Hakin9 (7/2010) : Securing the Cloud

# Prey: A New Hope
# An introduction to Reverse Engineering: Flash, .NET
# Web Malware – Part 1
# Cyber warfare with DNSbotnets
# Search Engine Security and Privacy
# Securing the Cloud: Is it a Paradigm Shift in Information Security?
# Radio Frequency-enabled Identity Theft
# Intelligence Monopolies
# Capturing the New Frontier: How To Unlock the Power of Cloud Computing

As3 Crypto is a cryptography library written in Actionscript 3 that provides several common algorithms. This version also introduces a TLS engine (TLS is commonly known as SSL.)

* Protocols: TLS 1.0 support (partial)
* Certificates: X.509 Certificate parsing and validation, built-in Root CAs.
* Public Key Encryption: RSA (encrypt/decrypt, sign/verify)
* Secret Key Encryption: AES, DES, 3DES, BlowFish, XTEA, RC4
* Confidentiality Modes: ECB, CBC, CFB, CFB8, OFB, CTR
* Hashing Algorithms: MD2, MD5, SHA-1, SHA-224, SHA-256
* Paddings available: PKCS#5, PKCS#1 type 1 and 2
* Other Useful Stuff: HMAC, Random, TLS-PRF, some ASN-1/DER parsing

Do you have trouble remembering phone numbers, PINs, social insurance numbers, etc.? 010 Memorizer is a program designed to help you easily remember numbers. The basic idea is that it is easier to remember vivid images, like orange juice gushing out of a geyser, then a number like 39174306. Using 010 Memorizer, you can convert a number into a word or phrase that forms an image in your mind. The conversion between numbers and words is done by phonetics: certain consonant sounds represent certain numbers and vowels act as fillers. 010 Memorizer helps you with this conversion by listing all words that can be used to memorize a number, and you just have to pick a word or phrase that you find easy to remember

The Ham Intelligent Calculator, also called Hamic, is a program designed to simplify a number of calculations commonly used by Hams. It is designed for the Ham radio hobbyist, but may be useful to others as well. Hamic has a simple to use, but powerful graphical interface that allows solving simple circuits such as resistors in series or parallel, or more complex circuits such as L networks or T networks. As well, other calculations such as SWR, reactance, resonant frequency, inductance of an air core coil, and antenna impedance are supported. One of the more powerful features of Hamic is to solve for almost any unknown variable in a circuit; Hamic can even solve L networks without having to use Smith charts. Also, Hamic can easily convert between a number of different units. Once you have finished your work, your calculations can be saved to a worksheet and retrieved later. People interested in working with circuits or antennas should check this program out!

010 Editor is a professional-grade text editor and hex editor designed to quickly and easily edit any file or drive on your computer. Combining an easy-to-use interface with a whole range of editing tools, 010 Editor is a valuable tool for anyone working with text or binary files.

* View and edit any binary file on your hard drive (unlimited file size) and text files including Unicode files, C/C++ source code, etc.

* Unique Binary Templates technology allows you to understand any binary file format.

* Find and fix problems with hard drives, floppy drives, memory keys, flash drives, CD-ROMs, processes, etc.

* Analyze and edit binary data with powerful tools including Find, Replace, Find in Files, Binary Comparisons, Checksum/Hash Algorithms, Histograms, etc.

* Powerful scripting engine allows automation of many tasks (language is very similar to C).

* Import and export your binary data in a number of different formats.

BPM Counter is a simple Windows program to calculate beats rate for certain musical track also known as BPM (beats per minute). There are many free BPM counters implementation over the Web, I also created my one, hope you will enjoy it.

The idea is very simple. Start track, you want to calculate BPM. Then beginning at the first beat, click left mouse button on each beat. For example one-two-three-four, one-two-three-four, etc. Program automatically starts BPM calculation once you move mouse over clickable region (see picture below), and start clicking. As alternative variant you can use keyboard - SPACE or ENTER keys work the same way as a left mouse button.

To stop BPM calculation press toolbar "Reset" button or simply do nothing for 2-3 sec, and program will automatically stop and log last result into a history window. Also each 15 seconds application writes current BPM, time and beats information to the history window as well.

MeadCo's Neptune is a 100% Netscape-compatible plug-in which hosts Microsoft's WebBrowser control. It will work when embedded in documents rendered by WebKit-based browsers such as Safari for Windows 3.0 and Google Chrome, Opera 4.0 – 10.x and any Gecko-based browser such as Firefox and Mozilla, running on any Windows platform with Microsoft's underlying web componentry integrated. Windows 2000 / Windows NT 4.0 with Internet Explorer 4.0 core install is the minimum requirement.

Demonstrates ComDiag.cs usage. ComDiag provides services to investigate certain COM object at runtime. Idea was taken from OLE/COM Object Viewer tool and Andrew Nosenko's unmanaged DumpQIQS C++ tool dumping registered interfaces/services supported by certain COM object. Learning .NET interop, I created managed version of this tool.

Sometime is very useful to have control implementation source code at hand. This article describe how to retrieve it. One of possible solutions is to see the source code under Flex Builder debugger.

Let's look at mx_debug.swc file (in my case the path is "C:\Program Files\Macromedia\Flex\lib\frameworks_debug\mx_debug.swc"). SWC is Flash component file, seems like internally it is plain ZIP archive (starts with magic PK and understandable by ZIP extractors). After unzipping mx_debug.swc content we will find "Library.swd" file inside. SWD files are debugging files containing necessary code information. Probably (?) Flex Builder debugger uses this information to provide control source code during debugging process.

XPanel allows to trace Flex/Flash applications interactively, with better performance and control. It provides API familiar to J2EE developers and allows to add tracing to the application transparently.

Here you can learn all about Flex Compiler Command-Line Options...

During development sometime it's necessary to generate text files dynamically. This can be source code, HTML files, CSS, XML, properties files or some configuration, etc. Common thing for all these files is that it's text file, usually with default encoding say UTF-8 and requires only in one or to places to be inserted dynamically, depending on environment or deployment box.

Welcome to Flexoland. First of all I am not evangelist or big "fan" of ActionScript/Flex, althought it implements interesting ideas. My fields of interest are C++/C# Win32/WinFX system/IE/application development, sometime with interruptions for Java and misc scripting. I'd be interested in robot-building, AI systems, high performance servers but this is out of scope of real work now. Latest RIA projects I was involved in were based on Ajax/Flex platforms. This page is place for strange and interesting things found in this environment (Flex 1.5/2/3, ActionScript 2/3).

The FlexLib project is a community effort to create open source user interface components for Adobe Flex 2, 3 and 4.

Current components: AdvancedForm, Base64Image, EnhancedButtonSkin, CanvasButton, ConvertibleTreeList, Draggable Slider, Fire, Highlighter, HorizontalAxisDataSelector IconLoader, ImageMap, PromptingTextArea, PromptingTextInput, Scrollable Menu Controls, SuperTabNavigator, Alternative Scrolling Canvases, Horizontal Accordion, TreeGrid, FlowBox, Docking ToolBar, Flex Scheduling Framework

The FlexLib project is a community effort to create open source user interface components for Adobe Flex 2, 3 and 4.

Current components: AdvancedForm, Base64Image, EnhancedButtonSkin, CanvasButton, ConvertibleTreeList, Draggable Slider, Fire, Highlighter, HorizontalAxisDataSelector IconLoader, ImageMap, PromptingTextArea, PromptingTextInput, Scrollable Menu Controls, SuperTabNavigator, Alternative Scrolling Canvases, Horizontal Accordion, TreeGrid, FlowBox, Docking ToolBar, Flex Scheduling Framework

There will always be a place for relational databases, but non-relational solutions are proving to be fast, flexible, and scalable for many tasks.

A cross-domain policy file is an XML document that grants a web client—such as Adobe Flash Player, Adobe Reader, etc.—permission to handle data across multiple domains. When a client hosts content from a particular source domain and that content makes requests directed towards a domain other than its own, the remote domain would need to host a cross-domain policy file that grants access to the source domain, allowing the client to continue with the transaction. Policy files grant read access to data, permit a client to include custom headers in cross-domain requests, and are also used with sockets to grant permissions for socket-based connections.

The Real-Time Messaging Protocol (RTMP) was designed for high-performance transmission of audio, video, and data between Adobe Flash Platform technologies, including Adobe Flash Player and Adobe AIR. RTMP is now available as an open specification to create products and technology that enable delivery of video, audio, and data in the open AMF, SWF, FLV, and F4V formats compatible with Adobe Flash Player.

Action Message Format (AMF) is a compact binary format that is used to serialize ActionScript object graphs. Once serialized an AMF encoded object graph may be used to persist and retrieve the public state of an application across sessions or allow two endpoints to communicate through the exchange of strongly typed data.

Action Message Format (AMF) is a compact binary format that is used to serialize ActionScript object graphs. Once serialized an AMF encoded object graph may be used to persist and retrieve the public state of an application across sessions or allow two endpoints to communicate through the exchange of strongly typed data.