Category: security

  • A few words about hackersblog

    If you read security news, you most probably have already heard about hackersblog.org. It is blog created by a couple of my compatriots who feel that just talking about vulnerabilities in web websites is not enough and they must attract attention by actively exploiting the flaws and the posting their “trophies” Zone-H style. As you…

  • Detecting malicious hosts with p0f

    Lately I’ve posting a little malicious hosts, and here is the latest installment of the series: The basic idea is: infected computers (“bots” or “zombies”) can be be used to perform network actions on behalf of their “masters”. Some of these actions are usually done by “server class” machines. Two examples for such actions are: sending…

  • Webhoneypot

    In the last couple of months I’ve been helping out with the webhoneypot project.  From the Google code website: DShield.org is offering this honeypot for users to capture automated web application exploits. It is a very simple "semi interactive" honeypot implemented in PHP. The core idea is the following: you install it on a webserver…

  • Malicious sites by country

    In an earlier post I’ve said that the number of malicious sites in a country has a close relation to the level of connectivity in the given country. Here is a chart to show this visually: (The data collection method is the same as for the other data: malicious domains from DNS-BH and clean domains…

  • The limits of mob-style takedowns

    It is interesting to observe the dynamics of the interactions on the Internet. In the last couple of years several hosting (RBN, McColo and so on) organizations have been taken down by “denouncing them to the masses”. The usual flow of events was: Evidence was gathered against them The media “exposed” them Their upstream providers…

  • EthicalHacker.net compromised

    Today I was greeted by the following e-mail in my inbox: EH-Net Compromise Disclosure EH-Net was compromised a few months back, and we are asking all members to immediately change their passwords. Although we do not hold any sensitive data such as social security numbers, credit card numbers, date of birth, etc., we still realize…

  • I saw/read about SSLstrip – should I be afraid?

    A friend of mine said that  he saw the SSLstrip presentation from BlackHat DC 2009 and asked me if he should be afraid. Here is the advice that I gave: you shouldn’t be afraid. Fear is a bad motivator because it wants to force you to act quickly. A much better concern is informed concern.…

  • Does Google Chrome prevent CSRF?

    Some time ago I was reading the article Session Destroyer: Automatic Webapp Session Invalidation from the Linux Journal. It was a neat idea, however the part which peeked my interest was the following: Mozilla Firefox does not protect you against this attack by default. However, Google Chrome supposedly does because they implement each tab in…

  • How to handle problems?

    Pretend they don’t exists! Some time ago I complained about WinPatrol. Today its author published a blogpost badmouthing Adobe because of the recent flaw in Adobe Reader. Myself in turn, posted a comment pointing out that no software is perfect (his included) and furthermore: the advice he gives is partially wrong and leaves people exposed…

  • Writing binary values to files from VBScript

    Browsing the interwebs, I came across the following article: Invisible Denizen: ie_unsafe_scripting metasploit module. In it I found a part which raised my curiosity: Unfortunately, it does not allow you to directly write binary files to the file system. (You can use WScript.FileSystemObject to create a ‘text’ file that contains binary data, but this will…