who needs social life when you have broadband?

This is a proof of concept of a DOS in misconfigured SSH daemons (which is default in some distros), an example is the OpenSSH (any version, any plataform) with no definition of MaxStartups in sshd_config, to read about problem, see my post on:

http://archive.netbsd.se/?ml=secureshell&a=2006-08&t=2257506
or
http://www.derkeiler.com/Mailing-Lists/securityfocus/Secure_Shell/2006-08/msg00030.html

Well, with this DOS, you can block any user to login on remote machine, a big problem for some admins which are isolated from machine =)

To use the PoC:

~# python poc.py –help

Screenshot

Download PoC: SSHD PoC

Requirements: Python 2.3+ / Linux or Windows

Yours,

- Perone

Hello, the screenshot says everything:

MSN Python BOT Download

To install:

~# apt-get install python-msn

~# ./mon.py or python mon.py

Enter your account and enjoy.
The source is a mess, but it’s just a PoC; the idea is to use this bot to show linux alerts.

Yours,

- Perone

Good morning everyone,

I’m releasing the first public version of the Magento/Joomla! integration using JFusion 1.0.5e. This plugin has been designed for work with Joomla! 1.5.2 and Magento 1.0. I hope you can help me testing and improving it.

I’ve set up a testing matrix with some test cases, you can access it through Google Docs and help me fill the “gray” boxes ;P.

To test, use the following instructions:
- Download JFusion 1.0.5e, install, configure and publish everything that should be published. (if you need help, read the docs at http://www.jfusion.org )
- Download my new plugin
- Remove the default Magento plugin (under “Integration Config”: select “magento” and remove)
- Click on “upload” under the “Integration Config” screen to upload the new version of magento.tar.gz, click on “Install” and smile.
- Go back to “Integration config”, edit the new “magento” plugin according to your STORE configuration.
- Test and give some feedback: bigodines #at@ joomla.com.br

please help me fill the test matrix!!

Cheers
-bigodines

This morning I managed to authenticate against magento’s database (using salted and non-salted passwords). So, the testable version of the plugin is ready. I have found a small bug during the re-login (after logout) which I still didn’t find a generic workaround.

People whiling to test, please contact me. (I need TECHNICAL testers that can setup everything and track [eventual] errors without assistance). Just drop a comment or mail me: bigodines #at# joomla.com.br

-bigo

Hello guys!

I have some news for all those wanting Magento 1.0 and Joomla! 1.5.2 integration. I started working on it today.

I manage to hijack the magento session, the only missing part is to automatically identify the authentication method and generate the hash to authenticate against magento’s database (if you missed the new feature: magento now allows SHA1 and MD5). Then I’ll pack a new version of Magento plugin for JFusion so you can use it with our favorite Joomla! extension

Now, the bad news (which aren’t THAT bad). We are rewriting most of JFusion’s framework, and old plugins should stop working. That said, I’m not sure if its worth to create a Magento 1.0 plugin for the current version of JFusion (1.0.5) or if it is best to wait for the next version :). I’m going to talk to Marius tomorrow about this to see when he plans to release the next version of JFusion.

Oh, and I will need people to test in different environments. I hope I can count on you to help me (I will provide a Test-Matrix so we avoid redundant testing :P).

Gotta take some rest now. Stay tunned (I recommend you to subscribe to the RSS as I haven’t been able to update this blog very often lately…).

-bigo

Yay! Have you seen the announcement at Joomla.org about Google Summer of Code? Well, as I cannot participate as a student (not a student anymore ) I think I will help as a mentor. If you have a nice idea for a killer feature in Joomla!, want to earn some money (US$ 4.500,00 to be precise) and would like to be involved in a great open source project, this is your chance!

Tell us about your project and let’s have some fun

I’m very happy with opensource lately. I’m enjoying the feedback received with BigoCaptcha and I discovered that hacking JFusion is fun!

Marius has just released a new version of JFusion which adds two new [and exciting] features: user synchronization between external apps and joomla and a plugin installation (by bigo :P) whichi will allow people to install new plugins without need to hack the code. I hope this helps JFusion to gain even more popularity among devs.

I’m glad Marius decided to add my Magento plugin in the default package (although I know it probably won’t work with the latest version of magento).

Now, while I wait for my UK visa, I’ll work on a new Magento plugin for JFusion and help Marius and the other devs hunting some bugs before JFusion goes stable

hello guys!

this morning I’ve uploaded the first preview version of my personal site. This is something I did just to play with ZendFramework, YUI and jQuery togheter (it’s slow and buggy, but I like it and I hope you like my idea as well).

Check http://www.bigodines.com/zf/ (I haven’t tested with IE yet…). And try to navigate inside the directories and explore some commands. There are only two files availble, both are inside “projects/zf/” and are just a PoC to show it works.

I’m working on a better admin area now and then I’ll add content e more commands (and webservice access).

comments are always welcome!

-bigo

I gave up moving to Canada. It is just too complicated to find an employer there and it takes too long to get a visa with work permit without it. So I decided to move to the lovely London to work on my English and try to find some part-time/contract jobs to improve my technical skills as well. If everything goes wrong, I can work as cleaner, as most of the brazilians do :(.

The visa should arrive by the end of march and I’m very excited about moving to a new place. If we have any visitors from London, drop me a line so we can meet for drinks and nerdy talking.