SMASH THE RADIO JSR $FFD2 C600G IEFBR14 1195725856 1213486160 542393671 1347703880 132524

home | blog | Teh Internet | guest blog |rants | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts


- Careful Chrome users, this search box might be "Not secure"


18 April 2018, 19:57 UTCTrusov Ilya Igorevych

What are you up to?

[permalink]


29 March 2018, 21:11 UTCDrupalgeddon2

https://www.drupal.org/sa-core-2018-002
Might want to do some searching of your servers:

grep -m1 -r --include "CHANGELOG.txt" "^Drupal [0-9]*" /webroot
or better yet
find /webroot -name CHANGELOG.txt | xargs grep -m1 "^Drupal [0-9]*"

For those of you playing along at home, the exploits are published:
https://www.exploit-db.com/exploits/44448/

[permalink]


5 March 2018, 17:40 UTCMicrosoft - you don't correctly run MTA's either.

If one IP is suspect, well, then they must all be.

A message you sent could not be delivered to some or all of its recipients.
The following addresses were undeliverable:

fakelocalpart@hotmail.com: 5.7.1 Unfortunately, messages from [i.p.add.ress] weren't sent.
Please contact your Internet service provider since part of their network is on our
block list (AS3140). You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.
[BFFFFFFF1FFF46.eop-nam01.prod.protection.outlook.com]

Lets all try to get along, shall we?
Mail server running from that IP for, dunno, about 8 years without issue.
Why can't you keep track of IPv4 space for your smtp blacklist needs?
Makes me suspect your ability to run bing - a web cataloging / search service :-)

[permalink]


29 January 2018, 14:32 UTCThe most current Microsoft advice on configuration documentation:

Please ignore that documentation for now: it will be changed to reflect the reality of the scenario.

[permalink]


25 January 2018, 17:10 UTCApple calls it (mostly) quits on the Server App...

Looks like the writing is on the wall for Apple Server.
Dumping many services, and suggesting replacements.
https://support.apple.com/en-us/HT208312
As always, here is a cut and paste of some of the details in case it goes away.


Prepare for changes to macOS Server

Learn about changes coming to macOS Server in spring 2018

macOS Server is changing to focus more on management of computers, devices,
and storage on your network. As a result, some changes are coming in how Server works.
A number of services will be deprecated, and will be hidden on new installations of an
update to macOS Server coming in spring 2018. If you've already configured one of these
services, you'll still be able to use it in the spring 2018 macOS Server update.

These deprecated services will be removed in a future release of macOS Server,
so those depending on them should consider alternatives, including hosted services.
Deprecated services are listed below. Links to potential replacements are provided
underneath each deprecated service.

Calendar
    Calendar and Contacts Server
    DavMail
    Radicale

Contacts
    Calendar and Contacts Server
    DavMail
    Citadel

DHCP
    Kea
    Dnsmasq
    FreeRADIUS

DNS
    BIND
    Unbound
    KnotDNS

Mail
    KerioConnect
    dovecot/Postfix
    Courier

Messages
    ejabberd
    Openfire
    Prosody

NetInstall
    NetSUS
    BSDPy

VPN
    OpenVPN
    SoftEther VPN
    Tcpcrypt

Websites
    Apache HTTP Server
    Nginx
    Lighttpd

Wiki
    MediaWiki
    PmWiki
    XWiki

[permalink]


20 January 2018, 4:00 UTCI wonder...

If kids today save the downloaded QR coded file that has their concert ticket, the same way we saved the old paper ones.

[permalink]


3 January 2018, 21:32 UTCNobody ever got fired for going with Intel/AMD/ARM (ha). - (Meltdown / Spectre)

Some workloads just took a hit on many Intel processors made in the last 10 years.



- stop the presses - looks like Intel might patch 90% of the processors less than 5 years old:
Guess that would not be most folks anyway.
https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/

https://www.thomas-krenn.com/en/wiki/Safety_instructions_for_Meltdown_and_Spectre
https://git.kernel.org/pub/scm/linux/kernel/git/daveh/x86-kaiser.git/tree/Documentation/x86/kaiser.txt?h=kaiser-dynamic-414rc6-20171101
https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-Test
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
https://www.qemu.org/2018/01/04/spectre/
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

TLDR: Looks like kernel memory can probably be read by user space without a patch in kernel code.
Problem is, you pay a penalty for the patch in performance for some workloads.
Meltdown - side channel timing attack to learn kernel memory space secrets.
Spectre - predictive out of order CPU execution to work around slow memory fetches by malicious code to use timing differences from sequential and out-of-order executions - attacks memory from victim process.

Forcefully Unmap Complete Kernel With Interrupt Trampolines
i.e. FUCKWIT

Might want to enable some protection in your browsers:
Chrome:
chrome://flags/#enable-site-per-process
http://www.chromium.org/Home/chromium-security/site-isolation
https://www.chromium.org/Home/chromium-security/ssca
Firefox:
about:config?filter=privacy.firstparty.isolate

Light reading before you consider any of this below this line:
https://technet.microsoft.com/en-us/library/bb694007.aspx
Here is some code to check for the Windows - won't update without the new reg key:
import _winreg
import sys

# replace None with \computer-name for remote...
rem_reg = _winreg.ConnectRegistry(None, _winreg.HKEY_LOCAL_MACHINE)
try:
  # change _winreg.KEY_WOW64_64KEY with _winreg.KEY_WOW64_32KEY for 32 bit systems...
  akey = _winreg.OpenKey(rem_reg, r'SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat', 0, _winreg.KEY_READ | _winreg.KEY_WOW64_64KEY)
except WindowsError:
	print "Key not found or is WIN32"
	sys.exit(128)

for i in range(0,_winreg.QueryInfoKey(akey)[1]):
		n, v, t = _winreg.EnumValue(akey, i)
		print i, n, v, t

Here is the same above as an exe:
Checker for 64 bit Windows -
reg key to add if not added by your non-existent Anti Virus software :-)

[permalink]


13 December 2017, 15:55 UTCNOC, NOC?

Who's there?
Vasilyev Ivan Ivanovich
AS39523
All your "big" routes are belong to us:
https://bgpmon.net/popular-destinations-rerouted-to-russia/

...
Early this morning (UTC) our systems detected a suspicious event where many prefixes
for high profile destinations were being announced by an unused Russian Autonomous System.

Starting at 04:43 (UTC) 80 prefixes normally announced by organizations such Google, Apple, Facebook,
Microsoft, Twitch, NTT Communications and Riot Games were now detected in the global BGP
routing tables with an Origin AS of 39523 (DV-LINK-AS), out of Russia.
...

[permalink]


5 December 2017, 15:13 UTCAndroid 8.1 Oreo

Now even more invasive!

[permalink]


15 November 2017, 18:23 UTCTimedRotatingFileHandler - don't be stupid.

So you are using the fine Python TimedRotatingFileHandler,
and you want rotation after a minute.
Make sure your process does not finish in less time than that :-\

[permalink]



14 November 2017, 5:46 UTCSystemd (resolv.conf and dnsmasq)
7 November 2017, 14:23 UTCCorporate 'the buck stops here' at CenturyLink / Level3
4 November 2017, 6:44 UTCFilesystems, files, and inodes, oh my!
11 October 2017, 16:21 UTCData just wants to be free!
26 September 2017, 19:41 UTCGoogle / Chrome - Breaking the functionality of the web to save users from themselves.
18 September 2017, 18:52 UTCOptionsbleed - ask / search for it today :-)
15 September 2017, 17:07 UTCOld Python 2.7 install on Windows need pip / setuptools help?
24 July 2017, 17:45 UTCGoogle - how about "no".
20 June 2017, 18:49 UTCSo, in 2017, Grub2 still can't boot md raid 1.2 with on lvm top of it?
6 June 2017, 20:14 UTCWhere does that module live in the Python install?
31 May 2017, 18:38 UTCWindows 10 - Updates stopped and error: 0x8024401c?
30 May 2017, 13:34 UTCGoogle, where is your head? Not Secure. Is that the best wording you could come up with?
30 May 2017, 4:48 UTCO.K. Google, where are you getting your TZ data?
26 May 2017, 20:45 UTCBye
19 April 2017, 14:48 UTCSegfault error codes:
12 April 2017, 14:34 UTCTruly international experiences today.
5 April 2017, 16:54 UTCDocumentation is the only defense against tribal knowledge.
21 March 2017, 13:07 UTCHow not to serve a web page:
8 March 2017, 16:07 UTCDeployStudio - Inappropriate repository error
3 March 2017, 15:21 UTCGmail - get your smtp replies fixed - 4.7.0 is not a rejection.

All older entries




[atom feed]  
[æ]