Tuesday, July 29, 2008

Luigi Does It Again! UT2004 Remote DoS


If there's a UT2004 server operator you don't like out there somewhere, you're in luck! Our old pal, Luigi Auriemma has discovered a remote Denial of Service (DoS) against the UT2004 server engine.

Really, I do like Luigi... my servers have been hit by every Proof of Concept (PoC) he's ever published... he is the guy in game security. The man has no equal!

I haven't tried the PoC (I lost my UT2004 server after the hard drive crash last December and never put another one up) but Luigi's code always works as advertised.

Details, link to code below...

###########################################

Luigi Auriemma
Application: Unreal Tournament 2004
Versions: <= v3369

Platforms: Windows and Linux
Bug: NULL pointer
Exploitation: remote, versus server
Date: 30 Jul 2008
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org


###########################################

1) Introduction
2) Bug
3) The Code
4) Fix

###########################################

===============
1) Introduction
===============

Unreal Tournament 2004 is a well known FPS game developed by Epic Games (http://www.epicgames.com/) and released at the beginning of the 2004.

###########################################

======
2) Bug
======

Through a specific sequence of packets an attacker is able to crash the UT2004 server due to a NULL pointer exception.

###########################################

===========
3) The Code
===========

http://aluigi.org/poc/ut2004null.zip

###########################################

======
4) Fix
======

No fix

###########################################

---
Luigi Auriemma
http://aluigi.org
http://backup.aluigi.org
http://mirror.aluigi.org

Friday, July 25, 2008

Customer Satisfaction Surveys


I hate filling out customer satisfaction surveys. I have one from GoDaddy in my mailbox right now.

Yes, it's concerning the infamous "426 Connection closed. Transfer aborted" issue. If you're not familiar with this issue, Google "426 connection closed godaddy".

Without the quotes.

The first two hits should be me.

They think they have a handle on it now. They think "somebody" is filling up the disk drive on the server, crowding my crappy little Web pages out.

I missed most of the action. The Proxy List was all screwed up. Most of the seven pages in the 8PM run were truncated, but I didn't notice it until around 9:30.

After I noticed that I started watching the log monitor up for The Map. At about 10:30 it started to choke, so I called GoDaddy with my special incident number. It "fixed itself" during the call, so now I have this Customer Satisfaction Survey to fill out.

How do I know if I'm satisfied? I don't think it's over, and if past performance is any indication of future results it probably won't be. But now I have this Customer Satisfaction Survey to deal with.

I usually piss people off when I fill these things out. I haven't seen stellar Technical Support in a long time. I used deal with one nameless vendor whose support was horrible. After every ticket they would send me a Custom Satisfaction Survey that rated their service on a 1 to 5 scale: Very Low (1), Low (2), Average(3), High (4), and Very High (5).

Even though their Tech Support was horrid, I know from my dealings with other vendors that all Tech Support is horrid, so I rated them "Average" on every survey they sent me.

Inevitably, their Customer Satisfaction Representative (CSR) would call me and ask me why I rated them low. Every single time I had to point out to this person that I rated them Average and not Low. Smack dab in the middle of their scale. Not High, not Low. AVERAGE. Par for the course. Nothing special. Just like everyone else. But not "Low".

They hated this. And I hated arguing about it. I begged them to stop sending me the surveys, but they wouldn't.

In the end I just stopped calling them for Technical Support. That was about a year ago. Very few of the tickets were ever resolved and we still have the same problems, but they don't care about that, all they care about is Customer Satisfaction. They just don't get the part about the problems not being solved.

Seriously, if they wanted to be rated Low they could have just made it a one to four scale and left out "Average" completely. Then, when the CSR called to ask me why I rated them Low I could just say...

"Because you didn't have Average."

Sunday, July 20, 2008

Unannounced Maintenance 07/20/08


I took BOT House and everything else down at about 12:30PM EDT today, Sunday 7/20/08.

We were back up by 1PM.

Since things had been going not so well on the Proxy Project, I ordered a 4 Gig RAM upgrade to give the VM (Virtual Machine) running the Project a little more breathing room. But, silly me, I either FORGOT or DIDN'T KNOW IN THE FIRST PLACE that the motherboard would only use slightly less than ~3.5Gigs. I ended up pulling two 1Gig sticks out and putting the two original 512M sticks back in.

OK... so now I had two free 1Gig sticks and a UT99 server with only 1Gig of RAM... hmmm... what would you do?

Well, duh!

And considering my house eats power supplies like they're going out of style (I'm lucky if one lasts two years) and considering I haven't blown the spiders out of the BOT House box since the hard drive went south last Christmas, I just had to shut 'er down and get 'er done! BH was quiet and only GTO was playing on EXP /// so I pulled the plug and got my screwdriver and a fresh can of Dust Off out.

Back online 20 minutes later.

Since there is - hopefully - memory to burn I'm going to resurrect Classic 3 and BITCH House and see how it goes for a week or two.

Saturday, July 12, 2008

GoDaddy is KILLING me tonight (RANT)

After weeks of near flawless operation on The Map, the ftp problems with GoDaddy have resurfaced and they're spilling over into the Proxy Project.

It couldn't have happened at a worse time. I received this email earlier today:

Dear Sir

I was looking for information to build a better proxy list when I came across your website. The features you describe match the specifications of my soon-to-be-built project. Since there’s no point in re-inventing the wheel, I was wondering if you might be interested in selling your script/code?

Just in time to start looking like a complete idiot to a potential buyer. Of course, it's not for sale (well... everyone has a price... Show me the money!) but this is the last damn thing I need.

Right now, the list is relatively intact. Only page six was trashed. But for the past two hours I haven't been able to get the XML file for the UT map up to GoDaddy and I doubt if the next proxy list run will be as lucky as the last.

It must be something in the stars. I'm thinking Mercury must be retrograde, since it rules communications.

Yesterday when the wife (Pinky Dink) and I got home, the freaking telephone was screwed up (and still is). To top that off, it turns out our phone company apparently has an unlisted phone number.

WTF is up with that?

Before that I was thrown into a high drama with our "Web Team" (which really don't exist anymore, due to the re-org) over a yet another communications problem with our Web servers. The drama isn't over and it's a sure bet Monday is going to be a barn-burner.

Lucky for us Mercury moves fast.

I hope GoDaddy does the same.

Friday, July 11, 2008

Bahrain Bloodbath


I promised to move all the proxy news off to another page, and I did, but I have an update on the news I posted in June concerning the explosion in Bahrainian proxies.

A couple weeks after that post a second wave hit. At one point The List had no less than 17 pages and more than half were Bahrainian proxies. Pages and pages and pages of that annoying little red and white flag.

Part of the reason that happened in the first was that I was raiding Chinese proxy lists heavily for about four days, checking tens of thousands of address:port listings. I think it's safe to say China was the source of all those proxies in the first place (the usual, non-Chinese proxy lists never really caught up with them, and if they did they probably saved them for their "premium" customers).

As of today, they are all gone. GONE. The List is down to four pages, the shortest it's ever been. In fact I'm thinking of taking the number of proxies per page down just to get a higher page count (heh).

Infuckingcredible.

Considering I predicted it would happen in the first place, I'm not sure why I'm so surprised.

Plucky little Bahrain Telecomm finally got their shit together on this one.

Sunday, July 06, 2008

UT99 Player of the Month - bab00n_SpideR

Check out this guy (click for larger image)...


He came all the way from tiny little Mauritius in the Indian Ocean (way off the coast of Madagascar) just to play on EXP /// Saturday night!

That is too cool! Looks like a nice place.

I've always wanted to live on an island.

Gartner's Smoking Crack Again

As I have mentioned many times before, I monitor Google for a number of things using their Alerts service. One of my all-time favorites is "Gartner says" because our middle management types go ga-ga over anything Gartner has to say. To paraphrase their attitude:

"Gartner said it. I believe it. That settles it."
Lately Gartner's pronouncements have been dull. Predictions about market situations, etc. Not really our (my company's) niche. And I prefer to catch their generalizations.

And their contradictions! Here's the latest from their Left Hand Doesn't Know What the Right Hand is Doing Department:

The first article extolls the virtues of cloud computing (latest biznizz buzzword for "teh Internets") for small and medium sized enterprises (SMEs). Here's a 'cerpt:

Businesses with less than 1000 staff should consider replacing in-house e-mail servers with webmail to reduce the cost of providing e-mail for end users, analyst firm Gartner has advised.

Matthew Cain, research vice-president at Gartner, said companies with fewer than 1,000 seats would gain significantly from the webmail approach.

These free consumer-based services use the Internet "cloud" to host users' InBoxes, contact address books and calendars.

They usually provide gigabytes of online storage for InBoxes and usually allow users to send and receive e-mail via Outlook or another e-mail client using the POP (post office protocol) or from a simple web browser user interface.


You get the picture: Cloud Computing Good!

Then, in the next article they pull a flip-flop:

Cloud computing has “unique attributes that require risk assessment in areas such as data integrity, recovery and privacy, and an evaluation of legal issues in areas such as e-discovery, regulatory compliance and auditing,” Gartner says.

Mmmmm... okay... Cloud Computing BAD!

I think Gartner is telling the Little Guy to leave them alone and go play on the Internet. That's really not their market anyway. In my opinion, that's a real nutty thing to say. You can't depend on someone else to keep your data safe. You are asking for trouble. It's extremely irresponsible for Gartner to recommend that, but hey! they're Gartner, they can say anything!

Luckily, judging from the Google Alerts, the "Seven Deadly Sins" article is getting much more traffic. Let's hope the Little Guys see that article first.

Friday, July 04, 2008

Re-Org Synopsis

Last November we got our new Chief Security Officer (CSO). Previously we only had a Chief Information Security Officer (CISO), but they eliminated the position.

They eliminated the CISO position after the CISO was "laid off" because, had they kept it, they would have been forced to re-hire the CISO. Nobody wanted him back. He was a complete, total nutjob. He was very likely taking a number of prescription (and non-prescription) drugs and he probably had BPD (BiPolar Disorder). Towards the end he was feigning back problems so he could go on disability.

At the same time they booted the Chief Information Officer (CIO). Rumor has it there were harassment issues.

It was a very dysfunctional organization at that time.

Why hang around? Paycheck, insurance and other benefits, a crappy IT job market, debts to pay off, a kid to put through school - the same reasons everybody uses. Had I been twenty years younger I would have been more motivated.

And besides, it was so bad it could only get better.

It took three years for the re-org to happen. During that time, the Security Group languished. Our budget was stolen. Our role was reduced to giving security recommendations to people who didn't want to hear it and to take the blame afterwards when they didn't follow it (and to be accused of being a "bad communicator" when those people didn't listen).

What started out as elation for the coming New Order turned into Disillusionment over the Status Quo as Middle Management retrenched and started schmoozing the new CIO. It didn't get better, it got much worse.

Then came the re-org. Not only did we get a CSO, we had a new CTO (Chief Technology Officer). All departments were busted up. Some people went down. Some went out the door. Everyone got shuffled around. When the smoke cleared I was still in the Security Group and our headcount had gone from two people to nine people, including the CSO.

Some are happy to have been moved. Others are not. The "transition period" ends September 1st and so far we have had exactly two meetings as a "team".

And it's still me and my co-worker doing most of the work, as far as I can tell. The phrase that comes up most often is "the left hand doesn't know what the right hand is doing".

Since some of the people moved into our group aren't the most popular folks from the old regime (I am one of those, quite frankly) I suspect the Security Group is going to end up with four to six people, especially in light of rumors of the coming Budget Cuts and the Looming Depression.

So, the smoke may have cleared, but the dust hasn't settled yet.

We live in interesting times.

Stay tuned.