Posts by happygeek

I don't think that looking young is a barrier to marriage, and anyway why are you even thinking about marriage as a teen? Enjoy life first, says the man who has been married three times...

If you are basing your marriage potential on facial hair then, frankly, I imagine you are going to be single for some time. Unless you sign up with beardedladydating.com of course...

This just hit my inbox from the ZScaler ThreatLabZ folk:

Within hours of the public disclosure of this vulnerability, the Zscaler ThreatLabZ research team started seeing incidents of attacks targeting this vulnerability in the wild to download additional malware. It appears that Nginx and Apache web servers configured to use mod_cgi are two potentially vulnerable services that are actively being targeted in the wild. The server involved was found to be compromised and hosting ELF binaries which belong to the same Linux Backdoor Trojan family with DDoS capabilities. Zscaler believe that the vulnerable Apache servers were resulting in the download of an ELF binary named "apache" whereas vulnerable Nginx servers were getting the ELF binary named "nginx". The only difference Zscaler saw in these two binaries was the hardcoded Command and Control server information. Upon successful exploitation of CVE-2014-6271 vulnerability, the attacker is able to download and install the malicious ELF binary on the target Linux system. The malware connects to a predetermined Command and Control (C2) server on a specific port and awaits further instructions from the attacker

Some interesting comments coming in from the ITSec industry:

Jaime Blasco, AlienVault Labs Director.

We have been running a Honeypot since yesterday that basically emulates a system that is vulnerable. We found several machines trying to exploit the vulnerability. The majority of them are only probing to check if systems are vulnerable.

On the other hand we found two attacks that are actively exploiting the vulnerability and installing a piece of malware on the system.
These pieces of malware turn the systems into bots that connect to a C&C server where the attackers can send commands.

We have seen the main purpose of the bots is performing distributed denial of service attacks.

A 22 year old vulnerability, yes you read that right, has been discovered which some security experts suggest could be bigger than Heartbleed. The bug, reported as 'CVE-2014-6271:remote code execution through bash' relates to how environment variables are processed: with trailing code in function definitions being executed independently of the variable name. This can be exploited remotely with code injected into environment variables across the network.

The GNU Bourne Again Shell (Bash) command interpreter is widely used, to put it mildly, and as such is being treated as a critical security risk to Unix and Linux systems. Which means it could actually impact upon routers, Macs running OS X, servers, websites etc etc. The Heartbleed reference comes courtesy not only of the potential widespread target surface, but also the length of time which this vulnerability has been present. Apparently the bug goes right back to version 1.13 of Bash, and hits all versions from then right up to (and including) version 4.2; which is, I repeat, a 22 year exploit window. On the plus side, it seems that the Dash alternative as employed by Ubuntu and Debian-derived systems is not impacted by the vulnerability.

You are advised to check if you are vulnerable by executing the following line in your shell:

env x='() { :;}; echo vulnerable' bash -c "echo start patching now"

If you see output of 'vulnerable - start patching now' then take heed and do just that. Or at least start doing that, because although …

Erm have you tried http://www.embarcadero.com/

Or actually buying a genuine copy...

See https://support.google.com/webmasters/answer/139066?hl=en

Windows 9 will lose menus altogether, you will have to dig for applications etc...

The Internet of Things (IoT) is something of a buzz-phrase right now, and locking down the IoT is certainly something that vendors across both security and hardware industries are talking up. The problem with the publicity surrounding stories of 'things' that have been hacked is that, well, they never really have much potential impact right here, right now, to you or your business. So someone managed to break into an Internet-connected baby monitoring device and make creepy announcements over it, or there's the potential to control an Internetified self-driving car in the future; neither of which fill me with dread about the security of my data as is, it has to be said.

However, maybe you and I are missing the point. Maybe we need to broaden our definition of what things this Internet of them actually comprises. How about printers, for example? Stand up if you have a printer which isn't connected to your network and the Internet beyond? I'm guessing there are lots of you still sitting down, I certainly am. There's part of the IoT right there which represents a very real threat to your security posture, and you probably didn't know it.

Researchers at Context Information Security knew it, and proved it. They remotely accessed a web interface on a Canon Pixma printer, they modified the printer firmware from the comfort of the Internet and then used this modified printing device to play a game of Doom on the built-in screen. If that's not scary enough …

No. You write a program that reads a line of text, changes each uppercase letter to the lowercase, and places in a queue and onto a stack. When you've done that, show us what you have got and what help you need.

Nobody is here to do your homework for you, sorry to disappoint...

http://goo.gl/CUAUD2

But, to be honest, it looks like you have already done a Google search and just pasted the names from it. If you already know about the three principle players with a claim to the title, why ask here?

Reports started circulating yesterday that Gmail had been hacked, with some 5 million logins at risk. This follows the publication, on Tuesday, of a plain text list of Gmail usernames and passwords on a Russian Bitcoin forum. Within 24 hours the 'hack hysteria' had taken hold and people were being advised to check if their accounts had been compromised, change their passwords etc. Trouble is, there appears to be absolutely no actual evidence that Gmail has been hacked at all, and plenty to suggest that this credentials list is just another composite; constructed with passwords taken from lists already published concerning other breaches. The Gmail connection is, at the most, that people whose credentials were exposed at those other sites and services had used a Gmail address to register their accounts.

Having spoken to a number of people who, at first glance, would appear to have fallen victim of the Gmail hack that wasn't, it seems that there are lots of very old passwords in play on that list. What's more, there are lots which were never actually associated with a Gmail account at all. Just to be clear, what I'm saying here is that the list itself seems to consist largely of instances where someone has registered with a service with a username of xxx@gmail.com and a password of yyyzzz and the inference is that yyyzzz is the Gmail account password. This is simply not the case in many instances that I've been made aware of, enough for me …

I reverse my previous welcome, another spammer now banned...

Don't bother folks, the spammer showed his true colours and is now banned; the fate that awaits all spammers here at DaniWeb...

Thread closed.

Yet your signature link is for a UK-based classified ads site, and your profile states that you work for the same. Not just here for the spamming are you?

Some interesting research from security outfit Proofpoint was published this morning which reveals that unsolicited email heading towards users in the UK is three times more likely to contain malicious URLs than that destined for users in the United States, or Germany, or France for that matter.

It's not, as you may think at first glance, just a matter of the UK getting more spam. The research conducted over the summer, using the US as a baseline, shows Germany getting more spam as a percentage than the UK, US and France. The prevalence of spam and malicious URLs in the total email traffic are not, Proofpoint conclude, therefore correlated. Instead, UK users are being targeted with less spam but with a higher volume of infected spam. Compared to Germany, as much as five times as high in fact. Which begs the question 'why are cybercriminals targeting the UK so relentlessly when compared to other nations?'

Kevin Epstein, VP of Advanced Security & Governance at Proofpoint, doesn't think the answer is all that difficult. If the evidence points, relative to other countries in the report, that there are a startlingly high number of targeted attacks against the UK then given the almost universal financial motivation behind them "this strongly suggests cybercriminals have found UK organizations to be an unusually lucrative target" he insists.

Not that Epstein thinks non-UK email users should be complacent about the level of risk as he says that lower phishing volumes do not appear to …

My main problem with the whole so-called 'smart' watch technology concept is that so far they have not been that smart at all. The core functionality of all these devices would appear to be able to alert you to things happening on your phone, without you having to look at your phone. Thing is, if I have to have the phone in my pocket anyway why bother adding another bit of tech to access it? Have we become so lazy that looking at your phone is now too much bother? I mean, c'mon, what is a smartwatch actually for?

The iCloud fiasco was a combination of the usual user dumbass stuff and some Apple dumbass stuff (in not locking down password retries using the find my phone route in).

I've always thought that the best way of looking at it is if, when you are writing a post, you would consider it spammy if you replaced your site/service/product with something else then don't post it.

As Dani says, you can get feedback about your website in the website reviews forum and you can shout about it to the world in the show off your projects one (as long as these are genuine posts and not just adverts in disguise of course.)

Make use of your signature file and link to your site from there, contribute to DaniWeb as best you can and others will be exposed to your signature and as your reputation grows so more people are likely to click on that link and see what it is you do.

Also, make use of your profile to the fullest extent so that if members click on your username they will see who you are what you do and where to find you.

New? Duck Duck Go has been around for many years now. Nothing to do with Apple.

If you record the live match yourself, and have a legal agreement/license with the club to broadcast then yes.

If you mean can you just steal streams from other broadcasters which have already got those agreements and paid large amounts of money for them then, unsurprisingly, the answer is of course bloody not!

OK, now I've deleted the spam I have to ask: are you serious?

I smell either:

a chancer pretending to be a competant web developer

or

a spammer posting any old crap to publicise his signature links

Goodwill Industries International, a network of 165 community-based agencies in North America, has been breached. This follows a previous announcement of a potential attack back in July. After an extensive forensic investigation lasting a month, Goodwill has now confirmed that "a third-party vendor’s systems" were indeed "attacked by malware, enabling criminals to access some payment card data of a number of the vendor’s customers."

According to the statement, about 10% of stores (or 20 Goodwill members if you prefer) using the same third-party vendor were involved; Goodwill insists that there is no evidence of malware on internal systems. The breach was of third-party systems containing payment card information of certain Goodwill members’ customers. Those numbers may appear quite small, but actually when delved into equate to 330 stores in 20 states and an estimated 868,000 payment cards compromised.

The attack took place between February 10, 2013, and August 14, 2014 although some stores were not exposed to such a long period of attack. Details of those store locations that were impacted, in case you are worried, can be found here.

One question that remains unanswered at this stage is who the mysterious third party vendor is, as the Goodwill statement does not name the company involved. Ken Westin, security researcher at Tripwire, says "the fact that Goodwill is not mentioning the third-party vendor by name, makes me question where the blame may lie. I believe the statement is purposely vague and raises more questions than it …

Welcome to DaniWeb. I hope your bits get fixed soon :)

So, a bunch of US financial institutes have been hacked. Nothing new there, if we are being brutally honest. The newsworthyness in this particular case comes courtesy of one of those organisations apparently being none other than JP Morgan Chase. USA Today reported yesterday that a federal law enforcement official had told the media outlet, unofficially, that Russian hackers were behind the series of breaches which resulted in the loss of "sensitive data." JP Morgan Chase did not confirmed the accuracy of the report, but a spokesperson did tell USA Today that it uses "multiple layers of defense to counteract any threats" and "constantly monitor fraud levels." Which is about as helpful as a bucket of mud to clean the floor with. The FBI were a little more forthcoming, admitting that it is working with the secret service in order to determine the scope of "cyber attacks against several American financial institutions."

So what do we know about what happened? The answer, as you might have expected by now, is very little. That hasn't stopped the security industry from lining up to provide DaniWeb with some guesses though.

Philip Lieberman, CEO of Lieberman Software says that the ability to overcome the typical financial defense-in-depth strategy outlined by JP Morgan "points to capabilities that go beyond criminal activity and are in the realm of nation state capabilities" and warns that most of the financial services sector has "little to no protection from nation state attacks and is not willing to spend …

Blue Hat SEO is the name of a SEO outfit, it is not a methodology, concept, technique or technology.

There are only two types of SEO, right and wrong. Forget the whole colour-code thing - it's just a distraction. Focus on getting your SEO right, that's all.

Am I alone in finding it ironic that the 'Best SEO company in Bangalore' has to ask what page rank is and how to increase it?

There's a truism that I like to share with as many people as possible: if you don't want other people to see something, then don't post it online. It is, you might think, a pretty simple concept to grasp. After all, you wouldn't stroll into a bar with a megaphone and yell "I'm not wearing underwear" if you wanted to keep that secret would you? But would you write that fact down on small pieces of paper and slip them unnoticed into the pockets of people in that bar if you wanted to reveal all (please excuse the unfortunate choice of phrase) without revealing your identity? In a nutshell, that's what apps such as Secret promise to do; but such a promise of anonymity is always going to be hard to deliver.

Secret is one of an increasingly popular application genre known as 'anonymous sharing' which lets you send 'secrets' to your circle of friends without them actually knowing it was you. At least, that's the idea. Seattle-based security outfit Rhino Security Labs quickly shot holes in it with a remarkably simple work around. Secret relies upon 'crowd anonymity' for want of a better description, you join up and let the app interrogate your contacts book and Facebook friends to find others using the app to build your secret social circle. To see any of their posts, you need to have seven or more friends but you won't know which of your friends these are because the app doesn't tell …

It may have been marked solved, but in thir last post the OP stated "more help please" which suggests that there is, indeed, a need for further comments...

And yet, Nathanealneal, your profile says you work as an IT consultant for a networking company which 'helps customers understand networking cables'.

Either you are a very crap consultant and nobody should employ you or your company, or you are just building up your post count and getting ready to add a spammy sugnature link to your cable company (again).

Whatever, something smells very bad...

SuperValu has confirmed that is has, indeed, suffered a data breach. The supermarket company stated that what it calls a "criminal intrusion into the portion of its computer network that processes payment card transactions for some of its retail food stores, including some of its associated stand-alone liquor stores" may have resulted in "the theft of account numbers, and in some cases also the expiration date, other numerical information and/or the cardholder’s name, from payment cards used at some point of sale systems at some of the Company’s owned and franchised stores."

If you thought that was a bit of a mouthful as far as breach disclosures go, you probably wouldn't want to read the paragraph that follows and which states that the company "has not determined that any such cardholder data was in fact stolen by the intruder" and that it has no evidence to suggest the same. It goes on to say it's making the announcement "out of an abundance of caution." Cut through the cautious, and at times confusing, language and at least you can appreciate that SuperValu is doing the right thing. How timely it has been in doing that is harder to fathom.

The statement says that the earliest period the data could have been compromised was June 22nd, through to July 17th at the latest. What isn't 100% clear is exactly when the breach was discovered, although SuperValu does state it "took immediate steps to secure the affected part of its network" …

Now banned due to that confession...

See also: http://www.daniweb.com/internet-marketing/search-engine-optimization/news/482971/site-not-secure-google-confirms-it-will-punish-you-with-lower-search-rank

That's cool. What's with all the capitalisation though :)

I wouldn't believe anyone who presented me with a serticicate.

Some would argue that SEO itself is a game, and one that gets ever harder to win as the rules are constantly changing.

An interesting post appeared yesterday in the official Google Online Security and Webmaster Central blogs which confirms that in an effort to "make the Internet safer" it has been testing a system which looks at "whether sites use secure, encrypted connections as a signal in our search ranking algorithms." This follows calls for HTTPS everywhere at the recent Google I/O a few months back.

Google says is has seen positive results, and is now actually using HTTPS as a ranking signal albeit a "very lightweight" one which only impacts <1% of queries. Nonetheless, the intention is now clear that this will be the way forward and the signal will most likely be given more weight once website owners have had fair chance to make the move from HTTP to HTTPS.

Keep an eye open for official announcements from Google in the coming weeks, including best practice advise such as using 2048-bit key certificates and relative URLs for resources that reside on the same secure domain (using protocol relative URLs for all other domains.)

Mark Sparshott, a director at security vendor Proofpoint, says "I welcome Google's move to use HTTPS as ranking signal and downgrade those sites that are not encrypting connections to their visitors but caution that the minimal scope and weighting Google are applying may not be enough of a deterrent for poor security best practice yet."

A report from Hold Security claims that one of the biggest ever online heists has been committed by a Russian crime gang. It would appear that the data theft includes, wait for it, no less than 1.2 billion (yes billion) username and passwords along with around half a billion email addresses obtained from more than 400,000 websites. In total, Hold Security says, the stolen data amounts to some 4.5 billion items.

According to the report the gang acquired databases of stolen credentials from online dark markets which were then used to attack e-mail providers, social media, and other websites. Spam was then distributed which contained malware as a result. "Earlier this year, the hackers altered their approach" Hold Security says, with the gang gaining access to data from botnets which identified SQL vulnerabilities on the sites they visited. "The botnet conducted possibly the largest security audit ever" according to the company with "over 400,000 sites identified to be potentially vulnerable to SQL injection flaws alone." It was these vulnerabilities that were used to steal the data.

Mark James, a security specialist at ESET, says that because the data appears to have been harvested from a number of different location, ranging from the dark market through to the smallest of websites with lapse security, it suggests a lot of effort went into the heist. "Organising all this data into a central repository and then using it to gain access to more systems would point to a very organised gang …

So, let's get this straight: you run an online reputation company (as per your signature) and yet you are asking us how to create an online reputation?

Kind of suggests that either your original post was actually just some kind of thinly disguised spam or you are pretty rubbish at yur job, and quite possibly both.

Warrens80, do you have any interest in IT at all? Becuase, if not, then I seriously wonder why you are here if I'm being honest...

Free
Respected
Educational
DaniWeb

What?

Sorry, let me explain that better.

WHAT?

Ditto :)

Every week, Stephen Coty writes about interesting exploits that have caught his attention as chief security evangelist at Alert Logic. This last week (in a currently password protected posting) he mused about a 'JournalCtl and Syslog Terminal Escape Injection' zero day which could be of interest to the Linux gurus here on DaniWeb.

Here's the story. A new init control system called Systemd is being integrated into Linux distros, in an effort to update and overhaul SysV and upstart so as to become a more modern init system. Fedora has already jumped into Systemd, and as I understand it Ubuntu won't be far behind.

What has caught the attention of the security researchers at Alert Logic, however, is that the Systemd architecture uses a log management architecture called journal which uses journalctl to read the binary data represented in the journals. Which is where things get interesting, Coty says, as journal has the ability to read ‘unprintable’ characters.

Without the use of the right flags, messages with unprintable characters are referenced as binary blobs and Journalctl fully allows terminal escape characters to be represented (while the older syslog system filters these out) and so opens up an injection risk.

Coty tells me that if we were to inject something like echo -e “\e]2;WINDOW HIJACK\a” then it would be possible to hijack the title bar of the tab or terminal window.

"All we need to do is be able to find daemons, locally …

Yesterday, Tor issued a security advisory which revealed that a group of relays had been discovered on July 4th which looked like they "were trying to deanonymize users."

The advisory states that the attack "involved modifying Tor protocol headers to do traffic confirmation attacks" with the relays having joined the network at the start of the year. This means they were potentially deanonymizing users between January 30th and July 4th when they were finally removed.

A Tor spokesperson says that they know the attack "looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic" so no details of pages visited or whether hidden services searched for were actually visited at all for that matter. The advisory goes on to warn that it is likely that the attackers tried to learn "who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service."

No evidence was found to suggest that any exit relays were being operated, so the probability of linking users to destinations on standard Tor circuits remains remote. For full technical details of the attack methodology, see the advisory which goes into this at some length.

The following steps have been taken to remediate the damage in the short term:

• Attacking relays removed from the Tor network
• A software update has gone out for relays in order to prevent such use of 'relay early' cells again
• A new Tor version warns …

Then contact Gmail support and they will help you if you are, indeed, the genuine owner of the account.

Please read the rules here, in particular: Do not ask for help to pursue any illegal activity including, but not limited to, hacking and spamming

This thread now closed to prevent any outbreak of the above...

AVG (as a company) has a very blotted copybook courtesy of the damned secure search toolbar that it loves to install all over the place, and which borders on being malware (foistware is a good word for the thing) itself IMHO.

It seems like forever, but actually it was only the end of last year that we were writing about CryptoLocker which had pretty much redefined the ransomware landscape. Now this particular threat market is morphing again with the discovery of onion crypto ransomware.

Also known as Critroni, and CTB-Locker for what it's worth, the ransomware has been openly available (if you'll excuse the contradiction) on the underweb dark market for a few weeks now. However, this last week it has emerged in the wild being dropped by something called the Angler exploit kit. So why is this such a change in the ransomware attack methodology? Mainly, researchers are telling us, because it uses the anonymous Tor network in order to hide the command and control centers.

CryptoLocker upped the anti by encrypting files on the target computer, persisting across reboots and also encrypting backups on connected networks. It also demanded the ransom in Bitcoin in order to, the victim would hope, release a key for decryption. When the Gameover Zeus malware operation was successfully taken down by law enforcement agencies from the US and Europe, it looked like CryptoLocker was dead in the water as this was a key distribution channel. It should come as no surprise, and is likely no coincidence, that at exactly the same time the first instances of underground marketing for Critroni were spotted by security researchers. Now emerging from the Russian enclave where it was first tested out, Critroni/Onion sells for 'just' $3000 …

Power-user/advanced

Next... (yawn)