.'.sekuritatea.'.

I’ve just added a new section to this blog of mine. For years now I’ve spend a lot of time researching another hackable entity - human mind. Psychology, NLP and other mind related techniques have consumed a lot of my time. I haven’t been writting much about any of those but with this post I plan to change that. Human mind is a vast and unexplored ocean. We strive for faster CPU’s, bigger buildings, other planets and stars but we have yet to understand our own mind. Let this be my small contribution to the world of human mind, social engineering and mental disorders.

Let’s first define two terms that will be mentioned in this text:



Schizophrenia

Schizophrenia is a severe, chronic brain disorder that usually strikes in late adolescence or early adulthood and is marked by hallucinations and delusions. Sufferers may hear voices or believe that other people are controlling them or reading their minds. Such experiences can be terrifying and can cause fearfulness, withdrawal or extreme agitation. People with schizophrenia have reduced brain receptors for the dopamine messenger. They may not make sense when they talk, or they can appear to be perfectly fine and normal until they are asked what they are really thinking. Treatments can be effective, but most people have some residual symptoms that can stay with them for life.

Bipolar disorder

Bipolar disorder, or manic depression, is marked by unusual shifts in mood, energy, activity levels and the ability to carry out day-to-day tasks. Like schizophrenia, bipolar disorder often manifests itself in late adolescence or early adulthood, although it may not be diagnosed for many years. The ups and downs are different from the normal ones that everyone experiences and they can result in damaged relationships, poor performances in school and jobs and even suicide. Sometimes a person with severe episodes of mania or depresssion has psychotic symptoms such as hallucinations or delusions, such as believing that he or she is famous or has lots of money.

One of the most interesting news I’ve read today (I get RSS/Atom info from around 300 web sites) was that scientists at the National institute of Mental Health (NIMH) found a link between schizophrenia and bipolar disorder. This is a really important discovery since up to now it was thought that these to mental disorders share no common ground. Read here the full text.

Wget is one of my favorite tools when it comes to working with files online. And it’s definitely my fav download manager. So, here is a little tip how to work with it if you are behind a proxy server like I am right now. In order to make wget use transparent proxy setting ENV is not enough. Solution is rather simple - just edit file called /home/johndoe/.wgetrc and put the following in it:

http_proxy = http://PROXY:PORT/
use_proxy = on
wait = 15

This will make wget use whatever proxy is working between you and the rest of the world.

This seems like a day for some nasty bugs on the web. As I mentioned in my earlier post, latest PHP has new/old flow in it. Two days ago a new tool for doing DoS attacks on Apache web server was released and it’s called Slowloris. From the web page of the creator of this nifty Perl tool:

"Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at regular intervals to keep the sockets from closing. In this way webservers can be quickly tied up. In particular, servers that have threading will tend to be vulnerable, by virtue of the fact that they attempt to limit the amount of threading they’ll allow. Slowloris must wait for all the sockets to become available before it’s successful at consuming them, so if it’s a high traffic website, it may take a while for the site to free up it’s sockets. So while you may be unable to see the website from your vantage point, others may still be able to see it until all sockets are freed by them and consumed by Slowloris. This is because other users of the system must finish their requests before the sockets become available for Slowloris to consume. If others re-initiate their connections in that brief time-period they’ll still be able to see the site. So it’s a bit of a race condition, but one that Slowloris will eventually always win - and sooner than later."

Apparently neither Microsoft IIS nor Lighttpd are affected by this flaw. It will be interesting to follow this story in the comming days.

PHP dev team released new version of PHP 5.2.x two days ago. This version brings a few security fixes and a lot of bug squashing. Alas, there was one seriously wrong fix. A bug that we’ll call "PHP safe_mode bypass with exec/system/passthru" was supposedly fixed in this latest version. Supposedly. It’s still there. And here is a proof of concept.

I’ll wait with upgrading to 5.2.10.

I just finished setting up my FLOSS.pro and Twitter accounts. Both will be a really nice way for sharing some thoughts of the moment since I don’t have too much time lately for writting long texts. I hope that’ll change soon.

I’m not kind of a person that ever regrets about the things done in the past. What is done is done. Yet, I’m rethinking was it really smart writing about Facebook on my blog. A little bit of history for my visitors from abroad - a few months ago I wrote a few articles explaining how to access other peoples galleries without being their friend. There was a bug in Facebook system that allowed this. It’s not working any more or at least not as simple as it used to. Galleries now have longer ID’s and it’s a lot of work to hack through this.

So, what was intended as a proof of concept and a try to show how social networks are very insecure became a horror story. Those two articles were swamped with so silly comments I couldn’t have believed my eyes. I’ve delete a lot of them. To sum them up into two comments:

1. This does not work/I don’t know how to do this.

My comment: Oh really! Well, dough! FB fixed the bug and I wrote about it too. And even if they didn’t isn’t it more than obvious how to do it? No? Go back to playing cards on your ‘puter.

2. I want to get other people’s passwords. Will someone teach me to hack?

My comment: Get a life! What, you don’t trust your girlfriend/boyfriend so you want to spy their account to see if they are messing in virtual world with someone else… cause you are doing that anyway? Well, here’s a tip: if you know your "beloved" you probbably know her/his password. People use dumb passwords they can remember. And believe me, it’s not that hard to brute force into someone’s FB account.

Internet has started to expand in Serbia like a flood in the past few years. And that’s all nice and sweet but… people using global network in Serbia got no clue how to behave. They keep letting complete strangers into their lives by sharing tons of private data. So, what makes you think they use their brains to create passwords? If they had been using their brains at first place they wouldn’t be acting like idiots online.

So, to sum up this story - stop asking silly questions like "teach me to hack". What does that mean? I’m sorry (well not actually but I’m being polite) if this text comes to harsh on people… they deserve it. Will it change anything? Nope. Was my intention to be a digital messiah that will show the people their faults? Nope, couldn’t care less. So why did I write this rant? Cause I can. It was just to pass the time while writing an article on encrypted chatting over Jabber and Gtalk. Now that is useful. Will be online by tomorrow.

There is serious XSS vulnerability affecting all Joomla! versions prior to 1.5.11 which was released just a few days ago.

DESCRIPTION:

JA_Purity template is bundled in Joomla! and fails to sanitized user supplied input. An attacker can inject JavaScript or DHTML that will be saved in the cookie making persistent, running in the context of targeted user browser, allowing him to steal cookies.


IMPACT:

An attacker can exploit the vulnerability to store persistent XSS. This may lead in steal the targeted user cookies and gain access to the user account.

Full disclosure at PacketStorm.

So, still using old Joomla!?

Dosta dugo nisam pisao ništa na srpskom. Za to su najviše odgovorni nebulozni komentari vezani za tekstove koje sam pisao o Facebooku. Ne, neću vas naučiti kako da kradete lozinke… niko vas to neće naučiti. Dođavola. Elem, reših da malo piskaram na srpskom i da dotaknem neke domaće teme. (eng. speaking visitors… proceed, nothing to see… internal Serbian stuff…) Već neko vreme mi se motaju po glavi neki tekstovi. No, ono što bih danas voleo da pitam sve prisutne jeste: šta mislite o poverenju?

Da se pojasnim. Većini vas je poznat termin "cloud computing". Do sada su valjda i zidovi naučili da tako nešto postoji. No, pretpostavljam da većina vas pojma nema šta je to. Svi o tome pričaju. To je u trendu i totalno IN. Kao i jedno milion stvari u poslednjih 10 godina. Opustite se, proći će. Sve je to od ovog sveta. Dakle, kompjuteri u oblacima, kako volim da kažem, jeste nešto tako matoro da pričati o revolucionarnom tehnološkom rešenju jeste u najmanju ruku smešno. Zašto? CC, kako ću dalje zvati ovaj hit, je ništa drugo nego modernizovana verzija "time sharing" sistema iz šezdesetih. Stari model deljenog procesorskog vremena je bio popularan jer su računari u to vreme bili jako skupi. Kasnije je otišao u istoriju kada su personalni računari postali popularni i jeftini.

Dakle, svi danas govore o CC. Svi koriste CC. Nema tu ničeg lošeg. Svi koriste Facebook, svi koriste Twitter i ko zna šta još ne. A šta je sa bezbednošću? Ne, neću paranoisati opet. Ovo nas vraća na ono moje pitanje od ranije. Šta mislite o poverenju? Shvatimo, koliko god se bilo kod od nas trudio da ima bezbedan računar uvek će postojati neka rupa. Faktički, kompletan naš svakodnevni digitalni život počiva na poverenju koje poklanjamo nekoma. Da li je to proizvođač hardvera, firma koja je proizvela operativni sistem koji koristite ili naš Internet provajder… sve se svodi na isto. Zbog prvih možemo da izugibimo podatke, drugi mogu da budu krivi što su nas napali virusi ili nam je neko ukrao podatke, a treći mogu da prate šta radimo i da te informacije daju na upotrebu nekom trećem licu. Dakle, svakog dana mi verujemo nekome. Za ove prve baš i nemamo rešenje sem da redovno radimo backup… a opet, tu je i proizvođač medija koji koristimo za čuvanje tih podataka. Za ove druge imamo rešenje… možemo da koristimo nešto bezbednije. Za ove treće… ima rešenja i za to, napisaću možda kasnije kako njih da zaobiđete. No, sve u svemu poverenje je ključna reč.

Dobro, a sada se vratimo na CC. Dakle, šta je ovde drugačije od bilo čega do sada. Bilo koja firma koja pruža CC usluge je samo još jedan faktor u svakodnevnoj igri poverenja. Umesto da sami brinemo o bezbednosti sistema koji koristimo mi prepuštamo tu brigu nekome tamo. I to je nešto sa čime moramo da živimo, zar ne?

I onda, da se po poslednji put vratim na pitanje - šta mislite o poverenju? Mislim da danas skoro svako ima sajt ili dva. Hosting je posao u cvatu u Srbiji… a ja sam vrlo srećan što sam na vreme pobegao sa te livade… dok još nije potpuno procvetala. Dakle, kakvi su vaši utisci kada je u pitanju poverenje koje morate da imate u odnosu sa svojim provajderima različitih usluga na Internetu? Kakve garantije domaći provajderi nude da nećete preko noći ostati bez svojih podataka? Da li ste potpisali ugovore sa njima ili ste samo po navici kliknuli na "Slažem se" u online formularu (dok ste bili oduševljeni kako je procedura kupovine brza i sjajna)?

Danas je vrlo kišan dan i eto došlo mi da malo mračim.

Apparenty there is a little nasty bug in BlackBerry software. I wouldn’t write this on my blog cause I don’t care much about BlackBerry but it’s been one of the most popular phones in Serbian Government’s circles in the past year or so(oh and I wanted to see how does this new image fit into posts… I’ll be using it for advisories from now on). Haven’t you noticed? Sure you haven’t. Well, I have. BlackBerry is used in almost all ministries of our Government. So, this might interest all those people playing with their shiny new BB models:

"Multiple security vulnerabilities exist in the PDF distiller of some released versions of the BlackBerry Attachment Service. These vulnerabilities could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service."

For the full info please visit: BlackBerry Technical Solution Center