Archive for August, 2004

Aug 31 2004

Comment spammers getting smarter

Published by under Site Configuration

Learning Movable Type: Concerning Spam

I got hit by a comment spammer again last night, much to my annoyance. I was a little suprised, because I have taken a number of measures to prevent as much of this as possible. I guess it wasn’t enough.

The first thing I noticed that was different about this comment spam is that it was all concentrated in just a few of my postings. I’ve closed all the older postings for comments, and now I’ve closed everything older than 15 days. I’d also renamed the mt-comments.cgi to my-comments.cgi. I guess they figured that out. Shouldn’t have been hard for the spammer, but I’m suprised the bot in use was able to figure it out. I’m going to try renaming again and see how long it takes for them to figure it out again.

I’ve tried mt-blacklist, but for some reason it breaks the ability to rebuild the site. I think it has something to do with the fact that I started this with MT 2.64 then patched when a vulnerability was discovered, rather than upgrading. I may have to upgrade to version 3 soon.

Anyways, I’m off to try and defend my territory again.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

Aug 26 2004

The Sky is NOT falling

Published by under Security Advisories

Vmyths.com- Truth About Computer Virus Myths & Hoaxes

What a suprise! Or not. The gentlemen at Vmyths were able to track the origins of this story a lot further than I ever could, and it appears that this is a chain of reporters quoting reporters misquoting the source. So, this is all just a case of overblown hysteria.

People talk about Microsoft trying to make the world an OS monoculture, but while we weren’t looking the press has already become one, at least here in the US. We have one major source of news stories, AP, and everyone else quotes them. I’m beginning to think that professional journalism may have already gasped it’s last breath.

Thanks to Axel Eble for pointing me to the Vmyths article.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Aug 25 2004

The Sky is Falling! Again!

Published by under Security Advisories

Russian Information Agency Novosti

Yevgeny Kaspersky, of Kaspersky Labs in Russia, says that there is a good chance that the Internet will have a major meltdown due to hackers/electronic terrorists. I’m not so sure about this, but I’d rather be prepared and have nothing happen than the other way around. I’ll pay special attention to my IDS logs both at work and at home. We’ll find out tomorrow if he’s right.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

Aug 24 2004

The source of the SSH Brute Force Hacks

Published by under General

K-OTik : SSH Brute Force Exploit SSH Remote BruteForce Dictionary exploit

Thanks to a member of the Snort-Sigs mailing list, I finally know where all the SSH attempts I’ve been seeing lately are coming from. Or at least what tool is being used to scan my system.

The tool is looking for the users test, guest, admin, user or root. For the first four accounts it’s just looking for a few passwords, but for root, it’s trying around 1500 different passwords, all of which are passwords you shouldn’t be using for root in the first place.

If you allow root login to your SSH server, bad admin! Login as a regular user, then su to root. This is the sort of exploit that’s just looking for poorly administrated servers. If you know enough to set up SSH in the first place, you should know enough to protect yourself from this exploit.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Aug 24 2004

Wi-Foo

Published by under General

Alex Moskalyuk Weblog: Wi-Foo authors on wireless security problems

Alex Moskalyuk sent me a link to an interview he did with Konstantin Gavrilenko about his new book, Wi-Foo. I hadn’t heard of the book before, but given how often I’ve been to the book store lately, that’s not too suprising.

The book sounds like it may be worth a perusal. The insecurity of WiFi is nothing new, but a timely review of some of the new tools out there for Wardriving might be worth your time. Too bad that this is still such a young field and that the book will be outdated before the end of the year. Such is the nature of cutting edge technology.

I find the tone and opinions expressed by the author in the interview a little funny. His hatred for Windows is almost comic in it’s virulence. Not that his opinion is wrong, but just so stereotypical of an OpenSource zealot. I’m more of an OS agnostic, trying to find the good in Windows as well as Linux and other OpenSource. I even put up with the pecularities of Sun from time to time. I may just be overly critical. Check out the article yourself.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

Aug 20 2004

Weakness in MD5 and SHA

Published by under Hacking

SC Magazine

A colleague made a vague referrence to big news in cryptography yesterday, which confused me a little because I didn’t know what he was talking about. Well, now I do. On one hand this news worries me some, because of the usefullness of checksums for verification. On the other hand, given the power of today’s computers and the rate at which the power is increasing, it’s only a matter of time before the average desktop will be able to do a brute-force attack against these algorythms anyways. Does this mean it’s time to come up with a replacement for MD5?

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

2 responses so far

Aug 18 2004

Digital Evidence

Published by under General

Justice issues guidelines for handling digital evidence

I don’t participate in the evidence gathering in the corporation currently, but these guidelines still look like they’re worth the time. I’d hate to have a perfectly good criminal case thrown out because I forget to ‘tag and bag’ a hard drive, or because I didn’t record the MD5 checksum for a packet capture to verify it’s the original. I’ll get back to you once I’ve read the whole thing.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Aug 18 2004

The Top 10 Blunders of Online Job Hunters

Published by under General

CareerJournal | The Top 10 Blunders Of Online Job Hunters

I know this article isn’t job related, but it hit a nerve with me. I’ve been in a fairly passive job hunt for the last year (I have a stable position, but the commute is over 100 miles a day). Reading the article, I see more than one mistake I’ve made myself, and it kind of stings. The one that applies to me the most has been on follow up. I’m horrible at follow up, at least in the job search.

I also have to contest one of the points the article makes: Resume’s shouldn’t be more than two pages long. That seems to be a very 90’s attitude. I’ve been told several times in the last year that my two page resume was too short. My current resume is three pages and I’ve gotten several compliments on it. On the other hand, I haven’t had a job offer, so maybe the the author is right.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Aug 12 2004

Google Hacking

Published by under Hacking

Tom’s Hardware Guide Business Reports: Black Hat Day 2 Sounds Security Alarm – Google Hacking

Demystifying Google Hacks

The first article leads you to an invalid .pdf file. So here’s a second article on finding information on a target system using Google. The awesome power of Google can be used for evil as well as good! Who’d a thunk it?

As the Tom’s Hardware article says, if you aren’t Googling your own network from time to time, you should be. How much information about your network is sitting out there on the Internet waiting for any script kiddie Google? And when did ‘Google’ become a verb?

By the way, in researching this, I found the the Black Hat 2004 Media Archives. Well worth checking out.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Aug 11 2004

Distributed Comment Spam

Published by under Site Configuration

Last week I had some problems with distributed comment spam. I made a spreadsheet listing the IP addresses for the first 275 spam entries, ranked by number of entries per IP. I have another 150 approximately, but I don’t have the time to add those in right now. Here’s the file, exported as a tab delimited text file.

Download file

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Next »