Tag Archives: computer security

What is it about Texas?

Posted on by
18

Is the entire state insane? Retarded? Just really really dumb?

OK, so as most everyone on the Internets knows by now, the fine citizens of Waco, Texas booed Bill Nye for saying that the moon reflects the sun’s light and doesn’t produce light of its own. One woman reportedly hauled her kids from the auditorium and shouted “We believe in God!” or some such thing.

Well, okay, that’s Waco, the smelly end of the Bible Butt Plug.

So, today I got a spam email advertising a stock–you know, typical stock pump-and-dump scam. Get about six or eight of ’em a day. Only…

Only this particular stock scam spam originated from a computer with an IP address of 70.248.29.2.

A compromised Windows PC running some virus or other, you say? Oh, my no. 70.248.29.2 is www.webbcountytx.gov — the official site of the county government of Webb County, Texas.

Apparently, the fine citizens of Texas know as much about server security as they do about cosmology.

(Note: nobody from Texas was harmed in the making of this post.)

Whew! I just dodged a bullet…

Posted on by
60

So this morning, a member of a mailing list I belong to pointed out to me that a Web site had reprinted an essay from my BDSM Web page without attribution.

At about 10:40 this morning, I started to write a polite email to the owner of that Web site asking him to attribute any of the material he uses from my Web site.

At about 10:42 this morning, my Web site came under attack from a person or persons who had located a JavaScript injection vulnerability in my guestbook script (which is hand-rolled, so it wasn’t a script kiddie attack).

At about 10:44, I went to my BDSM page to copy the exact URL of the essay the other site owner had “borrowed” without permission. When I went to the BDSM page, an alert dialog popped up that just said “2”.

At 10:45, I took apart the HTML of the page and realized that the intruder had injected a JavaScript into the site that popped up an alert dialog, just to let him know that his injection had been successful.

At 10:46, I reuploaded the page.

At 10:47, the attacker injected a different JavaScript. I don’t know what it was; i overwrote it immediately and reuploaded the page again.

At 10:48, I started examining the guestbook, and worked out how he’d managed to inject the JavaScript.

At 10:49, I disabled all the guestbooks on the page. Simultaneously, the attacker injected a new JavaScript onto the page, just seconds before I disabled the guestbook.

We went back and forth for quite while after that. Somehow, I don’t know how, he’d gained sufficient access to be able to change the httpd path and was trying, I believe, to install a hostile drive-by downloader script on my site. I successfully prevented him from doing so, and closed the holes as fast as he was opening them.

At about 11:15, I closed the injection vulnerabilities in the guestbook and reuploaded it. By 11:20, the attack was over, and I had re-uploaded a clean copy of the affected pages.

Had I not been composing an email to someone who’d used my work without permission, I would not have been on my site at the beginning stage of the attack, and my site might now be home to a malicious JavaScript or JavaScripts.

My heart is still pounding. It’s like PvP in World of Warcraft, only with higher stakes.

I didn’t keep a copy of the pages he was modifying, and I’m kicking myself for that now. In hindsight, I should have, but at the time the only thing I wanted to do was undo his changes faster than he could make them.

Some thoughts on memes

Posted on by
50

So I’ve seen seeing this “crush tag” thing floating around LiveJournal, and visited the site and got one. It looks like this:


Crush this person!
Get your own ThisCrush.com CrushTag!

Got me to thinking about online memes in general. Not just memes in the sense of “little things you put in your blog that other people see and put in their blog as well,” but memes in the original sense of “self-replicating ideas.”

There are a lot of them out there. Most of them are offered up with little or no supporting evidence; many of them, such as the meme that vaccinations are a conspiracy on the part of pharmaceutical companies to “keep people sick,” spread despite a great deal of contradictory evidence.

The interesting thing about the Internet is that when a person visits a Web site, his assessment of how reliable and trustworthy that Web site is depends a great deal of how the Web site looks and not at all on who wrote the content of the Web site. This creates all kinds of problems for security people; people who fall for scam “phishing” sites will ignore the URL in the address bar and base their decision on whether to trust the site solely on the way the site looks. Since copying an entire PayPal or bank site can be done with only a couple mouse clicks, that’s bad news for anyone who cares about security.

But issues of phishing aside, the trust people place in Web sites often interests me, because the way that people make their decisions seems opaque to me. For example: the meme site that generated the crush icon above offers a space for a person to type a username, a password, and an email address. Nothing else. Since many people use the same password for all their online activities, it would be trivial to create a meme site whose purpose was to steal passwords from the users. (Note that I am not saying the “crushme” site does this!)

I’ve been debating, on and off, for several years the idea of putting up a Web site that makes some totally outrageous claim, probably about medicine or health. I’ve been thinking of talking about non-existent studies that support whatever the claim is, putting pictures that claim to support the claim, making emotional arguments in favor of the claim; all for the purpose of seeing how many people will believe anything that presses their emotional triggers, even if the claim is pure fabrication made of whole cloth without one single shred of evidence to support it. I have a suspicion the results would depress me.

You can click on my crush link if you like anyway. 🙂

Follow the Money; or, why does my computer keep getting infested with spyware?

Posted on by
342

[EDIT] This particular post has generated a very large amount of email, and apparently is being read by a large number of people infected with VX2. As a result, I’ve edited it, to clean up typos and to add additional information about the exploits used, the way VX2 works, and the sources of the spyware scourge. New information is identified with [EDIT].

If you’re reading this post and you’re on a Windows computer, the odds are overwhelming–between 80% and 90%–that you are infected with at least one virus or spyware program, and the odds are very high that you’re infected with dozens or hundreds.

Yes, you. Even if you are technically literate, you have a firewall, and you never download suspicious attachments, you are almost certainly infected. There is lots and lots and lots of money in computer viruses and spyware, especially the variety that makes popup ads appear on your machine. The question I’ve always had, though, is who’s making all this money by infecting your computer?

A couple nights ago, Shelly’s computer became infected. Shelly’s technically savvy, the apartment we live in is on a closed private network with a hardware firewall between us and the Internet, and she also runs a software firewall on her computer, and she still became infected nonetheless.

I spent about six hours removing the infection, and also tracking down the source of the infection, and painstakingly backtracking all the popup ads that the adware displayed on her computer. My goal: Follow the money. Discover where the infection came from, and who was making money from it. The results were, to say the least, interesting.

If you don’t care about stuff like this, you can skip the rest of this message. If you’re curious about the mechanisms by which spyware and viruses work, who is responsible for them, why they’re so common, how they spread, and most important, who makes money by creating and releasing them: read on!

It’s 9:02; do you know where your computer’s been?

Posted on by
18

So. I went to a client’s site this afternoon to set up several brand-new Power Mac G5 systems. Apple Cinema Displays, Adobe Creative Suite Professional, Quark 6, the works. Beautiful systems; I wish I had one.

And then the client asked me to look at his Windows XP laptop, because it’s been “acting funny.”

He has broadband at his house. He’s never run Windows Update.

It’s after 9:00 at night and I’m still here. Why am I still here? 1,524 copies of the W32/Bagle.z virus and counting. Plus about 6,000,000 Windows security updates that need to be installed. And did you know that Bagle blocks Windows Update from doing its job? Isn’t that lovely?

If you are reading this on a Windows computer, and you have never run Windows Update on your computer, you are infected with a virus. Or more likely, thousands of viruses. Yes, I mean YOU. Right now, the average life expectancy of an unpatched Windows box connected to the Internet is less than twenty minutes.

I could be at game night right now. I could be hanging out with cool people and playing Are You a Werewolf? But no.