Tag Archive for ‘Security’ at T. Longren

« Older Entries

Newer Entries »

Tag Archive for 'Security'

WordPress Security Issue

Published

Tyler

on July 28, 2006

in Internet, Open Source, Personal, Security and WordPress

. 0 Comments Tags: blog, blogging, blogs, opensource, Security, software, spam, spam-karma, WordPress.

Dr. Dave, the dude behind Spam Karma, has issued a warning to all WordPress users. A message popped up on my Spam Karma 2 dashboard warning of a potential security vulnerability in WordPress. Here’s part of the warning:

If you are running Wordpress as your blogging platform and if you have been trusting enough to leave User registration enabled for guests, DISABLE IT IMMEDIATELY (in wp-admin >> options: make sure “Anyone can register” is not checked).

Additionally, delete or disable ANY guest account already created by people you are not sure about.

Leaving it open and letting people sign-up for guest accounts on your Wordpress blog could lead to incredibly nasty stuff happening if anybody so desired. And trust me I am not exaggerating this. So don’t wait a second to disable this option and please relay the message.

Now, the WordPress development team was apparently notified a “while back”. They supposedly haven’t done anything yet to rectify this problem. Dr. Dave has received a lot of questions due to his initial post. In turn, he’s made another post in which he addresses some of those questions.

Hopefully we’ll see WordPress 2.0.4 out within a few days.

UPDATE: WordPress 2.0.4 Beta is out. It should be safe to open user registrations under WordPress 2.0.4. I’d expect to see the final 2.0.4 release next week.
[via Ryan Boren]

Popularity: 3% [?]

OpenDNS System Status

Published

Tyler

on July 27, 2006

in Internet, OpenDNS and Personal

. 4 Comments Tags: blog, blogs, dns, Internet, network, OpenDNS, phishing, Security, tech, technology, update, www.

It looks like OpenDNS is about to launch a “System Status” section of their website. Check out http://system.opendns.com/. I don’t know if this page is supposed to be live to the public yet, but what the hell.

Once you navigate to that page, you’ll see a status summary of the OpenDNS network. It looks like there’s gonna be a “mini blog” type of thing there too, probably mostly for making updates about outages or other problems. The “Testing” link you see in the image below is what leads me to believe there’s gonna be a separate “status” blog on that page.

There’s also a newer post at the OpenDNS blog about how they learn about phishing sites. I think they made that post in part due to one of my earlier posts on OpenDNS. :)

And boy how I wish I lived in San Francisco (well, not really). OpenDNS is currently looking for a Debian system administrator. Personally though, I’ve touched Debian once or twice. I can’t imagine leaving my beloved Slackware.

Oh, and I found the system.opendns.com site via my WordPress dashboard. system.opendns.com was listed as an incoming link from Technorati.

Popularity: 4% [?]

Restoring a Hacked Linux Server

Published

Tyler

on July 18, 2006

in Internet, Linux, Open Source and Personal

. 0 Comments Tags: blog, blogs, hack, hacking, network, Security, server.

This is a great post at MDLog. Marius goes into great detail on how you should respond when you know a linux server has been compromised.

It’s an interesting read if you’ve ever had the opportunity to be the administrator of a linux server. Probably interesting if you haven’t had that opportunity. None of my systems have ever been hacked, and I admin about 5 linux servers both at home and work. I’ve always sort of had a plan of attack though in the event it did happen. And, I’m happy to say, it would look very similar to Marius’s post.

Data Recovery Lost Data? Hard Drive Crashed? Software Corrupted? Wrong choice in data recovery solution or services might mean losing the data forever.

Popularity: 3% [?]

Dreamhost Issues

Published

Tyler

on July 17, 2006

in Dreamhost, Internet and Personal

. 1 Comment Tags: Dreamhost, hosting, hosting-providers, network, Security, www.

This site hasn’t been accessible for a while this morning. Dreamhost appears to be having some issues with a fileserver that keeps crashing. All seems to be good now, but it sounds like they’ve been through this before. The got the box up once and thought it was stable, until it crashed again a short time later:

Once we got the machine up, fixed and serving files, everything seemed like it was ok, so we went back to making sure all content, data and websites were working normally.

Right about then, it crashed again! This time, however, it came back up correctly, so it didn’t take as long as it had previously.

See the Dreamhost Status Blog and the Unofficial Dreamhost Blog for details. Hopefully this is the end of the issues for now, but who knows.

Popularity: 2% [?]

OpenDNS Speed

Published

Tyler

on July 14, 2006

in Internet, OpenDNS and Personal

. 3 Comments Tags: adware, blog, blogs, dns, illegal, news, OpenDNS, Security, software, spyware, virus, weather, www.

Wikipedia defines Adware as “Adware or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used.”

This guy makes some good points, the OpenDNS as Adware idea not being one of them though. He’s had some issues with the typo fix feature of OpenDNS and the OpenDNS search page coming up when it shouldn’t.

So what happens when it doesn’t know the IP address you ask? Well sometimes it returns no answers

javila@BeanMac ~ $ dig verizonn.com @208.67.222.222

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

And sometimes it gives you back their server. (asdverizon.com. 1 IN A 208.67.219.40) any request to 208.67.219.40 results in a search the attempted url being ran through their systems. If im not misunderstood, they make their money off of adds displayed at this time… therefore, the more they don’t catch, the more money they make on advertising? Ok so I guess for their software it “Pays to be stupid”

Simply because an application doesn’t provided the expected results doesn’t mean it’s adware. OpenDNS seems like the kind of company who is out to stop adware and other sorts of internet baddies. That post is worth a read, it does a nice job of bringing to light some problems in OpenDNS. And, I don’t think the guy was actively trying to take the “OpenDNS is Adware” stand, he did file that post under “Talking Shit” after all. heh.

Another interesting OpenDNS related post comes from Thomas Ptacek. Thomas has noticed OpenDNS actually takes longer to resolve some domains than, say, your ISP’s DNS servers.

74ms longer via OpenDNS. How much of that is network latency? You could turn off recursion, but OpenDNS doesn’t support it, so instead query for OpenDNS’s own names:

nsping -z opendns.com 208.67.222.222
+ [ 22 ] 55 bytes from 208.67.222.222: 261.771 ms [ 192.468 san-avg ]

41ms. Weak evidence that it takes OpenDNS 33ms longer to look up random names at Google on my DSL connection? Note also that all the OpenDNS queries “succeed”, because OpenDNS sends you to a landing page for typos.

Some pretty interesting comments going on at that post too. David Ulevitch and Thomas might end up getting together to do some testing on DNS caches and overall performance. David made a comment in my previous post on OpenDNS in which he explains some of the new features they’re working on:

I agree 100% about us needing to be more transparent. The three biggest things we are working on right now are:
1) Getting account preferences up and running so people can just enable and disable the various features they are working on.
2) Providing a much clearer understanding of where our phishing data comes from and what happens if we make a mistake
3) Bringing up our London datacenter and adding in a bunch of peering and other network connectivity to our existing sites.

I’ve really only witnessed one problem with OpenDNS. This is a prime example, try navigating to http://www.tehserver.us/. It takes you to the OpenDNS search page, right? Well, the first link displayed on the search page is really where I want to go. So, I click the first link and I’m taken right back to the OpenDNS search page I was just on. So, there’s apparently no way for me to get to www.tehserver.us using OpenDNS. Granted, tehserver.us isn’t totally legitimate, it’s definitely not breaking any sort of laws. Perhaps the spellcheck is getting confused. The domain is tehserver.us, not theserver.us.

I’ve been using OpenDNS for about 5 days now. I am going to do some testing tonight at home to see if OpenDNS actually serves up info quicker than my ISP’s DNS servers. I will post the results and how I went about testing. That is, provided I have power at home, there’s been some awesome storms rolling through the last couple days. A welcome event for the farmers around here though.

UPDATE: I can get to tehserver.us with no problem now, I never even see the OpenDNS search page. David mentioned he’s opened a bug in bugzilla for the developers to check out. He also mentioned this post on OpenDNS by Greg Keene. Greg takes a look at OpenDNS and fears even one security breach could make OpenDNS disappear:

My concerns? The obvious, security and security. Will temptation to generate advertising overcome their ‘do good’ nature? We’ll have to see. A huge, obvious hole is their own security. If they get hacked, then their users are effectively exposed — don’t underestimate this. I’d like to get more people using them so we can really find how good they are. My thought is that one security breach could kill these guys, even an exposed exploit would be a very bad thing.

Give it a try and let me know what you think.

Popularity: 4% [?]

What’s Wrong With OpenDNS?

Published

Tyler

on July 10, 2006

in Internet, OpenDNS and Personal

. 5 Comments Tags: apache, blog, blogs, dns, everydns, httpd, network, network-security, OpenDNS, Security, tech, technology, www.

OpenDNS is surely going to prove to be a useful tool for those not intimately familiar with the internet. OpenDNS, provides some unique functionality compared with other DNS servers in that it detects typos and prevents phishing. For example, say you type http://www.longren.og into your browser. That URL obviously doesn’t exist, notice the .og at the end? OpenDNS will recognize the typo and will redirect the user to http://www.longren.org.

Smart huh? Yes, but it could have it’s drawbacks. This post highlights what could be a potential security risk in OpenDNS. It has to deal with intrusion detection systems (IDS) not realizing which URL is actually being requested. That post uses the mod_speling apache httpd module as an example.

If I send a request for indexh.tml, mod_speling detects the mistake and will serve back index.html. The problem is any security products like an IDS/IPS won’t have this intelligence to try and “fix” the request before they analyze it. The IDS/IPS simply sees and logs a request for indexh.tml Modspelling, like this feature in OpenDNS, allows an attacker to side step the attack signatures on a IDS/IPS to exploit a site because the web server will “fix” the attack once it reaches its target.

I disagree with the logic behind the authors claims. Why? Simply because I have a feeling OpenDNS was built with that taken into consideration. I’m betting there’s some sort of database internally that lets every piece of the network know exactly what is being served when a typo is detected. Everything from the IDS boxes to the DNS servers themselves. Maybe I totally missed the point of what that post was trying to get across.

Another thing OpenDNS should work on ASAP is transparency. I’d really like to know the false positive rate on phishing sites. How many legitimate sites get flagged as a phishing site? A publicly available reporting system would also be nice. Something to show DNS changes in particular would be nice for helping to maintain the integrity of the database.

But, I’m sure these questions will be answered in the near future, after all, today is the company’s first day with exposure to the “public”. There’s already mention of a new feature on the most recent post at the OpenDNS blog.

One important feature which is not yet available, but will be soon, is self-service control over the DNS settings. Ryan’s article, understandably, doesn’t mention this capability, since it’s not yet live.

The point? We’re going to put more control in your hands, so if you want to turn off features like typo correction or phishing prevention, you’ll be able to. Account management is the top priority now, to help demonstrate the power of control over your DNS. We think transparency and control will show you (not just tell) that we’re making the right choices.

Ryan’s article is of course the article that was in Wired this morning. See, they’re already taking steps to provide more transparency, hopefully it will continue.

Harper Reed is also a bit skiddish with OpenDNS still, like me. I think OpenDNS has great intentions though, so I’m not too worried. Founder of OpenDNS, David Ulevitch, already has a pretty outstanding reputation in the internet community, probably due mostly to the success of EveryDNS. OpenDNS is out to do good on the internet, just like EveryDNS. That doesn’t mean they can’t do harm, as we saw with Blue Security.

I’m pretty sold on OpenDNS overall. I put their DNS servers in my DHCP server config tonight after I got home from work. And the Nevada office as well as a couple servers in Ankeny are using OpenDNS now too.

Popularity: 5% [?]