Category: General


Moving Forward: An Official Site

Due to how limited the free WordPress hosting service is, I’ll be moving The WAR to http://thewar.co/.

The site should be fully functional in a few months!

~!Donovan

Advertisements

Can you guess what the following expression returns?

10000000000000000 === 10000000000000001

If you guessed true, you’re right! Consider the next example:

10000000000000000 === 10000000000000000.9

This expression also returns true! In JavaScript, 10000000000000001 is not an integer. This is just one of the many missing JavaScript integers. Why are these integers missing, you might ask?

In IEEE floating point type numbers, the larger the number gets, the bigger the gap between numbers. It makes sense when you look at how the number is stored. — Paul²

Further testing reveals many big integers are not present and can be manipulated under the strictly equal to operator.JavaScript Integers TestBy creating a conditional with “missing integers”, we can mislead the user.

if(10000000000000000 !== 10000000000000001) {
// the average person thinks this is executed
} else {
// this is what’s really being executed
}

Check out some examples on jsFiddle.

Thoughts?
~!Donovan

Further Reading:
http://blog.greweb.fr/2013/01/be-careful-with-js-numbers/¹
http://stackoverflow.com/a/10756881/1585455²

Polonus recently found this information on an undisclosed site:

Below to make a undeletable folder. Sometimes we have some important folders that we never want to be deleted but sometimes someone deleted them knowingly or unknowingly. We can actually make folders that cannot be deleted in Windows OS. It must be made using Command Prompt. It can only be deleted using Command Prompt.

Steps:

1.    Go to cmd.
2.    Change to the directory that you want.
3.    Assume i change to D:
4.    So,in Command Prompt,type D: and [enter].
5.    Type in this command “md \lpt1\\” without quotes and press enter.
6.    The folder will now in your D:
7.    Go and try and delete or rename it,you cannot do anything to it.
There are still many names that you can use to name the folder:

********************
-lpt1 until lpt9
-CON
-AUX
********************

To delete it:
1.    Go to Command Prompt again.
2.    Navigate to the directory.
3.    Type in “rd \lpt1\\” to delete folder.

The main reason for such hack would be for protection, but it can also be used in malicious ways. Lets break down the concept.

The keyword md literally means “Make Directory” in the command processor.

So we are trying to make certain file-named directories. Well, whats so special about it, you may ask?

First, lets check out some background information in this Microsoft post.

Try it out and see what happens! This is what I get:

renameInvalid

So we can’t create these named folders by normal means.. But then, how does the command prompt create them?

Because the UNC Path (Universal Naming Conversion) is not called inside pure DOS.

The only way you can delete the folder is to go back into the command prompt and replace cd with rd, which literally means “Remove Directory”.

 
If there is a way to make it, there is a way to delete it,
~!Donovan

ipad2free4u Scam On Twitter

Scam Tweet

Today a guy on twitter that goes by “Dyner Cobb @dynerauiuih8” decided to send me a random bit.ly link.

ipad2free4u Site

Heh, interesting look to the site without javascript. But the thing that got me was the disabled right click. So, lets dig a little deeper. First lets check his profile..

Dyner's Twitter

Lets scan this url with some scanners. Remember to add the referrer just in case.
urlQuery: http://urlquery.net/report.php?id=126118
Zulu: http://zulu.zscaler.com/submission/show/89f35c32401d3700557b1168f836c2be-1344800813
JSunpack: http://jsunpack.jeek.org/?report=6230f73b581143ae6f23c1bc6f3ab5e604f69bc2
Wepawet: http://wepawet.iseclab.org/view.php?hash=9566df1168749dc0f51a45621ac61717&t=1344800877&type=js
Sucuri: http://sitecheck.sucuri.net/results/ipad2free4u.com/newipadforfree0812/

urlQuery shows a document.write iframe, proven guilty in the Sucuri results. Zulu couldn’t recieve a return. Wepawet shows us where the hidden iframe redirects to, and JSunpack gives us all the elements of the site. The “3. Your email address will never be revealed to any third parties.” is 100% phish. The submit form itself is from another site.

Feel free to comment (i have 35+ spam compared to 2 valid comments ;-;)

 

Don’t let this phish trick you,

~!Donovan