2011 links no. 2

Stack Overflow profiler open sourced: Profiling your website like a true Ninja.

Smaller is Faster (and Safer Too). Chrome team have just started using a new compression algorithm called Courgette to make Google Chrome updates small. Read more.

Ask Amir Taaki About Bitcoin. From Slashdot.

The Four Stages of NTFS File Growth from Windows Server Core Team.

Some articles from CodeProject:

Rosa Golijan writes about what happens on the Internet every 60 seconds.

The Biggest Changes in C++11 (and Why You Should Care) by Danny Kalev.

Are You Too Good For Code Reviews? Articles and discussion in Slashdot.

Google’s Swiffy converts Flash SWF files to HTML5.

Have you wondered whether WordPress can handle high-volume traffic? High Traffic Tips For WordPress.

The most detailed story about Stuxnet: How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History.

How to build your own 135TB RAID6 storage pod for $7,384 from extremetech.com.

Investigation: Is Your SSD More Reliable Than A Hard Drive? from tomshardware.com.

pdf.js is a technology demonstrator prototype to explore whether the HTML5 platform is complete enough to faithfully and efficiently render the ISO 32000-1:2008 Portable Document Format (PDF) without native code assistance. From Dr. Andreas Gal.

Urih.com has online resource viewer for executable files

One of very interesting online tool we launched in urih.com is online resource viewer for executable files. We call it – Portable executable online viewer.

This new (online) tool can be used like any old (offline) tool to view images embedded into executable (PE format) file.

Also, many properties of executable file are shown, like Date compiled – date when exe is build (not same as file date/time), minimum OS version, application manifest XML file, and more.

Here is an example of how it looks like for calc.exe file from Windows 7.

Strange HTTP GET requests from IP 150.70.x.x and IP 62.24.x.x

Recently I started to notice that one of our sites gets strange HTTP GET requests from two IP ranges: 150.70.x.x and IP 62.24.x.x.

The short version of this goes as follows: we have web service when users can submit results via HTTP GET request. For example:
http://www.example.com/service?guid={BEDC2C9A-C5E6-4766-B57C-7CC07BB26F59}&result=x

Each (next) user/request gets a new GUID, like:
http://www.example.com/service?guid={412E9B56-E9CE-4FB5-9804-676FDC9EA3EC}&result=a
http://www.example.com/service?guid={64A00D1D-BCDB-4B5A-9DF3-51CF2BB6B663}&result=b
http://www.example.com/service?guid={CA5B86A1-A6B4-4CA8-AAA6-DC9302CF34D3}&result=c

Because GUIDs are unique, we should get each GUID only once. But this was not true for our web-service. We occasionally got duplicate requests. We started to investigate closer, and found that all double requests come from two IP ranges 150.70.x.x and IP 62.24.x.x, and all “second” requests follows the first after 30s – 5 min.

We did a Google search and found, that 150.70 IP range belongs to Trend Micro. There are even some statement from them:

Dear Site Owner,

To protect our customers from visiting a malicious or harmful site, web pages of the applicable URLs are downloaded and scanned by our servers. Thus, you may have noticed a few visits from our IPs. Please be assured that this poses no security risk to your web sites as our servers do not perform any action other than scanning the sites.
We then store the rating of the web site in our server cache so that our servers will no longer access those pages for analysis when a customer chooses to visit those web sites again. We have already asked our server owner to add the rating for the following domain(s);
…..
The setting will take effect soon, please verify it again on your site.
Sorry for any inconvenience and please inform us of any other concerns you may have.
Best Regards,
Trend Micro’

More: http://forum.notebookreview.com/security-anti-virus-software/331930-trendmicro-servers-japan-accessing-webservers.html

It seems, that Trend Micro is spying after their customers. Second range comes from Talk Talk UK’s ISP, who apparently spies after their customers too.

Here are some links with more reading:
Search Engine Spider and User Agent Identification Forum from webmasterworld.com
IP Address Inspector – projecthoneypot.org
Im Being Monitored/Watched?

P.S. Most probably they do not try to do HTTP POST request, I do not know. We probably should use POST too, but that’s another story.
P.S.S. Some encryption like SSL should be mandatory for all Internet traffic in future.