Digital Choke Daynotes |
What's a Daynote?"Daynotes" are daily (usually) journal entries of interesting happening and discussions. They are not 'blogs', which are often just a collection of links to other information (although we do include links occasionally). Daynotes are much more interesting (we hope). These "Digital Choke Daynotes" were inspired by the collection of daily journals of the "Daynotes Gang" (see sites at .com, .org, .net), a collection of daily technical and personal observations from the famous and others. That group started on September 29, 1999, and has grown to an interesting collection of individuals. Readers are invited and encouraged to visit those sites for other interesting daily journals. If you have comments, send us an email. A bit more about me is here. You might also enjoy our little story about the death of the 'net. |
Reports
|
I spent today looking at a phishing email that Dr. Jerry Pournelle recieved. It had some interesting techniques that are commonly used. Although the phishing pages are build for IE (due to the positioning of a fake address bar), the pages will work in any browser, even FireFox. Take a look at the report here (a pdf file about 270KB due to included screen shots).
As for the weekend, we were a bit busy. Stacy arrived Friday afternoon. Saturday the girls went shopping (they are quite expert at it), coming home with a trunkful of goodies. Sunday we went to chuch at Christine's ward for their Christmas program. Jared (husband) leads the choir, and Christine sings (they both have wonderful voices). So we (Pam, Stacy and I) sat in the audience taking care of their mostly well-behaved children. Sunday afternoon was dinner at our house, with another excursion to the neighborhood holiday lights display.
The phishing site that was in the email sent to Dr. Jerry Pournelle does not have the phishing pages available now. They were gone this morning when I looked for them. The main site is still there, though. Since the site is written in Polish, it's hard to tell if they put any notification on their site. But the techniques used there are common to most phishing attacks. The report on Dr. Pournelle's email is here. New visitors might also check out the other reports up there in the box at the top of the page.
In the meantime, an initially stealthy worm was defacing web sites that use the phpBB bulletin board (or forum) software. There's an interesting write up at the Internet Storm Center (here: http://isc.sans.org/diary.php?date=2004-12-21). It appears that the worm operated in stealth mode, infecting sites but not defacing the pages. It then spread to other sites by doing a Google search for sites with the phpBB software. Only after the 4th "generation" did the worm start defacing sites. By that time, there were about 37,000 sites that were defaced, out of over 5 million possibilities.
Reports indicate that Google has disabled the search terms used by the worm, but that's just a temporary fix. The real fix is to update that phpBB software. The vulnerability was fixed on November 18th, 2004. So web site admins using that software have had a month to fix it. As Brian Bilbrey says (the co-admin of this web site, along with Dr. Pournelle's) in a message to Dr. Pournelle:
It was announced on the 18th of November and our server (and yours) was patched the next day. This is another one of the fruits of mis-administration ... phpBB admins all should have taken precautions and done simple code modifications last month.
Brian continued (in a comment to me):
There's not much to say. Like the Windows admins who should have been patched before Slammer hit, these phpBB admins weren't on their game. Greg, who runs the boards on Zidane, is. We win, they don't.
Another day's battle done. Tomorrow, maybe they win, who knows. We do our best.
Patches are important. No matter if you are a network administrator, or you just have a computer at home. And if you aren't the admin of your web site (like here), you make sure you have responsible web site administrators - like Brian and Greg Lincoln. I can recommend them highly.
I started out the morning by sleeping in. First day of vacation, you see.
After breakfast, the girls went off shopping, and I was off to the mother-in-law's house. I installed some vertical blinds in one of the bedrooms, and three smoke detectors. She only had two smoke detectors, but they were quite old and not working. I'll need to replace those two, but they are AC models. That will require a trip to the local Home Depot or Lowe's. She was so excited about the blinds that she is ordering more for other windows. I also replaced the wipers and a turn signal bulb on her car.
Then it was off to "Barber Bill's" for a hair cut, then some shopping. Although it is not quite "Guy's Shopping Day" (per John Dominik), I did get a couple of things done. Then home for a bit, and back out for a short trip with Stacy so she could get something for her mother.
On the way home, we stopped by Chevy's for some fresh tortillas, salsa and chips. Pam cooked up some chicken breasts and Mexican-flavor Rice-A-Roni (add a can of chopped stewed tomatoes). Grated some cheese, shredded some lettuce, and the result is "Giant Stuffed Chicken and Rice Burritos". Really tasty, fairly easy to make.
Right now, the family room is filled with presents being wrapped. Pam and Stacy wrap, and my job is scribe: I make out the tags and keep track of the presents. Pretty good deal, I think.
Not much news in the security field today. Everyone is cleaning up from the phpBB scare. Brian Bilbrey reminds me that the program works with Linux and Windows, so the problem is not dependant on the operating system platform. It wasn't even a PHP problem, but specific to phpBB. There is some followup information available at the Internet Storm Center diaries.
... more later ...
|
||||||
|
Visitors
| ||||||