Skip to main content

Posts

Fox News asked for my take on the DNC email dump

I was interviewed yesterday by Fox News science correspondent James Rogers. I was asked for my input on the distribution by Wikileaks of emails leaked from a Democratic National Committee email server earlier this month. The entire article, which includes quotes from a variety of infosec professionals, is now available here . If anyone is interested I might post my complete conversation with Rogers, where I talk in more detail about how the unlabeled distribution of email attachments from compromised email servers poses unique dangers to journalists, activists and researchers whose job involves reviewing each of those attachments. This article represents the most attention paid by US media to the significant dangers posed to Wikileaks users by the insecure review methodology in place prior to distribution of these files. Although major newspapers in Europe and the UK published my findings on malware within the GI Files, no major news outlets in the United States published those fin

Google labels wikileaks.org a dangerous website

Five days ago someone on Hacker News pointed out that Google's Safe Browsing system labeled Wikileaks.org a "dangerous site" . At some point the Google warning was rescinded, however Google continues to (accurately) point out that pages within Wikileaks.org will "install malware on visitors' computers". I've been contacted by many companies over the years who have discovered their web server was compromised after receiving a warning from Google's Safe Browsing system. What I have never seen before is Google labeling a website safe while that website continues to host malware. Has anyone else seen this before? Does anyone at Google confirm this was algorithmically determined behavior and not manual intervention on the part of Google? What possible justification could there be for labeling a website safe that hosts malware? When I first found malware in content hosted by Wikileaks last year, one of the most frequent negative responses I receiv

Kat.cr criminal complaint shows a conection with Silk Road case in HSI agent Jared Der-Yeghiayan

Until the site went off line some 35 hours ago, torrent distribution site Kickass Torrents was wide ly be lieved to be the most popu lar torrent site on the internet, having surpassed the  long-troub led Pirate Bay in traffic years ago.  Kickass Torrents  was taken off line after the arrest of Ukrainian  Artem Vaulin  in Po land , who  law enforcement are accusing of using the site to  profit from copyright infringement. Copies of a US Federa l  crimina l comp laint brought against Vau lin in the Northern District of I l linois revea l an interesting connection with another incredib ly controversia l  investigation: the case brought against Ross U lbricht for the now-famous Si lk Road website. The connection between the  Kickass Torrents  investigation and the Si lk Road investigation comes in the form of a sing le individua l: Home land Security Investigator  Jared Der-Yeghiayan. The Kickass Torrents crimina l comp laint is  entire ly based on a sworn affidavit provided by  Der-Yeg

Can the WHMCS API retrieve Product Bundle information?

    Recent versions of WHMCS introduce a feature called " Product Bundles ". The idea is simple - a single link combines a number of products, possibly with a specific set of Configurable Options . These combinations can then be assigned discounts unique to that Bundle.     This comes in handy for a variety of different scenarios, for example in WHMCS instances where multiple brands are in play and you want to run a sale on a single brand that is still sold on other sites.     I recently encountered a situation that involved integrating a pre-existing pricing form within a CMS platform (think Joomla/Wordpress/Drupal/etc) with an order form and series of products with WHMCS. Not only did the signup buttons on the CMS page for each product need to connect to the corresponding WHMCS order form page, but pricing and product details on the CMS page needed to be generated dynamically from information stored in WHMCS, because updating two platforms to make simple price changes suck

Fixing "DB_RUNRECOVERY: Fatal error, run database recovery" when attempting to run yum update

Comcast is my current home ISP. Over the last year, I've had a ton of problems with them filtering all sorts of legitimate (outbound) traffic . The latest fun times I've had is the random dropping of SSH connections on both standard (22) and non-standard TCP ports. This occurred while I was running a `yum update` on one of my servers and I hadn't used ` nohup ` or ` disown ` to allow the processes I had spawned to continue to run. By the time I had got a VPN connection up and running, the yum process had been terminated, which in turn caused yum's database to become corrupt. How can you tell that your server's yum database is corrupt? Running yum will generate this vaguely-terrifying error: # yum update error: rpmdb: BDB0113 Thread/process 4498/140039588845376 failed: BDB1507 Thread died in Berkeley DB library error: db5 error(-30973) from dbenv->failchk: BDB0087 DB_RUNRECOVERY: Fatal error, run database recovery error: cannot open Packages index using db5

The most irritating part of the Windows UI

Its come to my attention that blog has way too much helpful technical information and not nearly enough bitching & complaining. With today's post, I hope to tip the scales a bit. During the course of the day, I use a variety of operating systems. Most of my desktop computers use Windows, most of my servers use some version of either linux or bsd, and a large number of my customers use Macs (which I know underneath the branding is also linux, but we are talking about UI stuff in this post, and in that department OS X qualifies as its own thing). Over the last 20 or so years I've alternated between which operating system I use most frequently, based on what kind of work I'm doing as well as what is inexpensive, secure and effective at the time. Lately I've had a series of Windows laptops that I've spent a fair amount of time working with. It is what it is, I don't want to get off topic. This isn't some mouth-breather-y attempt to measure the manhood be

Torrent data transfer problem: Description & workaround

    Several days ago I noticed that several Comcast / Xfinity residential internet connections throughout the Southeastern US were unable to download or upload torrents. I have a hunch that Comcast implemented a new manner of filtering for customers in my area with the intent of stamping out P2P traffic, however I am not certain if this is the case yet, so I am holding off on a tirade about the friendly neighborhood corporatist internet monopoly for now. I'm interested to know if any other P2P users have encountered similar issues - if so, I hope this post can help.      The torrent client used for file sharing on these connections was qbittorrent, and listened for incoming connections using a random TCP port assignment that changed each time the client was restarted. Outbound connections used something in the high range on the local side (e.g. TCP port 59999) while on the remote side the port would also be random. It was possible to establish a connection to remote hosts using