Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

June 25 2010

char
10:53

Fefes Blog: Win32-API ShellExecuteEx() ist viel zu umfangreich für mein Anliegen


Fefe, Thu Jun 24 2010:

Mal was technisches zum Lachen. Erst eine Weisheit, dann was zum Lachen. Hier ist die Weisheit. Ein gutes API ist eines, bei dem es schwerer ist, es falsch zu benutzen, als es richtig zu benutzen. Wenn man sich verrenken muß, um das API etwas unsicheres tun zu lassen, dann ist das API gut.

Jetzt das zum Lachen. Windows. Nein, das war es noch nicht :-) Wenn man unter Windows eine URL hat, und die im Browser öffnen will. Dann gibt es da keine gute Funktion für. Der übliche Weg ist, dass man ShellExecute benutzt, aber ShellExecute ist eben eigentlich für was anderes gedacht. Insbesondere kann man dem auch einen lokalen Pfad geben oder sowas wie "\\evil.com\0day\trojaner.exe", und ShellExecute würde sich das dann per SMB holen und ausführen.

Gut, bei Microsoft ist sowas immerhin dokumentiert. Für Dokumentation geht man zu MSDN. MSDN hat Dokumentation bei ShellExecuteEx, wie man damit sicher eine URL öffnen kann. Guckt euch mal an, wieviel Code man dafür braucht!

Mal was bzgl. Fefe zum bloßstellen. Erst eine Weisheit, dann was zum Lachen. Hier ist die Weisheit: Eine gute API ist eine, bei der man spezifischer sein Anliegen umsetzen kann als eine, die nur generische Funktionen hat. Wenn ich selbst keine Lösung finden muss, weil die API auch Spezialwünsche abdeckt, dann ist sie gut.

Jetzt das zum Lachen. Windows-Basher. Nein, das war es noch nicht :-) Fefe meint, ShellExecute eigne sich nicht für URLs, weil man auch sowas wie "\\evil.com\0day\trojaner.exe" übergeben könnte. Ein ähnlicher Vergleich wäre: die Adressleiste von Internet-Browsern eigne sich nicht für URLs, weil man auch sowas wie "javascript:alert('nerv');" oder "file:///C:/Windows/system32/drivers/etc/hosts" eingeben kann.

Dass ich trotz großer Parameterauswahl bei ShellExecute() oder Konstrukt bei ShellExecuteEx() exakt das bekomme, was ich mache zählt wohl nicht. Die Funktion kann mir nicht das denken abnehmen. Soll sie auch gar nicht. Vielleicht will ich wirklich eine EXE ausführen. Oder ein Dokument. Oder eben eine URL - die eigentlich immer mit einem Protokoll beginnt und so zwangsläufig den damit assoziierten User Agent startet.

Setzen, Felix :-(

February 01 2010

char
09:54

Panopticlick - How Unique and Trackable Is Your Browser?

EFF panopticlick Is your browser configuration rare or unique? If so, web sites may be able to track you, even if you limit or disable cookies.

Panopticlick tests your browser to see how unique it is based on the information it will share with sites it visits. Click below and you will be given a uniqueness score, letting you see how easily identifiable you might be as you surf the web.

A research project of the Electronic Frontier Foundation. You can read more about the methodology here, and about some defenses against fingerprinting here.

table.char { border-collapse: collapse; } table.char td, table.char th { border: 1px solid #000; vertical-align: top; font: 10px Tahoma; background: #FFF; color: #000; } table.char th { font-weight: bold; } .char .ie { background: #DDF; color: #000; } .char .fx { background: #FEB; color: #000; } .char .op { background: #FDD; color: #000; } Browser Characteristicbits of identifying informationone in x browsers have this valuevalueUser Agent17.21151759.67Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1; .NET CLR 3.0.04506.648)12.184645.59Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.58.07268.94Opera/9.80 (Windows NT 5.1; U; de) Presto/2.2.15 Version/10.10HTTP_ACCEPT Headers11.42693.96text/html, */* de18.918.29text/html, */* ISO-8859-1,utf-8;q=0.7,*;q=0.7 gzip,deflate de-de,de;q=0.8,en-us;q=0.5,en;q=0.37.25152.52text/html, */*, text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 iso-8859-1, utf-8, utf-16, *;q=0.1 deflate, gzip, x-gzip, identity, *;q=0 de-DE,de;q=0.9,en;q=0.8Browser Plugin Details17.8227639.5Java 1.6.0.10; Flash 9.0.16.0; WindowsMediaplayer 11.0.5721.5268; Silverlight 3.0.50106.0; Adobe Acrobat version 7.?18.8+455268Plugin 0: Java(TM) Platform SE 6 U10; Java Plug-in 1.6.0_10 for Netscape Navigator (DLL Helper); npjp2.dll; (Java Applet; application/x-java-applet; ) (JavaBeans; application/x-java-bean; ) (; application/x-java-vm; ) (; application/x-java-applet;version=1.1.1; ) (; application/x-java-bean;version=1.1.1; ) (; application/x-java-applet;version=1.1; ) (; application/x-java-bean;version=1.1; ) (; application/x-java-applet;version=1.2; ) (; application/x-java-bean;version=1.2; ) (; application/x-java-applet;version=1.1.3; ) (; application/x-java-bean;version=1.1.3; ) (; application/x-java-applet;version=1.1.2; ) (; application/x-java-bean;version=1.1.2; ) (; application/x-java-applet;version=1.3; ) (; application/x-java-bean;version=1.3; ) (; application/x-java-applet;version=1.2.2; ) (; application/x-java-bean;version=1.2.2; ) (; application/x-java-applet;version=1.2.1; ) (; application/x-java-bean;version=1.2.1; ) (; application/x-java-applet;version=1.3.1; ) (; application/x-java-bean;version=1.3.1; ) (; application/x-java-applet;version=1.4; ) (; application/x-java-bean;version=1.4; ) (; application/x-java-applet;version=1.4.1; ) (; application/x-java-bean;version=1.4.1; ) (; application/x-java-applet;version=1.4.2; ) (; application/x-java-bean;version=1.4.2; ) (; application/x-java-applet;version=1.5; ) (; application/x-java-bean;version=1.5; ) (; application/x-java-applet;version=1.6; ) (; application/x-java-bean;version=1.6; ) (; application/x-java-applet;jpi-version=1.6.0_10; ) (; application/x-java-bean;jpi-version=1.6.0_10; ). Plugin 1: Java(TM) Platform SE 6 U10; Java(TM) Platform SE binary; npdeploytk.dll; (; application/npruntime-scriptable-plugin;DeploymentToolkit; ). Plugin 2: Oracle JInitiator; JInitiator 1.3.1.22 for Netscape Navigator (DLL Helper); NPJinit13122.dll; (Java Applet; application/x-jinit-applet;version=1.3.1.22; ) (JavaBeans; application/x-jinit-bean;version=1.3.1.22; ). Plugin 3: Oracle JInitiator; JInitiator 1.3.1.26 for Netscape Navigator (DLL Helper); NPJinit13126.dll; (Java Applet; application/x-jinit-applet;version=1.3.1.26; ) (JavaBeans; application/x-jinit-bean;version=1.3.1.26; ). Plugin 4: Oracle JInitiator; JInitiator 1.3.1.28 for Netscape Navigator (DLL Helper); NPJinit13128.dll; (Java Applet; application/x-jinit-applet;version=1.3.1.28; ) (JavaBeans; application/x-jinit-bean;version=1.3.1.28; ). Plugin 5: Silverlight Plug-In; 3.0.50106.0; npctrl.1.0.30109.0.dll; (npctrl; application/x-silverlight; scr) (; application/x-silverlight-2; ). 17.81229002Plugin 0: Adobe Acrobat; Adobe PDF Plug-In For Firefox and Netscape; nppdf32.dll; (Adobe PDF Plug-In For Firefox and Netscape; application/pdf; pdf) (Adobe PDF Plug-In For Firefox and Netscape; application/vnd.adobe.xdp+xml; xdp) (Adobe PDF Plug-In For Firefox and Netscape; application/vnd.adobe.xfd+xml; xfd) (Adobe PDF Plug-In For Firefox and Netscape; application/vnd.adobe.x-mars; mars) (Adobe PDF Plug-In For Firefox and Netscape; application/vnd.fdf; fdf) (Adobe PDF Plug-In For Firefox and Netscape; application/vnd.adobe.xfdf; xfdf). Plugin 1: Java(TM) Platform SE 6 U10; Java(TM) Platform SE binary; npdeploytk.dll; (Java(TM) Platform SE binary; application/npruntime-scriptable-plugin;DeploymentToolkit; ). Plugin 2: Microsoft Office 2003; Office Plugin for Netscape Navigator; NPOFFICE.DLL; (Office Plugin for Netscape Navigator; application/x-msoffice; ). Plugin 3: Microsoft® DRM; DRM Store Netscape Plugin; npwmsdrm.dll; (DRM Store Netscape Plugin; application/x-drm; nip). Plugin 4: Novell iPrint Plug-in; iPrint Plug-in 1.0.0 - Provides iPrint client services for Windows; npnipp.dll; (iPrint Plug-in 1.0.0 - Provides iPrint client services for Windows; application/x-novell-ipp; nvl). Plugin 5: Oracle JInitiator; JInitiator 1.3.1.28 for Netscape Navigator (DLL Helper); NPJinit13128.dll; (JInitiator 1.3.1.28 for Netscape Navigator (DLL Helper); application/x-jinit-applet;version=1.3.1.28; ) (JInitiator 1.3.1.28 for Netscape Navigator (DLL Helper); application/x-jinit-bean;version=1.3.1.28; ). Plugin 6: Shockwave Flash; Shockwave Flash 10.0 r42; NPSWF32.dll; (Shockwave Flash 10.0 r42; application/futuresplash; spl) (Shockwave Flash 10.0 r42; application/x-shockwave-flash; swf). Plugin 7: Silverlight Plug-In; 3.0.50106.0; npctrl.dll; (3.0.50106.0; application/x-silverlight; scr) (3.0.50106.0; application/x-silverlight-2; ). Plugin 8: Windows Media Player Plug-in Dynamic Link Library; Npdsplay dll; npdsplay.dll; (Npdsplay dll; application/asx; ) (Npdsplay dll; video/x-ms-asf-plugin; ) (Npdsplay dll; application/x-mplayer2; ) (Npdsplay dll; video/x-ms-wm; wm) (Npdsplay dll; audio/x-ms-wma; wma) (Npdsplay dll; audio/x-ms-wax; wax) (Npdsplay dll; video/x-ms-wvx; wvx) (Npdsplay dll; video/x-ms-wmv; wmv,wmx) (Npdsplay dll; video/x-ms-asf; asf,asx).Time Zone1.953.86-601.953.86-601.943.84-60Screen Size and Color Depth3.7913.851280x1024x323.7913.851280x1024x323.7813.771280x1024x32System Fonts3.9815.73permission denied3.7213.21No Flash or Java fonts detected18.81+458004Marlett, Arial, Arial CE, Arial CYR, Arial Greek, Arial TUR, Arial Baltic, Courier New, Courier New CE, Courier New CYR, Courier New Greek, Courier New TUR, Courier New Baltic, Lucida Console, Lucida Sans Unicode, Times New Roman, Times New Roman CE, Times New Roman CYR, Times New Roman Greek, Times New Roman TUR, Times New Roman Baltic, Wingdings, Symbol, Verdana, Arial Black, Comic Sans MS, Impact, Georgia, Franklin Gothic Medium, Palatino Linotype, Tahoma, Trebuchet MS, Webdings, Estrangelo Edessa, Gautami, Latha, Mangal, MV Boli, Raavi, Shruti, Tunga, Sylfaen, Microsoft Sans Serif, Arial Unicode MS, Batang, Book Antiqua, Bookman Old Style, Century, MS Mincho, Monotype Corsiva, SimSun, Cambria, Cambria Math, Calibri, Candara, Consolas, Constantia, Corbel, Agency FB, Arial Rounded MT Bold, Blackadder ITC, Bodoni MT, Bodoni MT Black, Bodoni MT Condensed, Bradley Hand ITC, Calisto MT, Castellar, Century Gothic, Century Schoolbook, Copperplate Gothic Bold, Copperplate Gothic Light, Curlz MT, Edwardian Script ITC, Elephant, Engravers MT, Eras Bold ITC, Eras Demi ITC, Eras Light ITC, Eras Medium ITC, Felix Titling, Forte, Franklin Gothic Book, Franklin Gothic Demi, Franklin Gothic Demi Cond, Franklin Gothic Heavy, Franklin Gothic Medium Cond, French Script MT, Garamond, Gigi, Gill Sans MT Ext Condensed Bold, Gill Sans MT, Gill Sans MT Condensed, Gill Sans Ultra Bold, Gill Sans Ultra Bold Condensed, Gloucester MT Extra Condensed, Goudy Old Style, Goudy Stout, Haettenschweiler, Imprint MT Shadow, Lucida Sans, Lucida Sans Typewriter, MS Outlook, Maiandra GD, OCR A Extended, Palace Script MT, Papyrus, Perpetua, Perpetua Titling MT, Pristina, Rage Italic, Rockwell, Rockwell Condensed, Rockwell Extra Bold, Script MT Bold, Tw Cen MT, Tw Cen MT Condensed, Wingdings 2, Wingdings 3, Bookshelf Symbol 7, MS Reference Sans Serif, MS Reference Specialty, Tw Cen MT Condensed Extra Bold, Arial Narrow, Kartika, Vrinda, Delta Ray (via Flash)Are Cookies Enabled?0.281.21YesLimited supercookie test2.535.79DOM localStorage: No, DOM sessionStorage: No, IE userData: No1.142.2DOM localStorage: Yes, DOM sessionStorage: Yes, IE userData: No2.535.79DOM localStorage: No, DOM sessionStorage: No, IE userData: No

Notes about the browsers tested:

  • Internet Explorer 6.0.2900.2180.xpsp_sp2_gdr.090804-1412 = only one in 227,640 browsers have the same fingerprint as yours
    execute scripting-safe ActiveX enabled, initialize and execute scripting-unsafe ActiveX disabled, execute ActiveX and Plugins enabled, ActiveX prompt disabled, ActiveX downloads prompt, .NET enabled, (all) Scripting enabled
  • Firefox 3.5.5 = appears to be unique among the 455,268 tested so far
    Java enabled, no NoScript-PlugIn
  • Opera 10.10 Build 1893 = appears to be unique among the 458,004 tested so far
    PlugIns enabled
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl