Archive for the ‘Security’ Category

« Older Entries
Newer Entries »

A new way to be spammed

Wednesday, June 17th, 2009

Opera just released their new “Unite” browser, which is according to them revolutionary. It is not only able to browse the Internet ( as a browser is supposed to do ) but it can also serve files and web pages and stream music to others, and it lets users leave post-its on a virtual fridge. According to their website, the latter function is “open to all” which basically means everyone can leave these messages…

Let’s see how long it takes before spammers are leaving you spam post-its on your fridge…

Tags:
Posted in General, Security | No Comments »

Strange e-mail originating from exchange server

Monday, June 8th, 2009

Today a friend asked me to look at something strange he found in his logs.
To better understand the situation, I’ll describe his network setup:

He runs a linux server with postfix, spamassassin and clamav antivirus which removes all spam and virusses received from the internet. All legitimate e-mail is then routed to his exchange server. E-mail that is sent by users on his network is relayed back to the linux server and then sent to the destination.

Last week he was checking his mail logs on his linux machine and he noticed his box was receiving e-mail from strange e-mail addresses. He figured: Well, no surprise there: Probably spam messages. Until he looked at the ip address from which it originated: It was the ip address of his own exchange server. First thing he did was doing a full virusscan of his exchange server. Nothing. He tried some spyware scanners, but again: Nothing. So he called me.

(more…)

Tags:
Posted in E-Mail, Linux, Security, Windows | No Comments »

Security awareness is astonishing low

Sunday, May 24th, 2009

A couple of weeks ago I went on a social engineering job with a colleague. It was pretty easy, but part of this was because my colleague had persuaded the department manager to sent an e-mail throughout the department which was basically a clearance for everything we where going to do.

So last week I went again, and had expected it to be much harder, but it was nothing like that. Access to the building was secured by RFID readers but tailgating was easy, the employee just kept the door open for us! We stayed in the building for an hour, and visited almost all rooms. Just a couple of people asked us who we where, and what our business was but they where easily fooled by some stupid explanation, which if you think about it doesn’t fit the situation.

Last night I was think about this, and came to the conclusion that out of security aspect, most people are way to friendly and trustful.
But from a human aspect it is kind of  nice to have a chat with someone, even if you don’t know him/her.

Tags:
Posted in Security | No Comments »

Kylin SecureOS website down

Monday, May 18th, 2009

As described in an earlier post I had found a possible SQL injection vulnerability in the website of the Chinese Kylin OS.
Now it turns out the website is unreachable:
The kylin.org.cn website resolves to 220.169.30.241

Non-authoritative answer:
Name:    kylin.org.cn
Address: 220.169.30.241

A traceroute brings me as far as 222.247.29.74

traceroute to kylin.org.cn (220.169.30.241), 30 hops max, 40 byte packets

13  61.137.0.134 (61.137.0.134)  282.076 ms  282.077 ms *
14  61.187.255.222 (61.187.255.222)  291.674 ms  291.695 ms  291.988 ms
15  222.247.29.74 (222.247.29.74)  288.679 ms  289.049 ms 222.247.29.70 (222.247.29.70)  287.816 ms
16  * * *
which essentially tells me not very much, because it could be the next-hop(s) to the actual server are discarding ICMP requests.
By doing a complete nmap scan  on the complete subnet. I noticed there are multiple hosts online surrounding the IP address I now know there is a route to the server, but it is just not active:

nmap 220.169.30.0/24 -sP

Starting Nmap 4.62 ( http://nmap.org ) at 2009-05-18 11:36 CEST

Host 220.169.30.239 appears to be up.
Host 220.169.30.242 appears to be up.
Host 220.169.30.243 appears to be up.
Host 220.169.30.244 appears to be up.
Host 220.169.30.245 appears to be up.
Host 220.169.30.246 appears to be up.
Host 220.169.30.247 appears to be up.
Host 220.169.30.249 appears to be up.
Host 220.169.30.250 appears to be up.
Host 220.169.30.251 appears to be up.
Host 220.169.30.252 appears to be up.
Host 220.169.30.253 appears to be up.
Host 220.169.30.255 appears to be up.

So I think we can assume there are a few reasons why the site is down, and I ordered them in the way I think  is most likely:

  • The website has been takendown because of all attention drawn to the project
  • The website has been takendown by a Hacker, or has been takendown to fix the leak I found
  • The website is overloaded by traffic due to all attention drawn to it, although I think this is highly unlikely. ( it probably would respond to ICMP requests ).

Tags:
Posted in Hacking, Security | No Comments »

Talking about ironic…

Tuesday, May 12th, 2009

Today I noticed a tweet about the chinese building a secure OS supposely to be targeted at an upcoming cyberwar.
I thought it was interesting, so I googled the name Kylin ( which is the name of the project ) and found kylin.org.cn which was in Chinese.

(more…)

Tags:
Posted in Hacking, Security | 1 Comment »

« Older Entries
Newer Entries »