Welcome to the… forums?

June 2, 2009 in Site News | No comments

The WordPress blog and bbPress forums are now integrated. Meaning that accounts created on either, will be valid for both applications, and both blog and forums share the same cookie. I ditched phpBB3; it used to be the de facto for all forums, but I’ve grown disillusioned with its apparent bloat, lack of anti-spam features, and still (as of version 3.0.4) no sign of a mature plugin API.

I’ve also added the WordPress Facebook Connect plugin to the blog, and after my small hiatus will probably assess the effort required in porting that plugin to bbPress. It will — of course — be shared with the community if I decide to port it.

ZoneAlarm Injects JavaScript into DOM

May 27, 2009 in Hacking | No comments

It looks like I caught another in-flight modification for one of this blog’s visitor. This one injects the script “http://127.0.0.1:1025/js.cgi?pa&r=” into web pages viewed, and seems to be injected by Check Point’s ZoneAlarm, as part of it’s privacy control settings.

I’ve created a relevant signature, and added it to this blog. It will make it’s way into a future release of the WordPress Web Tripwire Plugin.

Vodafone Inject JavaScript into DOM

May 21, 2009 in Hacking | No comments

I noticed another event generated by a triggering of a web tripwire on this blog. The injection revolved around an inserted piece of JavaScript “http://1.2.3.4/bmi-int-js/bmi.js“, and then various calls to the script surrounding images in the page code. The purpose of the script is to reduce bandwidth utilisation by serving lower quality versions of the images from the ISPs transparent proxy server. A quick search reveals that this has been noted by Vodafone users, Vodafone being primarily a mobile phone telecommunications company. I’m assuming that they don’t like paying customers swamping their 3G network with images. So no Flickr for you on Vodafone, now go and surf nicely like they want you too :)

Either way, I’ve now written a signature which will alert users if Vodafone, or other providers inject this script into the page.

And That’s What it Does

May 11, 2009 in Hacking | No comments

I checked the status of the Web Tripwire plugin on this blog this morning to find that I had a real-world event recorded. I thought I’d grab some screenshots, and show them here as it highlights precisely what the plugin does.

You can see in the first image that a user visited the http://blog.yibble.org/webtripwire/ page at 21.28 (EDT) on the 10th of May, and the HTML was altered before it was rendered in their web browser. In this case, we can see that Privoxy dumped a new script on the page, and a call to that script.

The second image shows that I’ve created a new signature for Web-Tripwire, which in future will specfically notify the user that these changes were made by Privoxy, instead of ‘unknown’.

That’s it! A proper real-world example to illustrate what web tripwires can do.

Release of Web Tripwire Plugin for WordPress

May 10, 2009 in Hacking | No comments

Well, I finally got to packaging my Web Tripwires for WordPress plugin, which I’ve been working on during my academic break. It’s now available for download from the WordPress.org Plugin Directory, which means it can also be downloaded and installed via the administrative interface of all up to date WordPress installations.

I’ve also created a forum for any support requirements or discussions, as I’m sure with this initial release there are likely to be defects which can only be found through exposure to blogs with various other plugins, and themes.

If you run a WordPress blog and happen to give the plugin a try, please drop by the forums and say ‘Oi, this $bit doesn’t work!’ ;)

We Are Alone… Probably.

April 15, 2009 in Random Wibblings | 2 comments

If one considers the events which led to the evolution of life on this planet (and I’m assuming we’re not at our pinnacle yet, nor the only dominant species that the Earth will throw out). The odds of the same or approximate circumstances occurring in another part of space are improbable, but still very very possible.

However, given the expanse of space and time we hit upon a physical and temporal logistical issue. The nearest star to our Sol is Proxima Centauri C, a mere 4.2 light years away, and still beyond our reach. The furthest galaxies that we have currently observed (through Hubble or gravitational lenses — quite literally using the gravitational effect of in-between galaxies) are approximately 14.5 billion light years away. Plenty of space and environment for independent life to evolve, so unlikely that we will ever make contact due to the distance and our inability to focus on projects that go beyond a term of government.

Temporally, the universe is old. Current theory suggests approximately 14 billion years, life has existed on Earth for ~3.7 billion years, the universe may well continue in existence way into a googleplex of years. So, we hit our next barrier to first contact; both species actually hitting their technological peek at the same point. Assuming all space and time faring requires technology, and is not a feasible natural trait.

Taking this in to account, we probably have a better chance of meeting inter-dimensional species, as opposed to extra-terrestrial species. Or extra-terrestrial species that are also inter-dimensional, where logistical definitions made here quietly pop down to the pub for a sly one on a Sunday afternoon, just as our new friends sneak our of their dimension for a joy-ride with the neighbouring provincial dimensions.

Food for thought?

City of Ely College… FAIL!

March 6, 2009 in Hacking, Information Security | No comments

City of Ely Community College has recently implemented a biometric registration system for its sixth formers. It uses face recognition techniques combined with a four digit PIN in order to check students in, and out again. Great, two-factor authentication, something you are and something you know.

If only the designer realised that the warm fuzzy feeling of security does not come from one step in the process, but is a sum off the entire chain. There are multiple chinks in this one. For example, the embedded video in the article clearly shows a huge on screen-display for entering PINs, students queue up, and can easily shoulder-surf… The PIN is even echoed to the screen. Perhaps worst of all, they release a flash video on to the World-Wide-Web of a student (with close-ups of her face) demoing the system, and we can clearly see her PIN (6447).

Whilst perhaps not the most important system on the planet, shenanigans are still to be had for those that are inclined. Also, environment creep is one thing to consider when installing any system. However, I’m more concerned with ‘social creep’, what does a system like this teach young adults about security?

student1

student2

Fedora Core 10: Encrypted Swap Partition

February 1, 2009 in GNU/Linux, Information Security | 3 comments

Further research shows that the swap partition in the standard Fedora 10 installation is not encrypted. This means that memory that has been swapped out to disk could be easily read using forensic tools. Worse case scenario could mean that sensitive information, such as account details, or encryption/decryption keys are stored on the disk between reboots.

So what to do? Well, let’s encrypt that bad-boy using dm-crypt. First off, it’s likely you’ve already been using your computer, and so for good measure, you should shred (overwrite) the current swap partition. In order to do that we’ll first need to turn swap off.

# swapoff -a

The default swap partition device will be /dev/VolGroup00/LogVol01. Shred it with:

# shred -v /dev/VolGroup00/LogVol01
shred: /dev/VolGroup00/LogVol01: pass 1/25 (random)

Now, if you already have encrypted other partitions. There’ll be an /etc/crypttab file, if not you should create one, and edit it. Append the following line, and save the file: swap /dev/VolGroup00/LogVol01 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

This will re-create your swap partition at each reboot, and encrypt the partition using a random key. Next, edit the /etc/fstab file, and change this line: /dev/VolGroup00/LogVol01 swap swap defaults 0 0 to this: /dev/mapper/swap swap swap defaults 0 0

Once you reboot the system, the new swap configuration will take effect. Or, if you cherish your uptime, you can initiate an encrypted swap immediately.

# cryptsetup -d /dev/urandom create swap /dev/VolGroup00/LogVol01
# mkswap /dev/mapper/swap
Setting up swapspace version 1, size = 4095996 KiB
no label, UUID=********-****-****-****-************
# swapon -a

Congratulations, your swap partition is now encrypted and is unlikely to yield usable data under forensic interrogation.

« Older entries § Newer entries »