Thursday, July 31, 2003
Tuesday, July 29, 2003
Monday, July 28, 2003
SunSpot.net has an article about the sentencing of a hacker who logged keystrokes on 14 of Kinko's public terminals and then used one of the captured logins to access someone else's home computer via GoToMyPC (somewhat like VNC or PCAnywhere). The hacker was caught because the actual owner of the computer was sitting in front of his machine when the cursor started moving around by itself.
In other instances, sensitive corporate data has been gleaned from the convenience terminals in hotel business centers.
Think about what you're doing before using a public terminal! You don't know who's watching!
Saturday, July 26, 2003
This is a bad thing in a couple ways. First, it's the Microsoft RPC utility. It's responsible for all of that pop-up spam (not the browser pops but the Windows pop-ups) that has been appearing more and more as of late. Second, every version of Windows (except ME) since 95 has the darn thing.
Now that the code for the exploit is out, we'll probably see a "test" version of a worm, using the exploit, in the next few days.
Friday, July 25, 2003
NBTScan is one of those tools that you come to depend on. It's main strength is being able to gather miscellaneous NetBIOS data by scanning IP's. This is what you need when you're trying to figure out what the NT hostname is at an IP address so's you can point smbclient at it.
You can wrap nbtscan in a Perl script, tie it to a database and maintain a history of what machines are connected to your network. This is made even more powerful in that nbtscan can also grab the MAC address of the remote machine if it's running NetBIOS.
This tutorial only covers basic use. If you scan the Internet for more tips and tricks, you realize that there's a lot of power under the hood with this one.
Note: this is a personal preference of mine. Any attempts at religious jousting over "which editor is better" will be ignored or deleted.
Thursday, July 24, 2003
Wednesday, July 23, 2003
Anyways, following is the header and body of the message after it passed through SpamAssassin. The message purported to be from firstname.lastname@example.org but actually originated from a originated from an IP address belonging to the Department of Social Security of UK!!! (Methinks that someone is testing a Jeem or SoBig worm-compromised system within the GB.)
For those of you new to reading message headers, you read the "Received" lines from the bottom up (for chronological order). I can vouch for anything generated by cox.net as being legit.