Last major update on 23.10.2013

Preface

As promised previously in my last article, I will guide you through the creation process of a rudimentary font. I will use the glyphs of my font to draw captchas and incorportate the implementation in my brand new captcha plugin for wordpress. There are already quite a few captcha plugins out there, some of them are better than mine (RECAPTCHAfor instance translates books and thus solves two problems at the same time), others are worse, because the math equations can simply be parsed (As far as I can judge without inspecting the code further).

In this article however, I will center the focus entirely on the font and abstract from it's future usage in the captcha.

Technical background of fonts

A logical start of font creation is to answer the question what type of font we are going to create. But lets first introduce some concepts that are of importance when it comes to font design.

In short: A font is a collection of glyphs. Each glyph has a shape and there are various ways of describing that shape. You can imagine a glyph as a instanteation of a character. Whereas …

Last major Update: 21.10.2013

Github repo that contains the presented code in this post.

Introduction

In this article I will present you a very simple and in no sense optimized algorithm written in Python 3 that plots quadratic and cubic Bézier curves. I'll implement several variants of Bézier rasterization algorithms. Let's call the first version the direct approach, since it computes the corresponding x and y coordinates directly by evaluation of the equation that describes such Bézier curvatures.

The other possibility is De Casteljau's algorithm, a recursive implementation. The general principle is illustrated here. But the summarize the idea very briefly: In order to compute the points of the Bézier curve, you subdivide the lines of the outer hull that are given from the n+1 control points [Where n denotes the dimension of the Bézier curve) at a ratio t (t goes from 0 to 1 in a loop). If you connect the interpolation points, you'll obtain n-1 connected lines. Then you apply the exactly same principle to these newly obtained lines as before (recursive step), until you finally get one line remaining. Consider again the point at the ratio t on this single line left and …

PLUGIN: http://wordpress.org/plugins/flash-album-gallery/
AFFECTED VERSION: 3.01
DOWNLOADS: 840,714
RISK: MEDIUM/HIGH

The following blog post addresses a critical (chain) of security issues in the version 3.01 of flash-album-gallery
which eventually leads to remote code execution. The exploit is not completely automatically and needs a minimal amount
of social engineering. Nevertheless I rate the danger at a medium/high level {Probably even worse than a fully automatable SQL injection).

First of all, I need to say that the plugin code lacks a fair amount of secure programming techniques and has inherent design flaws as far
as I can say this [I am not a software engineer, I do security as a hobby]. Assumingly, this is a direct result of heterogenous and
evolutionary growth of the software.
I researched flash-album-gallery mainly in June 2013 and after some weeks I found a CSRF vulnerability in combination with
a stored XSS. But on the same time I was preparing to contact the author and reveal my findings, I noticed a new version and
the bug seemed to be found by an independent researcher. See below the lines Fix: vulnerability with albums and Fix: XSS bugs reported by Ken …

Hello everybody!

I finally found some motivation and time to give my blog a design upgrade - Basically an endavour that was overdue since this blog has seen the light of the day ;)

On the technical side, this theme is a complete redevelopment. It's not finished yet, on the contrary, it's the very first version and there remain a lot of issues that need to be resolved. For instance: The majority of the CSS code is still rather dirty and of experimental nature. Additionally, I want to include an image slideshow based on unslider.js. Your template function in the your theme would then look something like the following:

if ( ! function_exists( 'clearcontent_header_slider' )):
/*
 * This function includes a minimal jquery slideshow into the header of the site. It uses unslider.js in 
 * order to achieve this objective. Link to github site: https://github.com/idiot/unslider
 */
function clearcontent_header_slider() {
    ?>

    <div class="header-slideshow">
        <ul>
            <li style="background-image: url('<?php echo get_template_directory_uri() . '/pics/slideshow/1.png' ?>');"></li>
            <li style="background-image: url('<?php echo get_template_directory_uri() . '/pics/slideshow/2.png' ?>');"></li>
            <li style="background-image: url('<?php echo get_template_directory_uri() . '/pics/slideshow/3.png' ?>');"></li>
        </ul>
    </div>
    <script type="text/javascript">
        var $j = jQuery.noConflict();

        // Use jQuery via $j(...) instead …

Hey dear readership :)

What.

I recently was in a need of a handy  and nice way (not just pragmatic) to chose between different entities in the command line, each of them constituting an option. Surely, you can craft a simple menu with standard I/O functions, but I wanted to explore something different and more beautiful.

Therefore I found curses, a simple wrapper around ncurses, the famous BSD/UNIX library for portable advanced terminal handling.

So, I dived into this library, I'd recommend this tutorial for everyone who wants to deal with this old school stuff...

How.

You can check out the recent script on my github site. Here is a copy, for everyone to lazy to look it up:

import curses

# Author: Nikolai Tschacher
# Date: 02.06.2013

class BoxSelector:
    """ Originally designed for accman.py.
        Display options build from a list of strings in a (unix) terminal.
        The user can browser though the textboxes and select one with enter.
    """

    def __init__(self, L):
        """ Create a BoxSelector object. 
            L is a list of strings. Each string is used to build 
            a textbox.
        """
        self.L = L
        # Element parameters. Change them here.
        self.TEXTBOX_WIDTH = 50
        self.TEXTBOX_HEIGHT = 6

        self.PAD_WIDTH = 400
        self …

Introduction

Woah, it has been a hell of a long time since I posted my last contribution (I feel like I always begin my blog post with these introductory words). However, today I want to show you how to forge random identites with a site called fakenamegenerator.com. I use Python 3 and a unoffical branch of socksipy,  a nice module which enables you to tunnel TCP/IP streams through a remote server, commonly used to disguise your real IP address. There are three availabe modes, SOCKS4, SOCKS5 and HTTP. In this blog post, I use SOCKS5, since I install TOR and route my requests through a local proxy sitting on 127.0.0.1:9050.

Why and what

The team behind fakenamegenerator.com writes on their site:

Name: Names are generated by randomly pulling a first and a last name out of a database. The database was compiled from public domain sources. [...]

Street address: The house number is a randomly generated number. The street name is pulled from a database of plausible street names for the state/country being generated. Odds are that the generated street address is not valid.

City, state, and postal code: We have compiled a …