Posted: February 12th, 2006 | Author: lrei | Filed under: Security | Tags: Security, Ui | Comments Off
A few months ago, during the GLP, I started to play Counter-Strike: Source. In order to do that, I had to create a steam account. That involved a username, a password and a password recovery question/answer. Since I use KeePass to store my passwords, I never really bother with password recovery questions and their answers. You can see where this is going… during the GLP I kind of forgot to store it in KeePass. I’ve read somewhere that lack of sleep isn’t really good for memory. Well that was probably the case because I totally forgot the password I used. Steam, like many other applications can store your password for you. So as long as nothing bad happened to my computer (i.e. as long as i didn’t format the system hard drive or something like that) i would still be able to play CS:S. But that’s no way to live 
. The simple fact that the password is stored by an application that uses it to authenticate with some remote service makes it possible, in theory, to recover that same password. The name that came to mind when I thought about video game security was Luigi Auriemma’s. Well, Luigi actually because I couldn’t remember his last name. I knew the name since the Unreal Engine advisory, but more recently for the Soldier of Fortune II /ignore adisory – I was playing SoFII at the time. Sure enough I found exactly what I was looking for – Steam password decoder 0.1 (steampwd):
experimental tool for decoding the password stored in the local (and ONLY the local) ClientRegistry.blob file (1.0?).
It worked. Now I know the password to the account and I’ve stored it in my KeePass DB.
Posted: February 7th, 2006 | Author: lrei | Filed under: Security | Tags: html, Security | Comments Off
Like many others would be posts, I forgot to post about this a few months ago… I actually thought I had made a post on this subject but apparently I didn’t. Fortunately, I downloaded the ADMworm source code to show Relax something and afterwards I decided to check a couple of things about worms. One link led to the other and I ended up reading the wormblog entry about Dave Aitel’s Nematodes. It pretty much sums up my own opinions on the matter of beneficial worms and it’s probably a better post than the one I’d write. In short: bad idea.
Posted: February 7th, 2006 | Author: lrei | Filed under: Security | Tags: html, Security, Software | Comments Off
The Bluetooth Stack Smasher is a L2CAP layer fuzzer, distributed under GPL licence.
Posted: February 1st, 2006 | Author: lrei | Filed under: Uncategorized | Tags: browser, Firefox, linux, Mozilla, Software | Comments Off
I’ve been a firefox user since 0.5 or 0.6 something like that. Before I was a mozilla user and for a while before that I even used Netscape. It’s safe to say that i’ve never been much of a fan of IE. I’ve used IE (even on linux over wine) too browse some IE-only webapages on a few occassions but most of the time I use it to access one specific webpage: it’s a local webpage that acts as a sort of “customization” of a remote website. It uses a bunch of ActiveX controls, javascript and stuff. It is a IE-only webpage. I decided to try out the new IE7 beta2, obviously I didnt make it my default browser and when I tried to open the local webpage with it, it opened it in firefox. Talk about being useful… IF I WANTED TO OPEN IT IN FF I WOULD’VE DONE IT WITHOUT IE! Damn stupid browser… sigh. Only 10 seconds into the new version of IE and I’m already trying to uninstall it – that’s a record. And yes, I said “trying”. Why? You would’ve thought that a company that incorporated an “Add and Remove Programs” app to their Operating System would’ve used it, especially with beta software… sigh. So I had a non-useful browser installed that I couldn’t install its slightly more useful previous version until it was removed – I knew that without even trying it, it’s the “Microsoft Way” not allow you to replace programs with their previous version. That’s when the hero of this story stepped in, CCleaner:
CCleaner is a freeware system optimization and privacy tool. It removes unused files from your system – allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. But the best part is that it’s fast (normally taking less that a second to run) and contains NO Spyware or Adware! 
It can also uninstall programs, in this case it uninstalled IE7 and I’m back with IE6. And that’s how CCleaner saved the day. Thank you CCleaner
UPDATE:
OK SORRY! I was a bit pissed off when i wrote this post and a few people (namely Pedro Fernandes and Relax) already pointed out to me that you can remove IE7 as an update via the “add an remove programs” app.
