Category Archives: Hacking

4Chan Strikes Again, Hiding Porn in Kids Clips on YouTube

Posted on by
94

Please note: that this sort of post is what the losers at 4Chan get a kick out of and look forward to seeing, it’s clear that they get a perverse sort of pleasure out of hearing these complaints, but isn’t possible for anyone with a shred of dignity to let events like this go without speaking.

4Chan, a group of immature script-kiddies that anonymously post online and organize “attacks” against various groups, organizations, and websites, are it again. This time, it’s not the Church of Scientology they’re attacking, but innocent children. As the BBC reports, members of 4Chan have been uploading videos containing explicit sexual content in droves to YouTube today, specifically targeting children.

The videos uploaded by members of 4Chan consisted of children’s clips that start off innocently enough, showing cartoons and other rated-G material usually targeted at children around 5 years old, but soon enough change to videos of adults engaged in sexual activity. 4Chan has the uncanny ability to strike a nerve, driving even the most liberal of internet users to condemn their behavior as pure evil. The problem is, the anonymous 4Chan members are perversely motivated by this sort of response, and cannot be shamed into bringing an end to their disgusting activities.

Continue reading

Disturbing Stats About Facebook Users & Security

Posted on by
14

There’s a screenshot that’s been sitting on my desktop for a rather long time now, and it’s as scary as it is interesting.

Facebook recently conducted a poll which showed up on the homepage newsfeed, and asked Facebook members just how exactly did they think Facebook’s “friend finder” worked when it prompted them for their email address & password in order to get a list of contacts. The numbers pretty much speak for themselves, here’s what they looked like near the end of the campaign:

Facebook Poll

Now ignore the dark blue bar: it’s a red herring and doesn’t contain any interesting info. The real juicy bit is the “Yes” option, and its 20% response.

Continue reading

Possible Severe Gmail Security Vulnerability (Updated)

Posted on by
14

Gmail may have a serious security vulnerability that can result in the leaking of sensitive private information randomly to people you don’t know, haven’t contacted, and have nothing to do with.

It would seem that between the way Gmail saves and retrieves sessions, existing sessions are authenticated, and views are cached there are one or more loopholes that allow data from a different account (that has nothing to do with yours) to be served instead of the correct data.

I don’t know why, but here’s the how:

  • Firefox 3 opened to Gmail on Ubuntu.
  • Session accidentally reset with ctrl+alt+bkspc
  • Upon reboot & restarting of Firefox, Firefox requested the URIs that were previously open before the crash, partially loading data from local cache and the rest dynamically from the web (because of the AJAX portions of the Gmail interface).

Continue reading

Preying on the Handicapped and Giving Geeks a Bad Name

Posted on by
11

When you’ve practically lived online day-in, day-out for the past decade or so you tend to develop a thick skin to the malevolent things that tend to happen every once in a while. But there are some things that you’d never expect, not once in a million years; they strike a nerve and they really do hurt.

This morning I came across such an event that penetrated that virtual suite of armor when I read this Wired.com article about a recent script-kiddy attack on a web forum run by The Epilepsy Foundation – the news is so bad it makes one’s blood boil. A group of crackers launched a bone-chillingly cold-blooded and thoughtless attack on the members of the epilepsy forum. They weren’t looking for money, private info, fame, or acknowledgement — they were merely searching for a way to cause as much physical and mental harm as possible.

Continue reading

Proper Shell Scripting on Windows Servers with Perl

Posted on by
5
  • Fact: Shell scripting is a must for any serious IT admin managing a server. From automating backups to checking logs and keeping server performance and load in check, scripting is a must.
  • Fact: Shell scripting on Windows sucks. ((Hopefully Monad (Microsoft Power Shell) will provide a solution, but so far the results are mixed; and it’s not popular enough to be considered a viable substitute at the moment.))
  • Fact: Shell scripting on Linux and other *nix operating systems is powerful, well-documented, and quite straight-forward.

Most people take a look at these three facts, and instantly come to a conclusion.. the wrong conclusion: you can’t properly manage a Windows server because it’s inherently lacking in the shell scripting department.

Continue reading

How-To: Changing the Windows Vista Startup Sound

Posted on by
66

Of the many controversies surrounding Windows Vista, probably the most infamous (and pathetic) issues brought to the table is the Windows Vista Startup sound – and how to get rid of it. If  you were anywhere but under a rock during the beta, it’s impossible to have missed the posts going back and forth by haters and supporters of Windows Vista’s new startup sound – which, like almost everything else in Windows Vista, doesn’t even always work.

This sound isn’t the one you get on startup (which is still there, just like in previous versions of Windows), but rather the one that plays right when Windows finishes loading – and you can’t do a thing about it. In our opinion, it’s a quite nice sound, but unfortunately you don’t get to hear it (most of the time) if you have a analog/digital sound card with analog being the default. At any rate, for those of you that don’t like it, chin up: it can be changed!

Continue reading

DDOS Attacks & Server Updates

Posted on by
1

Today, at or around 15:30 GMT, NeoSmart Technologies was victim of a distributed denial of service attack that lasted over two and a half hours. Unfortunately, as a result of the DDOS attack, our server had to be hard-restarted and we encountered some data corruption. All files were recovered with the exception of our MySQL tables for the forum which were completely unusable in the aftermath of the attack; these were restored from the latest backup we had (0200 GMT of June 5th, 2007).

The attack lasted around 3 hours, the recovery process another hour or so. We’re sorry for this downtime and are implementing failsafes that will hopefully protect against data corruption in the future. Luckily, our other data is stored on PostgreSQL (with the exception of this blog, which miraculously survived the ordeal unscathed) which is less prone to data corruption in our experience.

We urge anyone with any information about this attack to come forth, and remind the perpetrators that this is a felony punishable under law.

But at NeoSmart Technologies, we always do try to make the best out of whatever situation we’re in, so we took advantage of the downtime to do some server upgrades we’d been planning for a while:

  • Apache Tomcat (for the Wiki and Bug Tracker) was upgraded to version 6
  • MySQL was upgraded from version 5.1 to version 6.0
  • We upgraded PHP from 5.2.1 to 5.2.3
  • The IIS rewrite module was re-compiled and upgraded
  • Installed an XMPP/Jabber Server
  • Several other script changes

At any rate, hopefully this is like lightning and doesn’t strike the same place twice! We’re still here, and we will be for a very long time to come, God willing of course.

Once more, sorry for the downtime, and to those people who unfortunately had their posts vanished in the forums: our deepest apologies.

We Love You, Rinbot!

Posted on by
36

It’s not often that we openly sympathize with the virii writers, but this time, it’s too good to be true. Rinbot Generation 7 is targeting Symantec [[SYMC]] and Symantec users – and that’s a good thing.

Anyone using Symantec’s anti-virus software from 2006 and hasn’t updated it is vulnerable to a very powerful complete remote control vulnerability. What does Symantec have to say about it?

Users of Symantec AntiVirus Corporate Edition and Symantec Client Security should apply the appropriate update as soon as possible, Vincent Weafer, a senior director at Symantec Security Response, said Tuesday. However, because there are no known attacks that exploit the flaw, the need to patch is not urgent, he added.

That’s an excerpt from a c|net article dating all the way back to May of 2006 – a year ago now. Thanks to Symantec’s non-chalance and Turner Broadcasting Systems’ (the owners of CNN) complete disregard for standard IT procedures, they were infected earlier today by Rinbot.

Continue reading

Why isn’t WPA2 an Automatic Update?

Posted on by
21

If you’re using Wi-Fi in your workplace, chances are, you’re using WPA2 security. After all, nothing else is worth using. WEP (extended or otherwise) was cracked virtually before it was even released, despite the obvious misnomer, you do not want to be using this! WPA came a while later, and is several hundred times more secure. Unfortunately, WPA is also susceptible to wireless cracking techniques and if you aren’t using a strong password, it’s even less secure than a WEP-encrypted network.

Continue reading

WordPress 2.0.7 Fixes the FeedBurner Bug

Posted on by
2

For the first (and hopefully last) time ever, we’re glad to hear that WordPress has a major security vulnerability. Why? As a result of a security vulnerability that affects WordPress 2.0.6 and below on certain server configurations, the WordPress Developers Team has released a new version of WordPress that incorporates both a security patch for the detailed vulnerability, and a fix for the FeedBurner Bug that we reported for 2.0.6. You can download WordPress 2.0.7 or see the list of affected/changed files here on the WP Development Blog.

Originally, the WordPress team had refused to patch the WordPress 2.0.6 FeedBurner Bug on the premise that it was too soon to release another version of WordPress for a “minor” bug – which we disagreed with. However, you can now download WordPress 2.0.7 and hopefully this time there aren’t any surprise bugs that need immediate patching. We highly recommend everyone goes and downloads WordPress 2.0.7 immediately in order to avoid anyone compromising their blog/site via the security hole in WordPress 2.0.6.

Correction: WordPress is released and maintained independant from Automattic