It has been reported here that this file (/var/log/installer/cdebconf/questions.dat ) contains all the installation logs and included in the file are the default user and root passwords created in the install process in clear text. Can anyone check this out and see if it works? I’m running Dapper and it seems the bug is gone.
[tags]Ubuntu, root password, bug, exploit[/tags]
Following the news over the F-Secure site, I’ve noticed that the Nyxem.E worm has been ranked as a Level 2 Alert (meaning that is only one level below the highest alert level). This guy is spreading like mad all over the world from the USA to Australia. The web counter used by the Nyxem worm now shows over 510,000 infections and keeps rising.
The ‘Nyxem.e’ is a mass-mailing worm that also tries to spread using remote shares. It also tries to disable security-related and file sharing software as well as destroys files of certain types. It is similar to the ‘Email-Worm.Win32.VB.bi’ that was found a few days ago.
The worm’s destructive payload is activated on every third day of the month and replaces the content of user’s files with a text string “DATA Error [47 0F 94 93 F4 K5]”. Among these files are: DOC, XLS, MDB, MDE, PPT, PPS, ZIP, RAR, PDF, PSD and DMP.
You can get more info on Nyxem.E here.
[tags]Nyxem.E, virus, trojan, worm, DATA Error [47 0F 94 93 F4 K5][/tags]
Just by mere curiosity I ran nmap to check my PSP ports and this was the result:
While browsing a site
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-10-09 01:47 WEST
Interesting ports on 192.168.2.120:
(The 3138 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
67/tcp filtered dhcpserver
67/udp open|filtered dhcpserver
68/udp open|filtered dhcpclient
MAC Address: xx:xx:xx:xx:xx:xx (Sony)
Nmap finished: 1 IP address (1 host up) scanned in 6.573 seconds
I was expecting more open ports, the DHCP server must be used when playing games in AD-HOC mode.
[tags]Sony, PSP, Playstation Portable, Nmap, ports, hacking[/tags]
[tags]Internet, ICANN, UN, BotNet, Hacking, Flock[/tags]
Symantec Security Response identified today the first PSP trojan (this is known since the 3rd of October). The Trojan.PSPBrick, is a Category 1 threat (Category 5 being the worst) and it renders the PSP useless (like a brick, hence the name).
The virus is downloaded like a hack/firmware that lets users run homebrew games on the PSP. When installed, it deletes some system files and breaks the PSP. This is not automatic, the user must choose to download it, meaning you’re safe if you don’t install dubious files.
[tags]PSP, PSP Virus, Symantec[/tags]
I just got this wonderful email from Mozilla:
The Spread Firefox Team became aware this week that the server hosting
Spread Firefox, our community marketing site, has been accessed by
unknown remote attackers who attempted to exploit a security
vulnerability in TWiki software installed on the server. The TWiki
software was disabled as soon as we were aware of the attempts to access
SpreadFirefox.com. This exploit was limited to SpreadFirefox.com and
did not affect mozilla.org web sites or Mozilla software.We have scanned Spread Firefox servers and at this time do not believe
any sensitive data was taken, but as a precautionary measure we have
shutdown the site and will be rebuilding the web site from scratch. We
also recommend that you change your Spread Firefox password and the
password of any accounts where you use the same password as your Spread
Firefox account. We will notify you again when the site is back up with
instructions on how to change your password. (Note: We do use MD5
hashing on the passwords, but MD5 cannot protect all passwords against
off-line dictionary style attacks.)After Spread Firefox was compromised in July, we instituted procedures
to ensure that we apply all security fixes to the software running the
site (Drupal and PHP) as soon as they become available. Unfortunately,
those procedures overlooked the installation of the TWiki software since
it is not used by the main Spread Firefox site. When the system is
rebuilt, all the software will be audited to ensure that security
updates will be applied in a timely manner. We deeply regret this
incident and any inconvenience this may have caused you. Sincerely,Spread Firefox Team
Mozilla Foundation
Nice… very nice.
[tags]Mozilla, Firefox, Hacking[/tags]
Reported yesterday in InformationWeek, this new Worm modifies the Windows HOSTS file and redirects all traffic to Google from your pc to a Google website clone in Germany.
Searches run on the spoofed version of Google return results similar to the real Google, but in some cases, the sponsored links — top-of-the-page and right-side links to e-commerce sites that have paid for the placement — are different.
The page is an exact copy of Google and supports the 17 languages of Google. The creator of this worm has taken advantage of the importance of a company appearing among the first few links in the search results of an Internet browser. Its aims are none other than to increase visits to the pages linked by the creator of this malware or earn an income from companies that want to appear in the first few results in computer where the identity of Google has been spoofed…in both case, the motivation of the author of this malware is purely financial. – said Panda in a statement.
[tags]Google Worm, Google, HOSTS[/tags]
Did anyone noticed that iTunes 5 installs and starts the Bonjour service in Windows XP?
Bonjour – Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence, so that users can discover and use those services without any unnecessary manual setup or administration.
Version 5 of iTunes also loads the InstallDriver Table Manager service and as the previous versions also did, the iPod Service service, which loads even if there isn’t an iPod present.
A safe configuration should be:
Looks like Apple is not so keen in security as I tought (at least in Windows XP 😀 )
[tags]Apple, Bonjour, Security[/tags]