Greek Chickpea Balls (Revithokeftedes) with Bulgur (Pligouri)

This is a truly delicious and filling dish that you don’t have to be a vegetarian to enjoy! The chickpea and bulgur balls are ideally served with pilaf rice and a sauce. Below, you’ll find the recipe for the balls and for a simple sauce – you don’t want a sauce that’s going to clash with the wonderful taste of the chickpea balls.
This is easy to make, but it isn’t a last-minute dish. The chickpeas need to be soaked for 2 days beforehand in order that they are tender enough to be prepared. But the end result is definitely worth it!
Ingredients
Balls
250g chickpeas
250g bulgur
1 large onion grated
2 cloves garlic crushed
2 tbsp all purpose flour for the mixture
5 tbsp all purpose flour to cover the balls before frying
1 tbsp fresh rosemary finely chopped
½ tsp cumin powder
2 tbsp parsley finely chopped
2 tbsp olive oil
400ml sunflower oil for deep frying
Salt and pepper to taste
Sauce
500g chopped tomatoes
2 cloves garlic crushed
1 tbsp butter
1 tbsp olive oil
Salt and pepper to taste
Preparation
Balls
Soak the chickpeas for 2 days, changing the water each day.
Soak the bulgur in a covered bowl overnight.
Crush the chickpeas in a food processor.
Drain the bulgur and put in a large mixing bowl and add the chickpeas.
Sauté the onion in a frying pan and add to the mixture.
Add the garlic, parsley, cumin, rosemary, 2 tbsp flour and olive oil, along with salt and pepper and mix into a thick paste.
Put the other 5 tbsp flour on a large platter.
Form the paste into oval-shaped balls (see photo) between your hands, dip them in the flour and then shake them to remove any excess flour.
Leave the balls on the platter while you heat the sunflower oil in a deep pan until it is very hot.
Deep fry the balls until they are golden brown (approx. 5 minutes).
Sauce
Put the oil in a frying pan along with the garlic and fry for approx. 1 minute.
Add the tomatoes, salt and pepper and simmer until it thickens.
Add the butter and remove from the heat.
 Eat and Enjoy!

5 Comforting Casserole Recipes That Are Perfect For Weekday Dinners

Tuna Noodle Casserole Recipe From Pinch My Salt
Credit: Pinch My Salt

It’s a dilemma that every mom knows: What to make for dinner? Every night, you stand in front of the fridge, desperately racking your brain for ideas. Well, look no further, because we have five super easy-to-make dinner casseroles that will keep your family full Monday through Friday!

Monday: Pumpkin and Cauliflower Casserole — Country Living
Get your kids to eat their vegetables with this seriously delicious casserole that works as a side or can stand alone as a main dish. And it’s pretty too!

Tuesday: Macaroni and Cheese — Disney Family.com
You’ll feel much better about serving your kid’s staple cheesy dish when it’s homemade, instead of processed and out of a blue box.

Wednesday: Fantastic Taco Casserole — Food.com
This Mexi-dish has to be fantastic because it says so in its name. The cheese, veggies, and taco flavor helps its cause too!

Thursday: Chicken Tetrazzini — Delish
Got leftovers? This freezer-friendly recipe can be defrosted for the next time you’re in a bind.

Friday: Tuna Noodle Casserole — Pinch My Salt
This tuna treat is seriously simple to make and by Friday, you need an easy end to your week!

Want more Loop du Loop? Like us on our Facebook page or follow us on Twitter!

Good Eats Friday

by Candace Derickx

So much deliciousness to bring you this week, let’s get right to it!

First, I love food that’s bad for you. Really. So this recipe from Andrea at A Peek Inside the Fishbowl is right up my alley. Bring on the homemade pogo dogs!homemade pogo dogs

Candied bacon? Seriously, could this week of recipes get any better? Rebecca from A Bit of Momsensegot me excited with this recipe.

candied bacon blt

This recipe from Nicole at A Domesticated Momma makes me want to crack open a Guinness and listen to The Girl with the Black Velvet Band.

crockpot beef stew

Considering we’re stuck in the middle of Snowmageddon today, this recipe from Amanda at The Best Mom on the Block sounds like the perfect thing for supper tonight. Mmmmm, comfort food.

caraonionmacandcheese2

In case you missed it, this week was World Nutella Day?! What? Not that I’m anti-Nutella, but a day? Anyway, Don at FoodiePrints decided to join in the revelry and made these Homemade Nutella Waffles. So maybe World Nutella Day isn’t such a bad idea after all.

Nutella Waffles

Finally, I just unbuttoned the top of my jeans just writing this post. So, I’m going to round it out with this fantastic Superfood Granola from Jayda at Eat Whole Be Vital.

granola-collage

Banks charge for statements, despite record profits

Three of the Big Five Banks are making customers pay $2 a month for mailed statements. TD kicked it off last year, BMO started Feb. 1 and CIBC will start April 1.

This practice makes many people furious for a few reasons. Here’s some of the feedback that I received after writing about it in the Star last week:

– Don’t the banks make enough money already? This is a regressive price increase imposed on those with little access to computers or confidence in their computer skills.

– Why do the bank pretend they’re concerned about the environment? It’s just a cash grab. Many people will print their statements at home, with no decrease in paper use.

– Why charge $2 a month? That seems excessive. President’s Choice Financial, which has no branches, charges only $1 a month for mailed statements.

– Why penalize customers who distrust electronic statements and prefer paper documents sent in the mail? Don’t the banks support financial literacy?

– With Internet fraud rising, couldn’t this move to electronic statements make people more confused and vulnerable?

As it happens, Bell Canada was hit was a “phishing” scam last week. Customers were getting bogus emails, saying there was a problem with their monthly payments, and asking them to click a link to ensure the payment went through.

Several readers told me Bell’s recent move to e-statements made these phony emails seem more credible.

I think the banks should use incentives to get people to switch. They try to come across as customer-centric. Instead, they look like greedy profit maximizers.

Great Money Advice For Canadian College & University Students On How To Avoid Student Loans

I recently had a chance to read the book “More Money for Beer and Textbooks” which is a book written for students in post-secondary education or in their last year of high school or CEGEP.

It was written by Kyle Prevost and Justin Bouchard who are both educators and managed to get through their own schooling without any debt. They blog atMyUniversityMoney.com and YoungAndThrifty.ca.

This book is excellent. It provides all the information that a student or about-to-be student needs to know about how to manage money while at school.  It is written in an engaging and realistic style that should appeal to students.

It’s doubtful as to how many young people will buy this book on their own, so I would urge anyone who knows a young person who would benefit from this book to buy it for them. Let’s face it – an 18 year old isn’t going spend $20 on a book, but if you or someone close to them buys it and gets the kid to read it, the returns could be huge.

Some thoughts about the book

Chapter 15 – Choosing an in-demand career

I’m going to start with the best chapter in the book which is chapter 15 (although it should have been chapter 1).  This chapter deals with the topic of choosing an in-demand career.   So many people sign up for a field of study which isn’t likely to turn into a decent career and they put themselves into a big financial hole.  Your choice of career will outweigh any financial decisions you make while at school.

Kyle & Justin do a great job with this sensitive topic by pointing out that degrees that have good employment prospects are not necessarily “better” degrees, but that they tend to lead to better careers and better finances after graduation.   If you know someone who wants to do a degree which will lead to a promising Starbucks barista career – get them to read this chapter.

The cover

I love the cover.  Mmmm…beer.

School Costs

The book starts off with a very sobering and even depressing look at education costs and how much more they are than when old people like myself went to school.  Well worth it for parents to read if they aren’t aware of the ‘new math’ when it comes to paying for post-secondary education costs.

Housing

Great comparison of on and off campus housing.  Don’t assume on-campus housing is always more expensive.

Scholarships

Very valuable information and strategies about scholarships/grants etc.

Summer jobs

Good strategies about how to find a summer job.  The authors also give their opinion on working during the school year.

Other resources for students

For another good money book for students who are nearing the end of their academic careers or have recently graduated – check out Rob Carrick’s How not to move back in with your parents.

For parents of kids who are a bit younger, The RESP Book written by yours truly is a good resource for saving for post-secondary education using RESPs.

Be Sociable, Share!

Hatchi for mobile

Hatchi is a retro-looking iOS/Android app sure to get the nostalgia burning for all those who cared for a virtual pet back in the 1990s when they were at the height of their popularity. :: Hatchi

For those readers who are from the same generation as me, you’ll for sure to remember this 90′s fad, the Tamagotchi (see gallery picture below, I had the yellow one). It was a keychain-sized plastic egg that has a small LCD screen with 3 buttons that grow your virtual pet by feeding, cleaning and playing with it. The more time you spent with it, the faster it would evolve into something else. It could take days or even months, and there’s even a chance that your Tamagotchi might die if you neglect it.

Hatchi has made an app that brings back a bit of nostalgia to your Android/iOS device (sorry Windows & BB). No need to tote around a colorful egg (although it was pretty cool back then), you can have all the features of the original plus added mini-games, item shops and multiplayer element that allows you to against other friends.

You can search and download Hatchi in your App Store for $0.99! Well worth the money for a small reminder of your childhood.

Fun facts: Windows kernel and Device Extension Size

Today, I would like to start sharing some of the most amusing examples of the Windows kernel behavior that I often stumble upon while reverse-engineering its various areas, exploiting a particular vulnerability or just randomly exploring its code. Some of them might have certain implications for security, some are completely impractical and are presented for the sole purpose of entertainment. This post certainly belongs to the second group. Enjoy!

Oh and by the way, the discovery and exploitation of CVE-2011-2018 (as described in my detailed white paper) has been awarded with a Pwnie Award! Woot, thanks for the recognition 🙂 Congratulations to all the other winners and nominees, especially Fermin Serna (@fjserna) with his amazing information leak research and Adobe Flash vulnerability.

Pwnie Award 2012 for Best Privilege Escalation Bug

Device extensions

As Microsoft states in the “Device Extensions” MSDN article:

For most intermediate and lowest-level drivers, the device extension is the most important data structure associated with a device object. Its internal structure is driver-defined, and it is typically used to:

  • Maintain device state information.
  • Provide storage for any kernel-defined objects or other system resources, such as spin locks, used by the driver.
  • Hold any data the driver must have resident and in system space to carry out its I/O operations.

 

In essence, a device extension is a memory region that the NT kernel allocates from the non-paged pool and associates with a particular Device object. The extension’s size is arbitrary and fully controlled by every device driver through the DeviceExtensionSize of the IoCreateDevice routine, a declaration of which is shown below:

01.NTSTATUS IoCreateDevice(
02._In_      PDRIVER_OBJECT DriverObject,
03._In_      ULONG DeviceExtensionSize,
04._In_opt_  PUNICODE_STRING DeviceName,
05._In_      DEVICE_TYPE DeviceType,
06._In_      ULONG DeviceCharacteristics,
07._In_      BOOLEAN Exclusive,
08._Out_     PDEVICE_OBJECT *DeviceObject
09.);

Now, the public documentation doesn’t give any clue about how much bytes for the extension can actually be requested from the system, nor does it otherwise specify any restrictions in regards to the size. Let’s look into how nt!IoCreateDevice works under the hood.

The actual implementation of the routine in Windows XP / 2003 (which is still valid) can be found in the base\ntos\io\iomgr\iosubs.c file of the Windows Research Kernel package. The important snippet of code is as follows:

01.RoundedSize = (sizeof( DEVICE_OBJECT ) + DeviceExtensionSize)
02.% sizeof (LONGLONG);
03.if (RoundedSize) {
04.RoundedSize = sizeof (LONGLONG) - RoundedSize;
05.}
06.
07.RoundedSize += DeviceExtensionSize;
08.
09.status = ObCreateObject( KernelMode,
10.IoDeviceObjectType,
11.&objectAttributes,
12.KernelMode,
13.(PVOID) NULL,
14.(ULONG) sizeof( DEVICE_OBJECT ) + sizeof ( DEVOBJ_EXTENSION ) +
15.RoundedSize,
16.0,
17.0,
18.(PVOID *) &deviceObject );

To complete the picture, the ObCreateObject declaration is shown below:

01.NTSTATUS
02.ObCreateObject (
03.__in KPROCESSOR_MODE ProbeMode,
04.__in POBJECT_TYPE ObjectType,
05.__in POBJECT_ATTRIBUTES ObjectAttributes,
06.__in KPROCESSOR_MODE OwnershipMode,
07.__inout_opt PVOID ParseContext,
08.__in ULONG ObjectBodySize,
09.__in ULONG PagedPoolCharge,
10.__in ULONG NonPagedPoolCharge,
11.__out PVOID *Object
12.)

The ObjectBodySize parameter specifies the desired size of the object memory area in bytes, and as such is used as a part of the actual allocation size – in addition to sizeof(OBJECT_HEADER) – eventually performed by ExAllocatePoolWithTag. Now, since the device extension is allocated as a part of the device object and no specific checks are performed to prevent an integer overflow from occurring, the sizeof(DEVICE_OBJECT) + sizeof(DEVOBJ_EXTENSION) + DeviceExtensionSize expression can easily overflow for a large enough extension size. This, in turn, would lead to a typical buffer overflow condition due to an undersized buffer, and later inevitably to a system crash. The following piece of code has been used to confirm the observed behavior:

01.#include <ntddk.h>
02.
03.PDEVICE_OBJECT pDeviceObject = NULL;
04.VOID     DriverUnload(PDRIVER_OBJECT);
05.
06.NTSTATUS
07.DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RPath) {
08.const WCHAR DriverName[] = L"\\Device\\ExtensionSizeTest";
09.UNICODE_STRING u_DriverName;
10.NTSTATUS status;
11.
12.RtlInitUnicodeString(&u_DriverName, DriverName);
13.
14.status = IoCreateDevice(
15.DriverObject,
16.4294967232, // (ULONG)-64
17.&u_DriverName,
18.FILE_DEVICE_UNKNOWN,
19.FILE_DEVICE_SECURE_OPEN,
20.FALSE,
21.&pDeviceObject
22.);
23.
24.DriverObject->DriverUnload = DriverUnload;
25.return status;
26.}
27.
28.VOID
29.DriverUnload(PDRIVER_OBJECT pDriverObject)
30.{
31.IoDeleteDevice(pDeviceObject);
32.}

After loading the above device driver, an attempt to unload it immediately results in the following crash; the actual crash pattern may differ in your test environment:

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 829c0505, The address that the exception occurred at
Arg3: 89d87ac0, Exception Record Address
Arg4: 89d87520, Context Record Address

Debugging Details:
------------------

DBGHELP: e:\symbols\ntkrpamp.exe\4CE78A09412000\ntkrpamp.exe - OK

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
nt!IoDeleteAllDependencyRelations+27
829c0505 8b5808          mov     ebx,dword ptr [eax+8]

EXCEPTION_RECORD:  89d87ac0 -- (.exr 0xffffffff89d87ac0)
ExceptionAddress: 829c0505 (nt!IoDeleteAllDependencyRelations+0x00000027)
  ExceptionCode: c0000005 (Access violation)
 ExceptionFlags: 00000000

NumberParameters: 2
  Parameter[0]: 00000000
  Parameter[1]: 00000008
Attempt to read from address 00000008

CONTEXT:  89d87520 -- (.cxr 0xffffffff89d87520)
eax=00000000 ebx=00000000 ecx=94243900 edx=00000000 esi=859ad6a8 edi=00000000
eip=829c0505 esp=89d87b88 ebp=89d87b9c iopl=0         nv up ei pl nz ac po cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010213
nt!IoDeleteAllDependencyRelations+0x27:
829c0505 8b5808          mov     ebx,dword ptr [eax+8] ds:0023:00000008=????????
Resetting default scope

[...]

STACK_TEXT:  
89d87b9c 82818790 859ad5d0 94243900 94243900 nt!IoDeleteAllDependencyRelations+0x27
89d87bb8 923080a1 859ad5d0 89d87c00 829cbd46 nt!IoDeleteDevice+0x23
WARNING: Stack unwind information not available. Following frames may be wrong.
89d87bc4 829cbd46 8675cc40 94243900 84fe04c0 DevExtSize+0x10a1
89d87c00 82881aab 94243900 00000000 84fe04c0 nt!IopLoadUnloadDriver+0x1e
89d87c50 82a0df5e 00000001 18ae3bb3 00000000 nt!ExpWorkerThread+0x10d
89d87c90 828b5219 8288199e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19

One could argue that this just shows that passing invalid parameters to kernel APIs can result in a bugcheck. That’s certainly true for 32-bit platforms – you cannot realistically expect the kernel to allocate 4GB of memory when it has a 2GB virtual address space. However, the behavior also affects the 64-bit edition of Microsoft Windows, which should typically allow the allocation of buffers of this size (or at least cleanly refuse through an adequate error code). Although I can’t imagine a scenario in which it could lead to a real security issue – device extensions always have constant sizes that are by no means controlled by anyone on the outside, and they usually fit into one or two memory pages – I still find it exceedingly funny that passing a theoretically valid parameter brings the machine down due to a silly arithmetic error. That’s about it, stay tuned for more posts 🙂