nuke it dot org

Security Stuff - 0106

nukeit — Tue, 06 Jan 2009 22:33:58 +0000

WHID is back

The web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to maintaining a list of web applications related security incidents.

New security plugin for Wordpress

- Looks interesting, and I'll review it after it leaves beta.

Maximum Security for Wordpress is packed with strong protection that makes your site extremely secure.

System Hardening Process Checklist

Hardening is the process of securing a system by reducing its surface of vulnerability. By the nature of operation, the more functions a system performs, the larger the vulnerability surface.

How to spend 50000 Entrecard Credits

nukeit — Sun, 04 Jan 2009 02:51:54 +0000

Jack the Blogger left Entrecard and gave me 20K credits to go along with my 20k. The other ~12K was generated from misc clicks and daily dropping over the course of the last month. Basically, I chose to spend them rather than holding a useless contest that would probably get me a PR 0 in the long run, and the other day I noticed that mine rose to 4 so I am pretty happy with this decision.

Rather than just hoping to advertise on the most expensive sites, I decided that they should all have a common metric of Pagerank 4 or higher. I know it's not even remotely scientific, but I think it proves a couple of points like the fact that PR is nearly as useless as EC. There, I said it :)

I don't think anyone hording their credits should do this though. Read on for the reasoning.

One Year Older

nukeit — Thu, 25 Dec 2008 18:02:48 +0000

I started blogging (on a different domain) a year ago, mainly as a way to share some of the interesting stuff I’d found while out on the network. I only posted here and there, and eventually tried to monetize it, which didn’t go over well with my gracious middle man host. I bought this domain, and moved all my stuff over. Everything seemed fine, until I tried to monetize it again… this time Google would have the last laugh however and they took everything I made from another type of 0-day release.

I kind of lost focus during that whole ordeal, and began posting crap… So, to try to make up for it, I’ve posted a few new bugs these last few days.

Bah?

nukeit — Thu, 25 Dec 2008 04:06:58 +0000

Time to get a little off topic. The pic isn’t me, but a recent addition to flickr (little black bars are mine) that pretty much sums it up for most of you.
Anyone else noticed the general feeling of bah-humbuggery lately? I don’t really get into this holiday thing, but it seems to me that people around here are down in the dumps so to speak. I drove around looking at the lights the other day and noticed a very distinct lack of effort from the usual “keeping up with the Joneses” types. Like Halloween, you can usually find the best stuff in the “rich neighborhoods” but this year’s lack of participation was very apparent. I’d say less than half of the houses seen had not been decorated at all. It was very strange.

I’ve boiled it down to one or more of three possible reasons, and I have an opinion for each:

No one lives in those expensive houses any more.
They all went “Eco”
Black Christmas aka “Apocalypse Fever”

Constructr CMS 3.02.5 multiple vulnerabilities

nukeit — Fri, 19 Dec 2008 21:53:00 +0000

Constructr CMS <= 3.02.5 “Stable” contains multiple vulnerabilities that potentially lead to your website being compromised by a remote intruder. It is recommended that you remove this software from your site until the issue has been resolved. More info on milw0rm Technorati Tags: cms, constructr, injection, lfi, php, posts, source, sql, vulnerability

Fiberz - Severed cable disrupts web access

nukeit — Fri, 19 Dec 2008 21:33:46 +0000

BBC.CO.UK is reporting the possibility that 3 major undersea cables have been severed, disrupting internet connectivity across the middle east. It is thought the FLAG FEA, SMW4, and SMW3 lines, near the Alexandria cable station in Egypt, have all been cut. A fault was also reported on the GO submarine cable 130km off Sicily. Experts warned [...]

Injader

nukeit — Fri, 19 Dec 2008 01:31:19 +0000

Injader <= 2.1.1 contains an SQL injection vulnerability. Users should have upgraded when 2.1.2 was released last week, but if not, they MUST upgrade now. More info on milw0rm

SUMO Linux Info and Screens

nukeit — Wed, 17 Dec 2008 16:06:27 +0000

SUMO (Security Utilizing Multiple Options) Linux v1.0

SUMO Linux is a bootable DVD from the security firm Sun Tzu Data which contains a compilation of the best Information Security distributions:

Backtrack 3

Helix 2.0 (Newer Helix 3 information here)

Samurai Linux

DBAN

DVL

Download (Torrent, 3.46GB DVD ISO)

OWASP Live CD Portugal Release

nukeit — Sat, 13 Dec 2008 03:46:44 +0000

The Live CD install of w3af has:

both the interactive console & w3af GUI installed
a menu item to update the current install from SVN so you can keep the Live CD up to date with latest version
the latest SVN version (as of 2008-12-07)
the steps to build the module are fully documented

Automatically delete old posts in Wordpress

nukeit — Tue, 09 Dec 2008 02:05:18 +0000

Here’s a dirty little php script I put together that will automatically delete old posts based on age and category.

Download