The day-to-day drudgery of state sponsored hacking

After a review of bids and testing the capabilities of some of the exploits offered, the team decided to build its own malware. “This is the only inexpensive way to get to the iPhone, except for the [Israeli] solution for 7 million and that’s only for WhatsApp,” explained one team member in a message. “We still need Viber, Skype, Gmail, and so on.” The same was true of the Android and Windows malware and the back-end tools used to manage the campaign. Rather than using zero-day exploits, the organization relied on a combination of physical access, spear-phishing, and other techniques to inject its espionage tools onto the targeted devices.

From Sean Gallagher in ArsTechnica on the details leaked from a state sponsored malware effort.

Transcend WiFi SD card hacking links


As a 400 MHz Linux system with 32 MB of RAM, using only ~100 mA @ 3.3 V, the possibilities are endless!


This post is written with the intention of exposing not only the exploits which will allow you to root (or jailbreak) the device, but also the process of discovering and exploiting bugs, some of which are a dead end, while others lead to the holy root B-)


As he suspected that some kind of Linux was running on it, he began to see if he could get a root access on it… and succeeded.

Greetings Library Scientist

The California Library Association is pretty much like every other regional library association I’ve seen, not least because their most visible presence is their annual conference. It may be the season, but the CLA is more politically active than others I’ve known. At their core, most such associations exist to promote efficient transfer of operational knowledge from […] » about 800 words

Organizational Vanity, Google Alerts, and Social Engineering

As more and more organizations become aware of the need to track their online reputation, more people in those organizations are following Google alerts for their organization’s name. That creates a perfect opportunity for scammers to play on that organizational vanity to infect computers used by officers of the organization with malware that can reveal […] » about 300 words

Many Eyes, Bugs Being Shallow, All That

WordPress 2.5.1 added a really powerful feature to register_taxonomy(): automatic registration of permalinks and query vars to match the taxonomy. Well, theoretically it added that feature. It wasn’t working in practice. After some searching yesterday and today, I finally found the bug and worked up a fix. I made a diff and set off to […] » about 200 words

WordPress + Invalid URLs = Extra Database Queries

After reporting weirdness last week I finally sat down with a completely clean and virgin install of WordPress 2.3.2 and traced what happens when you make a permalink request for a non-existent URL. Here are two sets of URLs to use as examples and context: These are valid URLs: http://site.org/archives/101 http://site.org/page-name These are _not_ valid […] » about 400 words

Is The Answers.com API Public?

Answers.com is throwing a bone to WordPress users with their new AnswerLinks plugin written by Alex King.

But wait, there’s an Answers.com API? A few pokes at the Google machine reveal nothing relevant, and Asnwers.com’s site is mum too. Taking apart the code, I get the following (modded enough to make it run-able if you drop it in the base of your WordPress install):

``` require_once('wp-config.php'); require_once(ABSPATH.WPINC.'/class-snoopy.php'); $snoop = new Snoopy; $snoop->read_timeout = 5; $snoop->submit( 'http://alink.answers.com/link/xml' , array( 'text' => “Put a long-ish string of meaningful text here, then look for interesting stuff in the print_r'd output.” ) ); print_r($snoop->results); ```

If the input string isn’t sufficiently long, the output will be empty (eliminating one of my potential uses for it), but it’s interesting to twiddle.

WordPress Baseline Changes To Support WPopac

I’ve whittled things down to the point where the only baseline change from WordPress 2.0.2 is in the next_posts_link function of the wp-includes/template-functions-links.php file. The change is necessary because WPopac rewrites the SQL search queries in a way that’s incompatible with a piece of this function, but necessary for performance reasons.

Here’s how my version reads:


function next_posts_link($label='Next Page »', $max_page=0) {
	global $paged, $result, $request, $posts_per_page, $wpdb, $max_num_pages;
	if ( !$max_page ) {
			if ( isset($max_num_pages) ) {
				$max_page = $max_num_pages;
			} else {
				preg_match('#FROM\s(.*)\sGROUP BY#siU', $request, $matches);

				// added April 5 2006 by Casey Bisson to support WPopac
				// necessary because the preg_match above fails with some queries
					$fromwhere = $wpdb->posts;
				// changed April 5 2006 by Casey Bisson to speed the query by eliminating
				// the slow DISTINCT clause
				//$numposts = $wpdb->get_var(“SELECT COUNT(DISTINCT ID) FROM $fromwhere”);
				$numposts = $wpdb->get_var(“SELECT COUNT(*) FROM $fromwhere”);
				$max_page = $max_num_pages = ceil($numposts / $posts_per_page);
	if ( !$paged )
		$paged = 1;
	$nextpage = intval($paged) + 1;
	if ( (! is_single()) && (empty($paged) || $nextpage < = $max_page) ) {
		echo '<a href=“';
		echo '”>'. preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>';


Editing WordPress “Pages” Via XML-RPC

WordPress‘s Pages open the door to using WP as a content management system. Unfortunately, Pages can’t be edited via XML-RPC blogging apps like Ecto. This might be a good thing, but I’m foolhardy enough to try working around it. Here’s how: Find a text editor you like and open up the wp-includes/functions-post.php file. in the […] » about 300 words