Depending on the mobile network provider you use (MTN doesn’t seem to be affected in ZA at the moment, Vodacom in ZA leaks this information), and device used, your IMEI and MSISDN (mobile number) are being sent to each web server you access via the mobile data network. In addition, tracker headers are being added.
You can see this here: https://blog.sven.co.za/sniff/ (access the page from your mobile phone on 3G/4G/GPRS or EDGE). (more…)
Recently, I made the script to patch your BASH environment available on this site, but that meant a need to copy and paste.
Using a user with the appropriate rights, you can now pipe directly using a quiet wget to make the full recompile to most recent BASH version possible.
All you need is this line: (more…)
Updated to latest kernel patch bash43-30
You’ve heard of ShellShock, and the bash-exploits that are currently doing the rounds, across platforms, that make use of these bugs (CVE-2014-6271 and the volumes of additional updates including CVE-2014-6277, CVE-2014-7186, CVE-2014-7187 and CVE-2014-7169, but to name a few). Proofs of Concept are being collected here… The below works as a vulnerability fix for older Ubuntu LTS and non-LTS versions, Debian (eg Squeeze) as well as Fedora and RedHat/CentOS, and applies all up-to-date patches to Bash.
bash – as a shell – is a tried and trusted component. Some legacy systems’ repositories – be they apt, yum or other – may no longer be kept up to date. Alternatively, they may not be being kept up-to-date enough for your liking. And you want to close the bash issue in the best way you know how.
Easy workaround is a recompile of the bash shell yourself:
Quick note to myself, as I keep forgetting the syntax, though it is so easy — to block an incoming connection by null routing or rejecting the connection is as simple as
route add -host IP reject
To apply this to a whole subnet range, use the -net as you would with the /24 mask (or the appropriate subnet, /29 or smaller should do), eg
route add -net IP/RANGE reject
To undo this,
route delete IP
Hurray!! Even Microsoft wants users to upgrade from IE6 to something modern (more…)
The upgrade to 3.0.5 was resleased yesterday. From the release notes:
Two moderate security issues were fixed that could have allowed a Contributor- or Author-level user to gain further access to the site.
One information disclosure issue was addressed that could have allowed an Author-level user to view contents of posts they should not be able to see, such as draft or private posts.
Two security enhancements were added. One improved the security of any plugins which were not properly leveraging our security API. The other offers additional defense in depth against a vulnerability that was fixed in previous release.
Download and upgrade now!
A new product over at x-pire.net (which redirects to x-pire.de) was unveiled in Germany today, with the aim of embedding expiry times and information into images so that they cannot be viewed after a certain time. In that way there should be a maximum lifespan to digital images on the web to prevent future embarassment, usage etc. At this stage, the prototype is available as plug-in for Firefox (as well as some other browsers in future), and expounds the idea of a ‘forgetful internet’ so that information is not immortal on the web. (more…)
From the WordPress Development Blog:
Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.” (more…)
Just a quick grouping of resources relating to Stuxnet resources and analysis after the targeted infections of the frequency converters of the Vaasa, Finland based Vacon (though Vacon publicly denies this) and Iranian company Fararo Paya.
The bottomline takeaway – never use default passwords (partical attack vector of the PLCs and SCADAs), and keep systems patched (4 zero-day Windows-based attacks). And don’t allow USB devices on a production network (the entry point of the 0.5Mb virus written in C and C++)… (more…)
So that it’s documented… I’m using port 8080 as the default port as the likelyhood of your upstream proxy being on 8080 is high – else, typical proxy ports are, of course, 80, 800 (transpartent), 8000, 3128 (squid)
To force your server to force web traffic via a proxy, just two quick things to set – in /etc/environment, export one (or two) variables: (more…)
Last time, generator maintenance in Johannesburg took everything offline.
There was just notification with the subject line “unknown” (referring to the categorisation of the issue) at 14h22:
SYMPTOMS EXPERIENCED: Intermittent Degradation in Service SEVERITY: Critical (more…)
I’m sure you’ve done it already, but WordPress 3.0.1 (a maintenance release) is out since Friday and you should have upgraded (and updated the database) already by downloading the 3.0.1 version.
List of revised files:
Assuming you have a Windows machine and you interact with Linux boxen at any stage, chances are high that you have used and interacted with PuTTY at one stage or another. That beautiful, less than 2 sec, 444K download of a tool (currently at version 0.60 beta) allows you to SSH, COM-direct, RSH, Telnet etc from the desktop. Both examples below relate to MySQL port tunneling.
Running on a proper machine (or even a Windows with Cygwin or a Mac Terminal) allows you to quickly tunnel a session to a remote server: (more…)
A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This advisory will be updated once a schedule has been determined for releasing a fix.
Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions on Windows, Macintosh, Linux and Solaris are affected, as well as Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX. So it’s kinda big. What to do? (more…)
To enable symlinks in Samba for filesharing across platforms inWindows, modify
/etc/smb/samba.conf
and add in the [global] section:
follow symlinks = yes
unix extensions = no
There has been some discussion about
wide symlinks = yes
However, due to the attack vector on Samba servers from Windows allowing file traversion, back in February 2010, you may want to force-set wide symlinks to no– it works without that declaration and is set to no by default.
That’s it – I’m out – got to wait for the 14 days now before the account is deleted from Facebook.
As promised, I was asked whether I’m really sure that I want to delete my account – have to enter your password and the 2 CAPTCHAs before getting the confirmation:
Doesn’t quite end there: next, I get an email, Subject: “Account scheduled for deletion”, as below (just that WordPress handles the incorrect <br/> tags sent via mail correctly, corrects, and compensates):
Hi Sven,
We have received a request to permanently delete your account. Your account has been deactivated from the site and will be permanently deleted within 14 days. (more…)
Assuming you don’t have any link shares in place (Digg, OpenID, MySpace etc), the process should be quite simple:
Go direct:
http://www.facebook.com/help/contact.php?show_form=delete_account (you have to be logged in to use the link) and then don’t access the account for 21 days. Some say 14 days, but what’s the hurry? Some recommend no interaction with Facebook at all (pages, groups, public content) – this is related to cookie updates and FBCDN backtracks.
Once completed, that should move from “deactivated” to “deleted” status.
Is anything going to be really removed? Facebook alone know(s)…
More? See WikiHow and a variety of other sources using a Google Search (hmm…) or the Bing equivalent…
Only a few days to go before the end of my use of Facebook — 31 May 2010.
I’ve written about it before. The New York Times has written about it.
With security loopholes that allow any (non-)user to search any user’s content, what security model is in place, anyway (with full-size profile picture)? Want to know who commented about the “Good Food and Wine Show“? How about “I hate my boss“? (more…)
So the Security Summit 2010 has come to an end. Featuring speakers such as Moxie Marlinspike, Joe Grand and Jeremiah Grossman (again), it’s a pity to say that there wasn’t much new that was presented. With repeated concerns about input- and output-validation, as the OWASP Top 10 for 2010 highlight and were used as a repeated example, and a call for a holistic approach to a company’s security posture, the idea of making the thought (and practice) of security part of the organisation’s culture came through over and over again. (more…)