Search This Blog

Monday, March 25, 2013

Evernote v4.6.4 Upgrade Issues

Evernote allows you to easily capture information in any environment using whatever device or platform you find most convenient, and makes this information accessible and searchable at any time, from anywhere. Use Evernote to jot notes, create to-do lists, clip entire Web pages, manage passwords, and record audio. Everything added to Evernote is automatically synchronized across platforms and devices and made searchable. Evernote will even recognize printed or handwritten text in photos and images.


Due to a recent bleached, all users are advised to change password and upgrade to the latest version, but however to some specific users of v4.6.3 (maybe more, but I won't know first hand), the upgrade process seems to failed in every way possible giving MSI error codes.

I tried upgrade inside the application or even downloading the standalone version, but no success. In the end, I figured that they probably omitted a certain version in the upgrade path, so I uninstall v4.6.3 completely. And I reinstalled. And it works!

Well, I guess this is a typical example of a upgrade management issues in software, but at least it didn't need a formatting or Windows Refresh to save the day. If you are having problem with Evernote, try this and hopefully you will still be a happy user of Evernote like me.

Tuesday, March 19, 2013

Adobe Photoshop Flickers in Windows 8

Did you encounter flickering or basically image not staying put inside Adobe Photoshop CS6? Well, I guess that's the reason you are here in the first place. But fundamentally, the problem neither lies with Adobe nor Microsoft. I can bet you are almost 100% using a AMD graphics card!

Basically its the AMD graphics driver for now. As of today, its still not fixed and to temporary fix this, Adobe actually recommend to disable graphics acceleration inside Adobe Photoshop for now.


Change the GPU Drawing Mode to Basic:
  1. In Photoshop, choose Edit > Preferences > Performance.
  2. Select Advanced Settings.
  3. Choose Basic from the Drawing Mode pop-up menu.
  4. Click OK to close the dialog boxes.


While its not the best way to do it, I guess everyone will have to live with it until AMD fixes this or get a Nvidia card to replace it.


Who Reset My Password

Today I am going to talk about yet another simple and effective hack. This time, we are going to go into the scenario of grabbing password from forums, portals etc. Imagine this scenario. You are user A and you want to get into user B's account. We can safely assume that User B's email is inaccessible, otherwise, we all know we do not have a problem then.

Suppose as A, I decide I wanted to go reset my password instead. More often than not, it will be sent to A's email address, a link that enable user A to reset my password. In other times, they may even allow other means as well such as mobile phone or messenger, but the concept is still pretty much the same, except it just complicate the trace hiding part sometimes.

Now, after A check the email and a link will appear. If the link is embedded in HTML, uncode it and look for something like this:


uid=12314800&uname=xxxxxxxx&mail=yyyyyyyy


Now. isn't that cute. But what we are interested is the UID most of the time. And I don't need to point finger at what sort of program usually have this type of parameters. Now comes the interesting part. I have a link for A to reset A's password, but what if I CAN reset B's password instead? OK, this is where the complication may or may not help. Basically what you are interested is to obtain B's UID. To my surprise, it's something more easy than you think. Some portal, you will even be able to get that from the "reset password" page, while others, its just a matter of keying in the password incorrectly once on the login page.

Now, lets UID replace. Note that if the site uses some sort of hash check on the URL, this is probably not going to work. But then again the hash is usually going to be a combination of the parameters plus some unique identifier, with some luck, you might even be able to break the hash. In one case I encounter, the hash is basically the whole URL excluding the hash=ZZZZ parameter right at the end.

Assuming its not, replace B's uid with A's uid and you are sent to the password reset page. Go ahead and don't be shy about it. After which, go back to the login page and log into B's account successfully. And B may or may not even know the password had been changed.

You may laugh and think the hack is silly. 10 sites I saw and 10 I entered within last 3 days is not so laughable. If you maintain a portal, I think you should re-look at your password reset workflow seriously.




Monday, March 18, 2013

Adobe Flash Player Download Woe

At version 11.6 now, still full of bugs, yet Adobe Flash player is still plagued with a fundamental fatal error in their update. People all over are still getting the XX % failed to download and to make it worse, Adobe fail to check if the update was even successful at all before deleting the install. In short, when you need to retry, you can't just retry. You will need to download the installer again. Well, of course you can make a copy of it, but if the download problem doesn't get solve, you will still be stucked.

To make things worse, Flash is plagued with critical vulnerability and perhaps one of the biggest issue is that user is not able to update their player thus helping in the exposure of the threat. While Adobe may not see this in this light, it is definitely something I feel they should fix since it had been there since a long time ago.

The most direct solution is to download directly from the source, but instead the full installation package instead of the minimum internet download installer.

Download the full package from:
http://www.adobe.com/products/flashplayer/distribution3.html

OR simply stop using Flash altogether.

Wednesday, March 13, 2013

Windows 8 BSOD DPC WATCHDOG VILOLATION

One fine day at work, one fine Windows 8 which was shutdown properly last night, but it did not boot up like it always had in the morning. Instead, what greeted me was a BSOD, well the new BSOD anyway saying something about a "DPC_WATCHDOG Violation". Now, isn't that puzzling. First, its about a watchdog, which I obviously did not bought one and then there was a violation. Did a bad dog run into Windows 8?

After some 30 minutes of read up (using another OS on another partition), I finally found the root of the problem. Well, at least for most other users. It comes down to 3 software.


  1. AVG Antivirus or similar suites
  2. Kaspersky Antivirus or similar suites
  3. ATI Radeon Catalyst 

Well , there are not in order, but for me, I had AVG. And luckily I had this OS (Windows 7) on another partition and simply out of my mind, I rename c:\program files (x86)\AVG to AVG1 and restarted Windows 8.

TADA. OMG, it was really AVG! I had seen success stories from other users for KAV, KIS as well. Seems like these AV companies tried to compete on who gets their product Windows 8 compatible and they made some pretty fatal mistakes along the way. For ATI, it may be a bit more involved to skip start it, but since I did not encounter that I would let other users who had to tell their stories.

Guess, what is the first thing I did after I recovered my Windows 8?
UNINSTALL AVG 2013!

From that day onwards, AVG and Kaspersky is banned from all my Windows 8 machines.

Monday, March 04, 2013

My Letter to my Hacker

A while ago, I found a readme.txt sitting right on top of my D**-NET Honeypot and this was the beginning of a whole turn of event that is, let's say, funny at the very least. I opened the readme.txt in a text editor and this is what I saw:

FUCKING PIG
Don't you have anything else beside than porn on your PC?
For the past 2 month all the fuck shit you have given me is nothing but porn!
600GB of fucking porn you shit head.
You did not even download The Avengers 2012 1080p BRrip X264 2 2GB YIFY even though you search it! All you did was downloaded another fuck show!
Fuck! Are you a seller in the night market or what?
And you had even given me the fuck shit trojan you gotten from the porn site!
I am so fucking pissed that I want to fucking delete all your donwloaded porn for you now!
Eat shit and die you pig!

Some part of the swearing I did not appreciated and obvious I deleted it here. Well, angry? Actually not... I had him / her monitored for the past 2 months and I guess since he had left me a note, I should be a polite guest and write him one. but he / she was actually so frustrated that he / she actually delete my files and removed the RAT from the honeypot.

Well, lucky Whisperer 4 was on the Honeynet and it got his / her email when he / she updated the RAT config via email SMTP. That's why you should NEVER use unencrypted SMTP. :P So naturally, I send he / her an email, POLITELY.

Thanks for staying on my PC for the past 2 months.
Firstly I must thank you for being a nice hacker by uploading your RAT msi with both your client and server inside. It was a well written piece of code, but I am pretty sure you did not wrote that anyway.
Secondly, I thank you for actually screening through those files on D: and confirmed that they were ALL porn. I did not really have a look through all of them myself.
In order to evade me, you must had packed your files several times when you perform a remote upgrade, but that was why my AV had flagged you on the second week you were in on XX XX 2012. I had to even put in an exception rule in my AV for your RAT, but I guess you did not found out.
Your random changing of ports was good, perhaps a function build in to your RAT, but it gave me lots of trouble to put in firewall rules so that your RAT can connect properly outside.
You other tools wasn't impressive but I guess its your fault for not testing it against a W2K8 server.
I guess you should at least had thank me for the 600GB of porn which you so patiently downloaded. I thought you would had realized by the first 50GB or so...
Lastly, I would like you to know I actually downloaded The Avengers 2012 1080p BRrip X264 2 2GB YIFY, but its on M: drive. Why did you not look there, but kept staying on my C: and D: ? Was it for the porn?
Thank you for participating on the malware collection exercise on my honeynet. 

How many of you laughed? I don't know. I sure did the hell laughed my head off.

Amazon Gift Cards!

Thanks for viewing!

Copyright © 2008 nemesisv.blogspot.com, All rights reserved.