On July 4th, 2018, I reported a security/privacy problem to Apple regarding the
firmware on its
now-discontinued
AirPort wireless access points.
Per
Apple's website,
a "factory-default reset" of an AirPort should
"remove any saved configurations and profiles"
and should be sufficient for
"selling or giving away your base station".
On at least AirPort Extreme AP firmware 7.7.9 and AirPort Express firmware 7.6.9
(the newest available for each device at the time of reporting), a
"factory-default" reset just moves the configuration file to a new location on the
device, and the old file and up to two additional previous configurations remain
accessible on the device.
Continue reading 1,314 words...
I've been using an
OpenBSD
laptop
as my workstation a lot more lately, probably because most of my hardware just
works now and I don't have to think too much about it.
The touchpad
works
when I touch it, I can be confident that when I close the lid, the laptop
will fully suspend and then fully resume again when I open it,
WiFi works all throughout my house (although it's not terribly fast), and my
web browser
is fast and stable.
What amazing times we live in.
In the past, one thing that frequently kept me going back to my
Mac,
aside from
iOS and Android
development, was
1Password.
I have a ton of logins for websites and servers, and because my
browsers
are all configured to
clear cookies
for most websites after I close their tabs,
I need frequent access to passwords synced across my laptops and phones, and
1Password has great apps for all of those except OpenBSD.
Continue reading 1,572 words...
Last night I tried to visit one of the websites that I host on one of my dedicated servers, and to my surprise, I saw this instead of the usual content:
My first reaction was that the gzip compression had possibly broken on my server, or that it was a weird compatibility issue with Firefox 6.0 to which I had just upgraded. I enabled Firefox's Web Console to see what was actually being received (highlighting mine):
Continue reading 978 words...
Some time in 2010, Google, Adobe, and "dozens of other high-profile companies" were hacked by the Chinese government. The attack was done through a previously unknown vulnerability in Internet Explorer and considered to be highly sophisticated. The attackers copied intellectual property of these companies and accessed Gmail accounts of human rights activists.
Rather than directly hack into the accounts of those activists, the entire e-mail provider was compromised.
Continue reading 1,427 words...
At about 9am yesterday morning, I noticed on my server monitor that the CPU utilization of one of my servers was abnormally high, in addition to a sustained 1mbit/sec of inbound traffic and 2mbits/sec of outbound traffic. syslog messages from Asterisk showed it to be a SIP brute force attack, so I dropped the offending IP (an Amazon EC2 instance IP) into /etc/idiots to block it and went back to my work.
A while later, I noticed the traffic still hadn't died down, so I reported the incident to Amazon and my server's network provider. No luck on either front; Amazon just sent back a form reply stating the incident was forwarded to the EC2 instance's owner (yeah, seriously) and the network provider said they wouldn't bother adding an ACL to their border equipment unless it was needed to protect their entire network. With the IP blocked on my server, the CPU utilization had died down and it was no longer sending out reply traffic, but I was worried about the inbound garbage traffic counting towards the server's monthly bandwidth cap.
Continue reading 832 words...
While poking around in /tmp on one of our shared-customer web servers the
other day, I noticed a /tmp/... directory owned by www.
Seemed a bit odd, so I looked inside and found such gems as hide.c,
psybnc, and bleh2.pid.
As I was busy at the time, I killed the IRC bot that was being run and cleaned
up the directory and moved on.
Today, however, I noticed the same set of files had been put back, with
timestamps of yesterday.
I looked into it some more and it appears to be a root-kit-of-sorts (that
doesn't actually get root, and its only purpose is to run an IRC bot/bouncer).
Continue reading 612 words...