Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

May 29, 2018

Balisage Late-Breaking News Deadline – 6 July 2018 – Attract/Spot a Fed!

Filed under: Conferences,XML,XML Schema,XPath,XQuery,XSLT — Patrick Durusau @ 7:10 pm

Balisage 2018 Call for Late-breaking News

From the post:


Proposals for late-breaking slots must be received at info@balisage.net by July 6, 2018. Selection of late-breaking proposals will be made by the Balisage conference committee, instead of being made in the course of the regular peer-review process. (emphasis in original)

The Def Con conference attendees play spot the fed.

But spot the fed requires some feds in order to play.

Feds show up at hacker conferences. For content or the company of people with poor personal hygiene.

Let’s assume it’s the content.

What content for a markup paper will attract undercover federal agents?

Success means playing spot the fed at Balisage 2018.

Topics anyone?

May 23, 2018

Balisage 2018 Program!

Filed under: Conferences,XML,XPath,XQuery,XSLT — Patrick Durusau @ 12:40 pm

The Balisage 2018 program has hit the Web!

Among the goodies on the agenda:

  • Implementing and using concurrent document structures
  • White-hat web crawling: Industrial strength web crawling for serious content acquisition
  • Easing the road to declarative programming in XSLT for imperative programmers
  • Fractal information is
  • Scaling XML using a Beowulf cluster

That’s a random sampling from the talk already scheduled!

Even more intriguing are the open spots left for “late-breaking” news.

Perhaps you have some “late-breaking” XML related news to share?

I haven’t seen the 2018 Call for Late-Breaking papers but if the 2017 Call for Late-Breaking papers is any guide, time is running out!

Enjoy!

May 22, 2018

PubMed retractions report (New Home!)

Filed under: Bioinformatics,Biomedical,PubMed — Patrick Durusau @ 8:45 pm

PubMed retractions report by Neil Saunders

If you need encouragement to read publications that appear in PubMed carefully, the PubMed retractions report will provide it.

You should read your own drafts carefully, if for no other reason than to avoid appearing in this report.

This is a great service and kudos to Neil Saunders for providing it.

ACLU Flyer for Amazon’s Rekognition

Filed under: Government,Privacy — Patrick Durusau @ 7:22 pm

Did you see the ACLU flyer for Amazon’s Rekognition program?

If there was a police department in the United States that was unaware of Rekognition, that is no longer the case. Way to go ACLU!

Part of the ACLU flyer reads as follows:

Marketing materials and documents obtained by ACLU affiliates in three states reveal a product that can be readily used to violate civil liberties and civil rights. Powered by artificial intelligence, Rekognition can identify, track, and analyze people in real time and recognize up to 100 people in a single image. It can quickly scan information it collects against databases featuring tens of millions of faces, according to Amazon.

Amazon is marketing Rekognition for government surveillance. According to its marketing materials, it views deployment by law enforcement agencies as a “common use case” for this technology. Among other features, the company’s materials describe “person tracking” as an “easy and accurate” way to investigate and monitor people. Amazon says Rekognition can be used to identify “people of interest” raising the possibility that those labeled suspicious by governments — such as undocumented immigrants or Black activists — will be seen as fair game for Rekognition surveillance. It also says Rekognition can monitor “all faces in group photos, crowded events, and public places such as airports” — at a time when Americans are joining public protests at unprecedented levels.

Amazon’s Rekognition raises profound civil liberties and civil rights concerns. Today, the ACLU and a coalition of civil rights organizations demanded that Amazon stop allowing governments to use Rekognition.

My first impression was this is yet another fund raising effort by the ACLU. That impression grew stronger when I saw:

right under the “…demanded that Amazon stop allowing governments to use Rekognition.”

That takes you to:

ACLU address and permission harvesting!

The ACLU’s faux concern about Rekognition obtains your contact data and permission to contact.

Why do I say “faux concern?” Petitioning a vendor to withdraw a product offered by others. Name five similar campaigns that were successful. Name three. Still nothing? How about one?

I’ve got nothing, how about you?

On the other hand, despite surveillance of US citizens being illegal, the NSA engaged in, concealed and continued that surveillance. Explosive Revelation of Obama Administration Illegal Surveillance of Americans (National Review), NSA surveillance exposed (CBS News), NSA Surveillance (ACLU).

Based on experience with the NSA and others, would you guess that ACLU address and permission harvesting is going to be less than effective at stopping Rekognition? The only possible success of this ACLU effort will be a larger solicitation list for the ACLU. Not what I’m interested in signing up for. You?

Options from defeating facial recognition software range from the purely physical to tricking the underlying software. A bit old (2016) but 6 Ways to Defeat Facial Recognition Cameras has some amusing ways to defeat facial recognition software, but most of them tag you as avoiding facial recognition. Unless and until avoiding facial recognition becomes commonplace, obvious avoidance isn’t the best plan.

More recent and promising efforts include Google researchers create universal adversarial image patches to defeat AI object recognition (2018), an effort to hijack an AI system’s attention. That’s only one of many efforts to defeat facial/image recognition software.

Bottom line: Amazon is going to successfully market its Rekognition software, especially with name recognition assistance from the ACLU.

Forfeiting your contact data and permission to the ACLU accomplishes exactly that, gives the ACLU your contact data and permission to contact.

Using, developing, and promoting technology to defeat facial recognition software without permission or agreement is our only hope.

May 21, 2018

Cyber Bullies and Script Kiddie Hacking

Filed under: Cybersecurity,Hacking — Patrick Durusau @ 4:55 pm

I saw a tweet about: AutoSQLi, the new way script-kiddies hack websites saying:

Oh joy, a new tool for script kiddies

With all the initiatives to address cyber-bullying do you find it strange that no one speaks up for “script kiddies?” (It’s not a term of endearment.)

Learning a new skill, whether SQL injection, phishing, making biscuits or hand loading ammunition, you follow detailed instructions of others. A “script,” “recipe,” etc.

We have been at the “script kiddie” level for one or more skills in our lives.

What do we gain by trashing tools that introduce new skills and hopefully capture the interest of new users?

Nothing. Shaming tools or users is an attempt to gain status by downgrading others.

It doesn’t work for me.

Does it work for you?

Contrived Russian Facebook Ad Data

Filed under: Data Preservation,Data Quality,Data Science,Facebook,Politics — Patrick Durusau @ 2:16 pm

When I first read about: Facebook Ads: Exposing Russia’s Effort to Sow Discord Online: The Internet Research Agency and Advertisements, a release of alleged Facebook ads, by Democrats of the House Permanent Select Committee on Intelligence, I should have just ignored it.

But any number of people whose opinions I respect, seem deadly certain that Facebook ads, purchased by Russians, had a tipping impact on the 2016 presidential election. At least I should look at the purported evidence offered by House Democrats. The reporting I have seen on the release indicates at best skimming of the data, if it is read at all.

It wasn’t until I started noticing oddities in a sample of the data that I cleaned that the full import of:

Redactions Completed at the Direction of Ranking Member of the US House Permanent Select Committee on Intelligence

That statement appears in every PDF file. Moreover, if you check the properties of any of the PDF files, you will find a creation date in May of 2018.

I had been wondering why Facebook would deliver ad data to Congress as PDF files. Just seemed odd, something nagging in the back of my mind. Terribly inefficient way to deliver ad data.

The “redaction” notice and creation dates make it clear that the so-called Facebook ad PDFs, are wholly creations of the House Permanent Select Committee on Intelligence, and not Facebook.

I bring that break in the data chain because without knowing the content of the original data from Facebook, there is no basis for evaluating the accuracy of the data being delivered by Congressional Democrats. It may or may not bear any resemblance to the data from Facebook.

Rather than a blow against whoever the Democrats think is responsible, this is a teaching moment about the provenance of data. If there is a gap, such as the one here, the only criteria for judging the data is do you like the results? If so, it’s good data, if not, then it’s bad data.

Why so-called media watch-dogs on “fake news” and mis-information missed such an elementary point isn’t clear. Perhaps you should ask them.

While cleaning the data for October of 2016, my suspicions were re-enforced by the following:

Doesn’t it strike you as odd that both the exclusion targets and ad targets are the same? Granting it’s only seven instances in this one data sample of 135 ads, but that’s enough for me to worry about the process of producing the files in question.

If you decide to invest any time in this artifice of congressional Democrats, study the distribution of the so-called ads. I find it less than credible that August of 2017 had one ad placed by (drum roll), the Russians! FYI, July 2017 had only seven.

Being convinced the Facebook ad files from Congress are contrived representations with some unknown relationship to Facebook data, I abandoned the idea of producing a clean data set.

Resources:

PDFs produced by Congress, relationship to Facebook data unknown.

Cleaned July, 2015 data set by Patrick Durusau.

Text of all the Facebook ads (uncleaned), September 2015 – August 2017 (missing June – 2017) by Patrick Durusau. (1.2 MB vs. their 8 GB.)

Seriously pursuit of any theory of ads influencing the 2016 presidential election, has the following minimal data requirements:

  1. All the Facebook content posted for the relevant time period.
  2. Identification of paid ads and by what group, organization, government they were placed.

Assuming that data is available, similarity measures of paid versus user content and measures of exposure should be undertaken.

Notice that none of the foregoing “prove” influence on an election. Those are all preparatory steps towards testing theories of influence and on who, to what extent?

May 17, 2018

Xidel – HTML/XML/JSON data extraction tool

Filed under: Web Scraping,XQuery — Patrick Durusau @ 7:12 pm

Xidel – HTML/XML/JSON data extraction tool

From the webpage:


Features

It supports:

  • Extract expressions:
    • CSS 3 Selectors: to extract simple elements
    • XPath 3.0: to extract values and calculate things with them
    • XQuery 3.0: to create new documents from the extracted values
    • JSONiq: to work with JSON apis
    • Templates: to extract several expressions in an easy way using a annotated version of the page for pattern-matching
    • XPath 2.0/XQuery 1.0: compatibility mode for the old XPath/XQuery version
  • Following:
    • HTTP Codes: Redirections like 30x are automatically followed, while keeping things like cookies
    • Links: It can follow all links on a page as well as some extracted values
    • Forms: It can fill in arbitrary data and submit the form
  • Output formats:
    • Adhoc: just prints the data in a human readable format
    • XML: encodes the data as XML
    • HTML: encodes the data as HTML
    • JSON: encodes the data as JSON
    • bash/cmd: exports the data as shell variables
  • Connections: HTTP / HTTPS as well as local files or stdin
  • Systems: Windows (using wininet), Linux (using synapse+openssl), Mac (synapse)

Xidel is a very good excuse to practice your XML (XPath/XQuery) on a daily basis!

Not to mention being an interchangeable way to share web scraping scripts for websites.

Enjoy!

May 13, 2018

When Sed Appears To Lie (It’s Not Lying)

Filed under: Data Mining — Patrick Durusau @ 7:34 pm

I prefer Unix tools, bash scripts and sed in particular, for mining text files.

But most of my sed scripts are ad hoc and ran at the command line. But I needed to convert text extracted from PDF (gs) for import into a spreadsheet.

I had 21 invocations of sed that started with:

sed -i 's/Ad\ ID\ //' $f

All the other scripts up to that point had run flawlessly so I was unprepared for:

sed: -e expression #1, char 73: unterminated `s' command

I love command line tools but error messages are not their strong point.

Disclosure: Yes, yes I did have an error in one of the sed regexes, but it was on line #15, not #1.

Ok, ok, laugh it up. The error message was correct because each line counts as a separate “expression #1.”

I did find the error but only by testing each regex.

Sed scripting tip: In a series of sed invocations, each invocation is “expression #1.”

Hope that saves you from looking for exotic problems with your sed distribution, interaction with your shell escapes, etc. (Yeah, all that and more.)

May 10, 2018

Spot the Fed (Home Edition)

Filed under: Face Detection,Image Recognition — Patrick Durusau @ 4:18 pm

I won’t ever play Spot the Fed at a Def Con conference, but OpenFace enables you to play “Spot the Fed” at home!

From the post:

OpenFace is a Python and Torch implementation of face recognition with deep neural networks and is based on the CVPR 2015 paper FaceNet: A Unified Embedding for Face Recognition and Clustering by Florian Schroff, Dmitry Kalenichenko, and James Philbin at Google. Torch allows the network to be executed on a CPU or with CUDA. OpenFace is the improved neural network training techniques that causes an accuracy improvement from 76.1% to 92.9%.

This research was supported by the National Science Foundation (NSF) under grant number CNS-1518865. Additional support was provided by the Intel Corporation, Google, Vodafone, NVIDIA, and the Conklin Kistler family fund. Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and should not be attributed to their employers or funding sources.

Wireless surveillance cameras are as little as $40.00 plus shipping. Oddly the default color appears to be white but black spray paint can fix that design defect.

Get legal advice on the potential legal risks of pointing your surveillance camera outside of your property boundaries.

If you spot a suspected Fed lurking, Sound the Alarm!

May 9, 2018

Increasing Your Security (As Opposed to Thinking You Are Secure)

Filed under: Cybersecurity,Security,Tails,Tor — Patrick Durusau @ 8:36 pm

You can increase your security, against known hazards/bugs, by installing and using:

along with other appropriate practices and cautions.

Bear in mind that no software or encryption scheme is a defense against a $5 wrench.

May 8, 2018

2,000+ New Egyptian Hieroglyphs Coming Soon! [Code Talker Security?]

Filed under: Hieroglyphics,Security — Patrick Durusau @ 7:37 pm

Soon You May Be Able to Text with 2,000 Egyptian Hieroglyphs by Sarah E. Bond.

From the post:

Collaborations among Egyptologists and digital linguistics promise global visualizations of what was written on inscriptions, papyri, wall paintings, and other sources of Hieroglyphs. It may also allow for more popular knowledge of Egyptian Hieroglyphs and encourage its assimilation into popular language-learning apps like Duolingo.

Over 2,000 new Hieroglyphs may soon be available for use on cell phones, computers, and other digital devices. The Unicode Consortium recently released a revised draft of standards for encoding Egyptian Hieroglyphs. If approved, the available Hieroglyphs will provide greater access and global uniformity for Egyptologists, covering a much longer period of Hieroglyphic usage than ever before. The proposal is part of a larger effort between the Unicode Consortium, ancient linguists, font designers, and the federal government to attempt to study, preserve, and then digitally represent ancient and endangered languages through the use of computer code.

Certainly a boon for Egyptologists but don’t miss the opportunity to use Egyptian from different historical periods as a secure language.

Before you say: “Security through obscurity is a bad idea,” remember that Navajo code talkers worked quite well during World War II.

Moreover, in adapting an ancient language to a modern context, you can shift the meaning of words such that standard dictionaries and tools aren’t useful.

Being always mindful of the question: How long does this message need to remain secure? Messages about an action are of little value once an action is public. Events replace hopes and aspirations.

Enjoy!

Extracting Data From FBI Reports – No Waterboarding Required!

Filed under: FBI,Government,Government Data,R — Patrick Durusau @ 1:01 pm

Wrangling Data Table Out Of the FBI 2017 IC3 Crime Report

From the post:

The U.S. FBI Internet Crime Complaint Center was established in 2000 to receive complaints of Internet crime. They produce an annual report, just released 2017’s edition, and I need the data from it. Since I have to wrangle it out, I thought some folks might like to play long at home, especially since it turns out I had to use both tabulizer and pdftools to accomplish my goal.

Concepts presented:

  • PDF scraping (with both tabulizer and pdftools)
  • asciiruler
  • general string manipulation
  • case_when() vs ifelse() for text cleanup
  • reformatting data for ggraph treemaps

Let’s get started! (NOTE: you can click/tap on any image for a larger version)

Freeing FBI data from a PDF prison, is a public spirited act.

Demonstrating how to free FBI data from PDF prisons, is a virtuous act!

Enjoy!

May 6, 2018

Natural Language Toolkit (NLTK) 3.3 Drops!

Filed under: Linguistics,Natural Language Processing,NLTK,Python — Patrick Durusau @ 7:52 pm

Natural Language Toolkit (NLTK) 3.3 has arrived!

From NLTK News:

NLTK 3.3 release: May 2018

Support Python 3.6, New interface to CoreNLP, Support synset retrieval by sense key, Minor fixes to CoNLL Corpus Reader, AlignedSent, Fixed minor inconsistencies in APIs and API documentation, Better conformance to PEP8, Drop Moses Tokenizer (incompatible license)

Whether you have fantasies about propaganda turning voters into robots, believe “persuasion” is a matter of “facts,” or other pre-Derrida illusions, or not, the NLTK is a must have weapon in such debates.

Enjoy!

May 5, 2018

Sci-Hub Needs Your Help

Filed under: Open Access,Open Science,Science — Patrick Durusau @ 4:40 pm

Sci-Hub ‘Pirate Bay For Science’ Security Certs Revoked by Comodo by Andy.

From the post:

Sci-Hub, often known as ‘The Pirate Bay for Science’, has lost control of several security certificates after they were revoked by Comodo CA, the world’s largest certification authority. Comodo CA informs TorrentFreak that the company responded to a court order which compelled it to revoke four certificates previously issued to the site.

Sci-Hub is often referred to as the “Pirate Bay of Science”. Like its namesake, it offers masses of unlicensed content for free, mostly against the wishes of copyright holders.

While The Pirate Bay will index almost anything, Sci-Hub is dedicated to distributing tens of millions of academic papers and articles, something which has turned itself into a target for publishing giants like Elsevier.

Sci-Hub and its Kazakhstan-born founder Alexandra Elbakyan have been under sustained attack for several years but more recently have been fending off an unprecedented barrage of legal action initiated by the American Chemical Society (ACS), a leading source of academic publications in the field of chemistry.

While ACS has certainly caused problems for Sci-Hub, the platform is extremely resilient and remains online.

The domains https://sci-hub.is and https://sci-hub.nu are fully operational with certificates issued by Let’s Encrypt, a free and open certificate authority supported by the likes of Mozilla, EFF, Chrome, Private Internet Access, and other prominent tech companies.

It’s unclear whether these certificates will be targeted in the future but Sci-Hub doesn’t appear to be in the mood to back down.

There are any number of obvious ways you can assist Sci-Hub. Others you will discover in conversations with your friends and other Sci-Hub supporters.

Go carefully.

Weekend Readings: Qubes (‘Reasonably Secure OS’)

Filed under: Cybersecurity,Linux OS,Security — Patrick Durusau @ 3:00 pm

Weekend Readings: Qubes by Carlie Fairchild.

From the post:

Qubes OS is a security-focused operating system that, as tech editor Kyle Rankin puts it, “is fundamentally different from any other Linux desktop I’ve used”. Join us this weekend in reading Kyle’s multi-part series on all things Qubes.

In order:

  1. Secure Desktops with Qubes: Introduction
  2. Secure Desktops with Qubes: Installation
  3. Secure Desktops with Qubes: Compartmentalization
  4. Secure Desktops with Qubes: Extra Protection
  5. Qubes Desktop Tips
  6. What’s New in Qubes 4

From the Qubes homepage: Motherboard: “Finally, a ‘Reasonably-Secure’ Operating System: Qubes R3” by J.M. Porup.

After reading Rankin’s posts, Qubes is high on my list of things to try.

May 4, 2018

Propaganda For Our Own Good

Filed under: Fake News,Government,Journalism,News — Patrick Durusau @ 10:43 pm

US and Western government propaganda has been plentiful for decades but Caitlin Johnstone uncovers why a prominent think tank is calling for more Western propaganda.

Atlantic Council Explains Why We Need To Be Propagandized For Our Own Good

From the post:

I sometimes try to get establishment loyalists to explain to me exactly why we’re all meant to be terrified of this “Russian propaganda” thing they keep carrying on about. What is the threat, specifically? That it makes the public less willing to go to war with Russia and its allies? That it makes us less trusting of lying, torturing, coup-staging intelligence agencies? Does accidentally catching a glimpse of that green RT logo turn you to stone like Medusa, or melt your face like in Raiders of the Lost Ark?

“Well, it makes us lose trust in our institutions,” is the most common reply.

Okay. So? Where’s the threat there? We know for a fact that we’ve been lied to by those institutions. Iraq isn’t just something we imagined. We should be skeptical of claims made by western governments, intelligence agencies and mass media. How specifically is that skepticism dangerous?

A great read as always but I depart from Johnstone when she concludes:


If our dear leaders are so worried about our losing faith in our institutions, they shouldn’t be concerning themselves with manipulating us into trusting them, they should be making those institutions more trustworthy.

Don’t manipulate better, be better. The fact that an influential think tank is now openly advocating the former over the latter should concern us all.

I tweeted to George Lakoff quite recently, asking for more explicit treatment of how to use persuasion techniques.

Being about to recognize persuasion used against you, in propaganda for example, is good. Being about to construct such techniques to use in propaganda against others, is great! Sadly, no response from Lakoff. Perhaps he was busy.

The “other side,” your pick, isn’t going to stop using propaganda. Hoping, wishing, praying they will, are exercises in being ineffectual.

If you seek to counter decades of finely honed war-mongering, exploitive Western narrative, be prepared to use propaganda and to use it well.

Win MuckRock requests and swag!

Filed under: Government,MuckRock,Transparency — Patrick Durusau @ 4:23 pm

Help analyze Donald Rumsfeld’s memos and win MuckRock requests and swag by Michael Morisy.

From the post:

In January, thanks to a five-year fight by the National Security Archive, the Pentagon began releasing massive troves of former Secretary of Defense Donald Rumsfeld’s memos. The memos were so copious that they developed their own legendary status within the Armed Forces.

Rumsfeld himself describes them:

When I returned to the Pentagon in 2001, I continued writing the short memos that had been nicknamed “snowflakes” some years ago. They quickly became a system of communication with the many employees of DoD, as I would initiate a topic with a short memo to the relevant person, who would in turn provide research, background, or a course of action as necessary. In the digital age it was much easier to keep the originals on file so I could track their progress. They quickly grew in number from mere flurries to a veritable blizzard.

The term “snowflake” covers a range of communications, from notes to myself on topics I found interesting, to extended instructions to my associates, to simple requests for a haircut. There was no set template; some are several pages and some just a few words. They were all conceived individually and I had never considered them as a set until I started work on the memoir. I then found that when reviewed together, they give a remarkable sense of the variety of topics that are confronted by a secretary of defense.

Now you can explore the early days of the War on Terror – and potentially earn free MuckRock requests and even swag – by helping analyze what was in them, surfacing the most interesting and historically important memos and sharing the results with everyone.

MuckRock is offering prizes so jump to Morisy’s post and get started.

Enjoy!

May 3, 2018

Not All AI Uses Are Serious: Generating Pusheen with AI

Filed under: Artificial Intelligence,Humor,Machine Learning — Patrick Durusau @ 8:22 pm

Generating Pusheen with AI by Zack Nado.

From the post:

I made a machine learning program that generates new (sometimes novel!) Pusheen pictures!

(I don’t claim any ownership of Pusheen or anything Pusheen related, which is trademarked by Pusheen Corp.) It’s no secret that my girlfriend and I both are huge fans of Pusheen the cat, which many people know from the cute Facebook sticker sets. So, for her birthday I set out to try to create a machine learning program to create cat pictures for her to enjoy! To set some expectations for this post, I only did this for a fun project and didn’t really know what I expected to get out of it given that in all the data available there are really only a handful of unique poses and scenes. Also, you really only need a roughly oval shaped gray blob with eyes to look like Pusheen, so the bar wasn’t that high. That being said I am happy with the outcome and think it produces interesting and (usually) realistic poses and positions.

Given the revolving door at the White House in Washington, DC, you will never be sort of material for generating facial or full body images for posting on social media.

None of them will be as attractive as Pusheen the cat, but, consider your starting point.

Enjoy!

PS: You will be laughing too much to notice you are learning AI skills. Does that suggest a possible approach to an introduction to AI?

One Protocol, 125+ Million Targets

Filed under: Cybersecurity,Hacking — Patrick Durusau @ 3:55 pm

Disclosure: The Call of Duty protocol has been patched against the vulnerability discussed by momo5502. Take heart, it is software and therefore has multiple vulnerabilities. The post remains an instructive one.

Game hacking reinvented? – A cod exploit

From the post:

A few years ago, I became aware of a security issue in most Call of Duty games.

Although I did not discover it myself, I thought it might be interesting to see what it could be used for.

Without going into detail, this security issue allows users playing a Call of Duty match to cause a buffer overflow on the host’s system inside a stack-allocated buffer within the game’s network handling.

In consquence, this allows full remote code execution!

To use this vulnerability to exploit the game, a few things have to be taken into consideration.

To exploit this vulnerability (or actually any vulnerability), you need to replicate the network protocol of the game.

This turns out to be somewhat complex, so I decided not to rewrite this myself but to actually use the game as a base and to simply force it into sending malicious hand-crafted packets that exploit it.

And indeed, this method seems to work, but the problem is that you need to modify the game in order to send the packets.

As Call of Duty has, just like any modern game these days, a not-so-bad anticheat mechanism (namely VAC), modifying it could result in myself getting banned from the game.

After a few other failed attempts of exploiting this vulnerability, I came up with something completely different: Why shouldn’t I use the game, without actually using the game?

The idea is still to take the game as base, but instead of hooking it, the underlying network transactions are analyzed to recreate the state of the game and to inject custom packets into the system’s network stack that look as if they were sent by the game.

So you don’t modify the game itself, but rather control all the data it sends and receives.

As this method doesn’t touch the game at all, it is not possible for current anti-cheat systems to detect this (it actually is possible, but I don’t think there is any anti-cheat that tries to detect that, yet).

Catalin Cimpanu tweeted a link to this post, along with links for a YouTube video: https://www.youtube.com/watch?v=j2N3_pDEsnE and GitHub PoC: https://github.com/momo5502/cod-exploit.

An elegant attack that relies on networked software, well, using a network for communication. However heavily protected the software, communication over a network can be captured and analyzed. Encryption may poses issues, but only if done well, which isn’t all that common.

Enjoy!

May 2, 2018

Special Characters and the Firefox Addressbar

Filed under: Web Browser — Patrick Durusau @ 8:18 pm

Asa Dotzler tweeted:

In Firefox’s addressbar, you can limit results by typing special characters before or after your term

  • ^ for matches in your browsing history
  • * for matches in your bookmarks
  • % for matches in your currently open tabs
  • # for matches in page titles
  • @ for matches in web addresses

A truly useful tweet!

May 1, 2018

Oracle XQuery Processor for Java (But Why?)

Filed under: Java,XQuery — Patrick Durusau @ 7:45 pm

I saw an interesting post by Jay Stidhar titled: How to Install and Use Oracle XQuery Processor for Java.

Interesting in the sense of why would Stidhar or anyone else, encourage the use of the Oracle XQuery processor?

You don’t have to do a deep technical dive to be dismayed by the Oracle XQuery processor. Just take a look at the Oracle Technology Network License Agreement which you have to accept before downloading the software. It took three screen shots for me to capture it for preservation purposes.

OK, I won’t make you read all of it! It starts downhill early on and only gets worse:


Oracle grants You a nonexclusive, nontransferable, limited license to internally use the Programs, subject to the restrictions stated in this Agreement, only for the purpose of developing, testing, prototyping, and demonstrating Your application and only as long as Your application has not been used for any data processing, business, commercial, or production purposes, and not for any other purpose.

Wow!

To summarize:

  1. [O]nly for the purpose of developing, testing, prototyping, and demonstrating Your application
  2. [O]nly as long as Your application has not been used for any data processing, business, commercial, or production purposes, and not for any other purpose.

Once your application is used for “…any data processing, business, commercial, or production purposes…,” your license for the Oracle XQuery processor may terminate.

Who knew?

There are other restrictions and conditions that make the Oracle XQuery processor unattractive. Discover those for yourself.

Check the Twitter archives of @XQuery for a number of open source and commercial XQuery software packages with less onerous licensing.

Powered by WordPress