Archive for the 'Security' Category

Little Snitch 2.0 Beta 6

Published
by
Odrakir
on August 31, 2007
in Apple, Networking and Security
. Comments

Little Snitch is a Mac OS X app that runs in the background and hooks with the kernel. As the name indicates, Little Snitch warns you when an application tries to make a network connection, asking you to decide if you allow, deny or add a permanent rule for that specific app in future connections.

A good amount of information on the connection being made is presented to the user, and on version 2 (still in beta), besides the improved network filtering, a visual Network Monitor has been implemented, allowing the user to have real time access to the connections as well as some some send / receive icons like Zone Labs’ Zone Alarm. The configuration interface has suffered some changes and it’s now more functional and user friendly than the previous version.

Technorati Tags: , , ,

Wordpress 2.1.1 compromised

Published
by
Odrakir
on March 3, 2007
in Code and Security
. Comments

Looks like Wordpress 2.1.1 has a security exploit that allows remote PHP execution.

Upgrade to version 2.1.2 is recommended.

Technorati Tags: , , ,

Jack?

Published
by
Odrakir
on December 13, 2006
in Computer Stuff, Networking and Security
. Comments

I’m getting a few hits from someone with this user agent: JACK-O`-LANTERN/1.1

I’ve googled it and came and found nothing… Does anyone know who’s using this?

Technorati Tags: , , , ,

Alerta de Phishing - CGD

Published
by
Odrakir
on July 31, 2006
in Security
. Comments

This is a P.F.P.P. - Post For Portuguese People, please excuse ;)

Entre ontem e hoje a maioria dos portugueses deve ter recebido nas suas caixas de e-mail mais uma nova tentativa de Phishing, desta vez o alvo foram os clientes da tentativa de Phishing, desta vez o alvo foram os clientes da Caixa Geral de Depósitos.

Apesar de muito mal escrito, nota-se que é um português “abrasileirado”, o e-mail contém links para um site com um design semelhante aos sites de homebanking da CGD, esses links chegam ao ponto de estarem “disfarçados”

<a href="http://cgdonline.net/GrupoCGD.php" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"><span lang="EN-US">https://caixaebanking.cgd.pt<wbr>/servlet/icbApp/</span></a>

Como devem ter reparado, cgdonline.net não tem nada a ver com a www.cgd.pt. Fazendo um WHOIS ao dominio observamos:

DOMAIN
Domain Name : cgdonline.net (CGDONL2-BMN-DOM)
Registrar : BookMyName
Whois Server : whois.bookmyname.com
Referral URL : https://www.bookmyname.com

Registrant / Admin Contact :
PERSON
Sophie CLARK (CLARK5-BMN-PE)

14 Griffin Road

02038 Franklin
UNITED STATES
phone : 508-520-0086
fax :
e-mail : *************@yahoo.com

Billing Contact :
PERSON
Sophie CLARK (CLARK5-BMN-PE)

14 Griffin Road

02038 Franklin
UNITED STATES
phone : 508-520-0086
fax :
e-mail : *************@yahoo.com

Technical Contact :
PERSON
Sophie CLARK (CLARK5-BMN-PE)

14 Griffin Road

02038 Franklin
UNITED STATES
phone : 508-520-0086
fax :
e-mail : *************@yahoo.com

Domain servers :
ns1.mikalow.com (NMC160-BMN-HST)

ns2.mikalow.com (NMC161-BMN-HST)

Created on 07/12/2006 22:02:53
Updated on 07/20/2006 17:16:33
Expires on 07/12/2007 18:02:53

Estes dados provavelmente são falsos e nem vale a pena explorar mais por aqui. De resto o email é enviado de 80.178.119.187.adsl.012.net.il, o que também não deve de ser de grande utilidade porque o que não falta ai são servidores de email escancarados ao mundo.

O Thunderbird classifica este e-mail como “Internet Scam”, o que já ajuda os utilizadores mais iluminados ;)

Mais uma vez, cuidado com os e-mails, isto mesmo mal feito apanha muita gente menos informada e desprevenida.

Agradecimento ao Sérgio por ter facultado o e-mail em questão… o que eu recebi já tinha sido apagado.

Technorati Tags: , , ,

More on Numbers Stations

Published
by
Odrakir
on June 20, 2006
in Security
. Comment

The Shortwave And The Calling

Technorati Tags: , , ,

The Numbers Stations

Published
by
Odrakir
on June 19, 2006
in Security
. Comment


dorchester.jpg

My last post was a little challenge: a ciphered message with an url inside. All you had to do was to convert the binary code, reverse the text and decode the string with the ROT-13 cipher. You would then get
http://www.homelandstupidity.us/2006/06/16/cryptanalysis-of-phone-numbers-stations/ (as Bruno did very well).
Besides the little challenge, the point of that post was the link encoded. I’ve been following this story on Homeland Stupidity and it has been very interesting to read about the main theme on which the hole thing is reminiscent: Numbers Stations.

I’m not going to explain what a Number Station is, you can check the Wikipedia link above, I just would like to leave you with one of the most interesting projects I came across - The Conet Project.

The Conet Project gathers in 4 CDs a comprehensive collection of Numbers Stations recordings, which, by the way are spooky as hell. Although you can buy the CDs, the editor allows the download of the CDs in .mp3 as well as the booklet in .pdf.

30 31 30 31 30 31 30 30 20 30 31 31 30 31 30 30 30 20 30 31 31 30 30 31 30 31 20 30 30 31 30 30 30 30 30 20 30 31 31 31 30 31 30 30 20 30 31 31 31 30 30 31 30 20 30 31 31 31 30 31 30 31 20 30 31 31 31 30 31 30 30 20 30 31 31 30 31 30 30 30 20 30 30 31 30 30 30 30 30 20 30 31 31 30 31 30 30 31 20 30 31 31 31 30 30 31 31 20 30 30 31 30 30 30 30 30 20 30 31 31 30 31 31 31 31 20 30 31 31 31 30 31 30 31 20 30 31 31 31 30 31 30 30 20 30 30 31 30 30 30 30 30 20 30 31 31 31 30 31 30 30 20 30 31 31 30 31 30 30 30 20 30 31 31 30 30 31 30 31 20 30 31 31 31 30 30 31 30 20 30 31 31 30 30 31 30 31 20 30 30 31 30 30 30 30 30 20 30 30 31 31 31 30 31 31 20 30 30 31 30 31 30 30 31

Technorati Tags: , , ,

Root password in Ubuntu 5.10

Published
by
Odrakir
on March 12, 2006
in Linux and Security
. Comments

It has been reported here that this file (/var/log/installer/cdebconf/questions.dat ) contains all the installation logs and included in the file are the default user and root passwords created in the install process in clear text. Can anyone check this out and see if it works? I’m running Dapper and it seems the bug is gone.

Technorati Tags: , , ,

Nyxem.E

Published
by
Odrakir
on January 23, 2006
in Networking and Security
. Comments

Following the news over the F-Secure site, I’ve noticed that the Nyxem.E worm has been ranked as a Level 2 Alert (meaning that is only one level below the highest alert level). This guy is spreading like mad all over the world from the USA to Australia. The web counter used by the Nyxem worm now shows over 510,000 infections and keeps rising.

The ‘Nyxem.e’ is a mass-mailing worm that also tries to spread using remote shares. It also tries to disable security-related and file sharing software as well as destroys files of certain types. It is similar to the ‘Email-Worm.Win32.VB.bi’ that was found a few days ago.

The worm’s destructive payload is activated on every third day of the month and replaces the content of user’s files with a text string “DATA Error [47 0F 94 93 F4 K5]“. Among these files are: DOC, XLS, MDB, MDE, PPT, PPS, ZIP, RAR, PDF, PSD and DMP.

You can get more info on Nyxem.E here.

Technorati Tags: , , , ,

PSP Nmaped

Published
by
Odrakir
on October 9, 2005
in Fun and Games and Security
. Comments

Just by mere curiosity I ran nmap to check my PSP ports and this was the result:

While browsing a site

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-10-09 01:47 WEST
Interesting ports on 192.168.2.120:
(The 3138 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
67/tcp filtered dhcpserver
67/udp open|filtered dhcpserver
68/udp open|filtered dhcpclient
MAC Address: xx:xx:xx:xx:xx:xx (Sony)

Nmap finished: 1 IP address (1 host up) scanned in 6.573 seconds

I was expecting more open ports, the DHCP server must be used when playing games in AD-HOC mode.

Technorati Tags: , , , , ,

Link Mode

Published
by
Odrakir
on October 8, 2005
in Computer Stuff, Networking, Security and Web 2.0
. Comments
Technorati Tags: , , , , ,