Skip to main content
MSRC

Do you believe in ghosts?

When I was a kid, I had nightmares every week. I still remember some of them vividly, particularly the ones where ghosts were involved. Not the typical ghosts from the movies, but ones that could not be seen, only heard and felt. Why would I be so frightened and still remember them “vividly” today? Because during those nightmares, I had the illusion of having control but still was not able to run away from those “entities”. I felt hopelessness even hours after waking up.

I started working with Web browsers for an online floating ad company a long time ago and my job was to make the floating ads cross-browser compatible (making sure that they worked on Netscape and IE/Win/Mac with and without Flash). During that time, Opera was just music and Firefox was not even in the wildest nightmares of anybody. To be fair, Opera existed but was only used to click on the red door at Fravia+. And by the way, Opera was not freeware during that time.

It was a very hot day in summer and I was trying to fix the position of the Artificial Intelligence Flash movie over the sites where the ad was shown. I don’t know if the music of that floating ad was the same as the movie’s music, but it was scary for me. You know, the terror-music type, suspense, whatever. It was simply “not nice” for me. It was the type of music I would not like to hear alone at home, in the dark.

The designers did not finish the final animation until 10:00 PM that day, so I left the office with homework: I had to finish the positioning, make it cross-browser compatible, package the files, and deliver it.

Back at home, while testing, the music of the animation really bothered me. Besides being very scary (it was 2:00 AM and I was home alone), I had to listen to the same music over and over again! Every reload meant hearing that music again. So I simply muted my speakers and continued working for two more hours until everything was correctly positioned, the click-though was correct, and the animation worked flawlessly on all browsers. So I relaxed, moved away from my PC, and lit up my classic relaxing cigarette. No more work for today.

Half an hour later I went back to my PC to start Winamp, but when I watched the screen I saw the floating ad that was loaded on my browser from my last test, so I simply clicked on my home button, going effectively to about:blank and leaving the page clean. I loaded Winamp to hear a few tunes before going to sleep, and when I unmuted the speakers by dragging the volume-up, the scary music from Artificial Intelligence banged out of my speakers! I was expecting to hear “Twisting the Night Away” (Innerspace version) but the floating-ad-music had continued playing!

What was happening? The floating ad was not in the browser anymore! How was this possible? Yeah, the browser was open, but there were no tabs (tabs were only available on Opera) so the only loaded page was about:blank. I started killing every task until I was left with nothing more than the browser. The music was coming from my browser which had nothing more than a blank page loaded! How was that possible?

And the music was scary for me. It reminded me of my childhood nightmares: nothing to see, but you could hear it and feel it. My nightmare had become true. The browser (which was part of my life) had a real ghost inside!

Should I kill the task? Will that stop the music? Feeling a bit anxious, I simply clicked the End Task button and sure enough, Task Manager destroyed my nightmare. Mark Russinovich preaches about Process Explorer, but if I have to pray, I will always do it to Task Manager. I felt so good when the music stopped.

Anyway, it was that scary music that started my interest in “tricky code”. If the music could continue playing even after leaving the Web page, was it possible to run a script the same way?

Probably because of that story, my presentation at the 7th BlueHat started with the phrase “Do you believe in ghosts?” It was a presentation that showed how to run scripts in the browser after navigating away from a page. In other words, keep controlling part of the browser behavior from behind the scenes no matter where the user went. It was like “having a ghost in the browser”.

Not only did I believe in ghosts, I had evidence that they existed – at least inside browsers – and I wanted to show it to the folks at Microsoft. The nice thing is that the ghost-busters at Microsoft patched the code, destroying my nightmares, hopefully forever.

Last night I woke up in the middle of the night. I was thirsty. I grabbed the glass of water that I always have on my nightstand, and the second I placed it on my lips I remembered what I was dreaming about. I was part of a discussion panel, talking about what it means to be a hacker. We were exploring the value of hackers to the ecosystem, hacker skills, motivations, and incentives. Trying to understand the difference between a hacker and a criminal. Andrew Cushman and Damian Hasse from Microsoft were there! And so were colleagues of the ecosystem like Ivan Arce, Luiz Eduardo, Nico Waisman, Rodrigo Rubira Branco and Felix ‘FX’ Lindner!

But when did I fly to Redmond? It was strange to me to be at the BlueHat conference without remembering the flight (I hate to fly). Buenos Aires is far away from Redmond, how could I forget? When did I plan this? The instant I thought that, I read the small letters at the bottom of the BlueHat flag which said, “BlueHat Buenos Aires”. But it wasn’t a dream after all. The BlueHat organizers were in fact organizing a BlueHat in Buenos Aires for the local researcher, enterprise and government communities across Latin America and the reality was that I was going to be able to be a part of it—and all in my (near) backyard in March!

With my glass of water and having slept enough, I grabbed my notebook to see that I had received a new e-mail from Celene and Dana. The body of the message said, “Will you participate in the BlueHat Buenos Aires?” I could not believe my eyes. Still today I feel flabbergasted when I think about it. A nightmare vanished and a dream came true.

This BlueHat security conference in Argentina–for me–is the most important one. It has something for everyone. We will hear from the creator of OWASP, the minds behind PHNeutral, ysts and Hacker2Hacker, iDefense, CORE, and the ghost busters of the MSRC. I never believed that saying, “you learn something new every day;” however, this day you will certainly learn something and leave the BlueHat conference with new ideas, homework to do, and the motivation to get started.

Hope to see you there.

Manuel Caballero.


Related Posts

How satisfied are you with the MSRC Blog?

Rating

Feedback * (required)

Your detailed feedback helps us improve your experience. Please enter between 10 and 2,000 characters.

Thank you for your feedback!

We'll review your input and work on improving the site.