It doesn’t mean that I hate blog. I just don’t like the way it handles my articles. Wiki is good to fill my needs.

Will redirect you to my other page in 5 seconds. Or… just go to http://jim.geovedi.com/

200.217.***.*** - - [11/Feb/2005:15:47:15 +0700]
"GET /cgi-bin/awstats.pl?configdir=|echo%20;
echo%20;id;echo%20;echo| HTTP/1.0" 404 287
200.217.***.*** - - [11/Feb/2005:15:47:45 +0700]
"GET /awstats/awstats.pl?configdir=|echo%20;
echo%20;id;echo%20;echo| HTTP/1.0" 404 287

After 2 minutes googling, I found a reference to the AWSTATS exploit. Looks like versions of awstats 6.2 and lower are vulnerable, version 6.3 has the fix.

More googling results mention that Infecktion Group claimed credit for many web defacements related to this awstats vulnerability and has reported over 400 such defacements, though it is unclear how many and whether the same attack vector was utilized.

But, it seems that Google guys are just searching for predefined strings…not so smart! inurl: admin.php [Blocked], inurl: admin.PHP [Pass], inurl:”admin php” [Pass], anything different than .php (for example: .pHp) will work..

On Tue, 18 Jan 2005 14:31:39 EST, “Sigmon Cheri Y Civ 82 CSS/SCPD :: Software Dev” said:

Item: The “ongoing” debate among choices of open source vs. proprietary (all companies’) solutions, not just the major players in the industry.

I’m certain you’ve seen similar situations… where there are groups of people who are very opinionated one way or the other. My concern is the best solution(s) security-wise, regardless of the source. Any comments? From a broad-brush perspective?

Define “best”.

Most secure, no matter *how* hard it is to use? There’s some pretty bad-ass MLS systems available - and they’re often a royal pain to *do* anything (because you keep finding you can’t easily get around some compartmentalization feature that’s intentionally getting in your way). This one’s easy. Turn it off, encase it in a large concrete block, and dump it into the Marianas Trench. Quite secure, but not very useful. (Apply some thermite along the way if you’re *really* paranoid).
.
:
Remember that security is a process, and a balancing act. Let’s say your security budget is S, the cost of an incident is C, and the likelyhood of an incident is P. If you can make S = C*P, you have perfect security (if S is greater, you’re spending too much, and if S is lower, you could still save money by increasing S). Those of you who want to model multiple events and costs can generalize it to a summation across all C(sub n)*P(sub n).

The really mathematically astute will realize that (a) if you’re bothering with the summation, the function quite possibly has multiple local maximums and minimums, and (b) the exact location and value of said inflection points of the curve depend on coefficients that are basically non-measurable, and you’re left making educated guesses (”What’s the % chance per year of compromise of a fully patched Windows box with an idiot user, and the %chance for a box that’s missing some patches, but has a user who doesn’t click on every “ooh shiny?” and the ever-favorite “What’s the least costly (money, people time, political brownie points) way to convince a particular Very Important Butthead to buy in to a specific proposal, or should we just punt and do things some way that V. Butthead will go along with?”)
.
:
Read more at SecProg@SecurityFocus.com.

A “jump bag” is a collection of critical items you might need during crisis response when an attacker invades your network. It should contain these items:

• Tape recorder or minidisk
• Backup media
• Binary backup software
• CDs with statically linked binaries of critical OS executables
• Forensic software
• Windows NT and 2000 resource kits
• Bootable CD-ROMs
• USB token memory device
• External hard drive
• Small hub
• Patch cables
• Laptop with dual operating system capability
• Call list and cell phone
• Plastic baggies for handling evidence
• Extra notebooks for taking notes

A jump bag is not only needed when an attacker invades my network but for any critical situation — for example, when one partition in my fiance’s hard drive crashed few days ago and she has many imporant data for almost 18GB.

At that time, I have no tools in hand, so approx. I took 3 hours to recovery the data (~45 minutes spent to search the proper recovery software). After that incident, I realize how important having a jump bag and thinking to have one near future.

Well, they also put the an interersting bug on at(1). Actually, i still wondering how someone can use the advantage of /etc/master.passwd in multi-user mode. The /etc/master.passwd is consulted when the system is running in single-user mode. At other times this information is handled by lookupd. By default, lookupd gets information from NetInfo, so this file will not be consulted unless someone have changed lookupd’s configuration.

BTW, Mac OS X 10.3.7 is still using buggy version of sudo. Last week I received a mail reply from Apple Product Security Team, they said my information has been passed along to their engineering team for further analysis.

Why? There are several explanations for that:

1. Default installation of Linux distributions are becoming harder to compromise.
2. The primary threat is changing from machine-focused to human-focused.
3. Based purely on economies of scale, attackers are targeting Win32 based system and their users.
4. Windows, through piracy and low-cost ditributions in developing countries (such as China), has increased market penetration.

Related stories:

• The Register, Tsunami relief donors under cyber-attack, says FBI
• vnunetwork, FBI warns of tsunami email scams
• vnunetwork, Phishing attacks increase by 29 per cent