from the guy behind Azure Talon

• Warmonger
• Econ
• LangSwitch
• NanoLifeSaver
• Articles

• Apple (14)
• Art (9)
• Articles (7)
• Blog (4)
• Business (14)
• Cocoa (9)
• Contests (2)
• English (60)
• Français (3)
• Gaming (3)
• Hacking (4)
• Humor (5)
• Interface (6)
• Internet (27)
• iPhone (11)
• Life (5)
• Politics (3)
• Programming (13)
• Rants (12)
• Release (12)
• Reviews (1)
• School (7)
• Uncategorized (3)
• Web Development (1)

January 2010

October 2009

September 2009

July 2009

June 2009

May 2009

April 2009

March 2009

February 2009

December 2008

October 2008

September 2008

July 2008

June 2008

April 2008

March 2008

February 2008

January 2008

December 2007

November 2007

October 2007

September 2007

August 2007

July 2007

January 2007

December 2006

April 2006

This headline sounds shocking, doesn’t it?

It’s a quote from ‘More Sex Is Safer Sex: The Unconventional Wisdom of Economics’ over at NYTimes.

It’s a highly controversial article (and that’s an understatement, for lack of better word) that got me thinking.

You’ve read elsewhere about the sin of promiscuity. Let me tell you about the sin of self-restraint.

Ok, that starts well. The sin of self-restraint? Did he just seriously say “sin”?

In Martin’s absence, Joan hooked up with the equally charming but considerably less prudent Maxwell - and Joan got AIDS.

Consider this then: If Martin had hooked up with Joan, Maxwell would have hooked up with some other innocent female and given her AIDS, instead of Joan.
Statistically, it doesn’t matter who gets AIDS, what matters is how many innocent people do get it. Joan not getting AIDS does not change that number at all, if somebody else gets it instead.

A cautious guy like Martin does the world a favor every time he hits the bars. In fact, he does the world two favors. First he improves the odds for everyone who’s out there seeking a safe match.

True enough, I’ll give you that.

The second favor is more macabre, but probably also more significant: If Martin picks up a new partner tonight, he just might pick up an infection as well. That’s great. Because then Martin goes home, wastes away in solitude, and eventually dies - taking the virus with him.

That’s where it gets arguable… “That’s great”. How can it be great that when someone gets AIDS?

Yes, the virus dies with him. But had he not gone out and gotten laid that night, he would not have the virus in the first place. You’re logic’s broken, Mr. Author.

I’m always glad to see guys like Martin in the bars. When he takes home an uninfected partner, he diverts that partner from a potentially more dangerous liaison. When he takes home an infected partner, he diverts that partner from giving the virus to someone who might spread it far and wide. Either way, I sure hope he gets lucky tonight.

Another flow in your logic: If you’re encouraging more sex, and Martin becomes more sexually active (ie. more promiscuous), then he’ll become one of those dangerous person, along with all other people who follow that logic. Turning safe matches into dangerous matches will do the work no good!

If multiple partnerships save lives, then monogamy can be deadly. Imagine a country where almost all women are monogamous, while all men demand two female partners per year. Under those circumstances, a few prostitutes end up servicing all the men. Before long, the prostitutes are infected; they pass the disease on to the men; the men bring it home to their monogamous wives. But if each of those monogamous wives were willing to take on one extramarital partner, the market for prostitution would die out, and the virus, unable to spread fast enough to maintain itself, might well die out along with it.

Fortunately, that theory is just that: theory. “A country where almost all women are monogamous, while all men demand two female partners per year” doesn’t exist. Which is a good thing. The reality is that most couples are monogamous, and equally so in both genders, which invalidates your point.

That’s one reason why you should root for Martin to have sex with Joan. Here’s another: they’ll probably enjoy it.

That has absolutely nothing to do with the issue at hand. Absolutely nothing

Enjoyment should never be lightly dismissed. After all, reducing the rate of HIV infection is not the only goal worth pursuing; if it were, we’d outlaw sex entirely.

Yeah right… And how would we make babies?

The article then goes on to make some more flawed analogies, and counter-arguing valid arguments against his theory. Go read the whole thing and make up your own mind. Some of the theories there are worth thinking about, but be sure to make up your own mind, and don’t believe everything you read blindly.

Domain change, again.

The blog has moved.

The new URL for this blog is now www.seoxys.com.

Those of you who follow the burned feed (feedburner) won’t have to update it.

Sorry about doing this to you, again!

PS: I really hope this doesn’t affect my amazing google pagerank

An introduction to Sean Collins

From: Sean Collins
Date: July 23, 2007 4:32:35 PM EDT
To: [anonymous@gmail.com]
Subject: Aquatic Prime

I recently read your blog post about Aquatic prime, after I was hunting around inside another application.

I would like to perhaps exchange some notes, because I think I might have found at least an individual application that uses the PHP authentication of the AquaticPrime framework, and I suspect that it would be vulnerable to SQL Injection attacks, as well as using what I believe to be, a cookie that never expires that is baked into the executable, which could lead to some other interesting things.

Let me know if you’d be interested in a chat!

Thank You,
Sean Collins

1:42:24 PM seanwdp: [Hey], it’s Sean C
1:42:48 PM anonymous: hey sean.
1:43:10 PM seanwdp: The app in question is called Exces
1:43:22 PM seanwdp: part of that MacHeist deal they were doing a week ago
1:43:35 PM anonymous: ok
1:43:58 PM anonymous: and what can you do exactly? (re-reading your email)
1:44:13 PM seanwdp: I don’t have any POC just yet, just some leads.
1:44:41 PM seanwdp: just looking through the executable, found some little things
1:45:04 PM seanwdp: the app uses the PHP part of the AP framework
1:45:14 PM seanwdp: to do registration keys and such
1:45:20 PM anonymous: k
1:45:44 PM seanwdp: let me give you the executable dump
1:45:55 PM anonymous: k
1:47:27 PM anonymous: can i just strings it?
1:47:57 PM seanwdp: yeah, already did and sent it to you as a txt
1:48:52 PM seanwdp: one of the stings contains his license check
1:48:53 PM anonymous: ok
1:48:59 PM seanwdp: it’s a PHP script
1:49:09 PM seanwdp: if you connect to it with just a browser you get a bunch of mysql errors
1:49:10 PM anonymous: http://www.seosoft.info/app_rsrc/exces_licence_check.plist.php
1:49:13 PM anonymous: yeah i see
1:49:14 PM seanwdp: exactly
1:49:23 PM seanwdp: so I think that the cookie is a few lines below
1:49:25 PM seanwdp: that has the login data
1:49:43 PM anonymous: and that is based on the AP sample code you think?
1:49:52 PM seanwdp: I’m not entirely sure
1:49:59 PM seanwdp: If it is the AP sample code
1:50:02 PM seanwdp: that’s pretty bad
1:50:11 PM seanwdp: I was going from the thinking that he tried to extend the AP
1:50:18 PM anonymous: so have you actually tried to inject anything?
1:50:32 PM seanwdp: I’ve been looking for a way to feed it some bad data
1:50:38 PM seanwdp: I was doing some pretty simple stuff
1:50:47 PM seanwdp: the license key I think is through stenography
1:50:57 PM seanwdp: so I was trying to see what it takes as a dragging source
1:51:12 PM seanwdp: see if I could craft some bad data, then capture the packets
1:51:22 PM anonymous: heh ok
1:51:30 PM seanwdp: What makes me wonder, is the fact that he has another part, his bug reporting
1:51:39 PM anonymous: ap uses real encryption though
1:51:51 PM seanwdp: right
1:51:52 PM anonymous: no stenagraphy no faking
1:52:13 PM seanwdp: but my thinking is that the app will send a user/pass
1:52:30 PM seanwdp: since you get the error about not having a user or database selected
1:52:35 PM seanwdp: when you visit that register page
1:53:22 PM anonymous: what user/pass?
1:53:28 PM anonymous: a bit confused
1:53:44 PM seanwdp: okay. Know how you visit that registration page with a regular browser?
1:53:53 PM anonymous: y
1:54:10 PM seanwdp: notice those mysql errors
1:54:16 PM anonymous: right right
1:54:22 PM seanwdp: Line 2 is the host
1:54:27 PM seanwdp: line 3 is the database
1:54:46 PM anonymous: looks like he’s on a dreamhost box
1:54:50 PM seanwdp: right
1:54:59 PM seanwdp: I’m thinking those variables
1:55:02 PM seanwdp: the PHP ones
1:55:22 PM seanwdp: that set the host, database name, and possibly user/password combo are in the app
1:55:26 PM anonymous: ok
1:55:32 PM anonymous: i’d be real surprised
1:55:36 PM seanwdp: as would I
1:55:48 PM anonymous: in fact i doubt its likely at all
1:56:05 PM anonymous: knowing dreamhost (used to be a customer) they firewall off the mysql server
1:56:24 PM anonymous: the info would be embedded in the php
1:56:33 PM anonymous: it looks to me as if the guy has a f-ed up php
1:56:45 PM anonymous: either the mysql server is down, or something is misconfigured
1:56:52 PM anonymous: i dont think the username password are in the app
1:56:56 PM anonymous: unless you’ve found them?
1:57:08 PM seanwdp: only guesses at this point, nothing jumped out in the strings
1:57:14 PM anonymous: what happens when you packet sniff?
1:57:23 PM seanwdp: still trying to get that running
1:57:27 PM anonymous: ok
1:57:29 PM seanwdp: I might have to do what you did
1:57:33 PM seanwdp: with the code injection
1:57:37 PM seanwdp: just force it to connect
1:57:43 PM anonymous: ah
1:57:54 PM anonymous: so it doesn’t connect to that url normally?
1:58:02 PM anonymous: until you register it perhaps?
1:58:05 PM seanwdp: yeah
1:58:08 PM seanwdp: and there’s a cookie
1:58:13 PM seanwdp: expires never
1:58:27 PM seanwdp: I wondered if that might be a good lead.
1:58:33 PM anonymous: AP is designed for client side validation
1:58:39 PM anonymous: he’s doing it server side too perhaps
1:59:03 PM seanwdp: I mean the guy just sold like 100k licenses or something
1:59:09 PM anonymous: no shit?
1:59:11 PM seanwdp: yeah
1:59:12 PM seanwdp: macheist
1:59:16 PM seanwdp: so I mean, it’s gotta work
1:59:19 PM anonymous: heh
1:59:20 PM anonymous: yeha
1:59:24 PM anonymous: unless it is a dead url
1:59:29 PM anonymous: isn’t used any more
1:59:33 PM anonymous: or is in there to throw you off
1:59:34 PM seanwdp: true, maybe he baked a new version for macheist
1:59:39 PM anonymous: maybe
1:59:53 PM seanwdp: I dunno, I can’t imagine him being too smart
2:00:06 PM seanwdp: his app just hands off the dirty work to disk utility
2:00:09 PM anonymous: i’d _hope_ he is if he’s releasing an encryption app
2:00:11 PM anonymous: ah
2:00:12 PM anonymous: haha
2:00:19 PM seanwdp: yet still manages to have a “limit” of 10gb
2:00:26 PM seanwdp: for his “vaults”
2:00:48 PM seanwdp: it’s right in the code, he calls hdiutil
2:01:03 PM seanwdp: all he’s got is a pretty GUI
2:01:31 PM anonymous: yeah
2:01:35 PM anonymous: another Disco app
2:01:38 PM seanwdp: yep.
2:02:00 PM seanwdp: At least Disco has “ismoke”
2:02:05 PM seanwdp:
2:03:30 PM seanwdp: so what are your thoughts?
2:04:17 PM anonymous: i dunno. i’d be really surprised if the app relies on it for registration
2:04:30 PM anonymous: AP is vulnerable once you have it in your hands.
2:04:44 PM anonymous: it just depends on how much work the guy has done to obfuscate it
2:04:56 PM anonymous: and even then you can always find (and then replace) the public key used
2:05:04 PM seanwdp: right
2:05:11 PM seanwdp: but what about the risks to his website
2:05:20 PM anonymous: i’d be surprised if there are any
2:05:28 PM anonymous: it could just be the mysql server is fubared
2:05:32 PM anonymous: something is misconfigured
2:05:41 PM anonymous: hard to say
2:05:50 PM anonymous: any badly written php could be vulnerable
2:05:54 PM seanwdp: right
2:06:04 PM anonymous: to find out for sure you need to sniff the packets and find out what it sends
2:06:07 PM seanwdp: well I mean he has a bug reporter, where all the stuff is sent using the $_GET array
2:06:19 PM anonymous: any suspicious looking printf style strings?
2:06:32 PM anonymous: stuff that could be a http url request?
2:06:47 PM anonymous: “%@&%@&%@” type stuff?
2:07:01 PM seanwdp: lemme see
2:07:09 PM anonymous: you could try hacking the bug reporter
2:07:11 PM seanwdp: I swear I saw some
2:07:22 PM anonymous: if that is vulnerable then the license check probably is too
2:07:27 PM seanwdp: yeah
2:07:40 PM seanwdp: I mean, it’s much easier to crack the bug reporter
2:07:52 PM seanwdp: since I guess the database connection info is in the script
2:07:56 PM seanwdp: *not guess
2:07:59 PM seanwdp: it is
2:08:07 PM anonymous: that makes no sense
2:08:08 PM anonymous: why do that?
2:08:16 PM seanwdp: pulled it out of a php book
2:08:16 PM anonymous: easier for it to be server side
2:08:24 PM anonymous: if he has to change the password he’d be fucked
2:08:26 PM seanwdp: right, that’s what I’m saying
2:08:27 PM anonymous: or whatever
2:08:34 PM seanwdp: he’s probably got a mysql_connect.php
2:08:46 PM seanwdp: that has a username, password, host, and all that
2:08:54 PM anonymous: but even then he’d have to jump through hoops to expose his mysql server to the world
2:08:59 PM anonymous: by default DH firewalls it
2:09:07 PM anonymous: so you have to assume he knows how to do that at least
2:09:12 PM seanwdp: yeah
2:09:21 PM anonymous: which is inconsistent with him putting his password in the client
2:09:31 PM seanwdp: it would be
2:09:46 PM seanwdp: it’s just that you don’t get the same error reporting on the bug page as the license page
2:10:15 PM seanwdp: but that could be because someone wrote the bug script better
2:10:24 PM seanwdp: and it doesn’t give out those errors to the user
2:10:38 PM seanwdp: meanwhile someone far dumber left the error reporting on, for the license script
2:11:59 PM anonymous: well focus on the bug reporter see if you can capture what it sends
2:12:05 PM anonymous: i’d be interested to see that
2:15:46 PM seanwdp: yeah
2:15:58 PM seanwdp: I’m pretty sure it just sends three or four variables
2:16:06 PM seanwdp: the PHP script gets them and off they go into the database
2:16:12 PM seanwdp: since they’re right in the url
2:16:23 PM seanwdp: http://www.seosoft.info/app_rsrc/bug_send.php?
lang=%@&product=Exces&name=%@&email=
%@&description=%@&explanation=%@
2:16:52 PM anonymous: yeah
2:17:15 PM anonymous: so do some injection
2:24:07 PM seanwdp: I’ll let you know what I come up with
2:24:20 PM anonymous: cool
2:24:26 PM seanwdp: work finally threw up their hands and let me run our stuff on Apache
2:24:39 PM seanwdp: the guy running the server (win2003) has NFC
2:24:47 PM seanwdp: and i don’t like or care about IIS
2:24:56 PM seanwdp: thing spent more time broken then up and running

‘Nuff said.

Econ

Introducing Econ, the screensaver that uses your icons!

Note: This screenshot is UGLY. Screen capture just wouldn’t capture a smooth image…
Click on the screenshot to get a nice QuickTime preview of the screensaver.

Econ is Leopard-only and requires a decent graphics card & CPU.
Download Econ

Update: In Snow Leopard, you need to launch System Preferences in 32-bit mode in order to be able to select Econ from the list of screensavers. To open System Preferences in 32-bit mode, right-click on its icon, choose Get Info and check the Open In 32-bit Mode checkbox.

Anime Rant

[Click to view flash movie]

[deviantArt] - [newgrounds]

---