Outlook 2013 + Gmail sync issue

For quite a lot of time I had Outlook 2013 x64 first time when I installed it I had a problem regarding Gmail account it stopped syncing after specific date. I searched around the forums but no luck finding solution. Later on I deleted few mails and it worked but I did not wrote the solution.
Now I formatted PC and found same issue and decided to post it. Where is the problem? The problem is in *.ics (like invitation files, meeting requests). There is no problem if your Outlook 2013 is up to date! The problem is only with new (fresh) installation of Outlook 2013.

After you delete message containing *.ics it syncs until next *.ics mail. It is quite frustrating if you have a lot of meeting requests.

Both issues occured to me on Outlook 2013 x64 and x84 with Office professorial Plus

 

WCF on IIS 8 + WP8

Last two days I spent trying to resolve WCF IIS 8 + Windows Phone 8 problem. On majority of sites it is written that you just add service reference but it didn’t work for me. So I spent few hours trying to resolve this issue. After few hours I discovered a problem regarding UriTemplate
[WebInvoke(Method = "GET", ResponseFormat = WebMessageFormat.Json, BodyStyle = WebMessageBodyStyle.Bare), UriTemplate = "json/GetTestObject/")]
List GetTestObjectJson();
I found out that generated code does not call with Uri template but just function name (GetTestObjectJson). So I removed UriTemplate and retried to request but no luck. I created myself ServiceReferences.ClientConfig but multiple times rechecked after this I hard coded it in the code still no luck. Via browser the service responded correctly.

BasicHttpBinding bb = new BasicHttpBinding(BasicHttpSecurityMode.None);
ServiceReference1.TestClient tc = new TestClient(bb, new EndpointAddress("http://test.test.com/Test.svc"));
tc.GetTestObjectJsonCompleted += TcGetTestObjectJsonCompleted;
tc.GetTestObjectJsonAsync();
The same issue is posted also (http://answers.flyppdevportal.com/categories/winphone/wptools.aspx?ID=bdd536d0-6456-4b23-8eb6-cad865d52e05, http://social.msdn.microsoft.com/Forums/en-US/wptools/thread/61f1060f-846e-4e7d-b8ff-c2956e0a8677/, http://stackoverflow.com/questions/15562451/windows-phone-8-error-with-wcf-the-remote-server-returned-an-error-notfound ) but nobody provided solution.

So next day I decided to write simple web request which I later found also in other post (http://blog.clauskonrad.net/2010/11/wp7-how-to-make-httprequests-from.html). But what I got was ‘asynchronousResult.AsyncWaitHandle’ threw an exception of type ‘System.NotSupportedException’

HttpWebRequest req = (HttpWebRequest)WebRequest.Create("http://test.test.com/test.svc/GetTestObjectJson");
req.Method = "GET";
req.ContentType = "application/json; charset=utf-8";
req.BeginGetResponse(new AsyncCallback(GetAvaliableConferencesJson), req);

Ok I found out that is not supported on WP8 my mistake: http://msdn.microsoft.com/en-us/library/system.net.httpwebrequest.aspx

I tried other way:
WebClient wc = new WebClient();
wc.Headers[HttpRequestHeader.ContentType] = "application/json";
Uri uri = new Uri("http://test.test.com/test.svc/GetTestObjectJson", UriKind.Absolute);
wc.Encoding = System.Text.Encoding.UTF8;
wc.OpenReadCompleted += WcOnOpenReadCompleted;
wc.OpenReadAsync(uri);

Yes, crap same problem page not found. I started losing my patience what could probably go wrong?
If I write request in IE on my pc it is working so hmmm. Ok let’s try to request just one random site.

WebClient wc = new WebClient();
Uri uri = new Uri("RandomWebsite ", UriKind.Absolute);
wc.DownloadStringCompleted += WcOnDownloadStringCompleted;
wc.DownloadStringAsync(uri);

Ok it works! So let’s try my WCF service it WORKS!
So final solution:

WebClient wc = new WebClient();
Uri uri = new Uri("http://test.test.com/test.svc/GetTestObjectJson ", UriKind.Absolute);
wc.DownloadStringCompleted += WcOnDownloadStringCompleted;
wc.DownloadStringAsync(uri);

private void WcOnDownloadStringCompleted(object sender, DownloadStringCompletedEventArgs downloadStringCompletedEventArgs)
{
List testObject = new List();
MemoryStream ms = new MemoryStream(Encoding.UTF8.GetBytes(downloadStringCompletedEventArgs.Result));
DataContractJsonSerializer ser = new DataContractJsonSerializer(typeof(List< TestObject >));
testObject = ser.ReadObject(ms) as List< TestObject>;
ms.Close();
}
On WCF site:

[OperationContract]
[WebInvoke(Method = "GET", ResponseFormat = WebMessageFormat.Json, BodyStyle = WebMessageBodyStyle.Bare)]
List GetAvaliableConferencesJson();

It also works if you have UriTemplate just provide correct path.

I know it is not optimal solution but for now it works fine for me.

 

Windows 8 and Hyper-V with VirtualBox

Bellow is explained how I managed to install Hyper-V and VirtualBox on Windows 8.

All started with windows phone 8 SDK release. WP8 SDK came out with some requirements. One of them was Windows 8 with Hyper-V.

I started installation. First requirement no other virtualization on PC  And I had to uninstall VirtualBox an VMware CRAP … later it took me a couple of hours to find out why my PC after installing SDK is not booting. Reason was that my motherboard has some issues I upgraded firmware no help. Solution is to disable USB 3.0 in BIOS and walla. I do not know whose problem is this or Gigabyte or Microsoft but I bet on Gigabyte because as I found out only two Gigabyte devices has this issue.
http://support.microsoft.com/kb/2693144?wa=wsignin1.0

Ok than transforming all virtual machines to hyper-v was another pain in the ass most of it solved by re installing virtual pc-s.

There is just one big “issue” with Linux in Hyper-V and TrueCrypt. When you install Linux and power off you have to force dismount TrueCrypt:

When you remount disk DO NOT forget in which mount drive it was previously otherwise there are some problems which in that time i did not have time to solve if you know how to solve them please share with me. As I have also other machines I decided that it is simpler to use more than one machine. All linux virtual machines on other PC with VMware.

So after few months with few updates I decided to try to install Virtual Box. Party installation went well till…. REBOOT.

PC did not reboot. After a few times I tried to reboot it also in safe mode but no help.

I tried to recover it but:

Here comes another “trick“. I did not find out why but it solution is if you click advanced options and there continue to Windows 8 it works well. If you click here Shut down I did not managed to start it.

If you want to look at log file:

A patch is preventing the system from starting.

Repair action: System Restore
Result: Failed. Error code = 0x1f
Time taken = 98969 ms

Repair action: System files integrity check and repair
Result: Failed. Error code = 0×490
Time taken = 399219 ms

I hope that you read this before spend a lot of time like me to some kind of find a solution.

To conclude I win I have now Windows phone 8 SDK Hyper-V and VirtualBox!

 

Server side app to SQL dataflow

Lately I did some network analysis of some company’s computer network (reason was to find who was using facebook). Here and there, I fund something strange. What was strange? SQL sentences. Yes, SQL request, response in the network.
I talked with admin and he told me that it is impossible because applications are securely connected to their WS (web service) through SSL.

I asked again if they use any direct database access from app he said no nothing. So where would be the problem? I decided to look to that specific application traffic anyway. So I spent almost an hour just to check if there goes any traffic (click there left button right button reverse order… they do not have source code). No clean, everything seemed all right. Than what I found out was that destination IP from the application is different to that destination IP that I found previously. Therefore, I looked to a server side application. What I found out was that application has database in different location. Connection string to the database was not localhost but IP, port. Ok problem found. Solution known.

Why did I not recognize this problem earlier? No idea I had same problem when I developed one simple app for myself. I resolved this before release If I re-look, it was very dumb of me not to look source and destination IP.

What impressed me later and the reason why I am writing this blog post is:

The company, which sold the program, said that there is no need to secure this part of connection as it is inside the company.

I goggled/binged/yahooed about connection strings to remote database but almost nobody speaks about this “problem” which occurs in non localhost connections. So if you realized that you have this flaw make it disappear. Do not say

There is no need it’s in company’s network

.Net to MS SQL

Solution: http://msdn.microsoft.com/en-us/library/ms189067%28v=sql.105%29.aspx

PHP to MySQL

Solution: http://dev.mysql.com/doc/refman/5.1/en/ssl-connections.html

 

Malware Detection using NLP

In university we were talking about NLP (Natural language processing) how it works where can be used and how good results it gets. Therefore, I decided to write simple program to see how NLP works on detecting malicious software using computer-learning techniques.

The computer security is facing new challenges on securing devices. Not only from the prospective of a lot of different operating systems but also from the prospective of the idea how to secure company which uses  BYOD (Bring Your Own Device). The main motivation was to discover why big security companies do not use this technique (maybe they do but I did not find out).

The presentation, which I presented, at a university I was talking about how malicious software works, differences between them and important dates in malware history. Then I briefly explained how current anti-virus protection works. What SECaaS is etc.. But here let’s move to the point.

How did I prepare data? What I did was simple hex dump all op codes to a long single line. But what was the problem now? Enormous strings so what I found in one example was to create N-Grams by splitting them into strings of specific length and specific padding

Example n-gram = 4 and padding = 2

After creating these n-grams, I prepared two functions for two different classification techniques:

• Cosine similarity
• SVM (Support Vector Machine)

Now here was the biggest problem. Also with modified n-gram creation there where big amounts of data for six programs which had less than 1 MB cosine similarity worked almost an hour probably there is a lot to optimize  and code is written in .NET with LINQ running on Computer with Processor Intel i7, 16GB RAM DDR 3.

For better understanding and knowing which technique works better, I used ROC (receiver operating signal) and put them in TP, TN, FP, FN.

Results for string length 8:

From the results, we can see that SVM returns better results.

Anyway, to conclude I saw why this does not work in practice. Described techniques would be fun to see how they work on “normal” programs (size > 50 MB) maybe when I will have i12 and 1 TB of RAM I will try

Links:

http://en.wikipedia.org/wiki/N-gram
http://en.wikipedia.org/wiki/Hex_dump
http://en.wikipedia.org/wiki/Support_vector_machine
http://en.wikipedia.org/wiki/Cosine_similarity
http://en.wikipedia.org/wiki/Security_as_a_service
http://en.wikipedia.org/wiki/Receiver_operating_characteristic

 

Office Outlook and Live accounts security issue

After I reported this issue to Microsoft security response team it was suddenly patched. Thanks guys

I was at security conference last week and yes I found out something new.
The story begins with my roommate who decided to analyze some local internet traffic. One think went to another and suddenly he asks me:

You don’t use https ???

I said no man I use it are you mad? And he shows me packets in wireshark containing my e-mail address and e-mail addresses of some other friends.
WOT ?
I started looking what happens how this is possible…

So firstly I had to narrow down applications which can possibly sand this data through network.
And finally I found the winner. The winner was Office outlook 2013. I went to look what it uses as a connection and how is it possible that something is send in plaintext format. It uses EAS (Exchange ActiveSync) and what it the issue here?

EAS sends NFY, MSG packets as I understand they are some kind of notification packets.
Wait what? All notifications are send in plain text? Yes the response is sadly yes.

Bellow you can see that if you receive a mail the notification is sent to you as a plain text!

MSG Hotmail Hotmail 423
MIME-Version: 1.0
Content-Type: text/x-msmsgsemailnotification; charset=UTF-8

From: xxxxx
Message-URL: /cgi-bin/getmsg?msg=******&start=0&len=*****&curmbox=ACTIVE
Post-URL: https://login.live.com/ppsecure/md5auth.srf?lc=****
Subject: Re: *********
Dest-Folder: ACTIVE
From-Addr: xxxxxx@xxx.com
id: 0
Extended-Flags: ab=1|i=9|e=0

Furthermore I found out that also other notification like status change and this kind of stuff comes in plain text =O

NFY DEL 302
Routing: 1.0
To: 1: ******@outlook.com
From: 1:******@****.com
Reliability: 1.0
Notification: 1.0
NotifNum: 0
Uri: /user
NotifType: Partial
Content-Type: application/user+xml
Content-Length: 83

much more interesred was this one:

To: 1:*****@outlook.com
From: 1:*****@hotmail.com

Reliability: 1.0

Notification: 1.0
NotifNum: 0
Uri: /user
NotifType: Partial
By: 1:*****@hotmail.com;epid={*****}
Content-Type: application/user+xml
Content-Length: 899

IDL<msnobj Creator=”****@hotmail.com” Size=****; Type=****; SHA1D****; Url=”" Url1=”http://byfiles.storage.msn.com/ THIS URL ACTUALLY WORKS without any autentification ; ****2684355072:1288:1jsonmail.live.com0:02msgrlib:5.0.0.0

The url provided is link to user new picture.
Other urls like that in the mail example (/cgi-bin/getmsg?msg=******&start=0&len=*****&curmbox=ACTIVE) are not active if you try to open them you get error you need to be autentificated to view message uff at least that!

I thought that this is just in Office 2013 but wait a minute after some time this packets are seen also in Office 2010 with Outlook connector.
Wait WHAT ?

So what I found out? That all data all contacts are transmitting in PLAIN TEXT!
I cannot imagine what I also found out:

NFY PUT 1147
Routing: 1.0
To: 1:****@outlook.com;via=9:00000000-0000-0000-0009-51833e8eaed4@live.com
From: 1:****@hotmail.com
Via: 9:00000000-0000-0000-0009-51833e8eaed4@live.com
Reliability: 1.0
Notification: 1.0
NotifNum: 0
Uri: /user
NotifType: Partial
Content-Type: application/user+xml
Content-Length: 817
<user>
<s n=”PE”>
<UserTileLoction>&lt;msnobj Creator=”*****@hotmail.com” Type=”3″ SHA1D=”*****” Size=”25546″ Location=”0″ Friendly=”PwAAAA==”/&gt;
</UserTileLocation>
<FriendlyName>[b][c=48]*****[/c][/b]</FriendlyName>
<PSM>Your brain gets smart but your head gets dumb</PSM>
<ColorScheme>-3</ColorScheme>
<BDG></BDG>
<RUM>Your brain gets smart but your head gets dumb</RUM>
<RLT>0</RLT>
</s>
<sep n=”IM” eid=”{********}”>
<Capabilities>2955186480:2609258384:4</Capabilities>
</sep>
<sep n=”PE” epid=”{12b699f1-1cbd-4931-a183-f9735c143a13}”>
<VER>MSNMSGR:16.4.3503.0728</VER><TYP>1</TYP><Capabilities>100663296:1142538240</Capabilities></sep></user>

As we can see it provides as also user msn versions. And there is even more info…

I tested also WP7 phones with live accounts and Android phones with Hotmail application and fortunately there is no such leakage as in Outlook 2013 and Outlook 2010 with Outlook connector

Conclusion:
Every time you try to install something new test it first!
Deactivate any Microsoft (free) live account in Outlook! Use only online version!

I do not know if they are aware of this issue but I think they are and they just ignore it!

 

City web cams or city eyes?

A lot of city’s use live feed cameras but have you ever asked yourself how is with security? Can you track people on camera feed?

So I decided to make a little modification to “my” face recognition system. “My” because I just used OpenCV library to implement it. So I decided to find optimal live feed in a city as I just wanted to know what results I can get with fast written program and open source library.

As I don’t promote any face recognition system or library neither I do not want to tell in which city this was done none of images will be in color just black and white.

Firstly I tried to use Haar cascade to find faces on the image. As images are in low resolution Haar cascade did not found anything. So what to do next? I tried the simplest way that I could remember.  As people are moving I decided to try with image subtraction. As you can see below it was not hard to find people and who is moving through camera and who away this step was the most painful and took majority of time spent for this proof.

As this step was done I decided to draw a rectangle on a top of the region of a person. Yes it is not the best way it is not the cleverest way neither but I had a goal to find out if this is possible.

The rectangles represents faces which I cut out and rectangles had to be under the line in the middle (200px).

Next step was to find people which I know and would walk there. After I convinced three people I put their faces in one directory (true positive). And than ask them to walk one after another with a little bit of time delay. Of course I recorded the camera and in the end there was many faces saved on the disk total was 1496 faces. Then I run PCA on all faces and tried to recognize if friends exist on faces where they shouldn’t. The result was very disappointing there were 683 false positives 45.7%. Crap…

So as I have a little experience I know that more persons you “train” using PCA worse results you get. So I tried with just one person and it was like wow 94 false positives 6,3%.

Then I retried with 2 persons and false positives were like doubled 12,8%. Ok I see let’s put also true positives inside and there were 1507 faces. Of course I did not tried with 3 friends but with 1 an look smile on my face 6,3% false positives 100% true positives nice =) That’s it. =)

I tried with two friends but there were 5 of 7 true positives.

Conclusion:
Let’s say that it is possible to track someone’s “habits” where she/he moves and when.
You are right the results are not very good but for prove of concept with no optimization no advanced processing or anything I think results are pretty impressive.
http://opencv.willowgarage.com/wiki/FaceRecognition
http://opencv.willowgarage.com/wiki/
PCA