to CN Consulting's "Cocktail Talk".
Cocktail Talk is a casual monthly newsletter
intended to arm you with amusing bits and bytes of information on
whats happening in the computer world. Topics sure to break the ice
and capture an audience at many a social or business event.
Talk is archived on www.cnci.us
Currently, on Cocktail Talk - Black Hat Obfuscation
that there are movies and everything about Black Hats it's only
fair that we take one more step towards street level and give
credit to White Hats.
Hats are every bit as capable as Black Hats, they just use their
powers for good. Some White Hats are reformed Black Hats, some are
just mercenaries. One is me. Like they say "Sometimes bad guys
make the best good guys".
Hats and White Hats fight in the cloud, it's all very Spy vs.
Spy. Let's take a peek at a real life example from recent
Black Hat wants to redirect people browsing the internet to
websites that pay her for visitors. She wants to redirect my
people's website visitors to some German porn site so she can cash
in.. She tried to accomplish this in two ways.
was to replace some of my people's website programs with bad
programs having the same names so her programs ran instead.
She also injected bad code into their existing programs.
In either case it's auf wiedersehen mein freund. These
programs and code were written in something called PHP.
geeks love three letter acronyms (TLA's) and PHP is especially
loved because it is a recursive acronym, one where the acronym
itself is part of the acronym itself. PHP stands for
"PHP: Hypertext Preprocessor", a language popular with
Black Hats try to hide their dirty PHP work by obfuscating their
code and the White Hats try to find it. Take a walk with me through
an English language example of obfuscated PHP code.
wants to say GO_to_HELL..
could code a string of characters l_gOthE followed by -
Gimme the 3rd, 4th & 2nd characters of that string making them
upper case and call them Fred. (Fred would equal GO_)
Gimme the 5th, 4th and 2nd characters making them lower case and
call them Kisses. (Kisses would equal to_)
- Gimme the 6th,
7th, 1st, & 1st characters making them upper case and call them
Poodles. (Poodles equals HELL)
- Say Fred +
Kisses + Poodles
read FredKissesPoodles as GO_to_HELL and there, she said it. Auf
wiedersehen mein freund. It's a lot like the Soul Train
are PHP commands to encode and decode strings of characters. Black
Hats use these commands to turn code into gibberish before
injecting it into our code. They put the decode command in front of
the gibberish and PHP turns it back into bad code that we can't
a string method, like our Soul Train example, they can even
obfuscate the decode command and all of a sudden our little string
of l-gOthE followed by a bunch of gibberish becomes GO_to_HELL
Hats figure this all out to help keep the mean streets of the cloud
can bet your last money it's a stone gas honey, you can even
obfuscate your recursive acronym, you can kiss a poodle, or not,
that's your call, and that's Cocktail Talk.
Thank you for
Consulting, Inc - www.cnci.us
Computer Consulting for Business!
Consulting Inc. (CNCI) is an independent consulting company formed
in 1990 and located within easy reach of both Chicago and
maintains a select client base providing consulting services
concerning the use of information technology. We persistently look
for advantage to our clients in added value and reduced cost made
available by advancing technology.
does not have financial interest in any given product or product
line. We evaluate current and emerging technologies solely based on
their benefit to our clients. CNCI implements the solutions it
recommends and readily partners with companies that offer products
and services to the advantage of our clients. CNCI offers complete
client support with singular accountability.
maximize the benefit of our clients' existing technology, systems,
and platforms while integrating the benefits provided by new
Continuity and Business Development are our goals with Continuity
being the foundation of Development.