Shinnok's Status Report - #4 of 17

[Shinnok <admin () shinnok com>]

Hello again,

Today GSoC coding period has started officially, thus I'll try my best
to be more productive starting today(yes, personal beating).
These are my accomplishments from last week and priorities for the current:

Accomplishments:
* Tried my best at creating a full duplex work flow between git(-svn)
and subversion with push and pull from github - failed. Did not fail
completely though, but the solutions that I arrived to would have been
to complex and a bugger to maintain then to just cope with SVN. I'll
use only SVN for the time being.
* Managed to get Qt Creator IDE[1] to work with the Nmap project.
Syntax highlighting, *real* C/C++ code completion between Nmap
libraries, local sources and system libraries(\o/), build, debug,
analyze(valgring), scm integration, vim editing mode and lots of other
juicy stuff. Will post a blog about how to do that in a generic way
with Qt Creator and give Nmap as an example, in case anyone has been
looking for a good IDE to work on Nmap.
* Read some more code and got more intimate with the Nmap project
file/directory structure. Do not like the Windows one. :-)
* Although not directly related to Nmap, for a couple of days I've
been crawling Google Profiles for all(35+ million) profile Names and
enabled Nicknames due to this security overlook[2]. As per the Nmap
TODO file section "o Create new default username list:" and [3], I
think that we can use the nicknames that I crawled(already got 1
million) as a usernames.txt in Ncrack with some fine graining. Since
the nicknames are the Google account profile username, which means
Gmail and everything else, I have second thoughts about releasing
millions of Gmail addresses over the net. On the other side, Google
profiles specifically states this security issue and draws out of any
responsibility, when one attempts to set his profile url to
profiles.google.com/account_username instead of the default unique id
number such as profiles.google.com/u/0/109065285129186838530. As for
the names list, I plan to create a couple of dictionaries for
usernames and passwords based on the same rules that Ron has applied
to the Facebook directory names([4]). Ron? ^^
There's also some interesting statistics to be drawn out of the
correlation between names and nicks that people choose, r.astley,
rick.astley, rastley,  r.roll, rroll, etc.. But I'll leave that for
later since the current method I use for crawling, does not keep a
direct relation between names and nicknames since not all accounts
have the account name profile url enabled and for crawling performance
reasons.

Priorities:
* Respond to David regarding a patch
* Decide on something to get started with, just to get in the mood
* Publish those blog posts I've been planning to do


[1] http://qt.nokia.com/products/developer-tools/
[2] http://www.gstatic.com/s2/sitemaps/profiles-sitemap.xml
[3] http://seclists.org/nmap-dev/2010/q1/798
[4] http://www.skullsecurity.org/blog/2010/return-of-the-facebook-snatchers


Regards,

Shinnok
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/