Nukes…

Posted by jerry as World, politics

Just read this article on reddit, and my head is about to explode.  The author clearly writes with an authoritative air about military operations, and seems to have his shit straight with a believable story.  Trouble is, it’s got holes.

The author makes a reference to “central command” several times.  Anyone at all intimate with US military strategy understands that central command is located in Doha, Quatar, not in the Pentagon, and would not be governing the movement of nuclear weapons in the US.  That job would either fall to United States Transportation Command or to United States Strategic Command.  I really am not sure which in this particular case.

What concerns me is that this is a really good story written with a seemingly good handle on military protocol.  Yet, a basic fact like that is wrong, so what does that say about the rest of the article?  Probably not much if you really really hate Dick Cheney.  Speaking of which, I have yet to understand how good ole Dick has obtained so much control over the military as to be able to single handedly oder the shipment of nuclear weapons to a war front.  Maybe he does, but call me skeptical.

When I heard the story originally, my first thought was that of propoganda - not a mistake or any kind of internal struggle.  This administration is extrodinarily effective at managing the media, if you can say nothing else for them.  I have to believe that whatever the “real” plan is, it involved letting Iran/Syria/whoever else know that we had nuclear weapons en-route to their back door at one point, and that was just on accident.  “Just wait and see what happens when we get mad!”.  I still think that’s a pretty likely scenario. 

Hacked!

Posted by jerry as Hacking, Security

I don’t think a lot of people who run sites like to admit this, but I was just hacked.  It was extrodinarily interesting… I had the advantage of watching it happen. 

 I have a server at a colo running Freebsd and cpanel.  I host a hand full of sites, and keep telling myself “someday, I’m going to get serious about it”, but life keeps getting in the way.  I personally run a bunch of sites on that server, including this one. 

So anyhow, after I wake up, I grab my laptop from the side of my bed and check email, weather and the usual stuff.  As noted in a previous post here, I’ve been trying to increase the number of visitors to one of my sites - syslog.org, so I had a tail -f running on the apache log file.  Nothing out of the ordinary at first.  Then, if I had hair, it would have been standing up - I saw requests to part of the site that clearly had filesystem path’s in them.  Paths for other accounts on my server.

So, sure enough, when I looked more closely, the requests were going to a file called “public_html/forum/avatars/.php”.  The site is running the Simplemachines forum software.  I copied one of the requested urls into my browser, and BAM! a really nice control panel for my server, the main part of which is a filesystem browser.  Yikes! 

I first moved the .php file to a directory outside of the web path then I logged into WHM and suspended all of the accounts and then started looking through logs to see what had been done.  It was clear that the attacker was going through the public_html directories for all of the sites and replacing files with “Hacked by XXX”.   But only a few files.  I was able to find each file that had been replaced by referencing the logs.  A check of date/time stamps and a comparison against a backup verified that. 

I went back to the avatars directory on the syslog.org site, and found a file called erne.txt.  When I open it up, it’s a file used to bypass PHP safe mode.

I want back, changed passwords, replaced files from backup, and whatnot.  I did find a suspicious user account “courier” in /etc/password.  What made it suspicious is was at the bottom of the file.  I deleted the account and searched for any files owned by that account.  I logged into my dev server and found that the same account existed in the same place, so that was a false alarm.  Thankfully.

So, I went back to the monthly web logs and decided to see how long .php has been on the system.  I found that it was first accessed on Oct 20.  I grepped  through the log for the IP that first accessed and saw that it had come to my site via a google search for “powered by SMF”.  Then I remembered (!) that on Oct 20th, I had been looking at my logs as well, and saw that very request, which prompted me to make sure I was up to date with SMF.  Of course I wasn’t - I was runnig 1.1.2 and 1.1.4 has recently been released.  So, I did the upgrade and didn’t look back.

After looking at the logs a little more, it became evident that they were linking from the site http://turk-h.org.  That site is a defacement content tracking site.  The few sites that they were able to register show that the hack was “political”.  The group that is responsible for the attack has a site here: WwW.BilisimSecurity.Com.  Why is the middle “w” always lowercase on hacker sites??? 

So, here are the lessons I’ve learned (so far):

1. ALWAYS ALWAYS ALWAYS keep your software up to date
2. A correllary to #1 above - a consistent approach to verifying that all software is up to date is desperately needed.
3. Open source web apps really really really need to stop adding a “powered by” line at the bottom of websites that use their software.  This makes it incredibly easy and efficient to find sites to hack.
4. Keeping your logs is really important.  They can in really handy today.
5. Using phpsuexec would have drastically limited the impact of the attack.
6. An automated method to determine if something has changed or been added in a directory tree would have provided me with almost 2 weeks of notice to resolve the issue.
7. The hacker tools are quite sophisticated.  I have retained copies of their tools.  I will not be making them available as I don’t want to spread them any more than they already are.
8. A tool that parses the apache logs for filesystem components (outside of the public_html tree) would have provided a notice that something has happened, though it would really have been too late to stop the attack.

Site updates

Posted by jerry as Uncategorized

So, I’ve taken some time to do things I’ve been intending to for a while.  I deep 6′d Pligg on the NetworkStrike.com site.  Pligg is a very nice package for what it does, but it really doesn’t do what I needed.  After some investigation, I settled on drupal.  Drupal turned out to be even better than I expected.  I was ready to write an RSS importer, but found that there were already some very mature importers available, and unlike a lot of tools like this, it actually worked out of the box.  I’ll be slowly getting Networkstrike back to where it was previously.  It was interesting to watch Pligg go unmanaged.  Most of the story submissions were about alien abductions and other crazy things like that.

On syslog.org, I added a new section that specifically deals with syslog-ng.  Having moderated the syslog forums for many years now, I’ve finally come to the realization that syslog-ng is a great tool, it’s just not well organized or supported on the Internet.  How-to’s, docs and whatnot are spread far and wide.  So I decided to try to fill the void.  We’ll see how useful it is.  As it’s a wiki, I’m hoping that people will opt to contribute their bit of knowledge as well.

On a related note, I added a link to syslog.org into a few entries in wikipedia.  Wow, that site must get some serious visitors, because the number of referrals from wikipedia to my site is pretty impressive.  An order of magnitude lower than google provides, but on par with what Yahoo does.

Thinking about carbon footprints…

Posted by jerry as Environment, World, politics

While in the gym yesterday, I got to thinking about all of the talk recently about reducing one’s carbon footprint.  At first, I pondered about how my decision to work out would impact my carbon footprint - it clearly doesn’t help.  I eat a LOT more, I create more waste, I convert more O2 to CO2, I waste water in showers, etc, etc.  In a way, my decision to be healthy has negative environmental consequences.

I’ve really not been one to be overly concerned about that, though - I drive gas guzzlers, live in a really big house, that’s a really long way from my office - the American dream if you will.

 I got over my guilt quickly and started to think about people who really do care about the environment and really are trying to reduce their carbon footprint.  I started to wonder - do they really - and I mean really - understand the impacts of their decisions?  For instance - riding your bike to work might save 1 gallon of gas, but causes you to need an extra 500 calories of food.  We know that the impact of burning a gallon of gas releases 20 lbs of CO2 into the air.  But, what did it take to make that 500 calories?  It might not be 20lbs of CO2, but it’s not 0, either.

My point is not to throw eggs at people who have decided to try to live more environmentally responsible, just to make sure it’s being done in a sensible way.  I do believe that our society as it is today is wholly unsustainable.  My issues is that on one side, we have people saying “free market enterprise will solve the problem”, and on the other you have people saying “stop driving, move closer to your work, live in denser communities, etc”.  Both groups are so out of touch with reality that the last 2 people on Earth will be arguing with each other as they succomb to some manmade environmental disaster. 

Free markets will continue doing whatever is most profitable until it is no longer profitable.  If I come up with a way to make electricity that is environmentally nuetral, but it costs 15 times normally sourced energy, I will be out of business in no time.  Even if all the ice at the poles melts and we have lots of lucky new beach front owners, there won’t be a “free market” force that makes something that’s 10x more expensive more attractive.

On the other hand, people want their cars.  They want their houses.  They want a yard, privacy, kids, a dog, the minivan, and so on.  That’s not going to change.  I know we live as in a society of sheeple, giving up our liberties for security - so long as it doesn’t interfere with “Dancing with the Stars”, but I believe there would be hell to pay if we start taking away people’s house in the country and making them live in a small highrise condo so they don’t have to have a car.  And furthermore, the beloved government this group tends to align itself with is so blatently inept at civil engineering projects, that the infrastructure to support the commuter-less utopian city-state is out of reach.

What we need are practical solutions.  One I saw that made lots of sense was the algae oil concept.  It uses algae to remove CO2 from powerplant exhaust, then the algae can be processed into bio deisel.  But, I’m skeptical that even this has the ability to rise to a level of profitibality. 

New Aquarium site

Posted by jerry as Uncategorized

So, a while back I had bought the domain aquariu.ms.  I thought it was pretty clever anyway.  For those that know me, I am a big freshwater aquarium nut, so I was looking for something that intersected my two loves - tech and aquariums.   The main part of the site is a wiki, with a blog and a forum.  I’ve been playing around with pmwiki a bunch, and I’ve figured out how to use the simplemachines forum user accounts to manage access to update the wiki pages. 

My hope is that I can get it to be a consolidated and organized place for useful information on the aquarium hobby.  I’ve found many many different resource sites out there, but they tend to be really badly organized and incomplete.  For now, I’ll be contributing to the chaos, until it gets more meat on the bones.

 The site is here: Aquariu.ms

Idea for new site

Posted by jerry as Uncategorized

A while ago I had an idea for a site that would track the stocks currently being spammed, the relative effort of the spam jobs, and the stock’s performance over the time of it being spammed.

 I had this idea that there is probably a way to make some money off of the pump and dump stock scams.  Certainly other people have thought about this before, so I do wonder if it’s a losing game, but it’s hard to tell until you are able to look at the trends and patterns of performance relative to the pump and dump scheme.  I’m interested in ideas in what and how this should be tracked.

The Acura is back

Posted by jerry as Uncategorized

I got my car back yesterday afternoon.  I was quite skeptical up to the end that I would get it back in time, but they delivered on the date.  They also replaced my windshield, which I wasn’t expecting, but I’m happy they did.

 They also very thoroughly cleaned the car - very impressive.  So far, the car so far drives like it did before the accident.  I was pretty skeptical about that too.  The driver’s door had a slight rattle before the accident which seems to be gone now - nice bonus.

 I’ve had several people suggest I get the deer whistles for the front of my car, but I’ve heard (can’t seem to find any sources now) that they don’t really work. 

Deer update

Posted by jerry as Uncategorized

The bodyshop came and picked up the car the same day with a tow truck.  The driver said he had just left an accident where a lady hit a deer - a male deer and one of his antlers skewered the driver’s shoulder after it came through the windshield.  Yikes.

 I talked to the bodyshop a few days after they picked up the car to find out the story.  They estimate $6700 and 5 weeks to repair it.  Fortunately, I had just bought my wife a new Odessy, and we hadn’t sold our old one yet, so I have something to drive while they put around with my car.

 I have to day, I’m pretty skeptical that the car is going to be repaired adequately.  I hope I’m wrong, but the great things about the TL are it’s quiet ride, good performance and handling.  It’s always been my experience that rattles, vibrations and the like crop up after having a major repair like this.

So, the list of parts to replace looks like this:

• Driver front fender
• Plastic fender insert (protects the inside of the fender from road debris)
• Driver side headlamp assemby
• Driver side front turn signal light
• Driver side mirror
• Front bumper
• grill
• hood
• left and right hood mounts
• battery box
• 3 structural members under the fender

All-in-all, it could have been a lot worse.  On the one hand, $6700 seems really cheap - my wife clipped a drive-thru pole and did some minor sheet metal damage to a sliding door, and it was $2400, and on the other hand, it seems like if those are the only things that have to be replaced, 5 weeks is an awfully long time.

 Ah, well.  I can’t wait to have my XM radio back.  Driving an hour each way sucks without CNBC.

Got Deer?

Posted by jerry as Uncategorized

So, I haven’t updated the site in forever and a day.  Being acquired and trying to hammer out a new position in the buying company takes its toll.  After a particularly bad day on Wednesday, I was on my way to the gym at the office at 5 a.m. on Thursday, and wham - a deer hops out into the street, past the van in the lane next to me, and I have no time to react.  The first time I see it, it’s 20 feet in front my my car, and I’m doing between 55 and 60 mph.

Well, here is the result:

So, it was a pretty scary thing.  After I hit it, my car wanted to head into the left lane, where there were some other cars.  I had to fight back and basically stood on the brake.  I pulled onto the shoulder which was mostly dirt, and my anti-lock was going crazy.  I thought it was going to take forever to stop, really pissed that it was taking so long.  I just wanted to stop - I didn’t know what all was wrong with the car.  When I got out, I realized that I had gone all of about 20 feet past where the deer was laying.  It had been knocked back to the median from where I hit it in the left lane.

The week before, I had just replaced the tires on this car.  I ended up spending a LOT more than I planned - I got the Goodyear Eagle Responsedge.  I was planning on spending about $500, and walked out $1100 lighter.  I had decided to drive it the few miles home, rather than wait for a tow truck.  That was fun.  The car really didn’t want to go.  When I got home, I noticed that the back passenger tire was mostly flat.  Sheesh.

So, to summarize:

• Hitting a deer sucks
• People who don’t stop to see if you’re ok after hitting a deer right in front of them, suck
• Acura TL is a great car
• Allstate insurance has been extremely cooperative and helpful, so far.
• I’m estimating the repair bill will be about $9000, and will take 3 weeks.  We will see how I do.
• The Cobb County Police Officer that took my report was a great guy.

Currently spammed stocks

Posted by jerry as Uncategorized

This is a list of stocks being pumped and dumped by spammers. Trading in these stocks during such a time would be risky at best.

The currently spammed stocks pummeling inboxes worldwide are:

CHFR - China Fruits - This one has been spammed for quite some time.

CEOA - CEO America

CBRP - Cambridge Resources Corp. - Several different spamming approaches are being used for this, including the plain-text email with the pump, and a some image based ones that are completely illegible, except that they match up to the plain-text ones being received.

UTEV - United Environmental Energy Corp.
VCDY - Voice Diary Inc.