Forgot your password?
typodupeerror

Comment: Re:Blackhole (Score 5, Informative) 49

by jenic (#39026953) Attached to: Cryptome Hit By Blackhole Exploit Kit

Symantec says that Blackhole affects "various Windows platforms". Does Cryptome run on Windows?

Whether or not cryptome runs in windows is not for me to say, however I do believe that cryptome was compromised and made to distribute the blackhole exploit. The following is found on TFA:

Although I'm not a full fledged security researcher, I could shed some light on the script that you found on your server. The basic program flow goes like this when a client loads the script (in your case every time anyone visits one of your pages):

  • the client IP address is compared against a list (net_match(...)) and if it falls within the range of the list it is in scope
  • the client OS is determined and if it is a windows machine, it is in scope
  • the client browser is determined and if it is a internet explorer (6.0 until 8.0) it is in scope
  • if the client is in scope (i.e. all three of the previous are true), a file is created on your webserver (empty text file), the filename is the IP address of the client (probably for later retrieval)
  • an iFrame is loaded in the browser of the client that will be impossible to see (width and height of 1 pixel) and that iframe points to the webpage of 'http://65.75.137.243/Home/index.php'

After step 5 probably the browser is under attack and it will probably be a successful attack since the attackers knows the client to be a windows machine running an internet explorer browser, my guess would be that the client is now infected and part of a botnet to be used in other attacks. The IP address of the attacker is a webserver for the domain http://absolutely-free-meeting.com/ I'm not sure they have anything to do with this attack, probably they are a comprimised server like your webserver was compromised. The WHOIS information for this domain is registered by godady and I include their data and the registrants data below, it would be best to contact both so that they can clean up their server also. Conclusion:

  • your webserver was compromised and a file was uploaded (the attacking script)
  • the attacker was only interested in certain IP address (probably only a certain location)
  • the clients that are infected are infected from another web server (no idea why since that attack script could have been put on your webserver also)

PS: I tried to format that as best I could but slashdot was having none of it

Comment: Re:Inevitable. (Score 1) 511

by jenic (#38259340) Attached to: Chrome Becoming World's Second Most Popular Web Browser

True enough. There are many advanced features you find in NoScript but not NotScripts, and I can see how one would miss them. But if all you're looking for is to block flash and ad network/tracking scripts, it gets the job done.

It mostly gets the job done. The inline javascript is huge. On the developers own site he admits he cannot currently block inline javascript. Which means a simple <script>while(1){alert('trolololol')}</script> would defeat it. I know Chrome detects this and will not allow an infinite number of alerts but my point is inline scripting is used a lot and NotScripts cannot protect against that.

Comment: Re:Inevitable. (Score 1) 511

by jenic (#38242124) Attached to: Chrome Becoming World's Second Most Popular Web Browser

See my post above, I've used NoScript, I use NotScripts on Chrome now, and I don't miss any functionality.

While an average user might not miss any functionality with NotScripts the overwhelming truth is that there are limitations to what NotScripts can do with the limited Chrome API. Let me list some features I use daily:

  • Clickjacking protection
  • inline script blocking
  • Script Surrogates
  • XSS Filtering
  • Application Boundary Enforcement
  • HTTPS Enforcement
  • Secure Cookie Enforcement

I could go on but lets discuss ABE for a moment. Singularly the most awesome part of NoScript. Lets say you allow Facebook.com scripts to run since you have a facebook account. Now lets say you allow slashdot.org scripts to run because you are a masochist. Facebook inclusions will run on slashdot.org because you trust both facebook and slashdot. But not with ABE:
# Facebook XSS
Site .facebook.com .fbcdn.net .facebook.net
Accept from .facebook.com .fbcdn.net .facebook.net
Deny INCLUSION

I could still go on but you get the point right?

The Media

+ - Panopticon Society and the Moral Power of an Image

Submitted by
Hugh Pickens writes
Hugh Pickens writes writes "James Fallows writes that you don't have to idealize everything about the Occupy movement to recognize the stoic resolve of the protesters at UC Davis being pepper sprayed as a moral drama that the protesters clearly won. "The self-control they show, while being assaulted, reminds me of grainy TV footage I saw as a kid, of black civil rights protestors being fire-hosed by Bull Connor's policemen in Alabama. Or of course the Tank Man in Tiananmen Square," writes Fallows. "Such images can have tremendous, lasting power." We can't imagine all the effects of the panopticon society but one benefit to the modern protest movement is the omnipresence of cameras as police officials, protestors, and nearly all onlookers are recording whatever goes on bringing greater accountability and a reality-test for police claims that they "had" to use excessive force. "What's new is that now the perception war occurs simultaneously with the physical struggle. There's almost parity," writes Andrew Sprung. "You have a truncheon or gun, I have a camera. You inflict pain, I inflict infamy.""

+ - A Bottom-up Labeling System for Organizations->

Submitted by
anarresti
anarresti writes "We all know people willing to help and contribute in an initiative but simply not been able to find where. Besides, plenty of small charities and startups, even ones with enormous potential, remain in the shadows because they cannot be easily located. The webtool Move Commons (MC) aims to help these to reach critical mass in their fields, connecting them with contributors, and clustering similar initiatives. The mechanics are similar to how Creative Commons (CC) “labels” cultural works. In fact, MC builds on top of CC, as CC built on top of the GPL. In MC, initiatives can "label" themselves using keywords and icons representing the principles they are committed to. Initiatives generate their badges to embed them, and its icons answer several questions: Is this a nonprofit? Is it transparent? Can I use part of their contents for my blog? How are they organized internally? Badges include semantic code which allows search engine queries such as “initiatives in Springfield that are grassroots, non-profit, delivering CC content, and related to 'IT' and 'alternative education'?” (Think of your own topics, keywords and places). The idea is to let projects locate and collaborate with like-minded initiatives and to allow potential contributors to find easily small local initiatives. Move Commons just launched a crowdfunding campaign to fund the project needs and attract collaborators. It uses the Goteo crowdfunding platform, which only aids free/libre projects that return to the Commons."
Link to Original Source

The biggest difference between time and space is that you can't reuse time. -- Merrick Furst

Working...