Forgot your password?

Close
typodupeerror
Security

+ - SSL Still Mostly Misunderstood->

Submitted by Anonymous Coward
An anonymous reader writes "People still don't understand SSL. This isn't much of a surprise... no one expects that grandma and grandpa know how to what SSL is and what it does. What is surprising and downright scary is that most IT professionals don't understand SSL, and many consider it to be the be-all, end-all of security in their organization. With all the tools out their to manipulate SSL connections and the browser vendors unable to settle on a single method of showing if a site is secured by SSL or not, is it any wonder that no one gets it? Security researchers Tyler Reguly, Mike Zusman, Jay Graver and Robert 'RSnake' Hansen recently discussed some of these issues at SecTOR security conference in Toronto."
Link to Original Source

+ - The Best Way To Inform Owners Of Hacked Sites?

Submitted by
UnmaskParasites
UnmaskParasites writes "I'm an independent security researcher. Every time when I investigate hacker attacks I see thousands of compromised websites. While I can't contact every single site owner and tell them about the problem, I usually try to let the owners of larger sites (their problems affect more people) know that they have security issues. I send them brief descriptions of the problems via email or their contact forms. Unfortunately, the prevailing reaction is lack of any response (and websites remain hacked). I have slightly better results when I publish attack reviews on my blog and then refer to the blog posts when I contact owners of compromised sites. However the success rate is still below 20%, which makes me think that security is not a priority for site owners and I'm wasting my time trying to help them.

Here is a rather amusing (and at the same time sad) illustration of the issue. Site of Software & Information Industry Association (SIIA) offers up to $1 million for piracy reports. This site is hacked. Most of its pages contain cloaked spam links that promote online stores that sell pirated software. I emailed them and described the problem. I created a blogpost with screenshots illustrating the problem and referred to it in my report. SIIA didn't bother to respond, and one week later their site still promotes pirates (they are probably too busy fighting with other pirates?)

I need your advice. What is the most effective way to inform site owners about security problems and have them resolve the issues?

* Should I go on trying to contact owners of compromised sites?
* Should I just report the sites? E.g. report them to Google as malicious or spammy, and let Google punish them (blacklist or remove from search index). I still prefer to give site owners a chance though.
* Should I try to give them some "bad publicity" if they fail to respond to friendly notifications? Is it acceptable? (I wonder if SIIA clean up their site if this question is published on Slashdot?)
* Should I just ignore them (since it's not my own problem) and hope that they'll eventually resolve issues?
* What else can you suggest?"

Comment: Tech solution: Fuck with his Internet connection. (Score 0) 811

by tasinet.gr (#28065963) Attached to: How To Help a Friend With an MMO Addiction?

I can't believe all you get in the comments are psychobabble. It's good up to a point but if you're past that, the easiest way to save him from himself is to fuck the internet connection.
No internet, no game.

Get BackTrack 3, boot into a spare PC and try TCPKILL-ing his connection to the specific port. You can script it to kill all connections to port (blah) every 5/10/15/rand() minutes.

If he has a clue about networks, he could realise what you are doing, though, so even better would be:
Limiting the speed at which he can connect, start by setting a 50KB/s limit, then 25KB/s, then 12, then 5, 1, whatever.
He will not be enjoying his game if he is getting 2 FPS and is completely lagged and out of sync from the virtual world.
A way that comes to mind is Man-in-the-middle attack (focused on the port(s) used by the game) and after all game traffic is going through you, use one of Trickle, Level 7 Filter, ClarkConnect, Bandwidth Arbitrator, MasterShaper.

If you can't figure out how to throttle him properly, you can also try flooding the local network until it slows to a crawl.

Try it.

Comment: the story smells (Score 0) 203

by tasinet.gr (#22759546) Attached to: Breakdowns of Website Defacement by Platform

So, Apache, with a larger market share (66%, ?) has been the server serving the application which was hacked/defaced. That is news how? For example when facebook was broken into and the private images downloaded and put up on torrents, Apache was probably serving the files but not the vulnerable point!

Lets look at it this way, if there is such a wave of defacements, how come whitehouse.gov which runs linux/freebsd and Apache, how come they arent getting defaced? Because someone serious took the time to configure the damn server properly. How hard is that? google->hardening apache. then use common sense when handling input in your applications/scripts.

facebook@netcraft Apache/1.3.37.fb1
".fb1"? how customised do you suppose fb1 is? If it were defaced, would it be apache's fault, a 0day exploit perhaps, or due to the configuration (or "fb1" whatever that means, if anything)?

"If you are afraid of loneliness, don't marry." -- Chekhov

Close