vsbabu.org : security

Amazon.com security request fraud

2005-03-17T08:00:38+05:00

Got an e-mail today, supposedly from Amazon.com to update my details. The URL goes to http://www.amazon.com@dalpin.com/exec/obidos/subst/home/?EnterConfirm&UsingSSL=0&pUserId=&us=445&ap=0&dz=1&Lis=10&ref=br_bx_c_2_2. Whatever login and password you give, is accepted and you get the privilege to shell out your credit card details.

Opera 8 Beta popped up a message whether I want to login to the server "dalpin.com" as user "www.amazon.com". That was good because I get some idea that I am not going to amazon.com server.

Blaster laster

2003-09-02T05:58:52+05:00

A week later, with all the press it got, I would've hoped that Blaster worms are defended against. Making insecure software enabling this is one thing, but doing nothing about it is another thing.

Incoming mails that had worm during last 5 days:

Yahoo - 0 out of total 25
Fastmail.fm - 0 out of total 5
Verizon - 0 out of total 150
Personal Unix mail - 0 out of total 5
Hotmail - 30 out of total 110

MS owned Hotmail still accepts wormed mail; nobody else does.

Ironic, is it not?

2003-07-16T17:22:45+05:00

2:00PM: I read this story Slashdot: Microsoft Wins Homeland Security Contract. Associated discussion is usual Slashdot diet these days.

6:15PM: I come home and check my mail. Three new messages from Microsoft between 5PM and now.

Another buffer overrun vulnerability

2003-07-09T23:02:57+05:00

Buffer Overrun In HTML Converter Could Allow Code Execution (823559). There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. This flaw causes a security vulnerability to exist. A specially crafted request to the HTML converter could cause the converter to fail in such a way that it could execute code in the context of the currently logged-in user. Because this functionality is used by Internet Explorer, an attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's system. A user visiting an attacker’s Web site could allow the attacker to exploit the vulnerability without any other user action.

What's New in Windows 2003!

2003-05-05T18:35:13+05:00

O'Reilly Net: There are still many features that the .NET developer should be salivating over. In this article, I will count down the top ten features that you should know about.

What caught my attention was the #1 reason!

Security hole or stupidity?

2003-03-24T18:43:20+05:00

At work, I maintain all my tasks (past, current and future) in an Excel spread sheet. Periodically, some python scripts read this Excel file and update a web calendar file (ICS), my Outlook 2000 calendar, Free/Busy server and my screen saver. My screen saver lists all my planned tasks for the day, from 30 minutes before the current time.

Since I've access to quite a bit of servers, I usually keep a screen saver password. When I've production data mounted on my PC, I keep the screen saver timeout to 2 minutes.

Instant Messenger easily grabbed my screen saver password :-) Here's how it happened.

Securing Systems with chroot

2003-01-30T20:46:31+05:00

ONLamp.com: Chrooting is a verb named after the chroot(2) system call, which is used to change the root of the filesystem as seen by the calling process.

Advogato Virus

2002-10-01T06:39:20+05:00

Advogato: A clever reader apparently used some nifty javascript and iframes to exploit other unsuspecting users. The details are not given, but it is a pretty interesting read.

Another IIS hole and OSS vs. MS

2002-06-13T06:14:54+05:00

Slashdot reports: "Microsoft announced Wednesday that there is a serious software flaw with its IIS web server. The vulnerability affects a function in the server software that allows Web administrators to change passwords for an Internet site... Microsoft's time to patch a remote hole where the attacker can gain complete access to your computer: two months. Open Source's time to patch a much less serious bug where the attacker can merely crash your computer: three days."

Last week I was in a meeting with a consulting group that provides "bottomline guidance for IT". Their "expert" strongly fealt that most open source is not valuable, because:

New Win-NT, 2K, XP security holes

2002-04-08T06:40:58+05:00

The Register reports two new security holes these systems. As a bonus point, the article also describes the usage of "she" and "he".

Another article talks about the best way to nuke MSN Messenger.

Home network security

2002-03-29T07:09:50+05:00

Now that DSL and Cable modem's are so popular, the prospect of your home PC getting cracked is also very real. I use CoyoteLinux on a PC with just one floppy as a router/firewall. If you are a Windows' user, you might want to use ZoneAlarm. HomeNetHelp.com has good articles on this.

You might want to read Mark Pilgrim's thoughts against having full peers too.

Britney Spears - new worm!

2002-03-03T08:21:58+05:00

MSN.com reports: "Britney Spears can add one more notch to her soaring global popularity: The perky pop star has become the inspiration for a potentially destructive e-mail worm wriggling through cyberspace, security experts said Friday. The bug, labeled variously as "VBS/Britney-A" and "VBS-BRITNEYPIC.A," is considered low-risk because it infected a small number of computer users in Europe after it was initially detected Thursday morning, computer experts said."

Security testing methodology

2002-03-01T11:13:22+05:00

Open source security testing methodology. Good start. I was looking for something like this to take and modify it for web development security testing methodology.

Another set of Microsoft security issues

2002-02-22T06:30:51+05:00

Three new security holes, two nasty, including Root access, credit data compromises etc. Patching time!

What to do if your wallet is lost?

2002-02-22T06:14:44+05:00

Since it is very easy to steal identity in the USA - most vendors ask you only for the SSN and your date of birth, if your wallet is lost you can get into some trouble. Here's from an email I got.