Posted by chris on Thursday, July 30, 2009 – 2:35 AM
Hanging out at Black Hat would have been a lot cooler than hang out at work or home, by 20 degrees at least. We’ve been having are usual July heat wave. Over 100 degrees everyday with lots of cloud coverage and enough rain to spot the car windows good and keep the humidity off the charts.. It’s been miserable hot here and while it’s probably not much cooler in Vegas, there is good air conditioning. But your not here to listen to me whine about the heat, I live in the high desert so ummm yeah, it’s gonna get hot.
What is of considerable interest to me is what was sure to be unveiled. Black Hat & Def Con both have their share of hacks shown off. Best place to learn about an attack is from the source itself and we get plenty of source from the coders themselves. And this year so far, has had some big revelations.
Like this SSL certificate hack from Moxie Marlinspike So those little Verisign certificates that pop up and imply there’s no worries, this website we are loading is what it is. And our data is encrypted to keep it safe from prying eyes. Kinda gives you a warm fuzzy feeling all over. Except the computer on the other end will be able decrypt the data and that can now be any computer with a forged signature. So much for that warm fuzzy feeling. While the implications of this hack, and how easy it is to pull off, are scary, it seems like one that should be easy to patch. But until then… And this isn’t the first problem with Verisign. It wasn’t wasn’t long ago that the MD5 vulnerability was confirmed.
It will be interesting to see what else filters down from Black Hat this year.
Posted by chris on Sunday, July 26, 2009 – 12:48 AM
I haven’t stopped working on how to remove My Web Tattoo and the associated programs. If you have it in Firefox, then you’re kinda in luck. I have removed it from Firefox
And I found a phone number that was on the EULA page for Make The Web Better, which is the first program that is downloaded from the My Web Tattoo page. I suggest if you haven’t been able to get it removed from Internet Explorer yet, you follow the advice on their page
If you experience any problems installing and/or
uninstalling the Software Product, please contact us via email at: info@make-the-web-better.com, or call us at: 1 (800) 831-8940.
I’m still working on removing it. I can’t get it installed on IE 7 on my test computer. So I’ve been doing some other stuff like running it in a sandbox to see what it does. I’ve identified several registry keys that are affected and where it’s sending data to. I just got this info though and I’m in the middle of a computer repair job that should have been done already. So when I get some more time I’ll write up what I have found about removing it and more.
In the meant time, there is the number you can all. You can leave comments on how it went if you do call them. I’m sure others will be interested in how they helped you.
Posted by chris on Thursday, July 16, 2009 – 1:03 PM
Yes, that’s right. The essential network scanner, nmap, has made it to version 5. If you are unfamiliar with nmap, it’s a must have tool for anyone who does anything with networks. It’s the greatest port scanner around. And you can get it for just about any OS. But nmap is much more than just a port scanner. It can be used for more than just seeing what ports are open. You can also use it for its OS detection, among other things, and you can even use it to find the conficker virus on remote computers. It’s available as a command line tool and for those who prefer a gui, it also comes with zenmap which is a graphical front end for it.
My thanks to Fydor and the nmap development team for constantly updating this awesome tool and never being satisfied with the status quo. Now let me quote insecure.org
July 16, 2009 — Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 5.00 from http://nmap.org/. This is the first stable release since 4.76 (last September), and the first major release since the 4.50 release in 2007. Dozens of development releases led up to this.
Considering all the changes, we consider this the most important Nmap release since 1997, and we recommend that all current users upgrade.
You can find a list of the changes here and be sure to download it.
Posted by chris on Wednesday, July 15, 2009 – 6:06 PM
Looks like there is another ActiveX vulnerability. If you are unfamiliar with ActiveX, basically, a web page can do stuff like read and write files when you use Internet Explorer and allow ActiveX options. This nice for the Microsoft Update site to see which files it needs to update, but that’s about it in my opinion. Sure, there is a pop-up that asks you if you want to allow a website to use ActiveX but history shows that too many people allow ActiveX when the shouldn’t. There is an unbelievable amount of attacks that use ActiveX. That’s one of the main reasons I use Firefox instead of Internet Explorer, it doesn’t have ActiveX so you don’t have to worry. Google’s Chrome is another web browsers that doesn’t have ActiveX.
Our friends over at the Internet Storm Center are keeping an active eye on this new vulnerability. You can read all about it and follow their updates here. So do your Microsoft Updates, several just came out, and if you really want to be safe, stop using Internet Explorer or use it as little as possible and switch to Firefox, Chrome or even Opera. Stay Safe.
