Posts by happygeek

Which 12 year old operating system which is still running on 11 million servers is about to die? Yep, that's the one: Microsoft Windows Server 2003 reaches 'end of life' status on July 14th.

One of the longest running discussions on DaniWeb asks the question Why does Windows XP refuse to die? and I have my suspicions that we may be asking the same of Windows Server 2003 in the years to come. Which is fine as far as it goes, unfortunately that's not very far in terms of security as there will be no more security patches, updates or assisted technical support. One industry expert has described this as being the "biggest security threat of 2015" and published a white paper on the subject with the very apt title of 'Server 2003 is dead. What are you going to do?'

Ade Foxall, CEO of Camwood and co-author of the report, suggests that discussion of Server 2003 end of life has been woefully limited even within the IT professional community, certainly when compared to the kind of coverage that XP got when it was approaching the same terminal stop. In an analysis of more than 5000 IT publications, Foxall discovered that Server 2003 end of life only got 5% of the news coverage that the end of Windows XP stirred up. “After the recent migration away from Windows XP, IT departments should be more aware than ever of the dangers of using an out-of-date platform" Foxall …

It's that time of year again, and the latest Secunia Vulnerability Review has been published. This analysed anonymous data gathered from scans right across 2014 of millions of computers which have Secunia Personal Software Inspector (PSI) installed and revealed some interesting statistics. On average, the computers used by the people running PSI had 76 programs installed on them and these vary from country to country. Secunia focussed its attention on what it calls "a representative portfolio of the 50 most common applications" which compromised 34 Microsoft and 16 non-Microsoft ones. So what did the analysis discover? You might be surprised if you tend to think of Microsoft as being the bad guy when it comes to vulnerable products.

In total, there were 15,435 vulnerabilities across 3,870 applications published by 500 different vendors which represents an 18% increase from the previous year in terms of vulnerabilities and 22% up when it comes to the total number of products. No wonder IT security can be a hard game to play when the surface is so broad and varied. The good news is that some 83% of the vulnerabilities in all products were patched, or at least had patches available, on the day of disclosure. Kasper Lindgaard, Director of Research and Security at Secunia, warns that while the numbers suggest an impressive 83% of vulnerabilities have a patch available on the day of disclosure, the number is virtually unchanged a month later. "30 days on, Lindgaard says "just 84.3% have a …

No such thing as too beardy, surely? :)

The recently revised Facebook community standards page states that the social network is on a mission "to give people the power to share and make the world more open" however it appears that it may have been giving the wrong people the power to share stuff you thought was private. According to security researcher and bug bounty hunter Laxman Muthiyah Facebook's photo sync feature came with a critical flaw which "allows any malicious Facebook application to read your mobile photos."

The vulnerability concerns Facebook's Photo Sync feature for mobile users, which was introduced back in 2012 but because it was an opt-in thing might have luckily passed many users by. If you had, however, have turned it on then any photos you took with the phone would automatically be uploaded to the Facebook cloud where they would be stored for future use. That use could be for including in your Facebook postings, and the sync feature would give you quicker access to all your images in theory, or maybe it could be seen as a handy backup system in case anything happened to your phone. The photos in the Facebook cloud were marked as private so could not be seen by anyone else, again in theory. In practise, third party apps that you had authorised to access your mobile photos could see them as well.

I'm not sure if that means all your photos are stored by Facebook, including any shall we say any saucy ones. After all, …

Yesterday was epic. I was glued to rubgy on the TV for seven hours and it felt like just a couple. Exciting doesn't really do it justice. You know what, I don't care who won after rugby like that. England, France, Ireland and Wales all played so well. Best 6N finish I can remember and one of the best days of ruigby ever. Stunning stuff.

I don't usually write about acquisitions and all that financial stuff, but news that PayPal has acquired CyActive caught my eye as apparently this brings the promise of 'bio-inspired predictive security' into the online payments provider threat protection mix. Which made me think, just what the heck is bio-inspired predictive security when it's at home, and why has PayPal bought into it?

My first port of call in trying to get a line on this was the official PayPal blog posting on the thing. "While we have industry-leading fraud models and verification techniques, and a world-class security team" James Barrese, Chief Technology Officer and Senior Vice President, Payment Services, PayPal says "we’re always looking for ways to make our systems even more secure." Which is where the CyActive acquisition comes in, along with the establishment of a security center in Israel that will "tap into the country’s cutting-edge technology and top cybersecurity talent." CyActive being part of that tapping into process, being an outfit which specializes in predictive technology that focuses on how malware will develop and by so doing adds an element of future-proofing (or at least that's the idea) to PayPal security measures.

OK, so what does CyActive actually do then? Good question, and according to the company itself the answer is "forecasts how hackers will evolve today’s malware into tomorrow’s advanced threats, by applying bio-inspired algorithms and a deep understanding of hackers’ behavior, considerations and constraints." Which is about as …

Content Management Systems (CMS) may not be the most interesting topic on the tech table, but oh boy does WordPress liven things up in this sector. Not, it has to be said, always in a good way. I've lost count of the number of WordPress vulnerability stories that I've read over this last 12 months, and have even written a few myself. of course, more often than not it isn't WordPress itself that is the problem but one of the gazillion plug-ins that are out there and being used to customize it and add functionality. There was the SoakSoak malware linked to the RevSlider plug-in a couple of months back, and that's just the tip of the iceberg.

Now a new survey of more than 500 WordPress users by CodeGuard (http://www.CodeGuard.com) has revealed how they are just making things worse by not being properly educated regarding backing up their sites or updating software. According to the survey while 54% do update WordPress somewhere between once a week and every few weeks there were 21% who backed up only occasionally. Some 24% used a website backup plugin, but only 23% have any real training in the use of these tools while 47% had either none or very little idea of how to use WordPress.

Maybe that's not too surprising as the survey also showed that WordPress users are attracted by ease of use and tend to veer towards the less technically competent end …

Spring has been getting rather unseasonably hot for Apache users as far as security flaws go. First there was news of how the FREAK (Factoring Attack on RSA-EXPORT Keys) vulnerability could impact Apache. For more on FREAK see this excellent analysis by Matthew Green, a cryptographer and research professor at Johns Hopkins University. Green points out that "Apache mod_ssl by default will generate a single export-grade RSA key when the server starts up, and will simply re-use that key for the lifetime of that server. What this means is that you can obtain that RSA key once, factor it, and break every session you can get your 'man in the middle' mitts on until the server goes down." How serious the FREAK thing is open to plenty of debate in the IT security world right now, what with both clients and servers being patched and the technicalities of the attack less than straightforward for non state sponsored actors in the real world.

However, that still leaves the second bit of bad news on the Apache front: ActiveMQ LDAP Wildcard Interpretation. Researchers from MWR InfoSecurity Labs have identified two weaknesses in the way Apache ActiveMQ performs LDAP authentication. The vulnerabilities allow for leveraging the unauthenticated authentication mechanism, when supported by the remote LDAP service, or abuse an LDAP wildcard expansion weakness. The unauthenticated authentication mechanism may be used for performing unauthenticated Bind with an LDAP service. The wildcard interpretation weakness allows for brute forcing a password, for an unknown …

Addressing last weeks Securi-Tay conference hosted by the Abertay Ethical Hacking Society in Scotland, Stephen Tomkinson from the NCC Group detailed how Blu-ray players can do more than play videos; they can open up a new attack surface for the hacker. Tomkinson demonstrated a new tool that had been released in order to enable the investigation of embedded network devices, and used the network exposed features on a common Blu-ray player as an example. He showed how an innocent looking Blu-ray disc can actually circumvent sandboxes and present the hacker with control of the underlying systems. Of course, that innocent looking Blu-ray disc was anything but; it was highly malicious. The disc itself, by combining a number of vulnerabilities discovered in Blu-ray players, was able to both detect the player it was inserted in and then launch a platform specific malicious executable. It also played a movie, to do otherwise would be a tad suspicious. The full technical background is published here but essentially the rich features of Blu-ray interactivity are built using a Java variant called BD-J, this both user interfaces and embedded applications to be structured as Xlets which can be thought of as akin to web Applets. Tomkinson and his team managed to circumvent the JVM SecurityManager controls and gain access to the underlying OS.

Troy Gill, manager of security research at AppRiver, says that while exploits are interesting in as far as showing how seemingly harmless functionality can be leveraged to run malicious executables, …

How about you do your own homework buddy?

If you have some code to show us, post it and our members will help you (without actually doing it for you) understand where you are going wrong.

Simples.

Although the term 'reflection DoS' is nothing new, I recall reading something about it three years ago when a high profile security researcher used it to describe how malicious SYN packets were being reflected off bystanding TCP servers and the SYN/ACK responses used to flood his bandwidth. More recently, Garrett Gross from security vendor AlienVault recently wrote about the relatively new method of amplification Denial of Service (DoS), also known as a reflection attack, using SQL servers. This was actually first reported at the back end of last year when servers belonging to the City of Columbia, Missouri were hit by a multiple DoS methodology attack including this technique. However, my sources tell me that reflection attacks have been on the up for some time and in the fourth quarter of 2014 Akamai's Prolexic Security Engineering & Research Team (PLXsert) researchers reckon that some 39 per cent of all DDoS attack traffic were employing these amplification techniques.

Now Akamai is reporting that the reflection attack method has been used in conjunction with Joomla servers running a vulnerable Google Maps plugin. Akamai warns that, after a whole bunch of vulnerability disclosure across 2014, the Joomla content management framework is still being actively targeted by those with malicious intent. In conjunction with the PhishLabs Research, Analysis, and Intelligence Division (R.A.I.D), PLXsert observed traffic signatures from Joomla distributions with a vulnerable Google Maps plugin being used as a launch platform for DDoS attacks. These traffic …

The "provide evidence of having done some work yourself if posting questions from school or work assignments" rule kind of covers this, doesn't it? I mean, it's not like you are showing us any effort at all here, just asking for someone to send you a completed project.

I have removed the link from the original post to prevent members downloading it and the potential for problems if they do...

Chinese computer manufacturer Lenovo has admitted that it installed an adware component called Superfish on 16 million PCs shipped between September 2014 and February 2015 in order to "help customers potentially discover interesting products while shopping" according to an official statement made by the company. Although there is some argument to be had as to the validity of the 'helping customers' idea regarding software which injects third party adverts into Google searches and websites without the explicit permission or knowledge of the user, where there is no debate to be had at all is in the bloody great security hole Superfish drives through any Lenovo computer it is installed upon. It is true that Superfish doesn't, as far as I can tell, monitor user behaviour or record user data and instead uses contextual and image-based methods; meaning that users are not tracked as such. However, it is also true that it does some things which have the potential to be very dangerous indeed and that potential looks like it could soon become a very tangible reality.

The problem being twofold: firstly there's the not so small matter of Superfish having a pre-installed root CA certificate on your brand new Lenovo right out of the box. This enables it to intercept not just some websites that the user visits, but pretty much any of them and that includes HTTPS-protected ones, to inject adverts. Yes, you read that right, a trusted root certificate that you …

No car is driverless if my mother-in-law is a passenger...

I take security and privacy issues seriously, but sometimes I despair when news stories such as that regarding Samsung TVs eavesdropping on private conversation explode across the media as happened last week. The reason for my despondency has less to do with the data privacy debate and more to do with the human stupidity one. That said, let's get the technical bit out of the way first.

The privacy scare story kicked off after someone, eventually, noticed that privacy policy relating to Samsung smart TVs included the line: "Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition." This triggered a veritable tsunami of panic amongst the apparently easily panicked that their inane ramblings with the dog were being recorded by 'someone' and this data could somehow then be used to their detriment. Some particularly dense blowhards even made the connection between this statement and the Edward Snowden revelations, concluding that TVs were being used by The Powers That Be in the war against terror. I can only assume they were wearing tinfoil gloves as they typed their concerns across social media channels.

Here's the thing though, if you've bought a 'smart' television do you actually think it is a self-contained intelligent organism? How do you think it figures out what you are searching for when you use the voice search function, and returns recommendations for …

An updated list of accounts taken down, or at least some of them, can be found here: http://pastebin.com/d8ND4rvV

The hacker collective known as Anonymous first declared war on Islamic State (formerly known as ISIS) supporters back in the Summer of 2014 with Operation NO2ISIS which promised to target the online infrastructure of those countries sponsoring Islamic State militants. This declaration followed the hacking of an Anonymous Twitter account, @TheAnonMessage, which was then used to post photos of a terrorist assault near Baghdad. At the time, an Anonymous spokesperson stated that "these savages who have no religion or morality are bent on burning everything in their path, killing and pillaging as they go. They must be stopped." Because Islamic State itself had a pretty limited online footprint, at least in terms of infrastructure that might be vulnerable to a hack-based attack, the decision was taken to target the people and countries which supported them instead. Now things are different, with the terrorist group using social media to promote itself and to distribute videos showing executions of hostages.

Following the Charlie Hebdo atrocity in Paris, Anonymous declared war directly on Islamic State and promised to "track down and close all accounts on social networks related to terrorists in order to avenge those who have been killed." That threat, under #OpCharlieHebdo, was thought to have come from a specific branch of Anonymous, a group of Belgian activist to be precise, and seems to have largely focused on DDoS'ing ISIS recruitment sites. However, a new Anonymous video has now emerged which …

Try: https://www.daniweb.com/home/about

How bizarre that the 'Bangalore SEO Company' should need to ask such basic questions about how to bring new visitors to a site. Either you are just here for the spamming, or you are really crap at your job. Or both...

My idea of final is the end. Does that help at all?

I broke my wrist this week (scaphoid fracture) which is fun. Didn't involve any tool bashing though.

Adobe Flash users have been under attack from cybercriminals again, this time courtesy of a zero day exploit kit by the name of Angler. The exploit kit has been readily available on the dark market, and hits vulnerabilities to be found in Flash Players up to 15.0.0.223, as well as the latest release.

There is some uncertainty as to who is at risk from this kit, with some sources claiming Windows 8.1 and Google Chrome users are safe, while others tell me any version of Internet Explorer used with any version of Windows is at risk if Adobe Flash player 16.0.0.287 is installed and enabled.

It's best to assume, therefore, that if you are an Adobe Flash user you are at risk. Adobe has issued an emergency patch for the Angler exploit under CVE-2015-0310 which covers vulnerabilities in the older versions, and a patch for the version 16.0.0.287 exploit should be available in the coming week.

Adobe recommends users update their product installations to the latest versions:

Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.287.

Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.262.

Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.438.

Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.287.

Here's some info: please do not use this site to spam your products. Read the rules before continuing my friend.

Welcome from a very snowy West Yorkshire, England.

Excellent. You know what you need, now you have to code it. Good luck.

I have never played games on my laptop, despite it being sold as a gaming lappy. I'm a confirmed Xbone man. So why a gaming lappy then? Simples - the power and build of the thing provides me with something which can survive the bashing I tend to give my work tools. Over to Diafol for the double entendre comment :)

please help me i have to give teacher after 1 hour

Ding! You've failed. Next...

I currently don't have a desktop, only laptops, because I found that I could only use the desktop in the office :)

Actually, I have three laptops: my main work one (something of an overspecced powerhouse which was built to last for the long haul), my old one (stays in the office as an emergency spare) and the family one at home (which I rarely use as there are always teenage boys on it).

I would have thought a genius NASA programmer would be able to find a decent source of tutorials himself.

So Google has admitted defeat and is pulling the Google Glass Explorer Program with pretty much immediate effect. January 19 will be the last day to get the Glass Explorer Edition. In a statement, a Google Glass spokesperson said that "we’re ready to put on our big kid shoes and learn how to run" and continued hyping it up with "interest in wearables has exploded and today it’s one of the most exciting areas in technology" until almost reaching a climax by stating "we’re seeing incredible developments with Glass in the workplace" before finally dropping the closing it down bomb.

Actually, it doesn't look like the end of Google Glass altogether, just the end of Google Glass in the current format. Google says it will now have a dedicated team as part of Google itself rather than being a lab project, and that it will continue to "build for the future" with future versions of Glass being developed.

I'm sure the merry few who invested, and invested pretty heavily, in Google Glass will be thrilled to see that investment reduced to owning a failed tech; and let's be honest, that's precisely what Google Glass was and is. Even more than the smartwatch, smart glasses are a big ask of anyone other than certified nerds to get excited about. Sales kind of reflected that, along with rather a lot of well deserved negative press.

So what went wrong and why won't I miss this particular piece of technology? How …

Hey Jack, unlike most people who have been described as a genius, the more you say the dumber you appear...

You also live in a different country, and my phone won't stop autocorrecting.

A true genius would probably be able to get to grips with editing autocorrected messages. Just saying :)

I know. All of this. One thing that I find, exceptional. I have an IQ of 192. I'm also in college. Sooo, am I a prodigy?

Not sure about the prodigy thing, but you sure have one large ego that seems to require a lot of massaging.

David Cameron is making a pretty good fist of it...

According to the Daily Mirror, a number of official websites connected to French municipalities were hacked at the end of last week to coincide with the Charlie Hebdo massacre and the hostage taking at the Jewish supermarket. The newspaper reported that the home screens of websites belonging to the towns of Jouy-le-Moutier, Piscop, Goussainville, Val D'Oise and Ezanville (all surrounding Paris) were defaced with a Jihadist ISIS black flag and a message which translates as "The Islamic State Stay Inchallah, Free Palestine, Death to France, Death to Charlie." The hacker concerned declares himself to be an Algerian using the name L’APoca-Dz, and is also associated with a number of previous defacements of Israeli connected websites with anti-semitic messages.

All the sites concerned were quickly returned to normal. Meanwhile, the technology world as a whole has been supportive of the cause of freedom of speech and shown solidarity with Charlie Hebdo, the French people and everyone who condemns terrorist actions such as those of last week. This has been seen both in the rise of the #JeSuisCharlie hashtag and the news that Google is providing financial assistance to the publishers of Charlie Hebdo to ensure that a million copy print run will be achieved for the next issue rather than the more usual 60,000.

More worryingly, and absolutely predictably, the politicians and spymasters are using the Charlie Hebdo attack as a reason for more monitoring of our online and telephone conversations. A couple of months ago, the powers that …

A quick search would have revealed that this was a change to the search engine architecture which happened in 2009/2010.

stultuske: if he had asked "can you tell me how to increase my traffic?" that would have also been a vaild question.

He didn't :)

What browser are you using? Check for any extension that may have been installed and remove that.

Download the free version of malwarebytes anti-malware (https://www.malwarebytes.org/mwb-download/) and set that upon it, usually does the trick.

I wouldn't waste any more time responding to this spammer: multiple posts, multiple accounts, same sigs, same IPs (although using random ones from day to day) posting a question then posting bunch of answers to expose sig links...

The golden rule is: if you don't want anyone to see your stuff, don't put it on the Internet. Pretty simple really...

If you spam everywhere else like you do here, I'm not surprised your position sucks...

For me, has to be CoD:AW on Xbox Live. I play Kill Confirmed mainly, and am currently ranked 1250 out of 1.9 million players which isn't bad for an old grandad :)

I'm a geezer... :)

<almostbob> I like this definition of what I do for a living:

Those who can, do
Those who can't, teach
Those who can't teach, write

I'm seeing 'Nearly a Posting Maven' here.

Oh the irony. In what is starting to read very much like the script to a Hollywood movie itself, the latest twist to the Sony Pictures hacking plot took an unexpected turn yesterday. It would appear that at one stage yesterday access to the web across pretty much all of North Korea went down, with access to key sites such as the state-run Korean Central News Agency (KCNA) and Rodong Sinmun newspaper were down for most of the day. Not that most North Koreans would have noticed, of course, seeing as they are denied access to the Internet anyway.

The question now is who did it, assuming anyone did that is as a technical glitch is not entirely out of the question although highly unlikely truth be told. News sources online immediately seized upon the US as being the prime suspect, given that the FBI had officially blamed North Korea on December 19th for being behind the Sony Pictures attack. Retaliation of some sort was not a total surprise, with President Obama promising a 'proportional response' however a cyber-attack on the scale required to take down country-wide nation state access would be quite some undertaking. The finger pointing is prompted by reports that security outfits which monitor such things, such as Arbor Networks, had noticed that the Internet infrastructure in North Korea started to suffer from denial-of-service attacks from December 20th; the day after the FBI announcement. However, dig a little deeper and you …

A day late due to illness, but Merry Yule/Winter Solstace to you all...

I would be very surprised if the Norton stories have any basis of truth in them at all. In 20+ years of being an IT security journalist I have not found a single piece of evidence to suggest it is the case. That's proper evidence, rather than hearsay, of course. Believe me, if this were the case then there are plenty of people who would be chomping at the bit to expose it; a real career builder of a story.