Machina improba

Security

Detecting Internet Worms that block Websites

Posted Thu, 04/02/2009 - 3:35pm by rernst

In the past there have been several worms and viruses that block websites. Conficker is included in this list: it blocks access via the web to several major antivirus vendors' websites.

This means that there is a simple, web-based test to detect its presence:

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html.

If you see all the images, you're not infected :).

FTP Cracking to Perpetuate Malware via Spam

Posted Wed, 08/27/2008 - 2:45pm by rernst

This article on spamhaus details how spammers are using cracked FTP accounts to spread malware in spam. FTP cracking is hardly new, but the article gives some excellent reasons to switch away from plain FTP.

It also illustrates an interesting -- and slightly scary -- convergence of technology to further spammers' aims.

How to not receive any email at all

Posted Mon, 07/28/2008 - 2:50pm by rernst

Sure, you could set up your mail server to enforce a security policy where any message with more than a certain number of 'Received' headers. But when that 'certain number' is '2', could you receive any mail at all?

(Yes, I actually saw this today: I sent off a quick email to postmaster@ but I'm not sure if it ever arrived or not :S)

Update 24 hours later: I haven't received a bounce, so maybe it did arrive. Hard to say.

DomainKeys: finally being used for its intended purpose

Posted Tue, 07/15/2008 - 1:40pm by rernst

Google and Yahoo are using domainkeys to verify paypal and ebay email. This is a good thing, but it's really late. Still, since paypal and ebay are amongst the most phished services, this has the potential to do a lot of good. Now, if only banks would start using it.

Drupal Security Updates - 5.8 / 6.3 and OpenID module 5.x-1.2

Posted Thu, 07/10/2008 - 8:19am by rernst

This morning I received notice of two security update releases in my inbox: one about Drupal core being upgraded, another about the OpenID module containing a security vulnerability before 1.2.

Since upgrading Drupal core is such a pain, I've generated a patch (it's attached to this post: click on '1 attachment' to retrieve it) for upgrading your existing sites from 5.7. If you're not running a 5.7 site, please don't try to use it.

Fighting Spam on a new site: Captcha, OpenID and Trust

Posted Mon, 04/14/2008 - 4:27am by rernst

I'm amazed how quickly spambots find a new site. Especially the comment spammers. When I had this on a temp URL, it had been found within two weeks. My solution? Turn off anonymous commenting. Easy, because it didn't matter, and there were no users to speak of.

But six hours after I pushed this site public, the comment spammers were at it again. Formerly, the site was running on wordpress. There, I used spam karma 2 to stem the tide: it worked really well.

Hot-chip security

Posted Fri, 02/22/2008 - 2:44pm by rernst

Slashdot linked to a freedom-to-tinker article announcing what's called a cold-boot attack on disk encryption. The attack relies on the fact that DRAM does not -- as usually thought -- erase its contents upon power loss. In fact, by cooling the chip with something as simple as a can of compressed air the chips can retain their contents for multiple minutes. Getting the keys out is just a matter of booting the machine a second time using a bootloader that reads out the keys.

Even though I know better, it continues to amaze me how easy it is to bypass security systems. Surprisingly, the weakness is not the human element.

I guess canned air is next on the 'must ban this because it can be used to break security schemes' list, along with sharpies and ballpoint pens.

End of Year warnings, recapped

Posted Sat, 12/15/2007 - 6:15am by rernst

Last July, it was announced that PHP 4 had been end-of-life'd.

What this means is that there won't be any more bugfixes, and only critical security vulnerabilities will be released for some months into 2008. Most web hosts do have PHP 5 available, but a few shared hosting providers haven't done so.

http://www.gophp5.org has more information on what web applications claim to be compatible, but I disagree with:

The War on Words — part 1

Posted Fri, 11/30/2007 - 3:19pm by rernst

Equal, But Opposite

I'm confident it's not a 20th century invention to use words to mean the opposite of what they conventionally mean. But it certainly is pervasive. And annoying. And very, very dangerous.

Something I saw somewhere:

"English is the language that lets you talk until you figure out what to say"

Take for example, the phrase 'Digital Rights Management protections', which I came across recently.

Stop asking for my password, dammit!

Posted Mon, 10/15/2007 - 4:21am by rernst

In the past few months it's been an increasing trend to have sites ask you for your username and password from some service. I've lamented about this in the past regarding youtube and embedding videos, and it's shoved in your face on facebook.

Though, admittedly, youtube has to store your password for some reason, while apparently facebook only uses it then discards it.

Still, I couldn't quite put my finger on why it was a bad idea. Apparently it's in every social networking site, too.