Monday, March 29, 2021

PHP Backdoors - the official PHP Git repository suffers software supply chain attack


















From PHP's Git server hacked to add backdoors to PHP source code (bleepingcomputer.com)

In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with.

Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.php.net server.

The threat actors had signed off on these commits as if these were made by known PHP developers and maintainers, Rasmus Lerdorf  and Nikita Popov.

Open source is has serious trust issues.


Friday, March 26, 2021

C# .NET - How to get the proper length of a Unicode string

That's Italian for ruler 

Here's how to get the proper length of a Unicode string, which is not the same a standard string length. 

A couple of ways are shown.



Source Code
using System;
using System.Globalization;
using System.Diagnostics;
                    
public class Program
{
    public static void Main()
    {
        // 140字以下かどうかのチェックを行い超えている場合はconfigに従って動作する
        //🎶🔥é- is standard length of 6, but there are ONLY 4 characters! Why not len=4?
        //🎶🔥 are double byte UNICODE characters (> \u10000) of width or len 2 each 
        //🎶🔥é- below will replace space after lasting character '-' (position 4) with a sub using most common techniques seen online
        
        string s = "𠇰😈🎶🔥é-"; 
		string s2 = "𠇰😈🎶🔥é-"; 
        Stopwatch sw = new Stopwatch();
        
        sw.Start();
        int typicalen = s.Length;
        sw.Stop();
        Console.WriteLine("Normal String {0} len = {1} in {2} ticks.",s, typicalen, sw.ElapsedTicks.ToString("N0"));
        
        StringInfo stringInfoThrowAway = new StringInfo("Preload this function"); //Results vary if you move this before or after below implementations
        
        sw.Reset();
        sw.Start();
        StringInfo stringInfo = new StringInfo(s2);
        int stringInfoLength = stringInfo.LengthInTextElements;
        sw.Stop();
        Console.WriteLine("new StringInfo {0} len = {1} in {2} ticks.",s,stringInfoLength, sw.ElapsedTicks.ToString("N0"));
        
        
        sw.Reset();
        sw.Start();
        int[] textElemIndex = StringInfo.ParseCombiningCharacters(s);
        int tEILength = textElemIndex.Length; 
        sw.Stop();
        Console.WriteLine("ParseCombiningCharacters String {0} len = {1} in {2} ticks.",s,tEILength, sw.ElapsedTicks.ToString("N0"));
        
        sw.Reset();
        sw.Start();
        // Use the enumerator returned from GetTextElementEnumerator 
        // method to examine each real character.
        TextElementEnumerator charEnum = StringInfo.GetTextElementEnumerator(s);
        int i = 0;
        while (charEnum.MoveNext())
            {
                i++;   
            }
        sw.Stop();
		
		Console.WriteLine("GetTextElementEnumerator String {0} len = {1} in {2} ticks.",s,i, sw.ElapsedTicks.ToString("N0"));
		
		sw.Reset();
        sw.Start();
        char[] charsInString = s.ToCharArray();
        int charLength = s.Length; 
        sw.Stop();
		
        Console.WriteLine("ToCharArray {0} len = {1} in {2} ticks.",s,charLength, sw.ElapsedTicks.ToString("N0"));
        
    }
}

Thursday, March 25, 2021

Amazon Phishing Email with subject RE: Noreply_Notification: [Service Billing Notification] [Review Your Orders]: Your billing information did not match with the card on file. Invoice Transaction Number

For the record, this is an Amazon phishing email attempt that is recently going around, with subject "RE: Noreply_Notification: [Service Billing Notification] [Review Your Orders]: Your billing information did not match with the card on file. Wednesday, xx March 2021 - Invoice Transaction Number"

What to do?  Report them, goto bottom of page. 


From : Amazon Service <xxxxx@thillconsinc.onmicrosoft.com>
Subject : 
RE: No reply_Notification: [Service Billing Notification] [Review Your Orders]: Your billing information did not match with the card on file. Wednesday, xx March 2021 - Invoice Transaction Number


Message from customer service







PHISHING LINKs;

1. https://l.wl.co/l?u=https://gopagesan-tibo.tant.c3hn0d.com/xxxxxx

How to tell this is a Phishing email ?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the  company's website then forget it.
  3. The best way is to 

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing

If you have received this email take further 

  1. https://www.google.com/safebrowsing/report_phish/


Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx