Skip to content

Forging a Chest Handle


As my work on the Mästermyr-like chest is slowly coming to completion, I noticed that due to thicker planks, the chest is getting too heavy to carry comfortably without handles. Although, the original chest did not have any handles, I decided to forge handles anyway. None of the books in my library had good illustrations of Viking-age handles but the simple design above is going to fit with the hardware I have forged so far.

This handle was forged from a 7in long piece of 3/4in round steel. I isolated a 1in piece in the middle by fullering with a spring fuller at 3in and 4in from the end. After the middle piece was isolated, I tapered both sides to 1/4in so that each end was about 6in in length. The transitions were square, octagon and then round as usual. Each end was bend at 3in over the horn of the anvil.

The loops were forged from 1/4in thick and 1in wide rectangular steel. I used a butcher to get a tenon that could be forged down to 1/4in round and then drilled a 1/2in hole for the eye where the handle is going to fit through.

To make the handle stop rotating at 90 degrees, i.e. to avoid squeezing the hands, I put each end of the handle in the vise and used a set hammer to bend a stop that is going to engage with the plate, see the picture. The base plate is 1/8in thick and the loops where riveted to it with the handle in place. The whole process took about 5 hours.

Surprisingly, aside from a couple blacksmithing books, I could not find any article on the web that shows how to forge a chest handle.
Categories: Hacking
Defined tags for this entry: , , ,

Lizamoon SQL Injection Campaign Compared

Malware infections such as SQL injection are a well known security problem. Over the past two years we have seen several large-scale infections on the web, e.g. Gumblar.cn and Martuz.cn. Recently, a new SQL injection campaign called Lizamoon has gained a lot of attention. I had expected web sites would become more secure over time and less susceptible to simple security problems, so it is surprising that SQL injection is still a prevalent problem. That let me to wonder: Was Lizamoon as successful as previous infections? In a discussion about this problem, my colleague Panayiotis Mavrommatis suggested that comparing the size of campaigns via search engine result estimates might not be very accurate measurement.

That begs the question of how to assess the impact of infections. While the number of infected URLs is one possible measure, it is skewed by many different factors, e.g. a single vulnerable site contributes a large fraction of the infected URLs and overstates the impact. Instead, counting the number of infected sites might be a better metric. Even so, to judge the relative scale of an infection campaign, it might be helpful to compare it to previous incidents.

Below is a comparison of the Gumblar.cn/, Martuz.cn/ and Lizamoon infections based on Google's Safe Browsing data. The graph shows the number of unique infected sites over a 30 day sliding window.

For this analysis, I counted the sites that had a functioning reference to it, e.g. a script src=. Sites that escaped the script tag rendering it harmless were not counted. For Lizamoon, I aggregated the sites provided by the websense blog into a single measure:

hxxp://lizamoon.com/
hxxp://tadygus.com/
hxxp://alexblane.com/
hxxp://alisa-carter.com/
hxxp://online-stats201.info/
hxxp://stats-master111.info/
hxxp://agasi-story.info/
hxxp://general-st.info/
hxxp://extra-service.info/
hxxp://t6ryt56.info/
hxxp://sol-stats.info/
hxxp://google-stats49.info/
hxxp://google-stats45.info/
hxxp://google-stats50.info/
hxxp://stats-master88.info/
hxxp://eva-marine.info/
hxxp://stats-master99.info/
hxxp://worid-of-books.com/
hxxp://google-server43.info/
hxxp://tzv-stats.info/
hxxp://milapop.com/
hxxp://pop-stats.info/
hxxp://star-stats.info/
hxxp://multi-stats.info/
hxxp://google-stats44.info/
hxxp://books-loader.info/
hxxp://google-stats73.info/
hxxp://google-stats47.info/
hxxp://google-stats50.info/

The graph shows two interesting facts.
  • The Lizamoon campaign started around September 2010 and actually peaked in October 2010 with ~5600 infected sites. At the moment, it seems to be undergoing a revival.
  • If we compare the number of infected sites, Gumblar.cn/ is still clearly the winner with ~62,000 sites, followed closely by Martuz.cn/.
For future studies of malware infections, I suggest taking the number of infected sites as a more reliable measure than counting the number of infected URLs.

Update 2011-04-04:
The blog post incorrectly referred to Gumblar.cn and Martuz.cn/ as SQL injection attacks. These attacks used stolen FTP credentials.
Categories: Hacking, Malware, News, Security, SpyBye
Defined tags for this entry: , ,