digip : sailing the high seas of the internet

Depression Cooking

New 0-day exploit for Adobe Reader DOES NOT need Javascript in order to run! You have been warned!

http://isc.sans.org/diary.html?storyid=5926

paurritoufali82@mail.ru: 89.252.1.37 wrote

“Maaaan, you know there is such thing in the web like search engine, http://google.com”

So true my man. So true. Thanks for sharing. Oh, and by the way, I notified SANS and MySpace about the flaw back in November of 08. It has since been fixed, but thank you душ мешок.

Where do I sign up?
Top Gear

There are a few exploits making the rounds this week. One of them is a 0-Day for Acrobat Reader. The other, exploits a combination of Microsoft Word features and IE7’s MSHTML rendering engine. When there are no patches available for such things, best practices come in to play. Do not download, click, or open untrusted files. Install a good anti-virus and firewall suite(My personal recomendations are Kaspersky(or Zone Alarm which includes Kaspersky), Avast, Nod or Clam, but ZoneAlarm is by far my favourite of the bunch), don’t open email attachments, and by all means, skip the IE browsers all together and use something like Opera or even FF.

Also, if you do have to use Acrobat Reader, TURN OFF JAVASCRIPT in the preferences!! If you have to use IE7, try to stick to business related work themes(meaning, stop viewing porn and going to your favorite torrent and warez sites). Turn off all add-ons for IE7 and turn off Active-X(That means flash, media player in browser, etc). You can also read up more on protecting your privacy while online. See my blog post here: http://www.twistedpairrecords.com/blog/2009/02/13/internet-privacy-guidelines-firewalls-are-nice-to-block-malware-but-they-do-nothing-to-save-your-privacy/

Sources:

http://isc.sans.org/diary.html?storyid=5899

http://isc.sans.org/diary.html?storyid=5902

http://c-span.org/PresidentialSurvey/Overall-Ranking.aspx

Of the 42 names listed, G.W. Bush is somewhere at the bottom of the list at #36, while Clinton sits at #15. I think it is going to take a few years to really rank G.W. for his career and what kind of damage he caused during his administration. As of now, I can only see him going further down on the list, but I admit I do not know enough about the people below him on the totem pole, so in all fairness he may actually not have been as bad as those people. I for one still have my doubts though, as I can’t forsee anyone doing a worse job.

I was watching CSPAN today and congress interviewed the CEOs of the larger banks who recieved money form the TARP program. Republican Representative Patrick McHenry asked if the money from the TARP was used to increase consumer lending or to protect the safety and sound being of the financial institution itself, and every bank member on the panel said it was to protect the banks themselves (not to increase consumer lending).

Wow.

What then was the purpose to bring this money forward for these assholes? If they were floundering so bad and going under, wouldn’t it be because of something they did? Were they in financial crisis to begin with? Not one cent was used for an increase in new housing loans or the stopping of mortgage foreclosures. Every one of these CEOs should be fired and fined for the programs they put this money into, when none of it was used for what it was given for.

Were are apparently losing roughly 7,000 homes a day in the US. That is 2,555,000 homes a year that get foreclosed if we don’t fix this problem. With roughly 600,000 jobs lost in just January 2009 alone, I can see this number going from about 7,000 a day to at least 9 or 10,000 a day, possibly more. If that holds true and nothing is done to fix this, then you have about 3,650,000 homes a year that are foreclosed.

So, going forward, we gave them a bunch of money, none of which was accounted for being used to increase the normal amount of mortgage loans or prevent foreclosures, in fact, the number has stayed relatively close to what it was a year ago, before they received TARP funds. They used this money strictly to preserve the BANKS bottom line, not for that of the people losing their homes. So why then, did we give them any money at all? As a tax payer, I will see none of this money returned to me. As part of the TARP bill in 5 years the president is supposed to recoup this money with taxes on the banks themselves.

I can see this causing a bigger problem in 5 years than we have right now, because banks will need to have a way to pay this money back, which would in turn become things like larger bank fees on credit cards and ATM machines, steeper fines for returned checks, etc, which translate to a larger burden on the consumer. To me this acts like a pendulum. Think of the money on the left swing being the government, the swing to the right being the bank, and the tax payers everywhere in between. In order for it to reach either side we are the ones who are moving the pendulum with our money. The tax payers. In one swing you take it from us and pass it to the banks, from the left to the right, and two, you make us pay higher fees in order to pay back money to the government only to have us pay twice. I don’t see how any of that is beneficial to anyone and if anything, its not even a total wash, but puts us in the hole later down the road. Unemployment is around 7% and rising. If the market doesn’t recovery quickly, this is going to get much worse before it has a chance to get any better. We have already been told that it is going to get worse before it gets any better, so that is just reinforcing what I see as a bad to worse situation, with no end in sight.

I have been getting a lot of blam (Blog Spam) the past week or so. I have enough measures in place to block this though. Every comment has to be approved before I allow them to show up anyway. Along with some filters in place to thwart a lot of the spam, everything gets logged, but nothing will show up unless I approve it. What I was thinking though, is if there was a site that has a dedicated list of Blog Spammers IP addresses? If so, I’d like a copy to add to my block list, but more importantly, if there is not one such list, I may just start my own.

Only problem with this is I have seen a lot of the same spam from different IP addresses, some of which seem like compromised Internet accounts of users who are just too dumb to know otherwise. I just wish there was an easy way to notify those specific users whose accounts are being used to relay this spam. Then comes the whole concept of “Spoofed Blog Spammers”, or as I like to call them, Spoogies. Spoogies are like zombies, only instead of being used for botnets to do something like a DoS or email spam, they are used strictly to spam blogs, twitter accounts, social sites like MySpace, etc.

What I may end up doing is compile my own list of Spoogies and Blammers, then post a link on my sidebar for others to use. This in turn could make things much easier for web site owners like myself to block them from even being able to reach the site in the first place. I wonder if its possible to get a copy of the block lists Spamhaus uses?

U.S. tweaks Internet privacy guidelines:

http://www.reuters.com/article/technologyNews/idUSTRE51B5AK20090213

WASHINGTON (Reuters) – Federal regulators tweaked recommendations for how web sites should collect, save and share information about users, extending them to Internet service providers and mobile users.

The Federal Trade Commission issued new guidance on Thursday for the self-regulated industry that urges web sites to tell consumers that data is being collected during their searches and to allow them to opt out.

Its something people take for granted, but every time you go online, you are being monitored, tracked, and turned into a statistic for either an advertiser or even your own ISP. One of the things you can do to surf fairly securely though is to employ a few easy tweaks to help slow that information gathering down. In one instance, you can even mask your real IP address, surfing through a proxy or your own SSH tunnel from a hosted web site that offers shell access.

First thing you will want to do is download an ad banning HOSTS file. For most users, they can check this quick guide on how and where to set up their hosts file: http://en.wikipedia.org/wiki/Hosts_file

A good HOSTS file that anyone can freely download is located here: http://www.mvps.org/winhelp2002/hosts.txt
I use it in combination with my own compiled list over the years, and find it helps greatly in stopping ads and such from laoding.

The basic premise is that you block a site by adding an entry to their address, first by pointing to your localhost. This causes the site to timeout, and can never load the foreign information for the advertiser or third party you want to block. The format is as such:

127.0.0.1 www.somesite.com

What that says is every time I try to go to www.somesite.com its IP address is 127.0.0.1 (“Theres no place like home, theres no place like home” – Thanks Dorothy)

Ok, now, this isn’t full proof, as there are 1,000’s upon 1,000’s of ad sites, malicious Spyware and virus sites, botnets, etc, trying to get at your information, so if they aren’t in the list, they will still get loaded. But this is a good first level of defense and will speed up sites with lots of thrid party ads since they will now not be able to load.

(Windows Vista users will want to look here for setting up their HOSTS file: http://www.mvps.org/winhelp2002/hostsvista.htm)

An alternative is for users of FireFox to install the addons for adblock and noscript. This helps block them in a similar way. (I personally hate FF myself and use Opera as my main browser, but thats a whole other topic in itself.)

Next thing you can do is use an anonymous Proxy. Proxies work by masking your IP address. They do so by allowing you to connect to them for the sites you want to request, and in turn, they relay a cached version of the site back to you. What this does is make it so you can visit a site without having to give out your real IP address, or even your country code if using a forgeign hosted proxy. Some proxies even filter out harmfull content and ads for you, so those are the ones you will want to look for. Google is your best bet, as proxies come and go so quickly these days, its hard to find working ones that last forever. The alternative is a pay for proxy service or VPN. These also help you get around country blocks, for say, something like Hulu which restricts use to the US only.

If money is tight, there is also TOR (The Onion Router) but its main prupose is for surfing, not to access large amounts of data or content. TOR also has a flaw in that it relies on its users to provide the service. In essence you become one of the proxies in the loop using your bandwidth to do their surfing. Its kind of a distributed surfing system in where each person connected is another layer, like the layers of an onion. TOR tends to be a bit slow because of this, but is a great addon to have in your arsenal when needed to surf quietly while using a wireless access point in a cafe or airport. If you just don’t trust their network, try TOR. (Warning: It has been known for a while that exit nodes on TOR networks may have the ability to sniff your traffic. If a mailcious TOR user wanted to, they could redirect you or watch all your packets! Make sure you are using the LATEST TOR software to protect against this kind of attack).

As mentioned above a VPN is also an option. Now, not a VPN to your home box from work or the cafe, which would still give out your IP address, but a Paid for VPN service that acts as your proxy to the internet site syou want to visit, such as http://blacklogic.com/

These are just a few methods of protection and I highly recommend you google for more information on these topics.

The last one I will talk about is fairly easy to setup and requires a browser that can use the SOCKS protocol(This is also good for bit torrent clients that allow the use of SOCKS proxies when you want to secure your traffic and mask your home IP address from evil bots!).

SSH is a secure connecting protocol, encrypting communication between you and the SSH server on the other end. Everything that travels in the SSH tunnel is encrypted so no prying eyes can read or see what you are doing. If they were to sniff your traffic locally, all the would see is encrypted packets between you and the SSH server. None of the sites you visit will be seen when capturing packets. Only your IP address and the SSH servers IP address will be known to prying eyes. This helps when surfing free wifi to sites that require logins and passwords to be entered as well, since all communication is secure, even if the site you visit does not use SSL to login, anyone tyring to steal that information while sniffing your packets will get nothing but unreadable, encrypted data. This does nothing to hide the fact that you are surfing, but it hides where and what you surfed for.

For the easiest setup with SSH you will need a host that has the SSH service running. For this, I use Dream Host, which allows me to have Shell access to my web site via SSH. For the client side, I use a program called Putty. Putty is pretty much the defacto standard for windows users wanting to conenct to SSh servers, but *nix users usually have SSH built in to their OS, so you can google more on how to set that up on *nix. When surfing through the SSH tunnel, sites at the other end of the tunnel will only see the IP address of your Socks proxy. This allows you to hide your home IP address from advertisers and third party sites trying to collect data on who you are. To configure your browser to use the tunnel, you first have to set up putty. In the putty program on the left menu, go down to Connections>SSH>Tunnels. In the source port enter 7070, check Dynamic and click Add. Then again, in the source port add 22, check local and destination should be 127.0.0.1:7070, then click add. You should have two entries, one that says D7070, and one that says L22 127.0.0.1:7070. Now in your browser, go to your proxy settings and instead of http proxy, enter 127.0.0.1:7070 for your socks proxy settings. Onc eyou connect via putty to your SSH server, all your browser traffic will now go through the SSH tunnel, encrypted from prying eyes.

Used in combination with a VPN and ad blocking you highly reduce the chances of anyone ever being able to tell who you are, while any data they do collect comes back to your proxy or VPN service. Your weakest link is your proxy and ad banning software.

http://www.pcmag.com/article2/0,2817,2341012,00.asp

by Mark Hachman
Microsoft, several security firms, and members of the academic community came together Thursday to try and develop a coordinated plan to halt the spread of the Conficker worm, also known as Downadup.

Microsoft announced a $250,000 reward for information leading to the arrest and conviction of the Conficker author or authors, available to anyone in any country, subject to local laws. Meanwhile, a group of security companies pledged to work together to disable domains targeted by Conficker.