Friday, September 26, 2014

(Opinion) Simple Sucks! It is time for a new bank.

First of all, this is an opinion piece, meaning all of the statements in this article are my own personal opinions of my experiences.

I am really frustrated with my bank right now.  I signed up for a bank account from Simple <http://www.simple.com> back in March, and I have had issues since the beginning.

"Simple"ly put: Simple is the worst bank I have ever had!

I have attached a PDF to this article that has all of the tickets (or conversations as they call them) that I have opened with them.  Some are still open so I will try and update the PDF as the ticket gets updated.
Note: Just to be clear, references to "insufficient funds" mean that the available balance was not high enough to cover the scheduled payment, NOT that my account was $0.00 or negative.

Hopefully after reading my experiences, you will take my advice and avoid Simple like the plague.

--Anthony R.

https://drive.google.com/file/d/0B4UO52-Ra7PmdVVHWC1TWHFvN1k/edit?usp=sharing

Thursday, June 27, 2013

The downfalls of C#

I have mixed feelings about C# as a programming language.



I feel as a programming language it is intuitive and full featured, but that is where it's positives end.  I really like developing in C#, but I feel it is really only good for Open Source Software (OSS), and I will tell you why.

Recently I was hired to do some integrations for 2 different customers each for a third party software that had no API or integration documentation.  The companies who produced the softwares mentioned basically refused to help. So where does that leave me?  Since they were both written in C#, I can still get what I need, and pretty easily also.  How you may ask ... ILSpy.  C# allows reflection on "compiled" code.  With ILSpy I was able to reverse engineer (for purposes of interoperability) and see their source code.  It even had the original variable names!  It had everything except code comments.  So with this ability, someone could look at, say ... their license mechanism and write a keygen or a software crack.  As a proof of concept, I will go over how it is could be done in one of the 2 softwares I was working with.  I will not disclose the actual software's name, any of its original source code or the end result keygen executable (because I did not write one) ... this is just an example of how it could be done.

So the first step is to open the the executable in ILSpy and start browsing around in the code.  After some digging I found the license methods in a supporting DLL file, a method called ReadLicenseFile(), and a method called DecryptString() which is used by ReadLicenseFile().  But there is a problem ... there is only the decrypt method .... no encrypt.  Well lucky for me most cryptography assumes decrypting is the private or secure part and so with a good understanding of the C# programming language and the fact that they embedded their entire 1024bit RSA key (both public and private keys) in their code I was able to produce a reverse of what they did.  Here is the code sans the RSA key:

public string EncryptString(string inputString, int dwKeySize, string xmlString) {
 RSACryptoServiceProvider rSACryptoServiceProvider = new RSACryptoServiceProvider(dwKeysize);
 rSACryptoServiceProvider.FromXmlString(xmlString);
 string returnstr = "";
 int num = dwKeySize * 11 / 16 / 8 / 4 - 1;
 int num2 = inputString.Length / num;

 string tmpstr = "";
 for(int i = 0; i <= num2; i++) {
  if(inputString.Length < (num*i)+num) {
   tmpstr = inputString.Substring(num*i);
  } else {
   tmpstr = inputString.Substring(num*i, num);
  }
  byte[] val = rSACryptoServiceProvider.Encrypt(Encoding.UTF32.GetBytes(tmpstr.ToCharArray()), true);
  Array.Reverse(val);
  returnstr += Convert.ToBase64String(val);
 }
 return returnstr;
}


So by using this and reading through the license parsing code to determine what it expects to be in the unencrypted string, I can produce my own license file. This was a very simple example because their license mechanism was very simple.  When it comes to protecting your software from piracy this should be the most secure aspect and the hardest to reverse engineer part of your software.

So to conclude, I feel C# is a great programming language but if you are producing closed source software, DO NOT USE IT, AND SURE AS HELL DO NOT INCLUDE YOUR ENTIRE RSA KEY IN IT!!!!  To be fair there are some tools out there obfuscate the code to help prevent reflection, but these can actually introduce bugs into your software because they rewrite the code and re-compile it to a less readable version which is still not very secure.

To all closed source software companies using C#:  DON'T!

Sorry to all of the hackers out there for spilling the beans.

Thursday, March 28, 2013

Netflix for Linux!!!

Original post: http://www.iheartubuntu.com/2012/11/ppa-for-netflix-desktop-app.html



So I just found out that you can get Netflix on Linux.  It is only for Ubuntu right now, But I got it working on LinuxMint Debian (Cinnamon 64bit) and here is how:

Instructions for LinuxMint Debian (Cinnamon 64bit):

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 1F691896 
sudo apt-add-repository "deb http://ppa.launchpad.net/ehoover/compholio/ubuntu oneiric main"
sudo apt-add-repository "deb-src http://ppa.launchpad.net/ehoover/compholio/ubuntu oneiric main"
sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install netflix-desktop libwine-gecko-1.4 mono-complete
sudo sh -c "echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections"

sudo netflix-desktop


Choose 'yes' on the pop-up windows for it to download and install everything for you.

ENJOY!

Wednesday, May 2, 2012

Almost had my name in the credits of a movie!

So here is the latest thing I have been trying to pull of.  You will see that in the end it was not successful, but it might have been if I had stayed with it.  I decided to pull the plug because they were asking too many questions.  Please note that all names have been changed to protect all involved.  As you can imagine, some people would lose their jobs if it were known that they almost allowed this to happen.  So here it goes:




From: Brian Banims [mailto:bbanims@fakecompany.com]
Sent: Thursday, April 26, 2012 1:54 PM
To: Jane Johnson
Subject: [BIG PRODUCTION MOVIE TITLE HERE]

    Jane,

    I had almost forgot, I really have to have a special thanks to [MY REAL NAME] added to the credits for The [BIG PRODUCTION MOVIE TITLE HERE] movies.  Please get back to me and let me know that this is done.

    Brian



From: Jane Johnson
Sent: Thursday, April 26, 2012 4:09 PM
To: 'Brian Banims'
Cc: Cindy Smith
Subject: RE: [BIG PRODUCTION MOVIE TITLE HERE]

    Dear Brian,

    With regard to the request below, I believe Cindy Smith is handling the credits for THE [BIG PRODUCTION MOVIE TITLE HERE] films, perhaps she can assist?  (not my area of expertise)   I’ve copied her in, to address with you directly.

    Hope you are well-

    All the best,
    Jane Johnson

    ________________________________________________________________________
    JANE JOHNSON  - EVP Distribution, [BIG MOVIE PRODUCTION COMPANY]
    Tel:  (###) ###-#### Email: jane.johnson@[BIG MOVIE PRODUCTION COMPANY DOMAIN NAME]



On 4/26/2012 6:22 PM, Cindy Smith wrote:

    Hi Brian - [BIG MOVIE PRODUCTION COMPANY] doesn't credit individuals in the "thanks" section of the end crawl, however please let me know what [MY REAL NAME] did and maybe he can be placed in the crawl.  Thanks, Cindy



From: Brian Banims [mailto:bbanims@fakecompany.com]
Sent: Friday, April 27, 2012 6:26 AM
To: Cindy Smith
Subject: Re: [BIG PRODUCTION MOVIE TITLE HERE]

    Thanks Cindy for getting back to me.  [MY REAL NAME] has been working as an intern assistant for me and has been coordinating all of my emails regarding this project.  I just wanted to make sure he gets a proper credit in the crawl.



On 4/27/2012 11:10 AM, Cindy Smith wrote:

    Do you have an assistant already?  If so, maybe we can credit [MY REAL NAME] under your assistant's name.
   


From: Brian Banims [mailto:bbanims@fakecompany.com]
To: Cindy Smith
Subject: Re: [BIG PRODUCTION MOVIE TITLE HERE]

    I changed my mind, let's not put [MY REAL NAME] in the crawl.
So, I should probably explain a little bit about my previous post concerning the movie producer's emails.  I have been getting them for a long time now and I get them for almost everything (iTunes, movie production notes, script pitches, something about the transportation system in London, and even an official invitation to the Golden Globes post-show celebration).  At first I would politely forward them along, noting at the top of each one that he needs to verify his email with whoever sent them.  But, they kept coming, so I sent him an email one day stating that I would no longer be forwarding them to him, but instead I would be deleting them without notifying him.  He acknowledged it, yet I still continue to receive these emails and most look very important.  So what should I do? 

Start trolling them.  I will try to post on here my exploits as I continue with this social engineering project and see what I can get out of it for my troubles.  Wish me luck!

Thursday, April 26, 2012

So I have been getting some emails lately from someone named Brian (name changed to protect their identity), and it appears he is a rather well off individual that appears to maybe be some kind of video production producer.  The reason I have been getting his emails is because he has an email address very similar to mine.  In fact it only has one letter different. The @domainname.com part is plural on his and singular on mine like so:

    mine: fakeemail@companycreative.com
    his: fakeemail@companycreatives.com
    (companycreative.com is fake and is nothing close to either of our emails)

Hmmm, now what to do.  I get emails ranging from script pitches to minutes from movie production meetings (very big and popular movies).  And the latest ...

I got 2 emails from a VERY big and expensive car dealership in Los Angeles, CA:

The first had 5 pictures of a very beautiful Porsche Turbo Panamera, and the second had the credit application to buy it.  This is where the trolling starts :)

I responded to the first email:
            "I am just not digging the Porsche."

And I responded to the second email:
            "I am pretty sure my credit is not good enough for a Porsche. Sorry, maybe next time."

They responded back to the second email:
            "no problem, but thanks"

NO PORSCHE FOR YOU UNTIL YOU LEARN WHAT YOUR EMAIL IS!




Tuesday, November 15, 2011

Haddock Tomboy Notes Sync for ownCloud

I have been working hard to get the Haddock Tomboy Notes Sync written and here is the first screen shot.  Please note that this is far from done, but it is pretty awesome.

What is currently does:
  • Syncs with Tomboy
  • Able to read notes in Haddock
What is DOES NOT do yet:
  • Edit notes
  • Create new note
  • Delete notes
  • Create / Manage notebooks
  • Search
  • And pretty much anything else.
I am making huge improvements to it everyday, so stay tuned. Also I plan on setting up a demo server soon for everyone to check out once it gets a little further along.