Linux Software & Blog
My Blog
Signature Updates: Month In Review
Jul 24th
Since I will be busy this coming week with other priorities, I am posting an early month in review blog on signature updates.
In the last 3 weeks we have not seen a whole lot of action on in-the-wild malware, most of what is propagating at the moment are variants of already detected content. That is however not to say there has not been new signatures extracted, allot of this months signatures have come from account level compromises on vulnerable e107, wordpress and joomla installations along with user submissions. There is not a whole lot of ground breaking malware threats, More >
The other side: who uses rfxn.com projects?
Jul 24th
In one of my usual A.D.D. moments I decided to aggregate some data on project downloads and daily update queries to the rfxn.com server, to get a picture of who exactly is using the projects. Although this information is not terribly important, I do find it interesting. I need to stress that none of the listed organizations, agencies or businesses in any way endorse, sponsor or represent the opinions expressed on this site, they are simply users of my projects. That said, lets have a look at who uses the projects.
The basics: 1,808 Unique Networks across 117 Countries
Top 10 Usage Networks: GNAX More >
Projects: The personal costs
Jul 20th
When you do open source development, especially as an independent developer, there is a constant struggle that must be balanced between that of work and personal obligations. As any open source developer will tell you, 99% of the time, the projects we develop fall strictly into the realm of personal time, no matter how much they may apply to our work field. It is difficult to justify the time that is required in maintaining one let alone a series of active projects when you also work a full-time job while trying to have some semblance of a life.
So, when you More >
Bot Networks: Jacking the Jackers
Jul 6th
One of the more interesting parts of my malware hunting routine is when I notice new command & control hubs for bot networks in the source of ircbot malware content. I am not the type to just look and not play, I always dive into these networks and poke around. When it gets really fun is when the attackers get lazy thinking they are untouchable and leave open their irc networks with a series of simple administrator nick names that can be used to control the bots on the network.
So, what I sometimes do is sign into these irc networks, More >
Facebook Inbox Message Disclosure Vulnerability
Jun 23rd
Title: Facebook Inbox Message Disclosure Vulnerability Published: June 24th 2010 Credit: Ryan MacDonald Severity: Information/Privacy Disclosure Vulnerable: Facebook Messaging System BigPipe Performance Pipelining Summary: A vulnerability exists in facebooks messaging system that allows an attacker to view the addressed users, subject and inbox preview text (120 characters) of message contents for recently sent/received messages (last 6) on a users account. Technical Details: BigPipe Pipeling java script code embedded into the source code of ALL PAGES under the “messages” section on facebook, preloads message data that can be arbitrarily read through malicious client side java script or other client side objects. The offending java script specifically is the More >
