Mordac

On a sunny day (Mon, 16 Apr 2012 14:05:34 -0700) it happened John Larkin wrote in :

.

Some sites are known as 'not trusted' by some organizations, for example some of my emails from yahoo land in the spam folder at some places, attachments or not.

Maybe I should not write this, as it can byte back, but due to evil practices by godaddy who without my permission reprocess jpg files (lowering resolution), I worked out some solutions. I found that they do not normally look a the file _extension_, as if I renamed the .jpg to .exe they still processed it as a jpg, they look at the first bytes in the file for what it is.

I now upload the jpg, use 'convert' on their server (I have ssh access) and convert it to png, cannot do it in batch mode (mogrify) it seems though.

Anyways one solution I came up with, but did not need, is to xor the file with some random code, name it .flip or whatever, and also send the file you exored with as .flip (or whatever). this prevents any header and content inspection. The other side has then to xor the 2 files again to get the original.

Maybe too complicated?

Have file content.zip Create file file random.flip (bit longer, with dd if=/dev/urandom bs=1000000 count=xxxx > random.flip)

xor content.zip random.flip into content.flip (or whatever) send content.flip send random.flip

other side: xor random.flip content.flip into content.zip

This prevents inspection of the files (scanning for 'viruses') by filters. of course the other side needs an xor program...

I did read that using a postal pigeon and a 16GB SD card is generally faster and more reliable than internet.

If all else fails put the SDcard in the snail mail, I did the experiment with DVDs, 3 days from France to here,

100% guaranteed delivery to your doorstep. Encrypt if you need it, send key by email perhaps,

??? you're not talking about email now. what's this about?

That seems strange, mogrify and convert are both image-magick

--
?? 100% natural

--- Posted via news://freenews.netfront.net/ - Complaints to news@netfront.net

It *shouldn't* unless you are dealing with exceptionally incompetent sysadmins - the sort that leave default passwords on routers and servers. Any half decent defensive scanner should catch all potential executables or disguised executables by examination of the headers.

Same for malformed JPGs, PDFs and other known vulnerabilities.

There are a lot of exploits so I have some sympathy for Mordac here. Biggest problem for data leakage in and out these days are the ready availability of tiny multigigabyte thumbnail drives...

I have 16GB one that is the size of my thumbnail.

--
Regards,
Martin Brown

On a sunny day (17 Apr 2012 10:29:11 GMT) it happened Jasen Betts wrote in :

No it is not so strange : godaddy are criminals. They also monitor for CPU usage of what you run on the server, and will simply kill your thing if it uses a lot of CPU. I cannot even tar my website anymore (so I could download it back as one big file). So if I run mogrify, then after a few moments the killer comes in. I also expect they monitor for number of files open. godaddy outsourced the webhosting for Europe, and I think my sit runs on a few crap servers run by script kiddies in Amsterdam. Just stay clear of godaddy, reminds me I have to report them to FPB org for copyright violations changing the quality of my jpgs on the website. THAT is the reason nobody could read the pictures of diagrams. And why I always claimed the pics were good. If I upload a 100kB jpg others download back lower file size bad copies... They run some sort of scripts. But those scripts do not work for png it seems... Original:

-rw-r--r-- 1 root root 58820 Apr 16 16:31 testing_the_main_board_backside_IMG_3472.JPG Download from the website: wget

--2012-04-17 21:42:24--

Resolving panteltje.com (panteltje.com)... 188.121.54.128 Connecting to panteltje.com (panteltje.com)|188.121.54.128|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 35989 (35K) [image/jpeg] Saving to: esting_the_main_board_backside_IMG_3472.JPG'

100%[======================================================================================================================================================================================>] 35,989 3.46K/s in 39s 2012-04-17 21:43:09 (915 B/s) - esting_the_main_board_backside_IMG_3472.JPG' saved [35989/35989]

Original 58820 bytes Get back: 35989 bytes. Sometimes it is much less.

You know, and those asholes support Hollywood legislation, why the THEMSELVES violate copyright and rip you off.

My issues are usually with Google, since lots of my smaller customers use the GMail for business system. I usually rename the file "nefariousplans.zip.keepgooglehappy" or the equivalent.

Works every time, so far.

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC
Optics, Electro-optics, Photonics, Analog Electronics

160 North State Road #203
Briarcliff Manor NY 10510
845-480-2058

hobbs at electrooptical dot net
http://electrooptical.net

A question: Typically how big are these files please?

--
We have failed to address the fundamental truth that endless growth is  
impossible in a finite world.

Executables are usually small, under 200k bytes maybe. FPGA config files range from roughly 100K to 2M bytes. An entire FPGA project can be huge, 150 Mbytes or so zipped. One of our customer guys sends/receives the FPGA files from home and uses my Dropbox account. Seems silly and wastes a day.

--

John Larkin         Highland Technology, Inc

jlarkin at highlandtechnology dot com
http://www.highlandtechnology.com

Precision electronic instrumentation
Picosecond-resolution Digital Delay and Pulse generators
Custom laser controllers
Photonics and fiberoptic TTL data links
VME thermocouple, LVDT, synchro   acquisition and simulation

I can think of simple work-arounds for the small files but 150 meg is a serious problem. I think your stuck with a one day delay or trying to wake up the IT departments (not possible unless you can get the other guys CEO on the case). Sorry.

Get him to take a laptop to Starbucks or McD's and download it onto a flash drive.

Rename to .jpg sometimes works, maybe there is a program to paste valid looking headers onto an exe and hide the exe-looking stuff. You can usually right click to save-image-as and save a file. (of course running it is usually locked out.. a VM might be a work-around that's acceptable to the Mordacians).

Can a .jpg even be 150Mb?

--
We have failed to address the fundamental truth that endless growth is  
impossible in a finite world.

What if the recipient tells his boss that the IT department is holding up the project.

And then the boss will tell his boss, etc till Mordac has its wings clipped.

An IT department should be able to set up a secure dump site that can be used by anyone in the company.

What are they being pard for ?

"IT" is suppose to mean "Information Technology" not "Imbeciles Triumph".

;-)

Usually Mordac responds with a lot of FUD regarding keeping the network secure and watching out for viruses and what-not. Honestly, in many companies about the best you might get is, "Well... for something that's

150MB... there could be something dangerous in there that's easy to not notice... so let's set up a means to let the IT people vet the data before releasing it to the engineer; that way we can be sure we're 'safe!'" ...so you're still stuck with delays, unfortunately.

Many of them figure that they're going to be blamed if, e.g., a virus

*does* get it, so they adopt insanely strict policies, figuring that at least no one can accuse them of being complacent. (And I'm sure they can site "studies" where, e.g., the average cost of a virus getting is is $500,000 or somesuch...)

Oh, sure, that's nothing. You don't run into limits with modern-ish software until you hit 2G. They were using 150M TIFFs 10 or 15 years ago for large images.

Best regards, Spehro Pefhany

--
"it's the network..."                          "The Journey is the reward"
speff@interlog.com             Info for manufacturers: http://www.trexon.com
Embedded software/hardware/analog  Info for designers:  http://www.speff.com

Historically, what trojans or viruses have been spread through renamed .zip files? How would that even work?

-- john

Excuses never impress anyone.

I've never seen it work that way.

I think you're on to something.

It was a common way to send viruses through encrypted zip files so that the virus checker programs couldn't raise the alert. Renamed, probably not so much.

Best regards, Spehro Pefhany

--
"it's the network..."                          "The Journey is the reward"
speff@interlog.com             Info for manufacturers: http://www.trexon.com
Embedded software/hardware/analog  Info for designers:  http://www.speff.com

If the compressor (decompressor) has a bug, then you can (possibly) exploit it. Almost all of tehse problems are a result of bugs, somewhere.

E.g., a JPEG decoder could be a source of infection for JPEGs designed to exploit some particular aspect of THAT decoder.

Any time you run code, you run the risk of an exploit. Whether that code is in the attachment (e.g., a macro in a MSWord document) or in the "processor" that handles it doesn't matter.

They do have the ability to add or subtract physical storage and to allocate that storage however they like. I doubt they have anything like the 7.7G * 250E6 users actually on-line right now- they depend on there not being a run on the ol' memory bank**. Even at 10%, they have the equivalent of a couple hundred thousand 1T drives.

**

Best regards, Spehro Pefhany

--
"it's the network..."                          "The Journey is the reward"
speff@interlog.com             Info for manufacturers: http://www.trexon.com
Embedded software/hardware/analog  Info for designers:  http://www.speff.com

Ohh... That reminds me about a dumb question i have about Gmail.. Look at the logon page and the "Lots of space Over 7702.134121 megabytes (and counting) of free storage" and notice those first 2 digits (at minimum) NEVER change. Do they use Counts, no-accounts, or Count Draculas?