Wednesday, September 19, 2007

More Grub

More computeres infected with the grub-worm (intentionally or not I'm not sure)


9/19/2007 19:01 166.70.146.22 Mozilla/4.0 (compatible; grub-client-2.6.0)
9/19/2007 14:42 70.21.113.185 Mozilla/4.0 (compatible; grub-client-2.6.0)
9/19/2007 14:16 82.91.56.67 Mozilla/4.0 (compatible; grub-client-2.6.0)
9/19/2007 11:14 75.152.151.162 Mozilla/4.0 (compatible; grub-client-2.6.0)
9/19/2007 10:42 24.97.214.156 Mozilla/4.0 (compatible; grub-client-2.6.0)
9/19/2007 7:52 88.176.176.60 Mozilla/4.0 (compatible; grub-client-2.6.0)
9/19/2007 7:27 24.97.214.157 Mozilla/4.0 (compatible; grub-client-2.6.0)
9/19/2007 4:34 82.56.126.238 Mozilla/4.0 (compatible; grub-client-2.6.0)
9/19/2007 3:58 66.30.137.58 Mozilla/4.0 (compatible; grub-client-2.6.0)
9/19/2007 1:11 67.87.117.17 Mozilla/4.0 (compatible; grub-client-2.6.0)
9/19/2007 0:41 75.152.151.162 Mozilla/4.0 (compatible; grub-client-2.6.0)

Tuesday, September 18, 2007

Romanian Hacker Bomb

This Romanian computer bombed our server: 83.218.203.111 at 9/18/2007 9:25:41 AM

In the midst of that this IP sent a completely invalid request from Japan: 219.103.236.49

Skype and Ebay Hacked?

I have been getting repeated calls from odd numbers lately. I do not recognize them or know anyone in those area codes so I figure if they are for real they will leave a message and I will call back.

The latest such odd nuber is 202 580 8200. I looked it up online and found this post on ebay (and I recently posted a couple things up there), so I figure this is some hacker/scammer that has cracked skype and uses it to call people without being identified.

http://72.14.253.104/search?q=cache:DdeHN0U5tW8J:forums.ebay.com/db2/thread.jspa%3FthreadID%3D1000403037%26tstart%3D0%26mod%3D1166256674699+202-580-8200&hl=en&ct=clnk&cd=1&gl=us

This is the post on ebay - I would wonder if it is related to their Romanian hacker fan. Hopefully Skype will get serious about this problem soon - it is too bad because this is a really cool service -- if you could trust that your phone calls were not all hacked:
___________

I recently used Skype to place a call from the UK to a 800 number (love it - it is the easiest, sure-fire way to make a free 800 call trans- internationally) and made several purchases using my credit card

Subsequently the credit card was rejected - when I called the card company, they said a security block had been added, and unless I could identify a given phone number the card would be cancelled. The card had become "associated" with a phone number used in fraudulent transaction. 202 580 8200 - is the number.

It turns out that this number often shows up as the original number for call id. Evidently this is known issue, but Skype either cannot or will not correct this.

So,be aware, and decide how you want to deal with it...Myself, I was able to find this information out while on the phone with the credit card company and said I recognized the number - card was not cancelled. I guess everyone needs to make their own decision about how they will use Skype, and the ramifications

Thursday, September 13, 2007

Peer-2-Peer Hacking

Here is a report on peer to peer hacking. What this leads me to wonder is if people can get hooked up on peer to peer networks without knowing it:

Peer-2-Peer Hacking

Preventing man-in-the-middle attacks on wireless networks

This book has some information on preventing man-in-the middle attacks on wireless networks.

Specifically:

Static ARP Entries
To protect against ARP man-in-the-middle attacks, which are described in
Chapter 2, set static ARP entries using a startup item script similar to the one
described for the firewall.

It goes on to explain how to do this.

Man-In-The-Middle on Wireless Networks

Friday, September 07, 2007

Man-in-the-middle Attack

This site has a pretty good explanation of a Man-In-The-Middle attack and different ways of doing this.

Man-in-the-middle Attack

This page explains how SSL might not always prevent man-in-the-middle attacks:

SSL not preventing man-in-the-middle attacks

Computer Weekly says RSA warns of more man-in-the-middle attacks as of August 15, 2007 due to free phishing kits being circulated:
Man-in-the-middle on the rise

I suggest the federal government puts out a free phishing tool - that sends the phishers details to the FBI.

This page suggests Firefox extensions are subject to Man-In-The-Middle attacks:
Firefox Man-In-The-Middle vulnerability

What we need are some good patterns out there to prevent this type of thing at all levels - network, application, and server configuration.

Also what is the fastest way to spot a man-in-the-middle attack?

Sunday, September 02, 2007

Snail Mail Nigerian Scam

I call this the Nigerian scam becuase it is related to all those types of scams you get out of Nigeria on the Internet but I don't really know where this comes from.

My friend got a letter in the mail with a check. It said she won $50,000 and all she needed to do was pay the UK taxes. She had to cash a check for $2600 and pay the $2400 for the tax and supposedly she'd be getting the rest of the $50,000.

Of course the check probably was coming from a bank account not belonging to the person who sent her the letter.

Of course I recommended that she report this - not just trash it. Send a copy to the CIA, FBI and local police.

Could this be related to the Monster scam? Or just another scam out of Nigeria to transfer money out of bank accounts that do not belong to them?

When is our government going to get serious about these problems and crack down on these people in a big, big, painful way?