Articles tagged in security

  1. Google Chrome Hacked

    Via Hacker News. Google Chrome Pwned by VUPEN aka Sandbox/ASLR/DEP Bypass.

    While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any installation of Chrome despite its sandbox, ASLR and DEP.

    I would hope an update to fix the exploit would be released soon, although sandboxing has already proved to be insecure which makes future exploits easier. Meanwhile, I'm going back to browsing by telnet hostname 80.

  2. Securing PHP-FastCGI on Nginx

    Via Hacker News. Setting up PHP-FastCGI and nginx? Don’t trust the tutorials: check your configuration! I have in fact written quite a few tutorials and published automated scripts that are vulnerable. Seems the easiest way to prevent this issue is by adding a try_files statement (or a if (-f $request_filename) if Nginx -V < 0.7.27) into location ~ \.php block. For example

    location ~ \.php$ { # For nginx -V >= 0.7.27
      try_files $uri =404;
      fastcgi_pass localhost:8080;
      ...
    }
    location ~ \.php$ { # For nginx -V < 0.7.27, i.e. Debian 5
      if (-f $request_filename) {
        fastcgi_pass localhost:8080;
      }
      ...
    }
    
  3. SIP Attack! Home VoIP ATA Got DoS'ed

    Bought an ATA from Cormain back in January. It's ugly, but it works. Connected to our new Billion 7800N ADSL2+ router and makes calls via PennyTel. No problem what so ever until a week ago. Suddenly VoIP stopped working. I am also unable to connect to ATA's web admin interface to figure out what might be wrong. I thought the ATA is dead. Nasty cheap product! I thought maybe I bought a lemon and now need to file a warranty claim.

    Interestingly though, that when I disconnect the ATA from WAN interface, I could connect to its admin interface via the LAN port. However right after I connect LAN port to my ADSL hub, any request to admin interface would timeout. That's weird, so I turned on syslog to log the system message to my external syslogd, and then connect the LAN port. Wow -- heaps of log messages. Here is a snippet:

    Mar  3 22:26:24 CDUaUdpStack::OnReceiveFrom(803fa460, 334)
    Mar  3 22:26:24 from:50.22.171.5, port:5112, len=334, REGISTER sip:xx.xx.xx.xx SIP/2.0^M Via: SIP/2.0/UDP 50.22.171.5:5112;branch=z9hG4bK-1614305573;rport^M Content-Length: 0^M From: "152" ^M Accept: application/sdp^M User-Agent: friendly-scanner^M To: "152" ^M Contact: sip:123@1.1.1.1^M CSeq: 1 REGISTER^M Call-ID: 2269038874^M Max-Forwards: 70^M ^M
    ...
    Mar  3 22:26:24 CUserAgent::SendTo(806f9750, 234, 5112, 50.22.171.5, 0, encryptType=0, udp, 0)
    Mar  3 22:26:24 to:50.22.171.5, port:5112, len=234, SIP/2.0 403 Forbidden^M Via: SIP/2.0/UDP 50.22.171.5:5112;branch=z9hG4bK-1079254239;rport^M From: "152" ^M To: "152" ;tag=2cfa115b^M Call-ID: 807709011^M CSeq: 1 REGISTER^M Content-Length: 0^M ^M
    

    Repeat the above for around 15 times per second! What appears to be happening is -- this host 50.22.171.5 has been sending me SIP registration message at the rate of 15 times per second, and my VoIP ATA is merely replying back with 403 forbidden message at the same rate. My ATA is pretty much DoS'ed -- I am denied of my VoIP service, because it has been too busy servicing bogus requests!

    So once I firewall'ed the requests (dropping all packets from that IP), my VoIP ATA got back its sanity again. Hooray!

    However, the "attack" did not stop. Large number of requests are still hitting my ADSL router every second. It is also chewing up quite a bit of bandwidth that counts towards my ADSL monthly quota. Here is an MRTG graph.

    VoIP DOS'ed

    Not a lot of things I can do.

    • I have sent an email to Softlayer's abuse department (that IP address belongs to Softlayer). Did that a few days ago and still waiting for the reply.
    • I could request a new IP address from Exetel to switch to. A lot of hassle especially with some IP-based authentication.

    will update once there's a solution. This kind of SIP-based DoS attack seems to get very frequent now -- what are they trying to achieve?!

  4. PasswordFox - Standalone App to Reveal Firefox Passwords

    PasswordFox -- Reveal the user names/passwords stored in Firefox. Very useful utility to actually show all your passwords stored on Firefox. It's not a recovery tool as you still need to type in the master password. However even without master password it shows all the websites you have kept password …
  5. Mac OS X Root Escalation with AppleScript

    Read this story on Slashdot. "Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through AppleScript: osascript -e 'tell app "ARDAgent" to do shell script "whoami"'; Works for normal users and admins, provided the normal …
  6. Upgraded to WordPress 2.3.3 'Coz of Security Issues, Again!

    Went to the Aussie Bloggers forums this morning and spotted this post on an urgent WordPress upgrade (yes, I usually troll in the forums early in the morning instead of reading RSS feeds). WordPress 2.3.3 has been released fixing a few minor bugs and a security issue. Yes …
  7. PDF 0-Day Vulnerability

    eWeek: Opening a PDF file on your Windows PC can get you pwn3d, recently discovered by researcher Petko D. Petkov (his blog is no longer online at this point in time). It's the same guy who discovered Apple's Quicktime flaw and how you can infect someone's PC via Firefox and …
  8. MyBlogLog's Co-Author Exploit

    Got an email from MyBlogLog about 2 days ago. Hi ScottYang, I would like to add you as a co-author of my MyBlogLog community below: Blog/Site: Blogmemes Belgium (http://www.blogmemes.be)MyBlogLog community: http://www.mybloglog.com/buzz/community/Blogmemes_Belgium/ Your MUST click on the link below to …
  9. Filling up PhishTank with Phishers

    Via OpenDNS Blog, PhishTank is a website that collects URLs of phishing websites that conduct fraudulent activity by tricking people believing they are on a legitimate website. I'm getting phishing emails almost everyday telling me either my PayPal is not working, asking me to confirm an eBay purchase, or my …
  10. Harrison Ford and Firewall

    I watched Harrison Ford's Firewall on DVD on Tuesday. It is an interesting and engaging thriller. Jack Stanfield is an IT security expert in a Seattle bank, and his family has been kidnapped. The kidnappers wanted 100 million dollars transferred to his off-shore account, and need Jack to get "behind …
  11. Bruce Schneier Facts Database

    Bruce Schneier Facts Database, along the line of Chuch Norris Facts. For example, "Bruce Schneier eats 0s and 1s for breakfast. And snacks on pi." Being a Schneier fan myself, it is very funny indeed. Via ELER.
  12. Client Side Port Scanning with Javascript

    Prrof of concept of port scanning arbitary IP addresses from nothing but client side Javascript. From the code it looks like creating IFRAMEs and setting the SRC attribute to try to connect to ports, and has a list of web server signatures to check against. Pretty scary in what client …
  13. Defeating China's Great Firewall with Another Firewall

    Via B. Schneier, Security Research at Cambridge has worked out a way to penetrate through China's Great Firewall, by ignoring the reset TCP packet sent back by the Chinese routers to keep the connection going. Very interesting analysis, although the article also stated that censorship in China is more than …
  14. Taiwan -- home of many spammers

    Via /., The Register reports 64% of all spams are spreaded by zombies and compromised PCs controlled by Taiwanese, and only 3 percent from mainland China. It is sampled by a honey pot network to intercept commanding messages to those zombie PCs. It probably means (1) more Taiwanese are hacking for …
  15. Is 1234 Your Password?

    Bruce Schneier blogged about 2.5% of all passwords start with 1234 from a big sample of database. I know how common bad passwords are -- plenty of them in the web apps we have deployed (though they are all hashed when stored in DB). I also remembered running Johnny the …
  16. What's the point of security question?

    You know what those "security questions" are. The ones that usually spell something like "what is your mother's maiden name?" or "which city were you born?" They are usually required when you sign up a service. What were they for? It appears that some services use it for verification to …
  17. Mac OS X Locally Exploited in 30 Minutes

    MacRumours reports a Mac OS X box hacked in 30 minutes in a competition. Sounds like a local exploit to me, as hackers are free to create shell accounts on the box, although it tells nothing about how remotely-exploitable Mac OS X is. However (1) a local exploit with privileged …
  18. Microsoft released WMF patch

    Microsoft has finally released security patch to a vulnerability in reading Windows Meta File (WMF). Hurry up! Run, download and apply this patch (if you haven't got yourself infected). Unless you are running Mac or Linux of course :)
  19. Google Talk Account Locked

    This morning when I tried to sign on with Google Talk, a warning message popped up saying "You account has been locked", and asked me to go to Google's website to unlock my account. As I have been reading too much AdSense forum on WebmasterWorld lately, my immediate reaction was …
  20. Ecryption = Guilty!

    Via B. Schneier, a pedophile was convicted, and existence of PGP on his desktop is one evidence. That guy is guilty regardless, but now the verdict is - if you have something to hide, you might be guilty! Better go and Rot26 all my world domination plans.