PHPSecInfo
The PHP Security Consortium has release v0.1.1 of their PHPSecInfo tool. From their website: The idea behind PHPSecInfo is to provide an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.As PHPSecInfo doesn't provide any new information, at least with this release, I see it as a useful tool for the one's that are not very familiar with php and only want to set up some downloaded scripts on their own web server. What I'd like to see in upcoming versions is a LOT more verbosity. Explaining the settings in depth and giving advices on secure programming linked to some of the settings they test (like input validation without
magic_quotes_gpc, handling globals with globals off etc.)
Phishing for Postfinance (Part 2)
They are phishing for Postfinance logins again. And although the e-mail looks much nicer this time, they still have too many typos in it. ;-)
Another not so clever idea they had, was to use port 8081 for all their links, be it for the logo (yes, they didn't link it from the original site, but from their phishing server!) or the phishing URL (http://219.163.9.224:8081/index.php?email=plog@hu-gi.to [modified email domain]) itself. According to a whois query the ip range belongs to an ISP from tokyo: (More)
Another not so clever idea they had, was to use port 8081 for all their links, be it for the logo (yes, they didn't link it from the original site, but from their phishing server!) or the phishing URL (http://219.163.9.224:8081/index.php?email=plog@hu-gi.to [modified email domain]) itself. According to a whois query the ip range belongs to an ISP from tokyo: (More)
Get Request from Zone-H.org
Something you never ever want to see in your webservers access log is a get request from zone-h.orgs wget utility looking like that:
One of those kiddies hit my badly maintained PostNuke site last week (oops, now it's out). Fortunately I didn't have any data loss. The index file was all that was damaged, so I guess I was lucky (probably because it was a publicly available script used for defacing standard PostNuke installations...).
Oh, and yes, pLog isn't vulnerable :).
www.zone-h.org - - [02/Oct/2005:13:48:00 +0200] "GET / HTTP/1.0" 200 25 "-" "Wget/1.9.1"
Zone-h.org is a site where hackers Skript Kiddies can post sites they have defaced and/or tested to be vulnerable to remote exploits. The xmlrpc bug, which was found this summer and affected numerous CMS/Portal scripts, is one of the common bugs exploitet since, resulting in hundreds of defaced websites.One of those kiddies hit my badly maintained PostNuke site last week (oops, now it's out). Fortunately I didn't have any data loss. The index file was all that was damaged, so I guess I was lucky (probably because it was a publicly available script used for defacing standard PostNuke installations...).
Oh, and yes, pLog isn't vulnerable :).
Update on phishing at PostFinance
I searched for any messages on the phishing attack on PostFinance and came accross a posting from Kaspar Manz. He got the phishing mail, too and got indexed even faster than the official message made by PostFinance.
While giving some good advices to users, he reckons that PostFinance will hopefully not even dare to send any messages in HTML format. Well as a customer of PostFinance I've got to tell you: The opposite is true! They started a Newsletter Service shortly ago, I'm not even sure I already got one. But reading the FAQ, they already prepared reveals this: (More)
While giving some good advices to users, he reckons that PostFinance will hopefully not even dare to send any messages in HTML format. Well as a customer of PostFinance I've got to tell you: The opposite is true! They started a Newsletter Service shortly ago, I'm not even sure I already got one. But reading the FAQ, they already prepared reveals this: (More)
Generic Phishing Attack or an attack on PostFinance?
I found this mail in my spam folder recently (subject: "PostFinance Email Confirmation - retohugi (at) gmx.ch"):
(More)
Dear PostFinance Customer, This email was sent by the PostFinance server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your PostFinance online access details. This is done for your protection - because some of our members no longer have access to their email addresses and we must verify it. To verify your e-mail address, click on the link below: http://www.postfinance.ch/ Km6Knl9DXmSXpRKg9ArCGqJZ0PJqiWIRROZFynNcLmhQvCH09r58bdtpa5l1gfzThe mail is in HTML format so, the link above was actually just linked text. The real hyperlink points to: "
http://www.google.ms/url?q=http://go.msn.com/HML/5/
9.asp?target=http://%6d8%74je%767.%64%%09A%%%2e%09%%%%72u%%%%09/" (this is one long URL)(More)
SET your Passwords!
This entry may concern many, but I'm addressing it to the owner of a HP LaserJet 1300n. That could be many, right? Ok, but there is this one guy, setting up his LaserJet in a LAN, activating HTTP over Port 80 and allowing everybody - without ANY password to access his beloved printer, printing testpages all night... (More)
