tag:blogger.com,1999:blog-20075889Mon, 28 Apr 2008 14:52:55 +0000http://www.planb-security.net/todbBlogger77125tag:blogger.com,1999:blog-20075889.post-1393973892275780812Thu, 10 Apr 2008 23:03:00 +00002008-04-11T10:31:25.982-05:00downgradeflashcross-domain policyHere's a link to solve your new Flash woes if you upgraded and suddenly your favorite Flash site doesn't work any more: Download old-libflashplayer.so I just uploaded a known working (pre-April 9, 2008) version of the Flash player plugin for Firefox for Linux to the above link at FileCrunch. Directions: Download the Flash player plugin somewhere, like your Desktop. Then run these commands in a http://www.planb-security.net/2008/04/older-is-better-flash-player-plugin-for.htmltodbtag:blogger.com,1999:blog-20075889.post-5548664496483164001Mon, 24 Mar 2008 01:51:00 +00002008-03-23T20:58:16.997-05:00HacketyHack is a Ruby sandbox designed to teach kids how to program in a way that emphasizes speed and fun. Since I'm attempting to devour anything I can find about Ruby these days, this popped up while surfing around the various "Ruby lifestyle" sites. Since I have a few kids of my own, I'm hopeful this will come in handy. Maybe I can get my four year old to implement a Ruby TNS listener for me.http://www.planb-security.net/2008/03/teaching-kids-to-program.htmltodbtag:blogger.com,1999:blog-20075889.post-590702867118946498Wed, 05 Mar 2008 21:27:00 +00002008-03-05T15:41:33.837-06:00chinese spiesbreakingpointme3comSo, I've finally caught my breath. In the last month, I've a) bought a new house, b) rented out my old house, c) moved my family 7 miles, d) suffered (with said family) some horrible bronchial infection and e) got a new position at BreakingPoint Systems, where I've been doing nothing but brush up on my practical Ruby and XML, and learn various protocol specs so that I can actually perform the http://www.planb-security.net/2008/03/new-job-for-me.htmltodbtag:blogger.com,1999:blog-20075889.post-1818902352974264732Mon, 04 Feb 2008 21:23:00 +00002008-02-04T15:31:51.008-06:00document authenticitybeaurocracySo, if you don't have an insurance card handy for when it's time to re-register your vehicle, it's permissible to just make one with your favorite document editor and your favored insurance company logo at the top. The logo seems to be key -- the county worker's eyes went straight to it, and she didn't bother to really read the rest of the surrogate card I produced (so she didn't notice that I http://www.planb-security.net/2008/02/document-based-authentication-failures.htmltodbtag:blogger.com,1999:blog-20075889.post-2922793470039673418Tue, 08 Jan 2008 13:58:00 +00002008-01-09T08:28:49.111-06:00cvcscan alertmcafeeAt least, it was according to Ryan's new blog. Which seems a little embarrassing to their new owners, McAfee. Oops. According to the report, credit card numbers and CVCs may have been stolen -- which means that Scan Alert, just like most people, were probably storing CVCs along with CC#'s in an unencrypted format. Nice. Update 2008-01-09: The compromised site in question here is Geeks.com, not http://www.planb-security.net/2008/01/hacker-safe-compromised.htmltodbtag:blogger.com,1999:blog-20075889.post-4554248547536547800Fri, 04 Jan 2008 19:24:00 +00002008-01-04T13:28:57.447-06:00social networkingpirateszdnetA cursory blurb over on ZDNet has dubbed social networking sites as the next hacker frontier. To which i say, "Avast!" since I like piratical metaphors for hax0ring more than cowboy metaphors.http://www.planb-security.net/2008/01/more-about-how-facebookmyspace-is-devil.htmltodbtag:blogger.com,1999:blog-20075889.post-3305695177963703434Mon, 24 Dec 2007 19:41:00 +00002007-12-24T13:46:38.362-06:00greasemonkeyhttpsI find it maddening that when Firefox fetches a web page via SSL, it will also incorporate non-SSL items without explicitly telling you /which/ elements were transmitted in the clear. I've whined about this before. Now, it came up again when I started using HTTPS-ified iGoogle. So, instead of actually working on Xmas eve, I wrote a Greasemonkey Script to try to make these this kind of thing more http://www.planb-security.net/2007/12/nonhttpsuserjs.htmltodbtag:blogger.com,1999:blog-20075889.post-5154009980537442755Fri, 09 Nov 2007 21:55:00 +00002007-11-09T16:08:44.584-06:00Oracle's latest CPU mentions, Oracle will proactively create patches only for platform/version combinations that, based on historical data, customers are likely to download for the next Critical Patch Update. We create patches for historically inactive platform/version combinations of the Oracle Database and Oracle Application Server only if requested by customers. So, it reads like, if you're http://www.planb-security.net/2007/11/oracle-unbreakable-ymmv.htmltodbtag:blogger.com,1999:blog-20075889.post-5088772165190796673Sat, 27 Oct 2007 13:08:00 +00002007-10-27T08:15:15.027-05:00evasionswormsI posted to my work blog a little ditty about detecting the Gozi stuff circulating now, after noticing that only one variation of the PDF was hitting a more general detection mechanism, over and over again. This is further proof, at least to me, that the run-of-the-mill mass attacker still doesn't give a whit about evasion -- they're after people with no security mechanisms in place, so having http://www.planb-security.net/2007/10/gozi-trojan-antispam-string.htmltodbtag:blogger.com,1999:blog-20075889.post-377899577635826127Fri, 19 Oct 2007 17:41:00 +00002007-10-19T12:50:10.137-05:00buzzwordsspamInformation Week is running a story on MP3-based spam, which they're calling SpaMP3. Oldtime readers know I am completely ga-ga over new names for old problems, so I'm totally in love with this story. What they fail to mention is how creepy it the low bitrate/low sample rate actually sounds. Click here to download and hear it yourself -- note AV scanners may block, though there doesn't look to http://www.planb-security.net/2007/10/spamp3-latest-in-cutesy-buzzwords-for.htmltodbtag:blogger.com,1999:blog-20075889.post-3901250162474882943Thu, 18 Oct 2007 18:09:00 +00002007-10-18T13:13:55.015-05:00living in the futurecyberpunkwormsCNET is running a surprisingly insightful article about the current state of the global malware/spam delivery system known as the Storm Worm Botnet. I don't want to spoil the ending or anything, but the Storm network is really pretty advanced. If you haven't read Shockwave Rider by now, you probably ought to in order to appreciate what the global network is going to look like when Storm and its http://www.planb-security.net/2007/10/storm-bandwidth-resale.htmltodbtag:blogger.com,1999:blog-20075889.post-2048435679549638472Wed, 17 Oct 2007 21:56:00 +00002007-10-17T17:02:57.232-05:00non-newsgoogleThis story is the silliest fluff piece about the Internet I've seen since the breathless piece on Twitter. It's a list of keywords sorted by country. Okay. The implication is that America is way more interested in burritos and Iraq than, oh, Sweden is. Shrug. I can only assume that they had this pretty cool picture of Google-colored glasses, but no actual story to go with it.http://www.planb-security.net/2007/10/reuters-runs-non-story-about-google.htmltodbtag:blogger.com,1999:blog-20075889.post-4296908584435084760Thu, 11 Oct 2007 17:26:00 +00002007-10-11T12:39:04.461-05:00social networkingmyspace...but they have the potential for badness, like a chainsaw or strong encryption. See my interview about social networking on Dark Reading. It's not earth shattering 0days that make these sites a liability, but the casual trust that users invest in them. Oh, and the 0days -- which are sometimes there by design.http://www.planb-security.net/2007/10/okay-so-linkin-myspace-and-facebook.htmltodbtag:blogger.com,1999:blog-20075889.post-3356600359090460777Fri, 28 Sep 2007 20:44:00 +00002007-09-28T15:47:33.692-05:00What a day. This morning, I read an announcement that my employer, 3Com, is going to be taken private, bought up for 2.2 billion samoleans. It's even on TechCrunch, and while it's not a done deal, it's pretty close enough. Rad. This afternoon, I go to log into my primary bank. Oops, it's gone. What the hell. It's even on the FDIC press page. Not so rad. I guess if I had been paying attention http://www.planb-security.net/2007/09/all-about-my-money.htmltodbtag:blogger.com,1999:blog-20075889.post-4200548255564724664Wed, 11 Jul 2007 15:16:00 +00002007-07-11T10:28:27.644-05:00Just a quick note -- after reading about thor's IE-to-FF 0day, I noticed a neato extension that has nothing to do with this -- the Locationbar2 extension, which does some nifty highlighting and clickability transformations on the Location bar. It's included in CyberNotes' Top 10 list of Firefox URL extensions. I often lament that browsers don't do a very good job of making the "current" window http://www.planb-security.net/2007/07/firefox-url-extensions.htmltodbtag:blogger.com,1999:blog-20075889.post-6051975385415834722Tue, 19 Jun 2007 16:00:00 +00002007-06-19T11:02:38.444-05:00Nothing inspires panic in the hearts of web application hax0rs quite like a retiree rent-a-cop. Now get the hell out of my food court.http://www.planb-security.net/2007/06/no-hacking.htmltodbtag:blogger.com,1999:blog-20075889.post-9177191831120964601Wed, 13 Jun 2007 15:35:00 +00002007-06-13T10:57:12.016-05:00After a pretty funny marketing salvo dissing Microsoft security, Apple went and released Safari for Windows. Trouble is, it's full of bugs.http://www.planb-security.net/2007/06/oh-good-another-sucky-browser-for.htmltodbtag:blogger.com,1999:blog-20075889.post-8275741117914624899Thu, 31 May 2007 13:33:00 +00002007-05-31T12:09:23.725-05:00Today, Paweł Pokrywka announced the release of Etherbat, a Linux application for mapping local networks. The cool part is that it does its magic through ARP spoofing. I have a soft spot for limited information network mapping and device identification, and this does both, which makes it cool++ in my book. I've long wondered what other practical effects you could achieve with ARP spoofing (aside http://www.planb-security.net/2007/05/etherbat-useful-application-of-arp.htmltodbtag:blogger.com,1999:blog-20075889.post-7328939500144503315Mon, 21 May 2007 15:20:00 +00002007-05-21T15:20:06.842-05:00ssl firefox gmailThis started popping up today (click to embiggen): So, what is a normal user supposed to do with the warning that "parts of the page" were not encrypted? Seems that if you, the user, were counting on your Gmail contents being secret (maybe you're reading Gmail in the same room as Robert Graham), and you get this big red warning on your location bar, it's either a) too late to do anything abouthttp://www.planb-security.net/2007/05/partial-encryption-on-gmail.htmltodbtag:blogger.com,1999:blog-20075889.post-2904436753766586855Sun, 18 Mar 2007 16:28:00 +00002007-03-18T11:34:55.721-05:00full disclosuremedia whoresmyspaceSo, over the weekend, this popped up on the usual mailing lists: Month of MySpace Bugs, Yes!, or MOMBY. Loyal readers will know I've poked at MySpace a time or two, and faithfully reported my findings to what I've guessed is the right place (security@myspace.com and abuse@myspace.com), to be met with indifference from News Corp and quizzical looks from peers as to why I'm even bothering. So, http://www.planb-security.net/2007/03/myspace-hax0rs.htmltodbtag:blogger.com,1999:blog-20075889.post-348633203794393393Thu, 15 Mar 2007 16:50:00 +00002007-03-15T12:01:58.457-05:00phishingmalwarecrimenginxmaliciousJust like using Linux doesn't automatically make you a criminal, I doubt that using Nginx (proncouned, "Engine-X") is necessarily a criminal act. But is it an indicator? I noticed it today as part of a light analysis of a real world exploit of the Overlong RTSP link bug for Quicktime. This is a lightweight http server that is now associated with at least one case of network crime by serving up ahttp://www.planb-security.net/2007/03/nginx-http-server-possibly-criminal.htmltodbtag:blogger.com,1999:blog-20075889.post-5404291590142569861Tue, 06 Mar 2007 19:10:00 +00002007-03-06T13:15:14.422-06:00Weird little PoC popped up on milw0rm a few days back -- a buffer overflow in Netrek. Just made me chuckle. I haven't played Netrek in maybe, what, 15 years? Besides, everyone knows that Nethack is the best game ever, and that's one I still play (though usually in its Slash'em incarnation).http://www.planb-security.net/2007/03/lets-do-timewarp-again.htmltodbtag:blogger.com,1999:blog-20075889.post-2245814695940392987Sat, 24 Feb 2007 20:42:00 +00002007-02-24T14:46:09.010-06:00wlan nic mini-PCI fry's retailToday, I discovered that Fry's Electronics, once a bastion of computer/network/electronics geekery, is now completely irrelevant. I was shopping for a new mini-PCI wireless NIC, since my Intel chipset whatever-its-called OEM NIC that came with my IBM/Legend ThinkPad has always been weird and flakey, and I finally got sick of it. So, I packed one of the kids up in the car and bopped over to Fry's http://www.planb-security.net/2007/02/no-mini-pci-at-frys-bummer.htmltodbtag:blogger.com,1999:blog-20075889.post-6161403717378076434Sun, 11 Feb 2007 15:13:00 +00002007-02-11T09:47:19.238-06:00rsaphishingpaypal2faverisignStrikingly similar to the RSA SecurID, PayPal has rolled out their own two-factor authentication (2FA) dongle. While it's easy to dismiss random number key fobs as susceptible to man-in-the-middle attacks, I do think that if such this device were required on all accounts, it would significantly impact the effectiveness of traditional phishing scams -- assuming the attacker is actually going for http://www.planb-security.net/2007/02/paypal-introduces-security-fob.htmltodbtag:blogger.com,1999:blog-20075889.post-116587210183958934Mon, 11 Dec 2006 21:14:00 +00002006-12-11T15:21:41.856-06:00Like TOR, e-gold is one of those Internet institutions which enjoys an aegis of libertarian-style privacy and freedom surrounding it. In that light, this Wired article is a fascinating read. On the one hand, E-gold is constantly getting harassed by the U.S. government for catering to international criminals, and on the other, e-gold is actively monitoring transactions and building associative http://www.planb-security.net/2006/12/e-gold-privacy-or-lack-thereof_11.htmltodb