Tag Archives: security

Invasion of the evil androids

Google says you are too stupid to rule your own life.  They say this by their Android phone operating system, in which they do not give you, the owner and operator of the device, root permissions.  This means: You cannot … Continue reading

Posted in Stuff | Tagged , , , , , , , , | Leave a comment

Search-engine assisted fraud HOWTO

As many of the readers of this fine site are career criminals, it seems good to explain a new and popular procurement fraud scam.  Here’s a piccie to muddy the waters, followed by the blow-by-blow account, in which the numbers … Continue reading

Posted in Stuff | Tagged , , , , , , , | Comments Off on Search-engine assisted fraud HOWTO

Cloudflare doesn’t help your DDOS

Ever since CloudFlare helped out Spamhaus with their big deal big DNS reflection DDOS attack, conventional wisdom has said that if you are faced with a DDOS attack, you should give CloudFlare a shot. By all means, give it a … Continue reading

Posted in Stuff, Uncategorized | Tagged , , , , | Comments Off on Cloudflare doesn’t help your DDOS

My new password

I’m changing all my passwords to asterisks: ******** Now, when I enter my password, I can see what I’m typing.

Posted in Stuff | Tagged , , | Comments Off on My new password

Not your regular bot driven UDP flood

After weeks of battling Joomla/JCE sites that insist on running evil code and spewing denial of service traffic, we had a machine today sending UDP floods. This, it turns out, is not a hacked machine sending spews of botnet traffic … Continue reading

Posted in Stuff | Tagged , , , , | Comments Off on Not your regular bot driven UDP flood

The core is secure

In the documentation for that wonderful content management software, joomla, you can read the following statement: Although the Joomla! core is secure when configured correctly, third party extensions come in all flavors of age and quality. Unless you absolutely trust … Continue reading

Posted in Stuff | Tagged , , , , | Comments Off on The core is secure

Unicast flooding meets promiscuous routing

To make a disaster, you need a perfect storm of mistakes. A single mistake is insufficient, but a stack of sub-obtimal configuration choices stacked together will give you rampant failure and poor network quality. For today’s mistake we have massive … Continue reading

Posted in Stuff | Tagged , , , , | Comments Off on Unicast flooding meets promiscuous routing

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

If you use ssh for a while, you are sure to get this message sooner or later: WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!. This means more or less what it says – the machine formerly known as somemachine suddenly smells … Continue reading

Posted in Stuff | Tagged , , | Comments Off on WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

PHP deobfuscation

One of the things that you see with depressing regularity when hosting crummy PHP scripts for others is this: eval&28;base64_decode&28;’aWYgKCFlbXB0eSgkX1JFUVVFU1RbInRoZW What’s that? Well it says to decode that gobbledegook into a binary stream (the base64_decode part), and then interpret whatever … Continue reading

Posted in Stuff | Tagged , , , , , | Comments Off on PHP deobfuscation

SMTP innovations for virii

It took a long time, but finally an email-borne virus has bypassed the MX records for a domain, where there is an anti-spam, anti-virus and anti-mail scanner, and delivered itself directly to the target server. This was a very obvious … Continue reading

Posted in Stuff | Tagged , | Comments Off on SMTP innovations for virii