Sunday, 31 May 2009

Why doesn't Twitter search find my tweets?

Here's an old tweet of mine:

WideCharToMultiByte tweet

Why does it not appear when searching for WideCharToMultiByte:

Twitter Search fail

What am I missing here? Shouldn't a tweet appear in the search result when using one of the the words from the tweet as a search term?

Some of my tweets are coming up in the search result though. For example, a search for freefixer shows some of my tweets.

Friday, 29 May 2009

System Security - How a faked anti-spyware program tricks its way onto user's systems.

I ran into System Security a few days ago. This is one of many rogue anti-spyware programs that pops up a now and then. I've captures some screenshots to show how users are tricked into installing this application:

While browsing some web pages the following dialog from Internet Explorer popped up. It falsely claimed that my system needed a "anti viruses check". The system is 100% clean.

If you click OK, the following will appear:

The the observant user will notice the above is just a web page that, tries to mimic the user interface of Windows XP. Web pages cannot access the local disk to scan for malware files.

If you click OK, you will get another faked scan result:

If you click "Remove all", you will get the actual installation file (install.exe):

Now it get dangerous. So far, System Security has not been able to access the system. All scan results and warnings are just faked. But if you choose to install the file install.exe you are in trouble. System security will get access to your computer:

Now that System Security got access to the system it will start showing scan results and warnings, all for the purpose of getting you to buy the program:

Here it falsely claims that some keylogger named Lsas.Blaster.Keylogger is sending my credit card information to a remote server:

Thursday, 28 May 2009

Schedule Blogger Post

Did you know you can schedule a blog post while using Blogger? Just type in the date when you want it to be published:

Wednesday, 27 May 2009

Viewing a Certificate Revocation List (CRL)

A certificate revocation list contains serial numbers for certificates that has been revoked. A revoked certificate should not be trusted. The revokation lists are available at each Certificate Authority, such as Verisign.

I had problems finding information on how to view the contents of a .crl file, so hopefully this will help you. To view the revocation list in plain text, you can use the openssl command line tool:
openssl crl -inform DER -in Class3Commercial.crl -text -noout

Certificate Revocation List (CRL):
Version 1 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /O=VeriSign, Inc./OU=VeriSign Trust Network/
repository/RPA Incorp. by Ref.,LIAB.LTD(c)98/CN=VeriSign Class 3 CA - Commercial
Content/Software Publisher
Last Update: Apr 15 10:00:08 2009 GMT
Next Update: Apr 25 10:00:08 2009 GMT
Revoked Certificates:
Serial Number: 010E4C379581BA0566F7C99FB5924E20
Revocation Date: Nov 28 17:46:46 2000 GMT
Serial Number: 0110E0DF875EDB73D8F276C87615D025
Revocation Date: Sep 13 21:08:20 1999 GMT
Serial Number: 0118A8D557A89E6B3BBA6DFA5119C8D9
Revocation Date: Jan 25 21:37:21 2000 GMT
Serial Number: 012FADDC287FE873AF9771C160774F0E
Revocation Date: Jul 13 23:31:00 2001 GMT

Is there any C++ syntax highlighter that outputs data suitable for pasting into a HTML document?

Anyone know of some tool that given a .cpp or .h file outputs data suitable for pasting into a HTML document?

What I want is something like this:


//My class
class A


<span class="cplusplus-comment">//My class</span>
<span class="cplusplus-keyword">class</span> A

By having spans marking up the keywords, comments and other parts of the code, it's all about adding some CSS code to the stylesheet to have the c++ code highlighted.

Tuesday, 26 May 2009

How to get the service pack number using the WIN32 API

To get the service pack number on a Windows machine you can call the GetVersionEx function and pass a pointer to a OSVERSIONINFOEX struct. OSVERSIONINFOEX has two members, wServicePackMajor and wServicePackMinor, which holds the service pack information.

Monday, 25 May 2009

How to block outbound connections with the Windows Firewall

The Windows Firewall for Vista and Windows 7 allows you to block outbound connections, something that Windows XP didn't. To block outgoing connections:
  1. Press the Start button.
  2. Open Control Panel.
  3. Click on Administrative Tools.
  4. Click on Windows Firewall with Advanced Security.
  5. Click on Windows Firewall Properties.
  6. Select the Private Profile tab. (or the Public or Domain tab if you are on that type of network.)
  7. Choose Block in the drop down for outbound connections.
Now Windows will block outgoing connection. I did however not see any notification when an outbound connection was blocked. There's an option to display a notification about blocked inbound connections, but I could not find anything about outbound connections. Anyone know how to enable these?

Wednesday, 20 May 2009

What's your brain age?

Ran into this memory game the other day. According to the site it will activate prefrontal region of the brain, it will prevent memory loss and cultivate memory ability and concentration True or not, I don't know, but the silly game can be quite fun.

Once you've finished a round it will estimate your "brain age". Seems I cannot get below 24. I suppose that's pretty decent since I'll be 34 in a few months :)

How do you score?

And here's someone with true skills:

Tuesday, 19 May 2009


The SeaPort.exe file is signed by Microsoft and looks legitimate to me. Is there some malware/trojan/spyware out there that use the SeaPort.exe name, or is there any other reason for removing this file? More than 75% of the visitors FreeFixer file library visitors say they remove this file:

More than 75% say they will remove Seaport.exe

Does Windows Firewall block outgoing connections on Windows XP?

No, according to Wikipedia:
XP's Windows Firewall cannot block outbound connections; it is only capable of blocking inbound ones.

Wednesday, 6 May 2009


About two week ago a FreeFixer user added prnet.tmp to the online file database. I've not had the chance to analyze this file myself, but from the large number the searches it must be a major problem right now.

This file is dropped in C:\WINDOWS\system32\ and adds itself to the registry under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, prnet, which starts the prnet.tmp process every time a user logs on to the machine. Those infected by this malware reports a large numbe of unwanted pop-up windows.

If you need assistance to remove prnet.tmp, please post a FreeFixer log at the FreeFixer User Group.

View the raw HTTP request body in PHP

I'm currently working on a bug where some Japanese characters are not appearing correctly on the FreeFixer web site. In the process of tracking down the problem I needed to view the raw HTTP request body that FreeFixer sends when posting information about a file or some registry data. In PHP, this can be done by calling the http_get_request_body() function. Unfortunately, this function requires a PECL extension which was unavailable in my current setup. However, this solved the problem:

$request_body = @file_get_contents('php://input');

Tuesday, 5 May 2009

WordPress' .htaccess file explained

If you have configured your WordPress system to use pretty permalinks the following will be added to the .htaccess file:

# BEGIN WordPress

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Explaining the .htaccess, row by row

<IfModule mod_rewrite.c>
This line checks if the mod_rewrite module is available on the server. If not, none of the enclosed Rewrite commands will be processed.

RewriteEngine On
This directive enables the runtime rewriting engine.

RewriteBase /
Let's the server know that the .htaccess was reached via / and not through any other path prefix.

RewriteCond %{REQUEST_FILENAME} !-f
This condition is true if the the path REQUEST_FILENAME not refers to an existing file.

RewriteCond %{REQUEST_FILENAME} !-d
This condition is true if the the path REQUEST_FILENAME not refers to an existing directory

RewriteRule . /index.php [L]
If the two RewriteCond's listed above evaluated to true the server will load index.php. [L] indicates that no further rewrite rules should be processed.
If any of the RewriteCond's evaluated to false, the server will load the actual file or directory instead of index.php.

Friday, 1 May 2009

How to start a command prompt in administrator mode on Windows 7

Some days ago, while playing around with Windows 7, I needed to run a couple of command line programs with administrator privileges. To start a command prompt in elevated mode, type cmd.exe in the run box and instead of pressing enter, press CTRL + SHIFT + ENTER. This key combination works on Windows Vista too.