Irregular Expressions


February 26, 2012  9:36 PM

Mobile malware report by Juniper

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

My personal belief for the last number of years and still currently is that his is the market to be creating malware in to make a profit.  It’s only going to get worse from now.  With mobile phones with banking apps now this is a juicy market to be in.

The report is here;

http://forums.juniper.net/t5/Security-Mobility-Now/Juniper-Mobile-Security-Report-2011-Unprecedented-Mobile-Threat/ba-p/129529

February 25, 2012  2:04 AM

P2V of a Windows 2000 machine

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Sounds so simple.

I started up my VMWare Converter and aimed at a Windows 2000 server, and it would not go?  That’s strange.

I tried a few times, still wont start.  Next I attempted to log in and run the client from the target, same issue but now I get a message that only XP and up is now supported.

Well does that not make for an afternoon, after a few attempts at other version I did get v4 to go.  I connected to the VCenter ok-ish.  It did work but I had to select a host and not the cluster also picking the datastore it was going to go to was not going to happen.  No matter what I selected it went to the first datastore on the host.

So the short version is that you need V4 and be prepared to move some machines around, but other then that success.


February 12, 2012  3:24 PM

Passwords in plain text

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I have to admit I do not do very much web / app development.  Maybe a one or two times a year and I am not sure how you end up with storing passwords in plain text?

I guess you would have to write your own authentication, not sure why you would go through all of that when there is stuff already made. Strange.

http://www.engadget.com/2012/02/12/microsoft-store-hacked-in-india-leaked-passwords-stored-in-plai/


February 9, 2012  8:20 PM

Symantec Source Code and Blackmail oh my

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

If you have missed it, individuals claiming to be connected to anon have stolen source code to Norton AV and PC Anywhere.  They attempted to blackmail Symantec in to paying them to keep it under wraps.  From what I have been able to find the contact at Symantec was FBI, playing as an employee.

http://pastebin.com/GJEKf1T9

I would think that this will become more prevalent over the next 18 months, once one story like this goes around there will be copy cats.  More details;

http://news.cnet.com/8301-1009_3-57372308-83/hackers-wanted-$50000-to-keep-symantec-source-code-private/

Also the code is posted on some bittorrent sites, I will not link to that.  If you really want it, it’s not hard to find.


February 9, 2012  8:15 PM

Sophos yearly report

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

http://www.sophos.com/en-us/security-news-trends/reports/security-threat-report.aspx

Excellent recap of 2011.


February 9, 2012  8:13 PM

CRL’s being dropped from Chrome

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

A few links;

http://www.imperialviolet.org/2012/02/05/crlsets.html

http://arstechnica.com/business/guides/2012/02/google-strips-chrome-of-ssl-revocation-checking.ars

It makes no sense to continue to use the CRL.  My personal experience is limited with it, but I have to agree with the experts on this one.


February 3, 2012  2:36 AM

Dropbox not deleting files when requested??

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

http://www.youtube.com/watch?v=iigSzItyfxA


February 2, 2012  9:21 PM

VeriSign hack (2010)

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

While it happened a while ago, it just came to light in a filing to the SEC.

http://www.reuters.com/article/2012/02/02/us-hacking-verisign-idUSTRE8110Z820120202

The details in the story are lacking, but this type of attack can be very serious.  It also seems to be a trend of attacking certificate signors.  Having a legit signed bank or Google cert can net you a ton of money.


January 30, 2012  12:24 PM

FreeBSD 9 release

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

FreeBSD has released production version 9,

http://www.freebsd.org/releases/9.0R/announce.html

Some of the highlights;

  • High performance SSH
  • PowerPC Playstation 3 support
  • ZFS version 28


January 29, 2012  1:13 AM

This made my day

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

http://blog.acrossecurity.com/2012/01/is-your-online-bank-vulnerable-to.html

Very simple concept, and it does not surprise me that people are using this and banks are seeing a loss on it.  If you work for a FI it’s time to try it out and see if you need to get on the phone.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: