.:Computer Defense:.

Hey All,

I just wanted to let everyone know that this website will be transitioning over the next few weeks (just in case their are any ups and downs along the way).

I was starting to hit the occasional database connection limit exceeded (the sole downside that I've found with my host is that connections are hardcoded at 18 and you can't pay to upgrade that limit). I also have a VPS, but I've found it just doesn't cut it for some of the shell related things that I want to do.

As a result I'm getting rid of the VPS and I picked up two servers, a 'Root Server' and a 'Windows Server'. I'm fairly happy that the costs are reasonable (compared with the other services that I looked at) and I liked the concept of one Windows, one Linux rather than 1 bigger server... Once I have all the software I want installed and everything configured, I plan on transitioning this blog to the 'Root Server'. Once there it will have it's own IP and associated SSL cert. I will also have a few test beds to play with.

Server Specs:
2.2Ghz AMD Athlon 64 3500+
1GB RAM
160GB w/ Software RAID 1
2TB Monthly Transfer (per server)

A few days ago I updated the site, and I must say... WP2.5 is awful... I'm actually disappointed that I had to upgrade. Having used typepad, WP, Greymatter, blogger and Serendipity... I was actually a really big fan of WP and thought it was about as good as they come. Now I'm not too sure about that. The user back end on 2.5 is awful... It's slower than the old UI was, it's not laid out nearly as conveniently (yes they made it less intuitive) and it's ugly... I realize it's an attempt to go more Web 2.0ish, but they failed miserably... In all the time that WordPress has powered this blog, this is the first time I've been completely disappointed and considered moving to new software.

I use Google Apps. I'm a huge fan and I think it's amazing. The features that are made available free of charge, are really no different than the features any gmail user gets, except that you get to apply your own domain name. At least that's what I used to think. Several people I know have made reference to the addition of group chat to GoogleTalk Online (the GoogleTalk that's found within the Gmail Window)... This addition for some reason has not made it over to the version of GoogleTalk that is used if you are signed up for Google Apps.

So, if anyone at Google or that knows someone at Google, read this... please let me know why this feature hasn't made it over to Google Apps yet and if there are any plans for it to move over in the future.

I just installed the comment plugin from Intense Debate... It seemed to be a fairly painless install... I'm hoping that this post will tell me whether or not it's working. It looks like it's pretty cool, feel free to check it out on the Intense Debate website.

For anyone that might be interested... ComputerDefense.org is now available over SSL.

So lately, when I log into the administration portion of my blog, I've been noticing more and more links from a single domain and the titles are generally the same as my latest blog post... I browsed over and sure enough, someone is grabbing my blog posts via WP-Autoblog and posting them on their site. The site in this case, which I've noticed is stealing feeds from a good number of the Security Bloggers Network sites, is newtechtransfer.com.

There weren't any posts on effectively blocking WP-Autoblog that I could find anywhere and after a little bit of searching I found the suggestion to send a DMCA Cease and Desist Request. There is a template available here. I updated the template to properly reflect me and my website, and sent it off to abuse and support for both the domain in question and their hosting provider estdomains.com.

The problem I realized is that I most likely won't get anywhere... based on the email addresses provided in the whois (which are .ru), I'm guessing that there's no legal way of getting the information removed. I've provided the whois information under the Read More link so that it wouldn't clutter the main page.

The second point of interest was the response I got from the abuse and support email addresses. The hosting provider's response was:

Dear Customer,

Due to the huge wave of spam we receive and in order to improve
the speed and quality of the work of our support team we decided
to stop receiving emails.

To get in touch with us please feel free to raise support ticket at

http://support.estdomains.com

Best regards,
Estdomains, Inc Support Team

The text was also repeated in Russian. So I also submitted my Cease and Desist request via their support form.

So my question to the blogging community is, how do you deal with these sorts of problems? Images of vigilante justice keep going through my head, all the affected parties lynching the culprits in a small dirty town reminiscent of every bad western ever made. The problem here is that this *IS* a problem. This can affect search engine ranking and placement, this can affect site traffic and it's just plain irritating. There has to be something that can be done, but the question is: What?

[UPDATE]

It appears as though the letter worked. All content has been removed from newtechtransfer.com.
Read more...

It seems that WordPress, this wonderful blogging software has a flaw... It doesn't support DST. At first I thought that perhaps due to the change in date for DST that the server hosting this blog hadn't been updated properly... I soon discovered this wasn't the issue. So tonight, irritated that my server was an hour off... I searched around and found this site, which makes mention of a TimeZone plugin for WordPress that solves the DST issue. It definitely does and I'm glad I found it... Now my time of posting is accurately displayed.

So... it's been a bit since I posted... The one post a day thing I planned so far back doesn't seem like it's going to become a reality... However, hopefully, in the near future... we'll be adding someone with a love of hardware to the "ComputerDefense team" since it's not a topic I'm overly fond of...

However, today I do want to share a few links I've come across... They are interesting, "neat" and cool... To quote the Tim Hortons commercial... these links are "steeped"

JBroFuzz -  Version 0.2 of this "stateless network protocol" fuzzer has been released. A short description is available on Security-Protocols.com.

Space Shuttle Computers can't handle year rollover -  That's right.... if the Shuttle launches and Dec. 31st is day 365, then to the shuttle Jan 1st is day 366 of the ear 2006... not day 1 of 2007... You have to question how, with all the advanced technology in the space program, a simple glitch like this exists... and not only exists but knowingly exists.

Invention of the Year (2006) - YouTube -  That's right.... Time Magazine has declared YouTube... everyones's favourite video sharing site... to be the Invention of the year... I'm still not sure what to think of this one... All the possible beneficial things that could have come out of 2006 and YouTube is number one... perhaps someone over at Time doesn't quite have their priorities straight.

Today's MOKB Entry -  Entitled "Microsoft Windows kernel GDI local privilege escalation", the description says that this vuln could lead to code execution... I found the date reported to Microsoft to be rather interesting ( 22-10-2004 ) and can't wait to see Microsoft's reasoning for not patching this yet.

SinFP -  A new version of SinFP (a perl based OS fingerprinting tool) has been released... I haven't looked at this tool lately... I looked at it when it was first announced on the nmap-dev mailing list. The author of SinFP was called on falsehoods and admitted that it was just marketing wording to attract attention. This just doesn't sit right with me in this industry... so I haven't really given it another chance... although I may have to do so in the near future... With the 1.0 release I also wasn't impressed with the detection... It couldn't detect my Windows XP SP 2 Machine.. perhaps detection has gotten better these days.

XMLHTTP 4.0 ActiveX Control Vulnerability - This has gotten a lot of news over the weekend. jgraver over at nCircle has a great blog post with links to some useful information.

One thing to note is that I've been receiving more and more email viruses to in my inbox... This is due, in part, to the fact that my primary machine died and I'm using web mail with no AV scanning to wipe them... I submitted one to Sunbelt's CWSandbox, which I reviewed previously, with the hopes that I'd be able to share the details with you. Unfortunately, as the service becomes more popular the processing time seems to be increasing... it's no longer the "couple of minutes" that it was when I first reviewed it... Should I get some interesting results back, I'll be sure to share them.

Peace,
HT

So I'm really pumped about this. Between the two domains (CDO and SpamMailBag (I didn't even look at PythonGod or SecurityNe.ws)) we've broken 10,000 unique visits.

ComputerDefense.org - Sept '06 -  9433 Unique Visits

SpamMailBag.com - Sept '06 - 5850 Unique Visits

I never expected the page to have this many readers.... so now my goal is to double this for the end of the year...

Peace,
HT

So I've decided to add some GoogleGroups related to CDO and SpamMailBag... I'm not sure they'll get used but now at least they exist if anyone is interested in them.

The CDO Group can be used for anything.... Feel free to sign up.. if it gets some members I may actually do something with it.

The SpamMailBag.com group is primarily to target mail harvesters and see what happens....

Feel free to check them out and join them.

Peace,
HT