If you are installing Windows Driver Kit (WDK) from Microsoft and you choose to install the Device Simulation Framework (DSF) for USB and such devices, then you need to have the DCOM Server Process Launcher service running otherwise you get errors as cryptic as:
Unexpected Installation Error. Error in installing.
I wish there was more information that could be given in the error. Since I figured this out with only trial and error, I thought I’ll post the solution to this error.

A moratorium for 3 months on the blogspot. The things have changed dramatically when it comes to the life. A lot has happened in my life since the time I left Los Angeles, CA to come to New York, NY. The two of the biggest cities of not only the USA but in the world as well.
First things first…got a job for Ernst & Young’s Advanced Security Center and so like most of the people who work in New York I live in Jersey City, NJ and travel to work. The travel is not too bad as it takes about 45 mins door-to-door. Also, by living in New Jersey instead of 5 boroughs (New Yorkers call the collection of 5 islands of Manhattan, Queens, Brooklyn, Bronx, Statten Island as the 5 boroughs) one saves the 4% annual New York city tax.
Now for the topic of this blog which is “Moving”…which is probably the most troublesome experience that people have. It wasn’t too good for me either but it could have been worse if it were not for the help of some good friends. People say that you realize the truthfulness of your friends during the time of adversity. It was exactly what I found. Whereas some people came to the fore to help me in all the ways they could, some stayed at the bay (and in some cases … making sure that the buoy of my life was in doldrums). Well…having said that life is but a bunch of grapes … some sweet and some sour (this is something I heard in the Hindi Movie “Khatta Meetha”)!
Finding apartments in the New York area can be a harrowing experience, especially if you are hard strung on budget. That was exactly what I found. The best places to look for are New Jersey Craigslist and New York Craigslist. Other places are Rent.com and Apartments.com but I did not find them much useful. I found that New York had some really good places to rent even with a tight budget. All these places were in Queens (Rego Park, Forest Hills). The good part was one could get a 2BR for $1450+ in these places. These places were not too far from the Subway stations and had a travel of 40-45 mins to Manhattan and 1 hr to Long Island (using Long Island Rail Road aka LIRR).
Jersey City in NJ is also a very good bet. But there are some places in Jersey City that are posh as hell but you have to pay the price for the class. Exchange place and Pavonia/Newport are examples of these places (with prices around $1700 for 1 BR) . Grove street is also a place which is somewhere in between the posh and the not-at-all posh. Even though the prices in Exchange place and Newport are really high but the class is well worth the money. Especially when you consider that getting a similar type of apartment in Manhattan will cost at least twice or may be thrice as much. Another avenue for exploration is Hoboken, NJ. Hoboken was personally my favorite place to look for an apartment because it is a place with a vibrancy associated with it. Almost looks like a European city bustling with restaurants and youth on the streets! It is also not too far from New York. However just like Pavonia/Newport & Exchange Place this fun doesn’t come cheap! The apartment costs are similar. The difference between Newport – Exchange Place & Hoboken is that the construction in Hoboken is older and you need a realtor for getting an apartment more than you need in former. Realtors have standard 1 month rent as the fee as their service charges.
In case you are wondering what a realtor is – a realtor is a person who searches for an apartment for you that fits within your budget and choice. But when it comes to realtors one must be wary of them because they can sometimes be a dangerous bet to pick!
West coast was much easier to find apartments in from my experience but it could be because I was looking for apartments in a University area which is probably easier.

-Rajat
http://rajatswarup.blogspot.com/

Having been in application security for more than 2 decades now and officially completing my 18th year now of being meaningfully employed in that space there is just a lot of crud that I have gathered in my brain. Most of that is history of how things came about to be. That stuff is likely not interesting to most but I find it intriguing as to how some seemingly minor decisions of one software vendor can have massive impact to the web application security industry.

Oh the dreaded IE…
Internet Explorer 4, 5 and 6 that started in the Windows XP days (or even earlier, can’t recall) had a setting – the cookie jar was not shared – i.e., if you opened a new window to a site, you would have to log in again unless you used “Ctrl+N” key to open a new window from an existing session. Each new process would have its own cookie jar. For the uninitiated, the “cookie jar” is the internal browser storage of cookies. Cookies are random looking strings that indicate a “trust token” that a web server places in the browser. Since HTTP is a connectionless protocol, this cookie is what preserves the “state” and this is exactly what authorization decisions in HTTP context are typically based on. These cookies are stored in a web browser data storage called cookie jar where each cookie gets stored with the name, value, domain, path (and today, there are few other attributes but that wasn’t the case back in 2004-2005). The browser gets all these parameters from the HTTP response header Set-Cookie. Microsoft, the vendor for Internet Explorer, made a decision that each new window of IE should have its own set of stored cookies that were not shared. Mozilla Firefox and Google Chrome always had a shared cookie jar if I recall correctly.

Along came a Cross-Site Request Forgery (CSRF)…

Jesse Burns from iSecPartners (an NYC-based security consultancy that was acquired by NCC group) back then wrote a paper which I think was the seminal paper on Cross-Site Request Forgery. They called it “XSRF” back then because “XSS” was already in parlance back-then. Thereafter, there were presentations in 2006 about the same by Microsoft. The whole attack was simple. The victim has a browser tab open in which they are logged into a site that has issued that session a cookie value. Due to the browser same-origin policy (a concept that Netscape designed in 1995) that cookie would be resent by the browser in the request as a Cookie HTTP request header whenever an HTTP request was sent to the same domain, protocol (“scheme”) and port. There were few idiosyncracies of IE (which made it infamous back then) such as if the port number did not match IE did not complain and would think that access was allowed per the Same-Origin Policy (SOP). What does that mean? http://example.com and http://example.com:81 would be treated as the same origin! Weird right? It wasn’t the case with other browsers. This was also documented in Michal Zalewski’s book Tangled Web in 2011. Where am I going with this? So while IE did some weird things, it did one good thing – isolate cookie jars. So if you opened up a new window where the attacker ran a payload that sent a request to the site which had handed you a cookie, the new IE window would have no interesting cookies to share with that site – inadvertently protecting the user from being a victim to a CSRF issue. Yes, the hated IE protected the users from being victim to CSRF! Who would have thought? That’s how weird 2005 was 🙂

Fast forward…

Since all browser vendor today have concept of shared cookie jars because who doesn’t like opening new tabs of their favorite cloud consoles without having to re-login right? So what did we the people do? We came up with another attribute that could be added to a Set-Cookie HTTP response header – SameSite attribute which restricted the cookie from being sent unless the request originated from a page on the same site as the cookie issuer.

So there you have it… the history of SameSite and how one of the most hated browsers of the day (IE) did one good thing for users – protect them from CSRF! 🙂

So I decided to use WPA2 Personal with AES+TKIP on my new Linksys WRT54GL router after my old D-Link router died. However, there were some issues in getting it to work on Kubuntu 6.10 Edgy Eft with my Intel Wireless IPW3945abg.
So I decided to put my /etc/network/interfaces and the /etc/wpa_supplicant.conf files up here for reference:
Suppose BLAH is my ESSID name. The psk value is an altered value for elucidation purposes only:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=2
fast_reauth=1

# WPA-PSK
network={
ssid="BLAH"
proto=WPA RSN
key_mgmt=WPA-PSK
pairwise=TKIP
group=TKIP
psk=aaaa3fa7bbbbccccf6d44e199ecb2bebccccad25a0778beeee104db0b3fffff7
}

The value of the PSK command was obtained by using the value associated with the prefix “psk=…” after issuing the following command:

# wpa_passphrase BLAH passphrase
network={
       ssid="BLAH"
       #psk="passphrase"
       psk=aaaa3fa7bbbbccccf6d44e199ecb2bebccccad25a0778beeee104db0b3fffff7
}

The /etc/network/interfaces looked like this:

auto lo
iface lo inet loopback

auto eth1
iface eth1 inet dhcp
wpa-conf managed
wpa-driver wext
wpa-ssid BLAH
wpa-ap-scan 2
wpa-proto RSN
wpa-pairwise TKIP
wpa-group TKIP
wpa-key-mgmt WPA-PSK
wpa-psk aaaa3fa7bbbbccccf6d44e199ecb2bebccccad25a0778beeee104db0b3fffff7
pre-up wpa_supplicant -Bw -Dwext -i eth1 -c/etc/wpa_supplicant.conf
post-down killall -q wpa_supplicant

Once I was done with this configuration all I had to do was, issue the following command to get wireless working with WPA2 and TKIP:

# /etc/init.d/networking restart

It’s a brand new day with no novelty! Back to the lab today trying to now get access to the packet data to calculate the hash values. I suspect that inside netfilter’s sk_buff structure there’s an unsigned char* data field. This probably is exactly what I need to get the hash values. There’s this awesome link which has great information about sk_buff structure. The unsigned int len; has the size of the complete input data including the headers. I guess if this len value == size of the actual data for the IP header (which could be TCP header / UDP header / ICMP header) then if we are using chunks of this data to find hashes then the following algorithm could be used:

no_of_chunks = len / BYTE_SIZE_FOR_SIGN;

for (int i = 0; i < no_of_chunks; i++)
{
  storeInTable(hashRabin(data,i*BYTE_SIZE_FOR_SIGN,
               (i+1)*BYTE_SIZE_FOR_SIGN - 1 ,0));
}
storeInTable(
hashRabin(data,no_of_chunks*BYTE_SIZE_FOR_SIGN,
        no_of_chunks*BYTE_SIZE_FOR_SIGN+addendum, 0)
);

This are my initial thoughts let’s see how it works out!

-Rajat.
Rajat’s Homepage

I installed KUbuntu “Breezy Badger” on my new Laptop (Dell Inspiron 700m) but none of my java based tools seemed to be working.

The errors I was getting were as follows:

** ERROR **: file ../../../src/libjava/jni/gtk-peer/gnu_java_awt_peer_gtk_GtkImage.c: line 572 (createRawData): assertion failed: (data_fid != 0)

aborting…

The trick is to use the Sun JVM and not the gcj (GNU Java Compiler). Apparently in Debian threads (on which KUbuntu is based) has this error in gcj-4.0. They promise that it will be fixed in version gcj-4.1 (which comes with gcc-4.1).

So follow these steps to get burp / paros etc working:
1. Goto java.sun.com and install the latest jvm for linux. Choose an appropriate location, mine was installed on /opt/jdk1.5.0_06/.
2. rm /usr/bin/java /usr/bin/javac /usr/bin/javah. (you remove symbolic links in /usr/bin which point the version of java to /etc/alternatives).
3. Create new symbolic links

# cd /usr/bin
# ln -s /opt/jdk1.5.0_06/bin/javac javac
# ln -s /opt/jdk1.5.0_06/bin/javah javah
# ln -s /opt/jdk1.5.0_06/bin/java java

Now you should be good to go!

-Rajat.

If you are a South Indian, have a long name, use lotus notes and want to send encrypted e-mail using Internet Certificates…you may just be out of luck! Why?
Lotus Notes 6 does not support importing of PKCS#12 (.pfx) certificates which have the CN (Customer name), OU (Organization unit), O (Organization), CA (Certificatio Authority) fields together more than 255 characters. Many of my south Indian friends in fact have names that are 40 characters themselves! Alongwith the O, OU and the CA taken together this could easily exceed more than 255 characters. On encountering such a situation, Lotus Notes also gives a friendly error message which my friends may not find quite amusing at that point “Name too long”. Once you encounter this error, you cannot proceed with the import. To work around this see if you can reduce the characters in OU and O fields because your e-mail ID has to match the one in Lotus.
I also found a useless response from IBM to get rid of this problem. Their response was pretty much “learn to deal with it! we won’t correct our stupid software”.
Justin’s written a pretty useful how to on importing S/MIME certificates into Lotus notes.