Blog-o-Mix

It is sometimes interesting and amusing to see how even big players steal from each other

I was very surprised to see that a flash ad for Yahoo! Music has a video screenshot resembling… YouTube video… When clicking the Video section of the mentioned ad, I was redirected to Yahoo! Music

Maybe I am mistaken, but from what I understand even the flash player design is a matter of design copyright. Maybe I am wrong - then please correct me in comments.

Yahoo!Music Ad Initial - Check the player frame

Yahoo!Music Ad After Click- Check the player frame

Yahoo!Music Typical player frame

YouTube Typical player frame

Player frames compared to the one in Yahoo! Ad

Few questions arise:

• Is Yahoo!Music together with YouTube?
• Is Yahoo!Music trying subliminal user driving from YouTube to Yahoo!Music
• Is YouTube licensing somehow it’s player design to other market players?

Thoughts are welcome, as always.

PS: the link which displayed the mentioned ad was found here

Copyright disclaimer: all the trademarks mentioned here are owned by the respective owners. The same applies to the graphical designs depicted in the screenshots.

Tags: yahoo music, yahoo, youtube, copyright

iPhone OpenGL Demo

UPDATE: Sources iPhone OpenGL ES Cube 3D with texture (Some reported archive corruption. Seems to work well with 7-Zip 4.5x, 4.6x for Windows)

This is a demo video showing my humble achievements in the direction of OpenGL ES 1.1 for iPhone, using some texture and light experiments. It is of course not intended as a working program, it’s rather a demo concept snippet of code.

The binary:
- source written in objective-c
- compiled as native application with iPhone toolchain under cygwin
- ran on iPhone 1.1.2 OOB

The acknowledgements go to:
- AJW - for great iPhone OpenGL startups
- ZeusCMD - for great OpenGL ES tutorials
- nullriver - for posts and links

Here is the binary available for download:
iPhone OpenGL ES Demo binary

Instructions:
- GLTextureCube to be put into /Applications and given proper permissions (755 to dirs and files will suffice)
- zveriu.raw to be put into /private/var and given at least read permission (444 will suffice)
- you can replace zveriu.raw with your own image data, given you follow the constraints:
– 128 by 128 pixel - sorry, had to hard-code to speed-up the working demo
– raw data, i.e. no headers, compression, etc -
– 1 (one) byte per color, color scheme RGB
– basically it is a 24bit BMP, with no header, just raw data
_________
- to obtain such a raw file, you can:
– get a 128 by 128 24 bits BMP file with your texture
– open it with IrfanView
– make sure you have IrfanView plugin named Formats
– save as the BMP with RAW file type, instructing irfan view to make it 24 bits RGB (not BGR!) and interleaved, meaning bytes follow as RGBRGB…RGBRGB and not RRRRRR…GGGGGG…BBBBBB
_________
- basically, to check that zveriu.raw (case sensitive!) you have created is right, file size should be 128 (width) * 128 (height) * 3 (bytes for RGB ) = 49152 bytes exactly

Hope you enjoyed this post.

I have some more ideas to test on iPhone - hope to overcome all the limitations (including time-constraint ). And by the way - the USRP is solved, need to get GNUradio working on one of the boxes (cygwin refuses to get me wxPython right for GNUradio - will stick to Ubuntu for the moment!)

Tags: iPhone OpenGL OpenGL ES OpenGLES Demo Cube Cube3D Texture USRP GNUradio

Troleibuzul 25 (via Igoriok)

___________________________

iPhone Face Detection

I think it is pretty amazing, since as far as I know and searched, it seems that it is the first face detection app to be running on iPhone itself.

Regarding comparison with iFace and iPhoto - it looks like these apps snap the picture and send it to a central server for processing and etc. (I am not going to go in a detailed description and comparison of all these apps features though)

Also, it seems like hotels far away from home may act as energy and ideas boosters. One year back once setting up my site, I proposed myself to make the code portable and run on as many platforms, including iPhone which I got at that time. One year of delaying and finally few days of hotel lock-up and I have it working for the iPhone.

Feeling of satisfaction is unbeatable.

Few notes:

• Code is almost 100% portable. Yes, few minor tweaks of settings for the compiling environments, but overall the same routines are used for all these platforms: Windows, Linux, Cygwin, iPhone (FW 1.1.2), Mac OSX.
• It is good to see false-positives and missed true-positives if talking from research point of view, since this means there is room to improve and study. The percentages of detected true-positive, missed true-positives and false-positives seems to be around 80%/15%/5%.
• Still have to check and properly evaluate processing times. No figures here yet
• Compilers used are gcc flavors for the corresponding platform/architecture
• For the iPhone I used iphone-dev team’s toolchain for iPhone FW 1.x
• Unfortunatelly, I cannot share or release code at this point. Please don’t ask for it at least for the moment
• However, if you have any serious research or commercial offers, don’t hesitate to contact me (contacts on right panel)
• Click here for related links of my previous work

TODOs:

• Seems like last minute hassle made my facial features (eyes-mouth triangle) not to work properly. Hopefully will be fixed next time I touch the code (never know when it happens)
• Face recognition. I have some experimental code for PCA method, though I want more research on this.
• Face and flow tracking in video feed from iPhone (crappy) camera

Stay tuned…

Tags: iPhone face detection recognition tracking iFace iPhoto iFaceFriend image video processing computer vision digi-face digiface digi-face.net digi-face.org andrei costin andreicostin.com

eJobs.ro security hacked screwed again - execution with cool-blooded SQL injection

Yes boyz and pretty girlz, eJobs.ro gets it again into the face and gives away 1.3 Mln resumes and personal information! More - passwords in clear, not at least hashed…

My two cents on this:

1. Nice work from the guys here - HackersBlog.org

2. Some of my early whistle-blowers to the ejobs.ro here (ejobs XSS1) and here (ejobs XSS2) - seems like they have either deaf or inexistent security assesment team… Too pitty for them…

3. It seems that the method used by the guys was in one of my earliest attack methods which I left asside for some dumb reasons. eJobs.ro Attack Vectors file

The below is what I was exercising back then, and the similar attack vector is what the guys really used to SQL-inject (the below is not working already for obvious reasons… )

Code:

4. Also, if you go specifically to http://ejobs.ejobs.ro (yes, double times ejobs, it is not a typo!) you will see an internal eJobs position posting. The interesting details I have highlighted below:

eJobs job posting - hahaha

Till next time, enhance your

Knowledge of Secure Programming Best Practices

Tags: ejobs, ejobs.ro, ejobs ro, ejobs.ro sql injection, ejobs.ro sqli, ejobs.ro hacked, ejobs.ro hackuit, ejobs.ro security, ejobs.ro spart, ejobs.ro database, ejobs.ro baza de date, ejobs.ro CVuri