Remember to upgrade your Kindle from Amazon – there’s a new firmware upgrade available, taking the system to version 2.5.2 (24.3MB – you may want to transfer via USB…) (more…)
Archive for the ‘security’ Category
Secure SSH Tunneling – at no extra cost
06.19
Assuming you have a Windows machine and you interact with Linux boxen at any stage, chances are high that you have used and interacted with PuTTY at one stage or another. That beautiful, less than 2 sec, 444K download of a tool (currently at version 0.60 beta) allows you to SSH, COM-direct, RSH, Telnet etc from the desktop. Both examples below relate to MySQL port tunneling.
SSH Tunnels using the Bash command line
Running on a proper machine (or even a Windows with Cygwin or a Mac Terminal) allows you to quickly tunnel a session to a remote server: (more…)
Adobe Flash and Adobe PDF zero-day critical vulnerability in the wild.
06.05
A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This advisory will be updated once a schedule has been determined for releasing a fix.
Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions on Windows, Macintosh, Linux and Solaris are affected, as well as Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX. So it’s kinda big. What to do? (more…)
Symlinks (symbolic links) in Samba Ubuntu for Windows
06.04
To enable symlinks in Samba for filesharing across platforms inWindows, modify
/etc/smb/samba.conf
and add in the [global] section:
follow symlinks = yes
unix extensions = no
There has been some discussion about
wide symlinks = yes
However, due to the attack vector on Samba servers from Windows allowing file traversion, back in February 2010, you may want to force-set wide symlinks to no– it works without that declaration and is set to no by default.
Goodbye Facebook
05.30
That’s it – I’m out – got to wait for the 14 days now before the account is deleted from Facebook.
As promised, I was asked whether I’m really sure that I want to delete my account – have to enter your password and the 2 CAPTCHAs before getting the confirmation:
Doesn’t quite end there: next, I get an email, Subject: “Account scheduled for deletion”, as below (just that WordPress handles the incorrect <br/> tags sent via mail correctly, corrects, and compensates):
Hi Sven,
We have received a request to permanently delete your account. Your account has been deactivated from the site and will be permanently deleted within 14 days. (more...)
Completely removing and deleting your Facebook account
05.26
Assuming you don’t have any link shares in place (Digg, OpenID, MySpace etc), the process should be quite simple:
Go direct:
http://www.facebook.com/help/contact.php?show_form=delete_account (you have to be logged in to use the link) and then don’t access the account for 21 days. Some say 14 days, but what’s the hurry? Some recommend no interaction with Facebook at all (pages, groups, public content) – this is related to cookie updates and FBCDN backtracks.
Once completed, that should move from “deactivated” to “deleted” status.
Is anything going to be really removed? Facebook alone know(s)…
More? See WikiHow and a variety of other sources using a Google Search (hmm…) or the Bing equivalent…
Delete Facebook Account
05.17
Only a few days to go before the end of my use of Facebook — 31 May 2010.
I’ve written about it before. The New York Times has written about it.
With security loopholes that allow any (non-)user to search any user’s content, what security model is in place, anyway (with full-size profile picture)? Want to know who commented about the “Good Food and Wine Show“? How about “I hate my boss“? (more…)
Security Summit 2010 Wrap-Up
05.14
So the Security Summit 2010 has come to an end. Featuring speakers such as Moxie Marlinspike, Joe Grand and Jeremiah Grossman (again), it’s a pity to say that there wasn’t much new that was presented. With repeated concerns about input- and output-validation, as the OWASP Top 10 for 2010 highlight and were used as a repeated example, and a call for a holistic approach to a company’s security posture, the idea of making the thought (and practice) of security part of the organisation’s culture came through over and over again. (more…)
Security Summit 2010
05.09
So, it’s that time of the year again – Security Summit 2010 in Sandton, Johannesburg. Items on the agenda include:
- The business of security – Threat horizon 2010 and beyond, legislation (PPI), risk, compliance, standards (PCI), security metrics, social networking, web application security, web services, web 2.0 and more.
- Technical/operational security – Top 10 hacks, botnets, trojans, smartphone security, cloud computing, virtualisation, SaaS, practical return-oriented programming techniques, web application server attacks, defeating SSL, exploiting Microsoft DEP and more. (more…)
How to remove yourself from Facebook by deactivating your account
04.25
Facebook — now will accounts up for sale ($25 / 1000 where there are less than 10 friends, and $45 / 1000 where there are more than 10 friends) – has again changed their privacy approach – even retroactively…
So – here’s a quick how-to on removing yourself from the system:
- Log into your account with your valid username and password
- Choose “Account” -> “Account Settings” (top right-hand corner)
- Choose “Deactivate account” – last option of those on the page.
- Choose your reason for deactivation – top of the list (ironically) is “I have a privacy concern”, with “I don’t feel safe on Facebook” at number 6.
- Click on “Deactivate my account” (remember to opt out of receiving future mails from Facebook, too)
But you knew that already!
clamav 0.94 finally reaches end of life
04.16
clamav finally sent the end-of-life payload yesterday evening – 0.96 is the current version, so it’s been a good run
Possible symptons you experienced:
- Repeated notifications:
WARNING: getpatch: Can't download daily- - All freshclam mirrors are ignored
- Your mailq fills up with detailed MAILER-DAEMON messages referring to the End-of-Life nature of clamav 0.94
- (… add your own here…)
But they warned they’d do this in October 2009:
Starting from 15 April 2010 our CVD will contain a special signature which disables all clamd installations older than 0.95 – that is to say older than 1 year.
This move is needed to push more people to upgrade to 0.95 .
We would like to keep on supporting all old versions of our engine, but unfortunately this is no longer possible without causing a disservice to people running a recent release of ClamAV.
The traffic generated by a full CVD download, as opposed to an incremental update, cannot be sustained by our mirrors. (more…)
Clamav errors on upgrade to 0.96 clamd and clamav-milter
04.03
Some updates to the yum-sent clamav-milter.conf and (to a lesser extent) clamd.conf may be necessary.
After an automatic yum-update of the clamd family on RHEL, there’s a disparity in the way clamav-milter listens and clamd services the socket or port connection — clamav-milter doesn’t know what to go with (local socket on unix:/tmp/clamav.socket or tcp:127.0.0.1) – so you need to tell it. Otherwise, you get messages such as the below in you clamav-milter.log:
clamav-milter[5149]: No clamd server appears to be available
ERROR: Failed to initiate streaming/fdpassing
So make sure the ClamdSocket in clamav-milter.conf points to the LocalSocket that clamd.conf says it’s broadcasting on. So if clamd.conf is
LocalSocket /tmp/clamd.socket
clamav-milter.conf should have
ClamdSocket unix:/tmp/clamd.socket
Else, if you’re on LocalSocket on 127.0.0.1 on the default port, just set ClamdSocket as below:
ClamdSocket tcp:127.0.0.1
Also, be sure to do an sa-update
Simple, eh? But you knew that already!
Step-by-step virus disassembly
03.30
Over at SkullSecurity they’ve done a great job of a step-by-step disassembly of the Energizer Trojan using IDA. Using a sterile/insight environment, they go through the code to give you an insight into the workings of “obfuscation” (or lack thereof), backdoor management (on port 7777) and more.
Good beginner’s intro with pretty pictures
OpenSSL v1 released after 11 years of development
03.30
After a long, hard struggle of 11 years, which started with these two entries:
| 23-Dec-1998: | Released OpenSSL 0.9.1c |
| 23-Dec-1998: | Official start of the OpenSSL project |
we are now at the point of “a major release” with v1.0.0 being made available. Fighting tooth and nail not to be a 1.0.0, we’ve seen iterations such as 0.9.8d to 0.9.8n (taking a page out of Google’s book of running pre-release?), though, to be fair, they started at 0.9.1c.
Go on, then — go and get it!
Security Summit 2010
03.19
Moxie Marlinspike will be at the Security Summit 2010 this year at the Sandton Convention Centre – well, at least he’s on the lineup – and should give some insights; Jeremiah Grosman is back (from White Hat Security) and Joe Grand (from l0pht Heavy Industries – remember l0phtCrack?) will also have some words to say.
Lets hope that the vendor presentations will be kept a mimimum with a focus on content rather than “Oh, we are great”…
Johannesburg, May 11-13, 2010
Cracking passwords fast with rainbow tables on SSD
03.15
A Swiss firm, Objectif Sécurité, makers of Ophcrack_Office (for Word and Excel files) and Ophcrack Open Source (over at sourceforge.net), has tweaked their application to crack XP passwords with up to 14 characters on a Steady State Drive interface (think of large, light, laptop drive using Flashdrive technology) through rainbow tables (pre-calculated hashes) in an average of 5.3s.
Seek times on the SSD seem to be the big tweak here:
Oechslin has fitted an elderly Athlon 64 X2 4400+ with an SSD and the optimised tables. This system can, with only a 75% CPU utilisation, crack a 14 digit password with special characters, in an average of 5.3 seconds. Oechslin says that, worst case, it should be able to search arithmetically through 300 billion passwords per second, a speed that is a factor of 500 faster than an Elcomsoft cracker supported by a modern Tesla GPU from NVIDIA.
Excel 2007 password, cell and sheet protection removal – unprotect/remove password easily
03.01
Elmcomsoft has a variety of really good brute-force and dictionary-based password attacks on the full Office suite, including a distributed version to run in the cloud (which I wrote about some time ago). As cool as the software is, it doesn’t allow the removal of cell-based or sheet-based passwords (which kinda sucks), and the password.xla file which seems to be the big thing from staxx.com requires a whole whack of goodies to run on Office 2007 natively.
Enter the same macro that McGimpsey & Associates published in 2004 (reproduced here as per their GPL licence) that removes all internal Excel Passwords: (more…)
An update on Operation Aurora
01.19
The attack (Operation Aurora) on around 20 companies in the US, including Google, Adobe, Juniper Networks and others using the zero-day exploit of Internet Explorer is partly linked to social engineering — as the carefully crafted emails were plausibly created and structured, users bought into it. Once the machine was owned after the payload was released, the affected machine would contact a Command and Control (C&C) server that would send back specific instructions based on Workgroup name and machine environment (OS etc), accepting and transmitting data via a home-made encryption based piggy-backed onto the 443 port — typically reserved for the HTTP SSL transfer of data. (more…)
Y2K vs 2010 vs 2016 — year rollover still an issue
01.06
Ain’t that a kick in the head! Rollover from 2009 to 2010 has not been processed correctly on many systems, including Symantec’s Endpoint Protection Manager, they have confirmed in a statement
An issue has been identified in the Symantec Endpoint Protection Manager (SEPM) server whereby all types of SEP definition content [AV/AS, IPS] with a date greater than December 31, 2009 11:59pm are considered to be “out of date”.
Remember that we spoke about Symantec in the glorious (dodgey) Virus Scanner Comparison.
Australian POS systems have jumped from 2009 to 2016 (pity about the malformed dec2hex function they must have been using (or forgot to use?), and up to 30mil users in Germany can’t use their bank cards at ATMs or POS machines due to invalid date calculations.
In addition, there also seems to be the occasional SMS (or text message) running through networks which have issues with future-stamped timestamps, causing a wide variety of reporting and integrity issues…
Hm, I wonder what implications the 2011-2012 rollover will bring with it (cue Mayan death-drone…)
Google Analytics unzulässig nach deutschem Recht?
11.25
Die Zeit berichtet, daß Datenschützer, auch mittels Bußgelder bis zu €50 000, von dem Gebrauch Google Analytics abraten möchten. “Google Inc. räumt sich ausdrücklich, in seinen beim Einsatz zu akzeptierenden Regularien das Recht ein, die über den einzelnen Nutzer mittels einer eindeutigen Kennung gewonnenen Daten mit anderen, bereits gespeicherten Daten” etwa aus Google Mail “zu verknüpfen und diese Informationen an Dritte weiterzugeben.” Der Hauptpunkt dieser Entscheidung hängt damit zusammen, daß der Benutzer sich nicht ausdrücklich einverstanden erklären muß, bevor die Privatdaten (etwa geografische Lage, Rechnereinstellungen) einfach an Dritte übertragen werden. Die Debatte läuft, mal sehen, was drauß wird!
In short, to re-iterate what I wrote above in a short point: As you do not explicitly opt in to the use of Google Analytics, German lawmakers are trying to dissuade/stop the use of GA on sites in Germany with the added incentive of fines up to €50 000 so as to protect individual’s personal privacy rights.

