Programming Archives

[update: Since this was written there’s been at least one solution to fix Gpcode problems

The folks at Kaspersky Labs have run into a new variant of a nasty little bugger known as Gpcode.  This virus encrypts files on the infected computer and then demands payment for a key that will allow the victim to decrypt the files and recover their data.

Thing is, this version of Gpcode is using the RSA encryption algorithm with a 1024-big key.  This is a strong encryption algorithm that is, given current computer and software technology, impossible to crack without the author’s private key.

The RSA Algorithm uses two keys, one public and one private.  Something that is encrypted with the public key cannot be decrypted without the private key.  The Gpcode virus contains a public key which it uses to encrypt the files.

Gpcode adds “._CRYPT” to the filename of the encrypted files and puts a text file named !_READ_ME_!.txt in the folder with the encrypted files.  The text file contains a message telling the victim that their files have been encrypted and then offers to sell them a “decryptor” program to restore them:

Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********

On the upside, Kaspersky Labs (and I presume by now other AV software) are able to detect Gpcode, but if it encrypts something you’d better have a backup someplace safe because you’re not going to crack 1024-bit RSA encryption anytime within a human lifetime.

Of course, I’m sure that it’s occurred to somebody that the thing to do is for somebody to go ahead and buy the “decryptor” and then reverse engineer it to recover the private key, which can then be used to build a trusted freeware tool to recover Gpcoded files.

Technorati Tags: Virus, Privacy, Encryption, Microsoft, Spyware and Adware, Hackers, Private Key, Passwords, Viruses and Worms, Rootkits, RSA Algorithm, File, public key, Key, Spam and Phishing, Yahoo!, Vulnerability research, Security, Worms, Cyberthreats, Exploit code, Complex Attacks

Nolan Bushnell, founder of Atari, is now claiming that TPM (Trusted Platform Module) chips that are installed on many new motherboards will make it impossible to pirate game software.

While it’s true that the TPM chips he’s talking about will present a seriously increased challenge, there’s no doubt at all in my mind that determined hackers, both the kind that live in condo hotels on profits from the sale of pirated games to the kind that just have to tackle the problem to prove that it’s not “Uncrackable” despite Bushnell’s claims.

People have made claims about this or that system being “Uncrackable” before and sooner or later somebody always comes along and proves that there is in fact a way to crack it.  A good example is the now infamous case of DeCSS, where the CSS encryption algorithm used to encrypt DVD movies was reverse engineered and the DeCSS descrambler Source Code has since been distributed in many forms and languages in a deliberate effort to foil those who would see that code squashed.  I think it’s probably the most widely distributed source code ever written.

Technorati Tags: encryption, pirated games, games, tpm chip, hackers, piracy, pirated software, trusted platform module hacking, uncrackable

Air Force Seeks Monster Botnet

I just read something that needs some attention.  It’s a piece called “Air Force Aims for ‘Full Control’ of ‘Any and All’ Computers“.

Essentially, they’re working on developing a suite of software tools that will give them access to and full control over any type of computer they encounter.

The whole point is to be able to handle a “Cyber War”, seeking to infiltrate and take over control of enemy computer networks, websites, etc.  The problem is that this is likely to mean lots (thousands?) of “friendly” computers stand to be taken over by rootkits and God only knows what else to create a huge military botnet.

Just offhand, I’d say that while there are important military needs here, there’s also a line that needs to be drawn … and not crossed.  I just wonder if it’s maybe already too late to stop ’em.

Technorati Tags: rootkit, war in cyberspace, computer networks, military computers, cyberspace, botnet, air force, malware, military malware, war

Thingamablog Templates And Freenet 0.5

Recently I wrote about a project Modifying Thingamablog For Freenet 0.5 and while I have not yet been able to solve the puzzle of how to make the needed mods for the current version of Thingamablog, I have run into a problem with the templates.

Thingamablog uses tags within the templates that need to be converted into the final urls for each of the various pages within a blog.  For example, every occurance of <$BaseURL$> in the template will be replaced with the BaseUrl of the blog.  i.e.

There are several of these tags:

They present a problem when inserting the blog into freenet however because in order to do that, the BaseUrl has to be #$#ps.key;/#$#e:ps.ednum;//, which the Freesite Insertion Wizard (FiW) will replace with the correct /SSK@publickeyvalue/edition-number//

The problem is that this only works for the index.html page of the blog.  I need to find a way to convince FiW to parse all of the .html pages in the blog instead of just the index.  This is needed in order for the different pages of the blog to work within freenet.

I’d appreciate input from Freenet 0.5 users or Thingamablog users on ways to get the themes that are distributed with Thingamablog to work properly for freenet blogs (flogs)

I’d really like to get this off the ground because publishing within freenet is a great way to be able to distribute material that would otherwise be subject to censorship and Thingamablog is a great tool for creating and formatting the flog (freenet blog) before it is published.

Technorati Tags: blog, Blogging, fiw, flog, Freenet, freenet+0.5, freesite+insertion+wizard, template+tags, thingamablog

New Version Of Mixminon Message Sender Released

After a LONG time without updates, version 1.2.5-Beta of Mixminion Message Sender is now available.

There’s been several changes / tweaks in the code (see the changelog below) and I’ve created a new distribution that includes Mixminion ready to run “out of the box”.

I have not yet been able to compile Win32 binaries of the latest version of the Mixminion software so it’s still using version  When I am finally able to, I’ll include Mixminion 0.0.8alpha3 (or whatever version is current at the time.).

I’ll have a new edition of the Freenet MMS page inserted sometime over the next few days.

05/18/08 -1.2.5-Beta
Bugfix: error in mail2news gateway selection code caused to be ignored.
Code is fixed, but the gateway isn’t working as of this release.

Removed from mail2news gateway list since it’s been confirmed down
for quite a while.

Created a second distribution that includes mixminion already set up so that it’s
ready to run “out of the box”

Changed dummy packet generation to allow creating multiple packets,
default set to 3 packets at a time.

Changed “Clear form” command so that it sets the mail2news gateway to instead of “None”

Set default update interval to 2 hours if “Auto Update Servers” is enabled.

Changed minimum possible hops from 2 to 3 to insure minimum safe anonymous path

Changed maximum possible hops to 29 after experiments showed it to work

Changed SURB generation so that first and last hop select boxes and Number of hops
droplist control the SURB path

Made the ‘get path’ routine into a subroutine that’s now called from several places
instead of duplicating code

Technorati Tags: Anonymity, anonymous, anonymous+email, freeware, mixminion, mixminion+gui, mixminion+message+sender, Open+source, program, remailer+client, Software, type+III+remailer, type+III+remailer+client, win32+mixminion+gui

 Page 4 of 9  « First  ... « 2  3  4  5  6 » ...  Last »