Sea Change in Attack Vectors

Member for

10 months 3 weeks
Submitted by AlReaud on Thu, 12/08/2011 - 12:29

NOTE: Updated 11/15/2016

There's been a sea change in the attack vectors coming into the testing server, and some interesting characters.

For approximately two weeks, we've been subject to "IP Agile" attacks. The term "IP Agile" is something borrowed from a piece of high end R&D lab equipment, a Fluke frequency-agile signal generator. The "IP Agile" attackers use numerous IP addresses that repeat only occasionally over a span of hours, evading tools like fail2ban. There also seems to be a specific cycle through countries, China, Brazil, Japan, EU (UK or France),  Taiwan, then repeating, though I don't yet have enough data.

This set of attackers seems to be hitting mail servers and phone branch exchange (PBX) servers mostly. Found a great site at a church in Lafayette, IN that had their website infested. The trick was that you only saw the spam if you had javascripts disabled. Called them up and spoke to a parishioner manning the phones, and followed

SunTrust Spoof: Additional ways of protecting your SunTrust access

Member for

10 months 3 weeks
Submitted by AlReaud on Tue, 09/27/2011 - 19:50

Updated: 11/6/2016

This is a recent phish wherein you get the following email (allegedly) from SunTrust Bank:

Subject: Additional ways of protecting your SunTrust access
From: "Suntrust"<infor@suntrust.com>



SunTrust Online Banking Alert:

Banking with SunTrust Online is about to become even more secure!
As a valued SunTrust online customer, the security of your identity and personal account information is extremely important. We are installing Enhanced Online Security as an additional

Hacker Mitigation

Member for

10 months 3 weeks
Submitted by AlReaud on Tue, 09/27/2011 - 19:03

This is a series dedicated to insuring that hackers and phishers can do no harm to your computer or your finances. Computer security basics will not be covered in this series.

We shall differentiate between two species of attacker as follows:

  • HACKER - The hacker (or cracker, depending on your school of thought) is an individual or bot that attempts to seize your machine via remote access. On operating systems that allow for a remote shell or graphical user interface with remote access, the remote login features are attacked via malware or social engineering. If successful, such attacks gain control of the hardware and operating system, allowing the creation of further bots, spam factories, etc.
  • PHISHER - The phisher is an individual or bot that attempts to steal your identity, banking information, and/or other sensitive financial/personal information via mostly social engineering based attacks. Getting a victim to click on a link going to a website that spoofs an actual one, lets say a bank's, has become very common. Such a spoof tricks you into divulging personal information to information thieves via spurious websites and forms. This is the hardest kind of attack to stop, as current Internet security applications have no control over operation of the wetware.

In the following, examples are given 

No more TOR as of today from Happy Cat Tech

Member for

10 months 3 weeks
Submitted by AlReaud on Fri, 09/16/2011 - 10:44

For a while, Happy Cat Technologies has provided TOR services through it's IP address. Sadly as of today that service will no longer be available due to abuse. Instead of using the service for secure anonymous browsing, email, and social networking, anonymous individuals are using it to download pirated movies.

Criminality was not the intent of providing the service. The service was provided to allow individuals in non-free countries to have anonymous communications. An example, bloggers in Syria documenting their government's abuses.

Windows Printer Networking - Getting Different Versions to Play Nice

Member for

10 months 3 weeks
Submitted by AlReaud on Fri, 09/02/2011 - 09:56

Sharing printers on Windows across different versions of the operating system and different word sizes can be, to say the least, a bitch. While working on a clients network of approximately 12 computers, I developed the procedure listed here to quickly configure clients and the host for print sharing.

How To Crash Your 'nix Box The Easy Way - Using the File Manager (nautilus) as ROOT

Member for

10 months 3 weeks
Submitted by AlReaud on Thu, 08/25/2011 - 10:27

With great power comes great responsibility...”, Stan Lee

Great responsibility for damaging the system, LOL! Extreme care is required when operating as root, because of the ability to do absolutely anything without any constraints. The 'kiss of death' (cd /; rm -rf *, something I send to hackers regularly...) isn't prevented, as an example. Some apps will complain about being root, some won't. The gist is, you have to be extremely careful!

Such was the case yesterday, using nautilus as root. I had two windows open, 

Whois as a tool to prevent scamming on Craigs List Job Ads

Member for

10 months 3 weeks
Submitted by AlReaud on Tue, 06/14/2011 - 19:30

To those of us that have to look for a job, Craigs List is a good tool, but with some serious identity theft risks involved. In Fort Collins, there has been a rash of fake advertisements posting for usually high-end technician/engineering jobs. Automated Guided Vehicle Technician, R & D Technician, etc. Some of these look like to-die-for jobs. You apply, send off a resume, and then you get an email, usually from a free email service, like Hotmail, Gmail, etc.:

Fedora 14: polkitd selinux policy preventing mounting of USB and DVD

Member for

10 months 3 weeks
Submitted by AlReaud on Sat, 06/11/2011 - 19:31

After using preupgrade-cli to upgrade to Fedora 14 from Fedora 13, I had this nusiance where a user could only mount USB sitcks and DVD drives as root, not as themselves. Yum also had to be used from the root account and could not be used via the yum GUI from a user account, as it didn't ask for the root password.

Looking at /var/log/messages, I started seeing errors in the form:

Drupal Tips and Tricks

Member for

10 months 3 weeks
Submitted by AlReaud on Thu, 06/09/2011 - 13:40

During development of a Drupal website, one finds many places where content can be modified and/or presented in different ways. The following is a compilation of tips and tricks related to creating a Drupal website. If you have any you wish to include here, please contact the author at alreaud@happycattech.com for inclusion into this knowledge base.