Tim Ruble

Got an email from a friend the other day, he was searching for an answer as to why a PHP script that he was working on contained an & (ampersand) before the variable.  It made him curious enough to contact me, so I decided that I would just write a quick post on this – since I hardly NEVER update anything on this old blogsite.

Ok – the ampersand before the variable calls a reference to the variable.  Kind of like bookmarking the ‘last known’ value of the variable that was used.  For example:

$foo = ‘foo’;

$val_foo = &$foo; // This creates the reference…  At this point the value of $val_foo == ‘foo’;

$foo = ‘My New Foo Value’; // Now, at this point the value of foo has changed

echo $val_foo; // This will echo out the value, My New Foo Value instead of the initial value of foo which == ‘foo’

This works on many levels, and it can be quite useful when programming in PHP.  I often use it to define my base class methods within the base.class.php file that I have created as my own “framework” for everything that I build from.   Since my base class consists of a ‘listening’ device script that in turn loads a class, base upon observer values that my internal scripts pass to the base class.  The base class is then extended from the inherited class that my events and observers are told to load.   Hmm, I may load my framework up someday, and allow others to use it – as it becomes more debugged and solid.

One of the thornier issues with building a dynamic infrastructure for a data center or campus LAN is creating a simple, robust, and reliable management system to configure network connectivity. Unless you have the luxury of designing a brand new network, chances are you have a mix of routers, switches and network gear from more than one vendor. Linesider Overdrive Network Services Virtualization Platform aims to simplify the management by abstracting the actual commands from the goals of a task.

Read Full Article Here

MX Lab detected a new Bredolab variant masking itself as the “Facebook Password Reset Confirmation”. The From address in the email is shown as “The Facebook Team ” but the real SMTP from address is spoofed.

The attachment has the name Facebook_Password_4cf91.zip and includes the file Facebook_Password_4cf91.exe. the part between _ and .zip at the end is choosen randomly and contains letters and numbers.

The trojan is known as Trojan.Downloader.Bredolab.AZ (BitDefender), Bredolab.gen.a (McAfee) or W32/Obfuscated.D2!genr (Norman) and is only detected by 14 of the 41 AV engines at Virus Total.

The body of the email:

Hey vguysville ,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
The Facebook Team

Bredolab is a trojan horse that downloads and executes files from the Internet, such as rogue anti-spyware. To bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe. Bredolab contains anti-sandbox code (the trojan might quit itself when an external program investigates its actions).

This Bredolab variant will create the files:

%AppData%\wiaservg.log
%Windir%\temp\wpv861256600826.exe
%Programs%\Startup\isqsys32.exe

It will also create the process isqsys32.exe and svchost.exe. The dll %Windir%\dsqstm6.dll is being loaded into the address space of Internet Explorer combined with several Windows registry edits.

It will attempt to connect with the remote hosts on port 80: 202.39.17.53 0, 217.23.7.162 and 95.211.27.211.

The data identified by the following URL was then requested from the remote web server:

hxxp://mmsfoundsystem.ru/public/controller.php?action=bot&entity_list=&uid=&first=1&guid=13441600&v=15&rnd=8520045
hxxp://hostvegass.ru/cman/receiver/online
hxxp://wapdodoit.ru/mn/base.cfg
hxxp://www.whatsmyipaddress.com

One of my favorite Jimmy Page guitar pieces of all time. I know that I skipped a major part of that song, and shortened it up in sections, but I just wanted to play a version that wasn’t verbatim like the way Pagey played it. I have been thinking a lot of adding more Zep songs to my blog here, but maybe in the future. Hope you enjoy what little I have to offer.