Category Archives: CodeProject

Skype account hijacking

It looks like Skype has another big hole in their security. This one allows you to hijack any Skype account and read history in case you know skype login (account name) and e-mail of a person. It is interesting that this issue was posted to Skype support a while ago, but nothing were done since then.

Below is an algorithm reproducing the hijack of some account:

  1. You need to know Skype and corresponding e-mail address
  2. Register new Skype account using e-mail address from #1. You’ll got message that it is already in use – just ignore that and fill in the form further.
  3. Log in into new profile and add new e-mail (one you own) as additional.
  4. Log in to Skype client application
  5. Delete cookies, navigate to forgot password page and use e-mail from #1.
  6. Marker should be sent to e-mail, but e-mail isn’t sent skype client notification pop ups instead.
  7.   Marker notification popupMarker link image
  8. Navigate by the link, you can see e-mail from #0 and all logins regstered for this e-mail, in the list you can see your login added in #2
  9. Now you can choose ANY login and change password

For now the only way to defend your account from hijacking is to register new e-mail address that was never disclosed to anyone and change the main e-mail address of the Skype account on Skype web site.
Attention! You cannot change main e-mail address in Skype client, only in Skype web site.

Discussion in Russian (http://habrahabr.ru/post/158545/)

Source in Russian (http://forum.xeksec.com/skype.html#post98725)

Update

Eventually gizmodo published the news.

Skype officially stated: “We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologise for the inconvenience but user experience and safety is our first priority”.

It is funny since person who found this hole, contacted Skype support 2 months ago and nothing were done.

 

Local image caching with custom control in WPF

Recently I needed my WPF application to cache images locally, when there’s connectivity issues or data is not updated. I searched web if there’s a standard way to do this, but it seems like you can do whatever you like and then I found a post on stackoverflow, where the same topic was discussed. Based on this I made custom control which:

  • can download images asynchronously and get them from cache if image was downloaded
  • is thread safe
  • has dependency property to which you can bind to
  • update images, providing new names in initial feed (don’t forget to maintain cache clean operation, e.g. you can parse your feed and asynchronously delete images with no links in feed)

Class of custom control is below:

public class CachedImage : Image
{
    static CachedImage()
    {
        DefaultStyleKeyProperty.OverrideMetadata(typeof(CachedImage), new FrameworkPropertyMetadata(typeof(CachedImage)));
    }

    public readonly static DependencyProperty ImageUrlProperty = DependencyProperty.Register("ImageUrl", typeof(string), typeof(CachedImage), new PropertyMetadata("", ImageUrlPropertyChanged));

    public string ImageUrl
    {
        get
        {
            return (string)GetValue(ImageUrlProperty);
        }
        set
        {
            SetValue(ImageUrlProperty, value);
        }
    }

    private static readonly object SafeCopy = new object();

    private static void ImageUrlPropertyChanged(DependencyObject obj, DependencyPropertyChangedEventArgs e)
    {
        var url = (String)e.NewValue;
        if (String.IsNullOrEmpty(url))
            return;

        var uri = new Uri(url);
        var localFile = String.Format(Path.Combine(Globals.CacheFolder, uri.Segments[uri.Segments.Length - 1]));
        var tempFile = String.Format(Path.Combine(Globals.CacheFolder, Guid.NewGuid().ToString()));

        if (File.Exists(localFile))
        {
            SetSource((CachedImage)obj, localFile);
        }
        else
        {
            var webClient = new WebClient();
            webClient.DownloadFileCompleted += (sender, args) =>
                                                    {
                                                        if (args.Error != null)
                                                        {
                                                            File.Delete(tempFile);
                                                            return;
                                                        }
                                                        if (File.Exists(localFile))
                                                            return;
                                                        lock (SafeCopy)
                                                        {
                                                            File.Move(tempFile, localFile);
                                                        }
                                                        SetSource((CachedImage)obj, localFile);
                                                    };

            webClient.DownloadFileAsync(uri, tempFile);
        }
    }

    private static void SetSource(Image inst, String path)
    {
        inst.Source = new BitmapImage(new Uri(path));
    }
}

DownloadFileAsync creates local file even if request failed, so I introduced temporary file, which is deleted if error occurred.

Globals.CacheFolder is just a class that holds static properties with paths and creates directories if they don’t exist, so you should replace it with your existing cache folder path.

Now you can use this CachedImage control in XAML, getting benefits from binding:

<Cache:CachedImage ImageUrl="{Binding Icon}"/>

Automatic TeamCity backup with Powershell

Automatic TeamCity backup is not configurable in UI, but you can use provided REST API and schedule powershell script launch on TeamCity machine or remote machine, which has access to TeamCity server.

You should make POST request, providing parameters in request string not in post data.
Get request to the same URL will return current backup status. See documenatation:

Data Backup

Start backup: POST http://teamcity:8111/httpAuth/app/rest/server/backup?includeConfigs=true&includeDatabase=true&includeBuildLogs=true&fileName=<fileName&gt; where <fileName> is the prefix of the file to save backup to. The file will be created in the default backup directory (see more).
Get current backup status (idle/running): GET http://teamcity:8111/httpAuth/app/rest/server/backup

Here is my code for scheduled task:

function Execute-HTTPPostCommand() {
    param(
        [string] $url,
		[string] $username,
		[string] $password
    )

	$authInfo = $username + ":" + $password
	$authInfo = [System.Convert]::ToBase64String([System.Text.Encoding]::Default.GetBytes($authInfo))

    $webRequest = [System.Net.WebRequest]::Create($url)
    $webRequest.ContentType = "text/html"
    $PostStr = [System.Text.Encoding]::Default.GetBytes("")
    $webrequest.ContentLength = $PostStr.Length
	$webRequest.Headers["Authorization"] = "Basic " + $authInfo
    $webRequest.PreAuthenticate = $true
    $webRequest.Method = "POST"

    $requestStream = $webRequest.GetRequestStream()
    $requestStream.Write($PostStr, 0, $PostStr.length)
    $requestStream.Close()

    [System.Net.WebResponse] $resp = $webRequest.GetResponse();
    $rs = $resp.GetResponseStream();
    [System.IO.StreamReader] $sr = New-Object System.IO.StreamReader -argumentList $rs;
    [string] $results = $sr.ReadToEnd();

    return $results;
}

function Execute-TeamCityBackup() {
    param(
        [string] $server,
		[string] $addTimestamp,
		[string] $includeConfigs,
		[string] $includeDatabase,
		[string] $includeBuildLogs,
		[string] $includePersonalChanges,
		[string] $fileName
    )
	$TeamCityURL = [System.String]::Format("{0}/httpAuth/app/rest/server/backup?addTimestamp={1}&includeConfigs={2}&includeDatabase={3}&includeBuildLogs={4}&includePersonalChanges={5}&fileName={6}",
											$server,
											$addTimestamp,
											$includeConfigs,
											$includeDatabase,
											$includeBuildLogs,
											$includePersonalChanges,
											$fileName);

	Execute-HTTPPostCommand $TeamCityURL "USER" "PASSWORD"
}

$server = "http://YOUR_SERVER"
$addTimestamp = $true
$includeConfigs = $true
$includeDatabase = $true
$includeBuildLogs = $true
$includePersonalChanges = $true
$fileName = "TeamCity_Backup_"

Execute-TeamCityBackup $server $addTimestamp $includeConfigs $includeDatabase $includeBuildLogs $includePersonalChanges $fileName

I’m using TeamCity 7.1, but previous versions also provide REST API.