Click “Start”, “Run” and type “telnet towel.blinkenlights.nl” and hit enter. Prepare to nerd out.
Don’t be Evil. Be Good!:
“The numbers 1 to 400,000 cover The Darfur Wall. Each number represents a person killed in Darfur. By donating $1 or more, you can light a number, turning it from dark gray to brilliant white. As we light the wall, we acknowledge the importance of each life lost, cast light upon a tragedy too many have ignored, and overcome one barrier to peace.”
read more | digg story
So the Firefox 2.0 upgrade was what, in my mind, a major software upgrade should be. First off I barely noticed any changes whatsoever. It’s a soft and silent upgrade over the old Firefox. Some software upgrades have to move everything around in each upgrade, just to prove that they are making big changes. I’m not mentioning any names, MICROSOFT! This Firefox upgrade was a pleasure, with no surprises. After using it for a while I did notice a couple of things:
- Stability: The old Firefox tended to crash every once in a while, especially when I had a bajillion tabs open. Firefox 2.0 deals well with a bajillion tabs. It’s not crashing and the performance seems better.
- Bookmarks: You can right click on the bookmarks menu to add a bookmark folder or separator. Drag and drop to reorganize. Hooray. In the old version you had to open the “Organize Bookmarks” tool to, ah, organize your bookmarks.
- Spellcheck: I’m using it right now! Firefox spell checks anything you type into a text box. Apparently “Spellcheck” and “bajillion” apparently isn’t in the dictionary. A little right click action corrects that.
Hooray; Firefox 2.0 installed nicely on my OS X laptop. Thanks a lot Firefox team!
Today I received an email from Arizona State Credit Union. It appears my account had been locked thanks to some pesky hackers from Europe. Wait a minute … I don’t even have an account with AZSTCU!
I get these phishing scams in my email every day. Phishers try to get your account data: username/password, Social Security number, birthday, account number and so on. They usually present you with a form to fill out that looks like it is from a trusted entity, in this case your bank. When they get this information they can either act on it, or sell it on the information black market. In this case the information targeted is your AZSTCU username and password.
This one is interesting because it is geographically targeted. The attacker is looking for customers of an Arizona Credit Union instead of a national or worldwide organization. He/she could have linked my web page to Arizona and harvested my email there. Here is the text of the email:
Continue reading ‘Phishing Scam strikes the Arizona State Credit Union’
Cross site scripting has become the single most popular hack, beating even the ever popular buffer overflow. I’m reposting the MITRE report here, in a slightly modified format, for my own purposes.
| Rank
| Flaw
| TOTAL
| 2001
| 2002
| 2003
| 2004
| 2005
| 2006
|
| Total
|
| 16192
| 1434
| 2138
| 1173
| 2534
| 4538
| 4375
|
| [ 1]
| XSS
| 13.9%
| 02.2% (11)
| 08.7% ( 2)
| 07.5% ( 2)
| 10.9% ( 2)
| 16.0% ( 1)
| 21.5% ( 1)
|
| [ 2]
| buf
| 13.3%
| 19.5% ( 1)
| 20.3% ( 1)
| 22.5% ( 1)
| 15.4% ( 1)
| 09.8% ( 3)
| 07.9% ( 4)
|
| [ 3]
| sql-inject
| 08.7%
| 00.4% (28)
| 01.8% (12)
| 03.0% ( 4)
| 05.5% ( 3)
| 12.9% ( 2)
| 14.0% ( 2)
|
| [ 4]
| dot
| 04.7%
| 08.9% ( 2)
| 05.1% ( 3)
| 02.9% ( 5)
| 04.1% ( 4)
| 04.3% ( 4)
| 04.4% ( 5)
|
| [ 5]
| php-include
| 03.5%
| 00.1% (32)
| 00.3% (30)
| 00.8% (16)
| 01.4% (10)
| 02.1% ( 6)
| 09.5% ( 3)
|
| [ 6]
| infoleak
| 03.3%
| 02.6% ( 9)
| 04.2% ( 5)
| 02.6% ( 7)
| 03.7% ( 5)
| 03.9% ( 5)
| 02.6% ( 6)
|
| [ 7]
| dos-malform
| 02.9%
| 04.8% ( 3)
| 05.1% ( 4)
| 02.5% ( 8)
| 03.4% ( 6)
| 01.8% ( 8)
| 02.0% ( 7)
|
| [ 8]
| link
| 02.0%
| 04.5% ( 4)
| 02.1% ( 9)
| 03.5% ( 3)
| 02.8% ( 7)
| 01.9% ( 7)
| 00.5% (16)
|
| [ 9]
| format-string
| 01.8%
| 03.2% ( 7)
| 01.8% (10)
| 02.7% ( 6)
| 02.4% ( 8)
| 01.7% ( 9)
| 01.0% (10)
|
| [10]
| crypt
| 01.6%
| 03.8% ( 5)
| 02.7% ( 6)
| 01.5% ( 9)
| 00.9% (16)
| 01.5% (10)
| 00.9% (13)
|
| [11]
| priv
| 01.4%
| 02.5% (10)
| 02.2% ( 8)
| 01.0% (12)
| 01.3% (11)
| 01.5% (11)
| 00.9% (12)
|
| [12]
| metachar
| 01.3%
| 03.8% ( 6)
| 02.6% ( 7)
| 00.7% (17)
| 01.0% (14)
| 01.3% (12)
| 00.3% (21)
|
| [13]
| perm
| 01.3%
| 02.7% ( 8)
| 01.8% (11)
| 01.3% (11)
| 00.9% (15)
| 01.1% (13)
| 01.1% ( 9)
|
| [14]
| int-overflow
| 01.0%
| 00.1% (30)
| 00.4% (26)
| 01.4% (10)
| 01.9% ( 9)
| 00.8% (14)
| 01.2% ( 8)
|
| [15]
| dos-flood
| 00.8%
| 02.0% (12)
| 01.7% (13)
| 00.5% (19)
| 01.2% (12)
| 00.2% (27)
| 00.4% (17)
|
| [16]
| pass
| 00.8%
| 01.1% (17)
| 01.3% (15)
| 00.2% (26)
| 01.1% (13)
| 00.8% (15)
| 00.4% (18)
|
| [17]
| auth
| 00.8%
| 01.5% (13)
| 01.3% (14)
| 00.5% (20)
| 00.7% (17)
| 00.5% (19)
| 00.7% (14)
|
| [18]
| webroot
| 00.5%
| 00.1% (29)
| 00.2% (31)
| 00.3% (25)
| 00.2% (29)
| 00.7% (16)
| 00.9% (11)
|
| [19]
| form-field
| 00.5%
| 00.7% (23)
| 00.8% (17)
| 00.5% (21)
| 00.2% (25)
| 00.4% (20)
| 00.5% (15)
|
| [20]
| relpath
| 00.4%
| 00.8% (22)
| 00.3% (29)
| 00.9% (14)
| 00.6% (18)
| 00.3% (23)
| 00.3% (20)
|
| [21]
| race
| 00.4%
| 00.5% (26)
| 00.4% (22)
| 00.6% (18)
| 00.4% (21)
| 00.6% (17)
| 00.3% (24)
|
| [22]
| memleak
| 00.4%
| 01.1% (18)
| 00.2% (32)
| 00.4% (22)
| 00.5% (19)
| 00.3% (22)
| 00.2% (26)
|
| [23]
| msdos-device
| 00.4%
| 01.0% (20)
| 00.6% (19)
| 00.9% (13)
| 00.2% (24)
| 00.2% (28)
| 00.0% (34)
|
| [24]
| crlf
| 00.3%
| …
| 00.2% (33)
| 00.1% (31)
| 00.5% (20)
| 00.4% (21)
| 00.3% (19)
|
| [25]
| default
| 00.3%
| 01.1% (16)
| 00.7% (18)
| 00.1% (32)
| 00.2% (26)
| 00.1% (33)
| 00.1% (29)
|
| [26]
| spoof
| 00.3%
| 01.0% (19)
| 00.3% (28)
| 00.1% (29)
| 00.1% (33)
| 00.2% (25)
| 00.3% (25)
|
| [27]
| sandbox
| 00.3%
| 01.2% (15)
| 01.0% (16)
| …
| 00.2% (31)
| 00.0% (34)
| …
|
| [28]
| rand
| 00.3%
| 01.2% (14)
| 00.6% (20)
| 00.3% (24)
| 00.2% (32)
| 00.0% (35)
| 00.2% (27)
|
| [29]
| upload
| 00.3%
| …
| 00.0% (36)
| 00.1% (30)
| 00.2% (27)
| 00.5% (18)
| 00.3% (22)
|
| [30]
| signedness
| 00.2%
| 00.1% (31)
| 00.4% (23)
| 00.8% (15)
| 00.2% (22)
| 00.3% (24)
| 00.0% (32)
|
| [31]
| dos-release
| 00.2%
| 00.9% (21)
| 00.5% (21)
| 00.2% (27)
| 00.2% (28)
| …
| …
|
| [32]
| CF
| 00.2%
| 00.7% (24)
| 00.3% (27)
| 00.2% (28)
| …
| 00.1% (31)
| 00.1% (28)
|
| [33]
| eval-inject
| 00.2%
| …
| …
| …
| 00.0% (35)
| 00.2% (26)
| 00.3% (23)
|
| [34]
| design
| 00.1%
| 00.6% (25)
| 00.4% (24)
| 00.1% (33)
| 00.0% (34)
| 00.1% (32)
| 00.0% (31)
|
| [35]
| double-free
| 00.1%
| …
| 00.1% (35)
| 00.3% (23)
| 00.2% (23)
| 00.1% (30)
| 00.1% (30)
|
| [36]
| CSRF
| 00.1%
| …
| 00.0% (37)
| …
| 00.2% (30)
| 00.2% (29)
| 00.0% (33)
|
| [37]
| type-check
| 00.1%
| 00.4% (27)
| 00.4% (25)
| …
| …
| 00.0% (36)
| 00.0% (35)
|
| [38]
| none
| 00.0%
| …
| 00.1% (34)
| …
| …
| …
| …
|
UNKNOWN/UNSPECIFIED ITEMS
|
|
| unk
| 09.0%
| 07.9%
| 07.1%
| 07.0%
| 08.2%
| 08.9%
| 11.5%
|
|
| other
| 15.2%
| 16.7%
| 19.0%
| 11.8%
| 17.2%
| 13.1%
| 14.9%
|
|
| not-specified
| 06.9%
| 00.1%
| 03.0%
| 20.5%
| 11.3%
| 11.3%
| 00.3%
|
Continue reading for definitions:
Continue reading ‘State of the hack’
I made a nice lunch today, some spicy sausage. I’ve got a bunch of Jalapenos growing in my back yard so I’ve been trying to use them instead of black pepper. They really work well with a bit of bratwurst:
- Put a little olive oil in a frying pan, turn the heat to medium high.
- Slice up a sausage and cook it until it’s nice and done, with some burnt edges.
- Slice half a zucchini and half an onion and throw them in the pan.
- Add a couple of leaves of fresh basil and some salt and pepper.
- Next slice a bit of Jalapeno and add it to the mix. You can control how spicy you want the dish by controlling how long you cook the pepper. I used a tiny green Jalapeno and a tiny red one
- After everything is looking like it’s half cooked pour some vodka or wine in the pan, enough to barely cover the bottom.
- Put a lid on the pan and cook until the vodka has reduced itself to a sweet spicy sauce.
Enjoy! This would be good on top of some rice too…
Multiple vulnerabilities have been found in Flash media player, software that is almost universally installed across the Internet. These vulnerabilities can allow a hacker to take over your computer. Download the update here:
Adobe Flash Download
If you are wondering what version you currently have installed check this page.
The old method of hitting printscreen (usually twice for good measure) and then editing the photo in Gimp just wasn’t working for me anymore. Luckily I found this little shiny collection of 1’s and 0’s:
http://www.mirekw.com/winfreeware/mwsnap.html
It has more features than I really need, but here is a list of the cool ones:
- Take a snapshot of the entire desktop.
- Take a snapshot of any Window, or menu.
- Take a snapshot of any rectangular area.
- Use an onscreen ruler to measure the size of, uh , onscreen stuff.
- A color picker that gives you the color value of any onscreen color.
- Basic transformation tools like flip, rotate and such.
You could pay $39 for Snag It or you could download this great tool.
Recent Comments