues, please contact me.

Wanna try it? jid:[email protected]

Popularity: unranked [?]

On the way back from the Informatiktage 2007 I wrote something Daniel Schreckling asked for. He wanted something to coordinate when to go to lunch with his coworkers.

So I wrote this little jabber bot. It allows users to create new channels, within which all members may broadcast messages to the other subscribers. The channels are secured by a password, set by the creator.

I’ll set one up at [email protected] in the next few days. If you find any security issues I appeal to your honesty to report it to me and not using it for destructive purpose. The source can be found here, so feel free to use or extend it. I’m sorry there are no comments, but hopefully the code is pretty straight forward. To use this bot you need to have the xmpp and MySQLdb modules for Python, well, and Python itself, installed.

Update (4. April 2007):
I corrected a little mistake in the code.
You may test it at jid:[email protected].

Popularity: unranked [?]

While the Informatiktage 2007 I got in touch with the presenter of trusted computing lecture, which was based on his diploma thesis. He told me about some ideas, how trusted computing may be used to secure some privacy, for example in filesharing. Normally you would use trusted computing to certify that an application is doing exactly this or that, but why not using it the other way round and certifying that it doesn’t do something, for example associating an ip with a file or other kind of logging. Since I am not yet that much into trusted computing and didn’t get all the tiny bits how to guarentee such a behaviour, I will not try to explain it in greater detail now. Just plainly use trusted computing to certify that the counterparts software is not logging anything and maybe supports some techniques to obscure something.

Some security measures we have been thinking about, that will be needed additionally, to disguise the source are:

• Naturally encrypting the traffic, so there are no conclusions about the content transfered.
• Generating fake traffic to other clients, so it is not possible to know which clients really did send parts of the file. This only works if the faked traffic is at average as much as the the one generate for downloading the file at a per client basis. If only one or at just a few people are sharing a file, especially if it is big, this kind of disguise is pretty traffic hungry and not very applicable.

Nevertheless, I think this is a pretty innovative approach. And when I have found the time to get a bit more into trusted computing and peer to peer networking we will hopefully start this project.

If you got some ideas which may lead to some improvement of this project please contact me. Or if you know this won’t work cantact me too, but please also explain why ;).

Popularity: unranked [?]

This weekend the Informatiktage 2007 took place. It was pretty cool and interesting. As I wrote before i attended to the workshop “Security in online banking” which was held by Hans-Peter Dünnwald, Matthias Stoffel and Eberhard Stickel. They were from the “Sparkasseninformatikzentrum” and “Hochschule der Sparkassen-Finanzgruppe”. We were only 5 attendees, so it was a rather relaxed. The workshop was divided into three parts. One on the first day and two on the second.

The first one started a little boring and confused, because only one of three people who should present this workshop were there first and the one who was present was pretty ill. The two other arrived short before the end, they had some meetings. He began the workshop with the basics of cryptography, like what is symmetric and asymmetric encryption and stuff. Most of us already heard and/or read almost everything we were told.

The evening program was called networking. But no we didn’t play computer games. It was more to get in contact with other students and the representatives of the companies that were presenting the workshops or sponsoring the whole congress. And there was free beer, which almost got fatal for me.

On the second day three of us, including me, were able to give a short lecture about our submissions. Too bad Georg and I were a little late, because I had to find a copyshop, which was able to print a black and white poster for under 20 Euro, so we didn’t see the first half of “Rainbow table Cracking”. My lecture was about XSS and Session Riding. I did mostly a live presentation of how it works and then enumerating known countermeasures. Unluckily I seem to have liked talking about XSS too much, so there were only 5 minutes left to talk about Session Riding and so this part got a little chaotic.

The part of the Sparkasse was much more interesting than the day before. They told us about their experiences and way of handling with security and it’s breaches. I was just a little disappointed about their comment on requiring javascript to be able to reach the Haspa onlinebanking section. They only said “Yes I do agree with you. But you always have to choose between security and functionality/design”. Yes i do agree with them, but please choose security if it comes to my money. Well, they told me the new Haspa website is already launched and I just had a look at it and yeah they fortunately did change it. The workshop topic of this second part was basically about the ways the guys with the dark hats do their stuff. It was primarily about phishing techniques, since this is the way the most damage is done.

Between the second and third part of the workshop the poster session took place. I had the feeling, that it got some more attention on the first day and so in the main we did talk to the owners of our neighbouring posters. But maybe it was just because my poster was that ugly and/or uninteresting. I wouldn’t wonder about that too much. I created it in the middle of a night and the print was done by zooming an A4 print to an A1 format, which is not necessarily the best thing to do. But it saved me 10 Euro.

The last part began with the third lecture. It was about trusted computing in mobile environments. The third part then was then mainly about taken precautions and upcoming hardware, used by the Sparkasse. In the near future there will be a small chipcard reader available, that generates a special TAN out of the current EC card and som values of the transaction. But I don’t like the idea too much, because, if I loose my EC card, someone else might be able to generate TAN numbers out of it.

All in all it was really fun. This was one of the seldom chances get to know students from other universities and cities. It gave us the chance to build up connections between individuals with similar interest and, which may be even more interesting not that similar interests and thus a different point of view. I also learned some things about the ways Computer Science is handled in other cities, which was as well pretty interesting.

Popularity: unranked [?]