nukeitdotorg » Featured

Matriux 0.9.4 beta1 [Security Distro]

fuzion — Mon, 01 Feb 2010 19:15:23 +0000

Matriux is…

… a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system.

It’s slick, responsive (even under a VM with bare resources) thanks to it’s lean system requirements and comes with an ‘Arsenal’ of tools to help you get stuff done efficiently. Matriux also seems to have a lot going for it as far as an active community reachable through IRC and forums. Overall, the experience is good. It’s at the very least on par with other distros of this nature. I’m mostly impressed by its speed considering its use of KDE4 with a few sfx turned on. I’ll see how it fares on my crappy little Atom based netbook later.

Click to show a comprehensive list of security tools included in Matriux»

http://www.matriux.com/

Reconnaissance

DNS

DIG
DNSBruteForce
DNSTracer
DNSWalk

HTTrack

HTTrack
WebHTTrack Website Copier
Browse Mirrored Websites

Others

Chaosreader
Deepmagic Information Gathering Tool
dsniff password sniffer
EtherApe
tcpdump
tcpslice
tcptrace
tcptracert
Network Analyzer (Wireshark)
xtrace

Scanning

BATMAN-Tools

batping
batroute
batdump

Cisco

CDP Packet Generator
HSRP Generator

Routing-Protocols

Autonomous System Scanner
IGRP Route Injector

Web-Scanners

Nikto
Angry IP Scan
CryptCat
ettercap console
Ettercap Gui
file2cable
Web Server Fingerprinting Tool
icmpush
icmpquery
IRDP Packet Sender
IRDP Responder Packet Sender
Netcat
netenum
netmask
Nmap
Paris Traceroute
Protocol Scanner
Parallel Internet Measurement Utility
tctrace
THC-Amap
The Network Mapper Front End

Gain Access (Attack Tools)

Brute-Force

BruteSSH

Password

crunch
md5-utils

Others

Mac Changer

Framework

Fast-Track

Fast Track Console Mode
FT-Interactive Menu
Fast Track Gui

Inguma

Inguma-cli
Inguma-gui

Metasploit Framework 2

msf2-cli
msf2-console
msf2-update
msf2-web
msf2-web console v2.7.

Metasploit Framework 3

msf3-cli
msf3-console
msf3-gui
msf3-web
msf3-web console v3.2

Others

Grendel-Scan
HTTP Request Exploit Framework
WebSecurify
WSFuzzer

Radio

Bluetooth

haraldscan

Wireless 802.11

airbase-ng
aircrack-ng
airdecap-ng
airdecloak-ng
airdriver-ng
aireplay-ng
airmon-ng
airodump-ng
airolib-ng
airserv-ng
airtun-ng
buddy-ng
easside-ng
packetforge-ng
tkiptun-ng
wesside-ng
WiFi Radar

Digital-Forensics

Acquisition

Automated Image & Restore 1.28
Guymager

Analysis

Start Autopsy
Autopsy Forensics Browser
Gpart
Pasco
Vinetto
Start WarVOX
Open WarVOX Web Interface
Xplico Console Mode (Internet Traffic Decoder)
Xplico Web Interface (Internet Traffic Decoder)
Dhash

Debugger

Crash
e2dbg
efence
JavaScript Lint
valgrind

Tracer

Leak-Tracer

Leak Analyze
Leak Check
etrace
ltrace
pstack
strace

w3af 1.0-rc3 console for Windows

fuzion — Sat, 09 Jan 2010 03:57:44 +0000

Here’s w3af 1.0 RC3 CLI built for Windows. Please leave a comment if you find a bug. This is not supported software. Please don’t bother reporting bugs to the official list or tracker unless you can confirm it in the original untouched source as well.

Features:

Latest tagged release.
Python 2.6 and updated dependencies built in.
Completely portable.
Tested on Windows XP and 7
“Fixed” many deprecation warnings. Please test!
You can edit the plugins!

Download:

Normal - http://rapidshare.com/files/332486992/w3af-1.0-rc3-console.7z
Slow - http://nukeit.org/pub/w3af-1.0-rc3-console.7z

Stats:

Size: 16,477,852 bytes
CRC32: 846EA1F7
MD5: 42111F575B702660457425DE7EBFA344
SHA-1: 654D70D81BF61579120D238DE2505AA9614DF753

If you’d like to know how I managed to get this built with pyinstaller and fix all the deprecation warnings, take a look at this hideous patch:»
I’ll have both GUI and console packaged versions uploaded soon.

Index: core/controllers/easy_contribution/sourceforge.py
===================================================================
--- core/controllers/easy_contribution/sourceforge.py	(revision 3264)
+++ core/controllers/easy_contribution/sourceforge.py	(working copy)
@@ -23,7 +23,7 @@
 import os
 import cgi
 import time
-import md5
+import hashlib
 import urllib2, urllib
 import cookielib
 from core.controllers.misc.get_w3af_version import get_w3af_version
@@ -102,7 +102,7 @@
         else:
             # Generate the summary, the random token is added to avoid the
             # double click protection added by sourceforge.
-            summary += md5.new( time.ctime() ).hexdigest()
+            summary += hashlib.md5( time.ctime() ).hexdigest()
 
         # Now we handle the details
         details = ''
Index: core/controllers/extrusionScanning/extrusionScanner.py
===================================================================
--- core/controllers/extrusionScanning/extrusionScanner.py	(revision 3264)
+++ core/controllers/extrusionScanning/extrusionScanner.py	(working copy)
@@ -32,7 +32,7 @@
 
 import time
 import os
-import md5
+import hashlib
 import socket
 
@@ -73,7 +73,7 @@
         r += self._exec('uname -a')
         r += self._exec('env')
         r += self._exec('net user')
-        return md5.new(r).hexdigest()
+        return hashlib.md5(r).hexdigest()
 
     def isAvailable( self, port, proto ):
         try:
Index: core/controllers/misc/homeDir.py
===================================================================
--- core/controllers/misc/homeDir.py	(revision 3264)
+++ core/controllers/misc/homeDir.py	(working copy)
@@ -61,7 +61,7 @@
     '''
     @return: The location of the w3af directory inside the home directory of the current user.
     '''
-    home_path = user.home + os.path.sep + '.w3af'
+    home_path = '.w3af'
     return home_path
 
 def home_dir_is_writable():
Index: core/data/parsers/dpCache.py
===================================================================
--- core/data/parsers/dpCache.py	(revision 3264)
+++ core/data/parsers/dpCache.py	(working copy)
@@ -26,7 +26,7 @@
 import core.data.parsers.documentParser as documentParser
 from core.controllers.misc.lru import LRU
 
-import md5
+import hashlib
 import thread
 
@@ -42,7 +42,7 @@
 
     def getDocumentParserFor( self, httpResponse, normalizeMarkup=True ):
         res = None
-        hash = md5.new( httpResponse.getBody() ).hexdigest()
+        hash = hashlib.md5( httpResponse.getBody() ).hexdigest()
 
         with self._LRULock:
             if hash in self._cache:
Index: core/data/url/handlers/keepalive.py
===================================================================
--- core/data/url/handlers/keepalive.py	(revision 3264)
+++ core/data/url/handlers/keepalive.py	(working copy)
@@ -686,7 +686,7 @@
     keepalive_handler.close_all()
 
 def continuity(url):
-    import md5
+    import hashlib
     format = '%25s: %s'
 
     # first fetch the file with the normal http handler
@@ -695,7 +695,7 @@
     fo = urllib2.urlopen(url)
     foo = fo.read()
     fo.close()
-    m = md5.new(foo)
+    m = hashlib.md5(foo)
     print format % ('normal urllib', m.hexdigest())
 
     # now install the keepalive handler and try again
@@ -705,7 +705,7 @@
     fo = urllib2.urlopen(url)
     foo = fo.read()
     fo.close()
-    m = md5.new(foo)
+    m = hashlib.md5(foo)
     print format % ('keepalive read', m.hexdigest())
 
     fo = urllib2.urlopen(url)
@@ -715,7 +715,7 @@
         if f: foo = foo + f
         else: break
     fo.close()
-    m = md5.new(foo)
+    m = hashlib.md5(foo)
     print format % ('keepalive readline', m.hexdigest())
 
 def comp(N, url):
Index: core/data/url/handlers/localCache.py
===================================================================
--- core/data/url/handlers/localCache.py	(revision 3264)
+++ core/data/url/handlers/localCache.py	(working copy)
@@ -25,7 +25,7 @@
 import urllib2
 import httplib
 import unittest
-import md5
+import hashlib
 from core.controllers.misc.homeDir import get_home_dir
 
 import StringIO
@@ -47,7 +47,7 @@
     id += request.get_full_url()
     for h in request.headers.keys():
         id += h + request.headers[h]
-    return md5.new(id).hexdigest()
+    return hashlib.md5(id).hexdigest()
 
 class CacheHandler(urllib2.BaseHandler):
     '''
Index: core/data/url/handlers/MultipartPostHandler.py
===================================================================
--- core/data/url/handlers/MultipartPostHandler.py	(revision 3264)
+++ core/data/url/handlers/MultipartPostHandler.py	(working copy)
@@ -42,7 +42,7 @@
 import urllib
 import urllib2
 import mimetools, mimetypes
-import os, stat, md5
+import os, stat, hashlib
 from core.data.fuzzer.fuzzer import string_file
 
 class Callable:
@@ -102,7 +102,7 @@
             # '127.0.0.1.1000.6267.1173556103.828.1'
             # This contains my IP address, I dont like that...
             # Now:
-            boundary = md5.new(mimetools.choose_boundary()).hexdigest()
+            boundary = hashlib.md5(mimetools.choose_boundary()).hexdigest()
         if buffer is None:
             buffer = ''
 
Index: extlib/pyPdf/pyPdf/pdf.py
===================================================================
--- extlib/pyPdf/pyPdf/pdf.py	(revision 3264)
+++ extlib/pyPdf/pyPdf/pdf.py	(working copy)
@@ -46,8 +46,8 @@
 import utils
 from generic import *
 from utils import readNonWhitespace, readUntilWhitespace, ConvertFunctionsToVirtualList
-from sets import ImmutableSet
-
+#from sets import ImmutableSet
+ImmutableSet = frozenset
 ##
 # This class supports writing PDF files out, given pages produced by another
 # class (typically {@link #PdfFileReader PdfFileReader}).
@@ -115,7 +115,7 @@
     # encryption.  When false, 40bit encryption will be used.  By default, this
     # flag is on.
     def encrypt(self, user_pwd, owner_pwd = None, use_128bit = True):
-        import md5, time, random
+        import hashlib, time, random
         if owner_pwd == None:
             owner_pwd = user_pwd
         if use_128bit:
@@ -129,8 +129,8 @@
         # permit everything:
         P = -1
         O = StringObject(_alg33(owner_pwd, user_pwd, rev, keylen))
-        ID_1 = md5.new(repr(time.time())).digest()
-        ID_2 = md5.new(repr(random.random())).digest()
+        ID_1 = hashlib.md5(repr(time.time())).digest()
+        ID_2 = hashlib.md5(repr(random.random())).digest()
         self._ID = ArrayObject((StringObject(ID_1), StringObject(ID_2)))
         if rev == 2:
             U, key = _alg34(user_pwd, O, P, ID_1)
@@ -156,7 +156,7 @@
     # @param stream An object to write the file to.  The object must support
     # the write method, and the tell method, similar to a file object.
     def write(self, stream):
-        import struct, md5
+        import struct, hashlib
 
         externalReferenceMap = {}
         self.stack = []
@@ -177,7 +177,7 @@
                 pack2 = struct.pack("= 3:
         for i in range(50):
-            md5_hash = md5.new(md5_hash[:keylen]).digest()
+            md5_hash = hashlib.md5(md5_hash[:keylen]).digest()
     return md5_hash[:keylen]
 
 def _alg33(owner_pwd, user_pwd, rev, keylen):
@@ -1114,14 +1114,14 @@
     return val
 
 def _alg33_1(password, rev, keylen):
-    import md5
-    m = md5.new()
+    import hashlib
+    m = hashlib.md5()
     password = (password + _encryption_padding)[:32]
     m.update(password)
     md5_hash = m.digest()
     if rev >= 3:
         for i in range(50):
-            md5_hash = md5.new(md5_hash).digest()
+            md5_hash = hashlib.md5(md5_hash).digest()
     key = md5_hash[:keylen]
     return key
 
@@ -1131,8 +1131,8 @@
     return U, key
 
 def _alg35(password, rev, keylen, owner_entry, p_entry, id1_entry, metadata_encrypt):
-    import md5
-    m = md5.new()
+    import hashlib
+    m = hashlib.md5()
     m.update(_encryption_padding)
     m.update(id1_entry)
     md5_hash = m.digest()
Index: extlib/scapy/scapy.py
===================================================================
--- extlib/scapy/scapy.py	(revision 3264)
+++ extlib/scapy/scapy.py	(working copy)
@@ -3111,9 +3111,9 @@
             if loctrace:
                 trt[trace_id] = loctrace
 
-        tr = map(lambda x: Gnuplot.Data(x,with="lines"), trt.values())
+        tr = map(lambda x: Gnuplot.Data(x,with_="lines"), trt.values())
         g = Gnuplot.Gnuplot()
-        world = Gnuplot.File(conf.gnuplot_world,with="lines")
+        world = Gnuplot.File(conf.gnuplot_world,with_="lines")
         g.plot(world,*tr)
         return g
 
Index: plugins/attack/db/dbDriverFunctions.py
===================================================================
--- plugins/attack/db/dbDriverFunctions.py	(revision 3264)
+++ plugins/attack/db/dbDriverFunctions.py	(working copy)
@@ -13,7 +13,7 @@
 
 import urllib
 import time
-import md5
+import hashlib
 import os
 import random
 
Index: plugins/discovery/favicon_identification.py
===================================================================
--- plugins/discovery/favicon_identification.py	(revision 3264)
+++ plugins/discovery/favicon_identification.py	(working copy)
@@ -43,7 +43,7 @@
 from core.controllers.w3afException import w3afException, w3afRunOnce
 
 import re
-import md5
+import hashlib
 import os.path
 
@@ -86,7 +86,7 @@
             response = self._urlOpener.GET( def_favicon_url, useCache=True )
 
             if not is_404( response ):
-                favmd5=md5.new(response.getBody()).hexdigest()
+                favmd5=hashlib.md5(response.getBody()).hexdigest()
 
                 try:
                     # read MD5 database.
Index: plugins/discovery/findCaptchas.py
===================================================================
--- plugins/discovery/findCaptchas.py	(revision 3264)
+++ plugins/discovery/findCaptchas.py	(working copy)
@@ -33,7 +33,7 @@
 import core.data.kb.knowledgeBase as kb
 import core.data.kb.info as info
 
-import sha
+import hashlib
 import mimetypes
 import core.data.parsers.documentParser as documentParser
 
@@ -121,7 +121,7 @@
                     except:
                         om.out.debug('Failed to retrieve the image for finding captchas.')
                     else:
-                        res[ img_src ] = sha.new(image_response.getBody()).hexdigest()
+                        res[ img_src ] = hashlib.sha1(image_response.getBody()).hexdigest()
 
         return res
 
Index: plugins/discovery/phpEggs.py
===================================================================
--- plugins/discovery/phpEggs.py	(revision 3264)
+++ plugins/discovery/phpEggs.py	(working copy)
@@ -36,7 +36,7 @@
 import core.data.kb.knowledgeBase as kb
 import core.data.kb.info as info
 
-import md5
+import hashlib
 
 class phpEggs(baseDiscoveryPlugin):
@@ -274,7 +274,7 @@
         else:
             cmp_list = []
             for r in response:
-                cmp_list.append( (md5.new(r[0].getBody()).hexdigest(), r[1] ) )
+                cmp_list.append( (hashlib.md5(r[0].getBody()).hexdigest(), r[1] ) )
             cmp_set = set( cmp_list )
 
             found = False
Index: scripts/script-all.w3af
===================================================================
--- scripts/script-all.w3af	(revision 3264)
+++ scripts/script-all.w3af	(working copy)
@@ -10,7 +10,7 @@
 output config console
 set verbose False
 back
-discovery all, !fingerMSN, !fingerGoogle, !fingerPKS, !spiderMan
+discovery all, !fingerMSN, !fingerGoogle, !fingerPKS, !spiderMan !detectReverseProxy
 discovery
 grep all
 grep
@@ -20,6 +20,6 @@
 bruteforce
 back
 target
-set target http://localhost/w3af/
+set target http://localhost/
 back
 start
Index: scripts/script-find_captcha.w3af
===================================================================
--- scripts/script-find_captcha.w3af	(revision 3264)
+++ scripts/script-find_captcha.w3af	(working copy)
@@ -13,7 +13,7 @@
 
 back
 target
-set target http://localhost/w3af/discovery/find_captcha/index.php
+set target http://localhost/
 back
 
 start
Index: w3af_console
===================================================================
--- w3af_console	(revision 3264)
+++ w3af_console	(working copy)
@@ -2,7 +2,76 @@
 
 import getopt, sys, os
 import gettext
-
+import hashlib
+import csv
+import Cookie
+import core.controllers.outputManager as om
+import core.data.constants.browsers as browsers
+import core.data.constants.dbms as dbms
+import core.data.constants.httpConstants as httpConstants
+import core.data.constants.httpConstants as http_constants
+import core.data.constants.severity as severity
+import core.data.constants.w3afPorts as w3afPorts
+import core.data.dc.form as form
+import core.data.kb.config as cf
+import core.data.kb.info as info
+import core.data.kb.info as infokb
+import core.data.kb.knowledgeBase as kb
+import core.data.kb.vuln as vuln
+import core.data.parsers.documentParser as documentParser
+import core.data.parsers.dpCache as dpCache
+import core.data.parsers.urlParser as urlParser
+import core.data.request.httpPostDataRequest as httpPostDataRequest
+import core.data.request.httpQsRequest as httpQsRequest
+import core.data.url.httpResponse as httpResponse
+from core.controllers.basePlugin.baseAttackPlugin import *
+from core.controllers.basePlugin.baseAuditPlugin import *
+from core.controllers.basePlugin.baseBruteforcePlugin import *
+from core.controllers.basePlugin.baseDiscoveryPlugin import *
+from core.controllers.basePlugin.baseEvasionPlugin import *
+from core.controllers.basePlugin.baseGrepPlugin import *
+from core.controllers.basePlugin.baseManglePlugin import *
+from core.controllers.basePlugin.baseOutputPlugin import *
+from core.controllers.basePlugin.basePlugin import *
+from core.controllers.coreHelpers.fingerprint_404 import *
+from core.controllers.daemons.proxy import *
+from core.controllers.daemons.webserver import *
+from core.controllers.misc.factory import *
+from core.controllers.misc.get_local_ip import *
+from core.controllers.misc.groupbyMinKey import *
+from core.controllers.misc.homeDir import *
+from core.controllers.misc.is_private_site import *
+from core.controllers.misc.levenshtein import *
+from core.controllers.misc.temp_dir import *
+from core.controllers.misc.webroot import *
+from core.controllers.sql_tools.blind_sqli_response_diff import *
+from core.controllers.sql_tools.blind_sqli_time_delay import *
+from core.controllers.threads.threadManager import *
+from core.controllers.threads.w3afThread import *
+from core.controllers.w3afException import *
+from core.data.constants.common_directories import *
+from core.data.db.db import *
+from core.data.db.history import *
+from core.data.db.temp_persist import *
+from core.data.dc.form import *
+from core.data.exchangableMethods import *
+from core.data.fuzzer.formFiller import *
+from core.data.fuzzer.fuzzer import *
+from core.data.fuzzer.mutant import *
+from core.data.getResponseType import *
+from core.data.kb.shell import *
+from core.data.options.option import *
+from core.data.options.optionList import *
+from core.data.parsers.dpCache import *
+from core.data.parsers.urlParser import *
+from core.data.request.frFactory import *
+from core.data.request.httpQsRequest import *
+from core.data.searchEngines.googleSearchEngine import *
+from core.data.searchEngines.msn import *
+from core.data.searchEngines.pks import *
+from core.data.searchEngines.yahooSiteExplorer import *
+from core.data.url.xUrllib import *
+
 # First of all, we need to change the working directory to the directory of w3af.
 currentDir = os.getcwd()
 scriptDir = os.path.dirname(sys.argv[0]) or '.'

Pentoo i686 and x86_64 2009.0 final

fuzion — Sat, 05 Dec 2009 05:04:10 +0000

Pentoo i686 and x86_64 2009.0 final are out now. Check out some of the features in the well made gentoo-based penetration testing live linux distro:

It features the following :

Changes saving
Enhanced cracking software
- NTLM/MD4/MD5 cuda bruteforcer
- WPA PSK rainbowtables generation accelerated through CUDA, STREAM or PADLOCK
- John The Ripper with MPI support allowing you to run it on all your local or remote cores
Kernel 2.6.31.6 and wifi 2.6.32_rc7 with all the patches from Zero, including the freq patches for ath5k
A slight and sexy UI, Enlightenment DR17, built from SVN

Enabled Firefox Extensions:

Add N Edit Cookies 0.2.1.3
Firebug 1.4.5
FoxyProxy Standard 2.15
HackBar 1.4.2
HttpFox 0.8.4
Live HTTP headers 0.15
Multiproxy Switch 1.32
No-Referer 1.3.1
ShowIP 0.8.17
SQL Inject Me 0.4.4
SQL Injection! 1.3
Tamper Data 10.1.0
User Agent Switcher 0.7.2
XSS Me 0.4.3

Get it here:


http://www.pentoo.ch/download/

pentoo-i686-2009.0.iso
pentoo-x86_64-2009.0.iso

Pentoo i686 2009.0 Final Screenshots:

Feed Content Theft Prevention

fuzion — Fri, 09 Oct 2009 10:43:59 +0000

There isn’t much you can do to protect your feed content that a scraper can’t use Yahoo Pipes and a few cute regex’s to sidestep. Blocking Yahoo pipes is not the best idea since people actually use it for non-nefarious purposes. Here are a few things you can do (with PHP?) to prevent the regex filters meant to remove your tracking pixels and other stuff from being removed without undesirable consequences.

Dynamically generated tags – Very basic regex filters can be defeated if you place a dynamic class in front of your tracking pixels:

<img class="92934abc123" src="yourimg" />

Chance are the autoblogger won’t bother to sort out all the different image classes. This won’t prevent them from removing all images (or tags) though. How about some slick html then?

Set this up for RSS only:

<img src="" alt="
Your plaintext excerpt here.
">

Maybe you could add a fake ad to that:

<img src="http://ads.yourdomain.com/fakead.jpg" alt="
Your plaintext excerpt here.
">

Or fake feed flare:

<img src="http://feeds.feedburner.com/~ff/slashfilm?a=ynIB-icScgo:Hzwy1PtmAKc:I9og5sOYxJI" alt="
Your plaintext excerpt here.
">

Another (unproven) idea is to use Google’s newfound acceptance of cross domain canonical tags. Basically, you just throw it in there and hope Googlebot is a little relaxed as to where tags show up.

<link rel="canonical" href="http://yourdomain/thepost/" />

Pigskin Orange – Free Blogger Theme

fuzion — Sat, 03 Oct 2009 02:28:56 +0000

Features:
Nice orange color for football fans. Minified CSS and JS for fast page load time.

Instructions:
Upload the contents of the images folder somewhere. Open main.xml with a decent text editor and replace all instances of images/ with the url to your uploaded images.

License:

This work is licensed under a Creative Commons Attribution 3.0 United States License.
You must attribute the work in the manner specified by the author or licensor (but not in any way that suggests that they endorse you or your use of the work). Please leave the footer link intact.
Demo
Download

Content Security Policy enabled in Minefield preview build

fuzion — Thu, 01 Oct 2009 22:35:30 +0000

The Mozilla Foundation released on Wednesday a preview version of the Firefox browser that implements a technology to protect against scripting attacks.
The technology, known as Content Security Policy, allows Web sites to specify restrictions on how they handle scripts. Using CSP, a Web site can create a white list of sites from which the browser should accept scripts as well as mandate that the scripts are labeled as applications and are not obfuscated. A number of other features are also available, all aiming to prevent malicious scripts from executing in the context of the current site.

Content Security Policy is based on recommendations made by Robert “rsnake” Hansen back in 2005. Most browsers treat all scripts the same, executing in the context of the current site, no matter where they originated. The defacto policy is what allowed untrusted ads on The New York Times site to recently serve up malicious software to visitors and allowed the Samy and other Web worms to spread. Content Security Policy allows sites to tell browsers which scripts should be allowed as well as additional restrictions on scripting. –
http://www.securityfocus.com/brief/1019

Here are the results of my test using 3.5 first and the preview build second:

You can try the demo out here:

http://people.mozilla.org/~bsterne/content-security-policy/demo.cgi

As of September 30, 2009 Content Security Policy is availble for testing. You can download a CSP-enabled preview build from Mozilla’s Try Server which produces builds on all supported platforms.

http://people.mozilla.org/~bsterne/content-security-policy/download.html

Sneaky malware serving website

fuzion — Sat, 26 Sep 2009 02:09:49 +0000

Found it on some top result for a long tail keyword I was researching:

Whoever made this put a lot of effort into making it look real. It had the dim effect of the UAC along with the “bong” sound, very realistic ui elements and etc. Kind of odd to go through all of that, but I guess its all for realism… banking on the fact that many people just hear the sound and see the dim and assume its a legit installation. There were a few giveaways though, such as the fact that it got my OS and browser wrong. Actually had me wondering for half a second, which means it is probably HIGHLY effective at its job of tricking users into installing badware…

What’s interesting to me is the fact that this appeared on an otherwise normal looking blog, suggesting that someone is mass exploiting a hole in some cms or blog platform and targeting sites that have high SERP rankings for certain keywords. Also interesting is the fact that I have the latest Firefox with NoScript and ABP running.

OWA – Open Source Web Analytics WordPress Integration

fuzion — Sat, 12 Sep 2009 21:32:03 +0000

Open Web Analytics (OWA) is an open source web analytics framework written in PHP. OWA was born out of the need for an open source framework that could be used to easily add web analytics features to web sites and applications. The OWA framework also comes with built-in support for popular web applications such as Wordpress and MediaWiki. As a generic web analytics framework, OWA can be extended to track and analyze any web application.

Here are a few screens I took of OWA integrated into my WordPress admin panel. I have been using clickheat and piwik, but I may switch to this since it has both click tracking and analytics functions, along with many other features. Check out the screenshots (you’ll have to middle click to open in a new tab until i can find a js img box that works well with massive images):

Get/Learn more here:

http://wiki.openwebanalytics.com/index.php?title=Main_Page

What’s lurking in your webappsstore sqlite database? [Firefox]

fuzion — Wed, 09 Sep 2009 23:26:51 +0000

Probably a lot more personal information than anyone would care to have stored in an open, easily accessible manner. This DOM Storage file is one of many so called “supercookies” that most of today’s cleaning utilities fail to remove. Other “supercookies” include identifiable data stored by various Flash, JavaScript, and Java userData methods.

Interestingly, Firefox 3.5’s “Private Browsing” information makes no mention as to whether or not it stores data in webappsstore.sqlite, I haven’t verified this, but I would expect it to be explicitly mentioned in the list of “Private Browsing” features.

http://support.mozilla.com/en-US/kb/Private+Browsing

Luckily, it’s a snap to view the contents with an SQLite viewer, and easy to remove too.

I used SQLite Manager for Firefox to view the contents of webappsstore.sqlite:

http://code.google.com/p/sqlite-manager/

I guess a better article might be written on the subject of why Bing has stored my actual home address in an insecure, unencrypted, non-cookie format for later retrieval…

webappsstore.sqlite MozillaZine entry:

Deleting webappsstore.sqlite will delete any data web sites have stored there. A new file will be created when it is needed.

http://kb.mozillazine.org/Webappsstore.sqlite

So removing it shouldn’t be any more harmful than normal cache/cookie removal.

I’m a fan of CCleaner, but I was surprised to find that it didn’t remove this db file by default. Adding it to the list of files to manually delete is a snap:

C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxxxx.default\webappsstore.sqlite

http://www.ccleaner.com/

Now where is the option to keep sites from storing data here in the first place?

Well, it appears you can go to about:config and change dom.storage.enabled to false, but the MozillaZine for this option doesn’t detail what other effects this might have.

http://kb.mozillazine.org/Dom.storage.enabled

Optimize Google Reader

fuzion — Tue, 08 Sep 2009 01:25:11 +0000