chr13 has posted a nice finding on how to DDoS a website thanks to services like facebook and google.
It's actually pretty simple!
You just create notes with img tags, facebook will crawl the website to cache the picture.
In his example he writes a thousand img tags per notes, opens all the notes from several browsers.
<img src=http://targetname/file?r=1></img>
<img src=http://targetname/file?r=2></img>
..
<img src=http://targetname/file?r=1000></img>
Thousands of get request are sent to a single server in a couple of seconds. Total number of facebook servers accessing in parallel is 100+.
The funny thought of facebook DDoSing itself crossed my mind. Interestingly someone else's also and chr13 answered that he hadn't tried:
It’s against the bug bounty rules to do this, hence one has to be careful here. I was only using browsers at first just because of that.
I wanted a recall on how masquerade worked in NAT, and I wanted a fast recall.
What's better than a picture? Nothing of course :D
source
If you read this blog, you know that recently I gave a talk on bitcoins.
I also gave a talk on whitebox cryptography last week.
One part of giving a talk that a lot of people tend to overlook is making good slides.
I've always used Powerpoint for that, but for my last talk on whitebox cryptography I had two other persons on my team. Powerpoint was not an option if we were all working on the same file. LaTeX is the solution.
It's a real text file so you can use a revision control system like git, it's constant in its layout. You configure it at the beginning of the file and then you don't have to worry about it later.
We also had a fight (we were tired) on what theme to used. I went for no theme at all. Because everything else is visual noise.
Here's a great article from Zach Holman on the subject. If you ask me, and I'm not saying my slides are perfect, there are way too many crappy slides out there!
Symposium sur la sécurité des technologies de l'information et des communications is a 2 day con about security. Entrance is 260€ or 60€ if you're a student, still quite expensive, there seems to be a way of getting a free pass: analyzing a usb trace and extracting a mail from it.
Here's the trace.
translation:
Hello,
here's a usb trace I got from plugging my brand new android to my personnal air-gapped computer.
I'm suspecting that a malware is on my phone. Could you check?
So where do I start...
The Lundum Dare is starting in a bit less than 10 hours.
Ludum Dare is an Online Game Jam event where people from around the world create a game in a weekend.
You have 48 hours to produce something good! In what language? I used to watch notch do it in java, but apparently you can do it in whatever language you like.
To reach more participants, web entries are best (Flash, Unity, Flixel, Flashpunk, HTML, etc). They’re quick to start playing, and cross platform.
I need to get into Unity a lot more to get into that kind of contest. Every year I'm telling myself "next year I'll do the lundum dare"....
I can't stop coding this thing. What I've done today:
- This is the query I'm using in google now :
[your search] mp3 -facebook -youtube -soundcloud -last.fm -amazon -dailymotion -bleep
- I'm now parsing google and the following links with jQuery:
$(body).find('a') and then looking for good links with a regex. This is so much more quicker!
- There is still a part that is taking some time though, it's the metadata fetching. I still have to get every mp3 independently and download enough bits to learn its metadatas...
But it is working quite well as it is!
EDIT: I'm now fetching the metadata in parallel and it's super fast! I've also fixed a ton.
Okay. I'm not gonna talk too much about my new node-webkit project Nodster because I also have a lot of studies to do (exams next week!).
The problems
- I'm still not streaming the mp3s properly. I think that I'll never be able to do it through the html5 audio and I need to look up other solutions. The do it yourself approach seems appealing and I'm gonna look into node speaker and node lame.
- I'm using node google to crawl google and get links. It's not working properly and I'll have to dig into crawling google myself.
- I'm parsing pages with a regex, it really seems to be slowing everything and I'm gonna look into using a dom parser. I heard about cheerio, is it good?
What does the app do?
- Right now it's crawling google and avoiding useless websites like youtube, facebook, soundcloud, etc...
- Then it goes one step deeper and looks for .mp3
- It checks each mp3 for size (thanks to the headers) and download a bit of each to get metadata.
- Displays the metadata and a link to play the file
- If the link is clicked, the mp3 is downloaded to a
buffer.mp3 and played.
The main problem is that it's slow, and it's not finding enough links. I could try to parse bing, yahoo and a list of mp3 finders. Or I could maybe try to optimize the requests to google...
Anyway, this app is bringing me a lot of problems to solve and it's pretty interesting :) some people have already forked it and someone has already requested a pull, so if you wanna help. Come and fork it!
As always when I have to study for exams I find a gazillion other things to do.
Last night I downloaded node-webkit. I've been slacking when doing QT and WxPython because they were boring. And I thought that node-webkit would be as well.
One hello world later and I was amazed at how easy it was to create desktop application with it!
Spent my day trying to figure out what are pipes, streams, websockets... I have to admit I have a long way to go but I really enjoyed this session of node.js.
I had this idea of a free spotify that would just get mp3s from google. There are a lot of legal issues around so I'm wondering if I should really keep this one, but here is what I did today: Nodster (Node-webkit + Napster).
The code is not pretty as I was trying and discovering new things all along. The design is crappy but this is obviously because I had other better things to code first :)
I want to get the metadata of the mp3s to sort them more easily (most of them seems to have metadatas) but I have trouble figuring out how to do it.
Also it uses mp3skull.com to find mp3s, there are a lot others but eventually I wanted to just use google and crawl hard.
I could also add pictures for albums and... so many things to do!
If you want to help, fork away :)
