Most of you have a shit ISP that overcharges you for unreliable service and can’t do shit about it because that company either has a micromonopoly in your region or because they are considered the “least worst” of your “options”. What you may not realize is that the same shit company is also making serious bank off those stupid 404-jacking pages they send you half the time instead of the local site’s. They sell these huge data streams of their customers 404′d requests to domain squatting types so that you’re guaranteed to get an MFA when you type in http://www.yxhoo.com/ or the like.

Anyhoo… my ISP’s awesome dev dept conveniently forgot to ensure the opt out feature worked prior to launch. And for the record, I’d be perfectly happy with the ads and personal information leaks if they would charge less or at least provide me with the level of service I pay for.

Now, will someone tell me why ebay is still buying ads for everything? I thought they filtered out “Nukes” and other nefarious keywords long ago.

Once you’ve gotten the hang of these steps, you may wish to look at more advanced GIMP tutorials that will show you how to add special effects to your text and graphic.

Video demo:
[youtube]http://www.youtube.com/watch?v=Fwe8LKklPEM[/youtube]

Companion PDF:

http://nukeit.org/pub/ec125gimp.pdf

If you like this tutorial, be sure to give it a stumble or digg so others can find it too

Damn Vulnerable Linux 1.5 “Infectious Disease” was released and I have screens from a VirtualBox install. I didn’t see a changelog anywhere, but it looks like many things are updated. All that shows on their blog at the moment is this:

Release date: 01/26/2009. Fixed many bugs (e.g. wrong postgres path), added several tools.

Many interesting things you can learn by using this distro. Just a quick tip, you don’t need to run xconf before startx with Vbox… it’ll break.

This would be a great distro for anyone starting out or just wanting to brush up on any number of not so whitehat skills. Grab a torrent of Damn Vulnerable Linux 1.5 “Infectious Disease” here and be sure to seed for as long as you can when you’re done.

SQL injection exploitation internals

How to exploit this web application injection point.

2009 Top 25 Programming Errors

25 most dangerous programming errors that lead to security bugs

w3af 2312 portable (and other useful stuff)

UPDATED w3af to build 2312 fixed SVN updater and added larger 1meg plkto (nikto ) DB file.

Interesting exploits:
Wordpress plugin WP-Forum 1.7.8 Remote SQL Injection
Simple Machines Forum – Destroyer

meh, not much else going on… here is a good read though:

Fail and You – Twitter hack edition

and finally:
hxxp://anonym.to/javascript%3Aalert(%27fail%27)//http%3A//

WHID is back

The web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to maintaining a list of web applications related security incidents.

New security plugin for WordPress

- Looks interesting, and I’ll review it after it leaves beta.

Maximum Security for WordPress is packed with strong protection that makes your site extremely secure.

System Hardening Process Checklist

Hardening is the process of securing a system by reducing its surface of vulnerability. By the nature of operation, the more functions a system performs, the larger the vulnerability surface.

FUDFUDFUD!

Twitter Has Security Meltdown! – Nothing of value was lost…

ZOMG! Twitter “phishers” targeting Facebook too!

- Again, nothing of value was lost…

The phishing site that was set up to hoodwink Twitter’s users has a second front door that looks exactly like Facebook. The address of the fake Twitter site was twitter.access-login.com/login, but take out the “/login” part and you arrive at the dead-ringer for the Facebook homepage.

Quote of the day

An inflated consciousness is always egocentric and conscious of nothing but its own existence. It is incapable of learning from the past, incapable of understanding contemporary events, and incapable of drawing right conclusions about the future. It is hypnotized by itself and therefore cannot be argued with. It inevitably dooms itself to calamities that must strike it dead. – Carl Jung Psychology and Alchemy (1944). In CW 12. P. 563

Time to get a little off topic. The pic isn’t me, but a recent addition to flickr (little black bars are mine) that pretty much sums it up for most of you.
Anyone else noticed the general feeling of bah-humbuggery lately? I don’t really get into this holiday thing, but it seems to me that people around here are down in the dumps so to speak. I drove around looking at the lights the other day and noticed a very distinct lack of effort from the usual “keeping up with the Joneses” types. Like Halloween, you can usually find the best stuff in the “rich neighborhoods” but this year’s lack of participation was very apparent. I’d say less than half of the houses seen had not been decorated at all. It was very strange.

I’ve boiled it down to one or more of three possible reasons, and I have an opinion for each:

1. No one lives in those expensive houses any more.
2. They all went “Eco”
3. Black Christmas aka “Apocalypse Fever”

The first one is rather self explanatory, and probably the most reasonable assumption given the current economy and housing crisis. The likelihood of the second reason is somewhat diminished by the fact that many of these are the same people that drive their Hummers to Wal-mart. The third, (and the second, to a lesser degree) has a lot to do with the predominantly white republican devout Christians that live around here. Think the whole end of Religulous, but concentrated in one sermon every Sunday. This kind of “waiting for the end times” is the great unspoken ideal around here and probably near you as well, you just might not notice it. I envision a Pat-Robertson-esque father telling his children that Christmas is canceled because the rest of American voted in a black guy and something about the seven signs or wtf ever… maybe not the best vision to put in your head… sorry, I thought you needed something to replace the missing sugar plums

Maybe the whole thing comes down to a serious lack of marketing. Maybe the general feeling of Holiday Cheer® and commercial bombardment just go hand in hand. This year, instead of Tickle-me-Elmo’s, we have Cut-my-Wrist-Emo… and (s)he comes with a black Christmas tree:

I think its time for my annual reminder for those in the marketing industry. I think you know what to do, and you can take your little emo spawn with you. Now if you’ll pardon me, I have some kids to kick off my lawn…

Constructr CMS <= 3.02.5 “Stable” contains multiple vulnerabilities that potentially lead to your website being compromised by a remote intruder. It is recommended that you remove this software from your site until the issue has been resolved.

More info on milw0rm

BBC.CO.UK is reporting the possibility that 3 major undersea cables have been severed, disrupting internet connectivity across the middle east.

It is thought the FLAG FEA, SMW4, and SMW3 lines, near the Alexandria cable station in Egypt, have all been cut. A fault was also reported on the GO submarine cable 130km off Sicily. Experts warned that it may be days before the fault is fixed and said the knock on effect could have serious repercussions on regional economies.

Looks like there will be a lot fewer website hijackings and a major drop in spam over the next few days

Injader <= 2.1.1 contains an SQL injection vulnerability. Users should have upgraded when 2.1.2 was released last week, but if not, they MUST upgrade now.

More info on milw0rm