hacking & hiking: hacking

《Win32 多线程程序设计》

Sun, 17 Aug 2008 11:00:27 GMT

《Win32 多线程程序设计》，虽然是本专门讲多线程的书，可我大致翻了一遍后，反倒觉得没有《Windows核心编程》里面那几章讲得有用和深入。感觉没有必要仔细读了。

比如说，《Windows核心编程》里面很清楚地说明了，那些线程同步的方法，哪些是用户方式，哪些是内核方式，而且很清楚地告诉你效率究竟相差多少。这样的知识，对具体编程，还是很有帮助的。

SEO

Sun, 10 Aug 2008 03:26:29 GMT

看来SEO很好做。搜索我的名字，“文苗”。

Live: 前三条都是我的blog。

Google：第三条，我在joycode上的blog。这个最近提高很快，曾经都找不到了。主要是我又重新在joycode上大量更新了。

Baidu: 排名下降了，第二条。我本来一直排第一的啊。

通过一段时间基于这个特定的query的观察，各大搜索引擎ranking，以及crawler的频率，还有分词和index，真是各有特点啊。

销量排名15

Thu, 07 Aug 2008 11:58:51 GMT

今天不小心看了一下我参与翻译的《黑客大曝光：WEB应用安全机密与解决方案（第2版）》。

在china-pub上的计算机类里面，销量排名第15。对于一本刚刚上架的书来说，还不赖（上架时间：2008-7-28）。

可能我在joycode上的宣传，多少还有点作用，毕竟这些天也有两千多的点击了。

又仔细看了一下，近7日的排行是第14，安全方面的单项排名是第2。短期成绩还不错，希望更创佳绩。

Mike Howard: what is it that makes security hard?

Sun, 04 Feb 2007 04:21:48 GMT

I love Mike's answer so much.

Q: "So what is it that makes security hard? "

A: "It’s simple:

Scalability and reliability issues are man-vs-machine and machines are stupid.
Security is man-vs-man and humans are intelligent. "

Aha, so cute and brilliant. Security is man-vs-man. It is the war between hackers and the defenders.

If you are a big fan of security, especially on Microsoft, check his blog at http://blogs.msdn.com/michael%5Fhoward/

notes of the design training, cont

Wed, 13 Dec 2006 09:50:12 GMT

The training is ended. It is the best course I have ever taken in the recently two years. I took quite a few courses, including the <debugging windows applications> <windows internals> and etc. These are good courses while I didn't learn too much from those courses. The reason is, if you don't use it in the daily work, it is hard to understand and it is easy to forget. Take the <windows internals> for example, if you are a driver programmer, you would learn much more than what I learned. So taking the proper course is important. This design course is a proper one.

Notes below. They are random, DONT read them, you would be "killed" if you are trying to figure out the big picture with looking into others' simple notes. Notes are just for reminding.

1) Test Ability. It is an interesting point. I think it is powerful. I am going to have a try. Allan suggested us to think about the test ability when design. If the objects can be tested easily, it proves the design are loose coupled, strong cohesioned, non-redundancy... I am thinking the Test Driven Development is related Allan's point.

2) Difference between Strategy and Bridge. Yesterday I thought they are almost the same but I was not sure. So I asked Allan this morning. He told us to compare the patterns from the motivation persipective. Don't just compare the patterns in the class diagram.They always look similar. My current thought is, aha, they are still almost the same, the only difference I have seen is, the implemenation classes in the Bridage are always different. Let me think about it from the motivation persipective later. I would update it later.

3) Well-designed vs Over-designed. People face trade-offs in software design, it is same with facing trade-offs in the personal life. Allan didn't mention the word "well-designed", I came up with word to compare with the "Over-designed". It is a trade-off in design.The rule is, you just need to consider the possible changes and make sure it is easy to be changed. In software world or in the real word, for most of the cases, there is no simple best solution, it depends, it really depends.

4) We had a case study in the morning. We all are very passionnate in the discussion. I learned two things. One thing is, it is common to argue on the details in the discussion. I am not saying arguing is good or bad. Actually, any discussion is good and is especially helpful in the course. While in the work life, we need to keep an eye on the difference between you and others are arguing. Lots of time, the difference are not that big. Actually sometimes you would find one design can be easily converted to another design. If the cost is not that much, why it bother you. So leave some open issues open and come up with the big picture on the conceptual level first. The second thing is, the factory pattern.

5) I have lots of questions and have a full to-do list. I still didn't understand some patterns, e.g. the difference between Decorator and the CoR and even what is the damned Decorator. Allan highly recommened us to program the patterns. I agree with him. I would like to take some time to design and program some samples. Saying is saying, we need to do it.

6) Yesterday, most of us thought integration is kind of tough stuff and it even takes more time than coding. Actually Allan was trying to convince us, if you have a good design, integration is not harder than coding, it is supposed to be easy. I'm still not sure, let's figure it out in the real work.

7) Allan highly recommended the <Head First Design Pattern>. "It is the best one" ,Allan said. It is a popular book in US. GoF book are too conceptual to understand. I am almost scared by their book. Considering Allan's recommendation, I probaly would buy one.

8) Design to interfaces. Just add one more notes. I really didn't understand it before. But it is kind of understandable now.

9) Encapsulation. We always list the encapsulation, inheritance and polymorphism together when we talk about OO. Encapsulation is the most important one. Abstract Class, Interface and Polymorphism are also kind of encapsulation. Allan's points on OO impressed me a lot. Now, they are my points.

notes of the design training

Tue, 12 Dec 2006 09:32:23 GMT

Today is the first day of the two-days design training.

The training is really great. The instructor Allan is the author of the great book <Design Pattern Explained>. The training is for the design patterns, while most important, it is for the Object-Oriented Design(OOD). I throw out some old understandings on OO.

List a few notes below to remind me something in the future, they are not well organized. DONT read them:), they are random and just a reminder for me.

What to do? What is the good code and good design. Loose coupling, strong cohesion, no redunduncy, encapsulation, test ability.

How to do? 1) Commonality/variability analysis 2) TDD, this is an interesting point:)

What is an object? An interesting and important question, most of us came up with the answer - data and methods, this anwser is right but not good. it is for the implementation level. For the conceptual perspective, an object is the responsibilities. The hint helps me on the design a lot.Actually I don't understand what Allan say on the specification level. Anyhow, I would take a look at his book first and probably ask him tomorrow.

What is the difference between Strategy and Bridge. We discussed the question. Actually, there are some differences, while my final thinking is, they are almost the same, it solves this kind of problem. Because the problem are different, so the solution are different, while the approaches of them are the same.

The course doesn't help you, your thinking helps you. By awen:)

测试在微软

Mon, 19 Jun 2006 14:44:54 GMT

Scott在他的网站上很谦虚地说

My name is Scott Guthrie. I live in Seattle and develop a few software products for Microsoft (I run the development teams that build IIS, ASP.NET, and Visual Web Developer 2005).

IIS, ASP.net等几个产品的影响还是世界级的。他写了两篇关于微软测试的文章，不得不说,这是一笔财富，极为详尽。对微软的测试有兴趣的不妨看看。

Testing ASP.NET 2.0 and Visual Web Developer

http://weblogs.asp.net/scottgu/archive/2004/10/28/249458.aspx

Tracking Bugs

http://weblogs.asp.net/scottgu/archive/2004/11/03/251930.aspx

甚至他还贴上了测试Lab的照片，我可以告诉你的是，真正的Lab比图上的更酷点(因为我觉得黑色更酷)

presentation

Sun, 18 Jun 2006 09:13:48 GMT

今天下午，北京的夏天真正来了。

我去ARTM Tech做一个安全测试的讲座。

主要讲了这么几点

1) 安全开发生命周期
2) 常见的安全问题
3) 怎么做安全测试

一个小时其实很短，原计划是一个泛泛的讲座。估计错了，在谈到缓冲区溢出，跨站脚本和SQL注入时，大家对很多细节很感兴趣，甚至于说到了shellcode的实现，所以最后超出不少时间。

说到presentation，最早是在高一，更早的我忘记了。刚入学，每个人上讲台介绍一下自己。我非常的紧张，当时只说了一句，“我最喜欢的书是钢铁是怎样炼成的”。至今搞不懂为什么憋出这么一句话来，其实我根本就谈不上最喜欢这本书了。只是上台脑袋里一片空白，根本不知道该说什么。然后台下一片哄笑，我更窘了。现在只是觉得好笑。

大学毕业的时候，被要求做毕业典礼上的发言(RP问题，我从来就不想做这种发言)。两只手放在演讲台上，强作镇定，其实两条腿发抖的频率是无比的快.....

现在可能有点死猪不怕开水烫了，不紧张了，有时候还挺兴奋的。不过上次刚到Redmond给其他的team做个讲座的时候，还是挺痛苦的。会议室里都是些MSN，Exchange，ASP.net的强银，我被纠缠在蹩脚英语和技术问题中。最痛苦的就是讲完了每页，不知道该说什么，如果用中文，随便说点什么，讲讲笑话都可以，那时候的英语比现在还差，幸好Gary在旁边。其实我现在可以享受这些痛苦的过程，no pain, no gain.

可能很好的演讲人，是感染别人而自己保持克制。好比，马丁路德金在大喊我有一个梦想的时候，下面的人热血沸腾，其实他还在想，家里灶上的粥是不是熬干了啊。

新东方的老师有这种天赋，讲一个讲过五百五十五遍的笑话，每次都要让人笑破肚皮而自己还要不吐。普通人早吐了，至少我会这样，不信你找个低级笑话天天讲一直到五百五十五遍试试。罗胖子讲的那个"狠狠地扶了把眼镜“关于万恶的户口制度的笑话，不知道他讲过多少遍。我当场听过一次。

这是种贝多芬式的伟大，下面的听众如醉如痴，甚至痛哭流涕，贝多芬在心里说，"这些傻瓜"。

注:贝多芬这典故是傅雷告诉他儿子的(傅雷家书)，傅雷估计是翻译罗曼罗兰写的贝多芬传时看到的，罗曼罗兰这家伙怎么的八卦来这小道消息，我就真不知道了。

check Mike Howard's blogs

Wed, 14 Jun 2006 02:58:18 GMT

I haven't read Mike's blogs for a long time, maybe about one or two months. Today, I visited his blogs. I found a bunch of new blogs have been posted. Most of them are related with the security of Windows Vista.

If you are a big fan of security and hacking, go check them. They are really interestring.

Okay, go check the link below

http://blogs.msdn.com/michael_howard/

BlueHat

Fri, 10 Mar 2006 05:32:17 GMT

BlueHat杂谈

BlueHat,姑且直译为蓝帽会议，就是微软的BlackHat，据说是因为微软的Baget是蓝色的，所以取名为Blue Hat。BlackHat是一个挺有名的Hacker Conference。今年的BlueHat已经是第三届了。

总共三天，昨天是微软的高层Vice President才能参加的，内容和今天明天的一样，只不过浓缩成一天，一群黑客给微软的VP们上课。微软现在对安全的确是非常重视，也主动和安全界进行沟通，BlueHat就是途径之一。今天出来的时候，看到一辆加长的林肯，后面一辆Microsoft Security的车停在后面保护着。我见到过的最长的车，不会是用来接送那些讲课的黑客的吧，姑且八卦一下，纯属猜测。

今天早上8点半就跑到Microsoft Conference Center，刷卡进门，还领了一件T-shirt，黑色，上面有Bluehat几个大字，挺酷的。起床早所以没吃早餐就跑过去了，原计划是去公司的厨房喝点牛奶的，进去一看，发现居然有早餐吃，种类还不少，考虑还是满周到的。

Today's talk
9:00-10:00 Current Database Vulnerability Research
David Litchfield - NGS

David is the co-founder of NGS, he focus on Oracle security, he listed

10:15-11:15 Database Rootkits
Alexander Kornbrust – Red-Database Security

11:30-12:30 Breaking into Database Systems - the Now, the Then and the When
Kev Dunn - NGS

1:00-2:00 Bitten on the ASP (how to NOT to deploy ASP.Net applications)
HD Moore - Metasploit

2:15-3:15 Exploiting Web Applications
Caleb Sima – SPI Dynamics

3:30-4:30 Search Engine Hacking
j0hnny Long

未完待续...

Windows Internals 杂记

Sat, 18 Feb 2006 04:18:11 GMT

这周参加了一个微软内部的课程-Windows Internals，一个非常好的课程。

Mark Russinovich，Windows Internals 及其他

讲师Mark Russinovich不是微软的，这倒不稀奇，上次讲Debug Windows Application的John Robbins也不是微软的。准备这样一个大的课程是一项系统工程，微软的同志们都很忙:)。

Mark和John都写了本很有名的书，书名和课程名一样。Mark和David Solomon写了本赫赫有名的《Windows Internals》，John Robbins写了本同样也很有知名度的《Debugging Microsoft .NET and Windows Applications 》。

Mark自己弄了家公司Winternals，John Robbins也弄了一家公司，叫做Wintellect，.两家公司都以win开头，可见和windows,microsoft很有关系，Mark的Winternals针对于企业用户卖一些windows上面的软件，Wintellect主要是consultant，也专注于Windows。Wintellect的另外几个创始人也不得不说，写Programming Applications for Microsoft Windows 的Jeffrey Richter和Jeff Prosise。

David Solomon刚刚在北京讲了同样的课程Windows Internals，应该有不少同事参加了。上课的时候David Solomon还给Mark的MSN发了一个聊天信息过来，给大家问好，很有国内常见的某某领导发电慰问的风范。我们顺便也和David开了个玩笑，此时David正在海滩上晒太阳。

上课前我知道Windows Internals这本书，但其实不知道Mark是他的作者。Mark在微软应该很有知名度的，下课休息的时候还有一位仁兄找Mark在新买的《Windows Internals》上签名，哈哈。Mark似乎认识不少微软的人，Dave怎么怎么说老挂在嘴边，Dave就是Windows的总设计师David Culter了。

其实关于Mark这个名字，按道理早就应该熟悉的，sysinternals上的tool就经常用。前段时间沸沸扬扬的sony rootkit的事情也是他捅出来的。

关于上课

课程总共三天，早上九点开始，下午五点半结束。去掉午休一小时，照四十分钟一节课算有三十个课时了，一般操作系统课程也就四十个课时吧，可见时间也不算短。

收获不小，《深入理解计算机系统》(或者说操作系统+计算机组成基本原理+编译原理)这本书让人在脑海里构造起来一个有层次的计算机系统，Windows Internals让人把很多知识具体化到Windows这样一个操作系统上，颇为刺激。

一起上课的人里面，有些是Windows team的。Mark讲到Gina时问有没有人做这个的，一个仁兄举起手来，说我就是写这个的。Mark问有没有讲的不对的，那位仁兄回答，都很正确。这样的情况也不少见，有人补充了一些Vista的更新。看来Mark可以一边讲课赚钱一边改讲义，一举多得。这些人听课应该更有收获，不同层次的人听同样的课，获得知识往往不一样，比如一位熟悉VMS的同志来听课，估计会不断点头，对很多细节深有感触，课后更可以和Mark指点激扬一把。而对于我，对windows有了一个general idea，很多细节还需深入学习。

最后Mark还给大家demo了一下他平时怎么研究windows的，IDA + Softice....

流行什么，攻击什么

Tue, 18 Oct 2005 16:04:17 GMT

决定在今天的最后的短短十分钟内写一篇blog,看看这篇文章吧，

http://it.slashdot.org/article.pl?sid=05/10/14/126233&from=rss
IT: Cross-Site Scripting Worm Floods MySpace
Posted by Zonk on Friday October 14, @09:25AM
from the why-would-you-want-to-do-anything-on-myspace dept.

DJ_Vegas writes "One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, 'Samy' had amassed over 1 million friends on the popular online community. According to BetaNews, the worm's code utilized XMLHTTPRequest - a JavaScript object used in AJAX Web applications and was spreading at a rate of 1,000 users every few seconds before MySpace shut down its site. Thankfully, the script was written for fun and didn't try to take advantage of unpatched security holes in IE to create a massive MySpace botnet."

首先需要说明的这个My Space不是MSN Spaces.

Cross Site Scripting + AJAX,呵呵，为了表达我的题目--“流行什么，攻击什么”，决定用AJAX这个词了，其实samy写的这个worm就是Cross Site Scripting + XMLHttpRequest

AJAX最近很流行的说，一些陈年的裹脚布拿出来晒晒又做成了新衣裳，结果居然还流行起来了。流行什么，攻击什么，问题自然来了，比如说这个Javascript worm.第一次见到Javascript worm,代码的确很简单，可是你绝对不要鄙视这点代码，你凭什么鄙视它呢，这么几行代码可以影响一百万个my space的用户。

流行什么攻击什么，可以预期的将来，还会有流行的被攻击的对象。

没有论坛在讨论技术的

Thu, 06 Oct 2005 13:35:11 GMT

只是某些文字勾起来一些牢骚,于是趁着自己头脑不清醒的时候多说几句。

现在没有hacking方面的论坛真的在讨论技术的，真正深入讨论技术的都不在论坛了,看Xfocus,看Nsfocus,再看看Patching，真正有几个技术帖真正有价值的，很少，精华帖少之又少。并且所谓的技术都跑地下去了，人家找到漏洞要卖钱，要赚名声，干嘛免费和你讨论，几年前的红火的场面不存在了。很正常，比如说我现在在做security testing，某个微软的产品，我找到到任何的security bug都会贡献给公司的bug管理工具。

结论:论坛只是用来灌水的工具

解决方法:采用非论坛以外的一切手段学习

安全技术书籍

Sun, 29 May 2005 05:39:11 GMT

软件安全涵盖极广，我仅列出自己读过的说说，自然只涵盖了整个软件安全的一小部分。而正因为软件安全的广度，每本书的侧重点和目标读者不一样，内容和形式上都是各有千秋的。

对于渗透测试和学习缓冲区溢出的细节，《The shellcoder’s handbook》是个很好的选择。可惜国内买不到，也没有影印版。我手上有一本英文版，标价50美元。书如其名，就是discovering and exploiting security holes。这本书很专一，集中火力在缓冲区溢出。专一的好处是深入，而深入往往意味着不容易读。另外，本书讲Linux/Unix的部分比较多。《网络渗透技术》，和《The Shellcoder's handbook》一样，主要讨论缓冲区溢出。虽然后面有两章讲Web和SQL Injection的，其实也是稍微提及而已。这两本书虽然重点都是缓冲区溢出，但是《ShellCoder's hand book》讲了很多如何发掘漏洞，如果你对此感兴趣的话，颇值得认真读。在内容编排方面，Shell一书是基于操作系统的，先讲Linux,然后Windows这样。而Xfocus写的这本是按溢出的种类编排的。从编排方式来说，个人更喜欢 Xfocus这本。

    说说《Write Secure Code 2》，微软员工必读。其实微软现在是相当重视软件的安全性，并且也在不断改进，这样的投入是会有回报的。这本书适合开发人员和PM读，甚至可以说，是每个关心软件安全的开发人员必读的。本书挺全面，既有技术上适可而止的细节，也关注于如何在软件开发流程的层次保证软件的安全性。Tester也是要读的，但是不知道Attacker/penetration tester是否喜欢，毕竟该书的着重点不是探讨如何去攻击一些漏洞。作者的blog也是很值得看看的。
     《黑客反汇编揭秘》，很有特色的一本书。但我对作者的编排很有疑问，第8章里面的第9节讲函数的参数，三百页，占了全书的1/2。我从第一章看到第七章，也就花了三个晚上，结果看从8.9.1看到8.9.2的一小节应该花了不止三个晚上，让人一点成就感都没有。
    再说说《决战恶意代码》，非常值得一读。作者眼光很犀利，对安全的理解也很深刻。具体到书中很多问题时，让人觉得不仅仅谈的是技术的细节。比如提及很多漏洞的本质，就是数据和指令的混杂。