aj’s blog

I just took a quick look at Agile Messenger, a messaging application for mobile phones and PDAs supporting the MSN, AOL, Yahoo, ICQ, Googletalk and XMPP protocols. It works great, just..
Why does it connect to billing.am-im.net [69.60.119.161] every time one connects to a messenger network? Why does it complain about broken network connectivity when it can’t? Is it really necessary to send unique identifying IDs to this server (and exchange quite some base64 encoded data)? I found some hints that you might send some more identifying codes there, like IMSI, IMEI, messenger-uids and -passwords.. 🙁
The XML Response contains a base64-Part with my ICQ uin and some more stuff.
Ah, that’s not all. What about the reoccuring usage-reports to usage.am-im.net [64.251.14.202], also containing the unique ID? Not only that, it also contains a value for “traffic” .. – and can’t be disabled!
Should I even mention updates.am-im.net?
Guys, you shouldn’t be watching my messenger traffic or try to track me all the time. And your program is now gone from my mobile phone; thanks.
That’s definitely a program to avoid.

After some complaints about mailserver blacklistings in the “UCEPROTECT-NETWORK level 1” blacklist I again spent a few minutes of investigating the issue and looking at their website. They seem to have no problem listing ISP mail relays after 1 or 2 misdirected mails from customer IPs and seem to have very “interesting” ideas about how mail should work and how they are going to police the net.. (read more below)

(more…)

Today I decided to finally upgrade two of my older boxes to the most recent OpenSSL version (openssl-0.9.8e) as that change has been on my ToDo list for ages. Both hosts are ancient Pentium I based Linux servers, so compiling OpenSSL was great fun and took hours.
Read on if you are interested in never-ending compile sessions, SSHd segfaults, issues with bn_mul_add_words() functions, no-sse2 settings, VIA Padlock crypto engines or other OpenSSL fun. Oh, and don’t ask me anything about OpenSSL in the next weeks, right?! 😉

(more…)

In case someone needs it (I do): I wrote a small web interface that quickly crypt()’s a string, e.g. when you need to write a .htaccess file and don’t have htpasswd available. It outputs DES, MD5 and SHA1 with random salts and salt-less md4, md5, sha1 and sha256. Maybe I’ll add MySQL password hashing too.. at least when I first need it 😉

Oh, and remember.. the password gets sent to my server without any encryption at all (and no, it’s not being saved here) 🙂

With the release of PHP 4.4.6 on March 1st PHP developers updated the PCRE version that’s included in the PHP4 tarball from PCRE 6.7 to PCRE 7.0. Unfortunately PCRE 7.0 has “some issues” with certain regular expressions – if you have recently upgraded to PHP 4.4.6, use regular expression functions such as preg_match and are wondering about strange “Internal Server Error” messages or empty pages – stop wondering. It’s a more or less documented “bogus” bug at php.net (Bugtracker, ID 40706) that they won’t fix because it’s within PCRE and not within PHP. Their solution? Upgrade to PHP 5.
You can’t? Well you can use PCRE 6.7 of the “old” PHP 4.4.5 version with PHP 4.4.6. Just follow the steps below. 🙂

(more…)