Sheeped

Ironically, the 2.1.1 security and bug-fix release of WordPress included malicious code that allows anyone to execute PHP code on your server. If you’ve upgraded WordPress during the last 3-5 days, it’s highly recommended that you upgrade to WordPress 2.1.2 immediately.

From the official announcement:

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.

Well, time to upgrade…

Following the recent accusations that Google and Amazon (among others) are profiling you without your knowledge, I’ve been asked by many, both online and offline, how they can stay anonymous online. If you’re wondering the same thing, read on!

Onion Routing

Onion routing is the concept of distributing packets among many different servers and routing them onwards randomly while en- and de-crypting them. This effectively prevents anyone from seeing where a packet came from, or where it’s headed. The periodical encryption even prevents the servers that are routing your packets to see where it came from, or where its final destination is. Each individual server only knows where the packet came from and the next server it is to be sent to (hence the name, we’re peeling the onion). Simply put, you’re untraceable.

This technique is being used by everything/everyone from journalists within restrictive regimes, to corporations conducting opposition analysis, and even the U.S. Navy, who used it as a means to communicate while within the middle east, not too long ago. It is, however, not completely secure. If someone had access to both your computer and the server you’re trying to communicate with, they could potentially assess what packets are part of the same circuit. Fortunately, this is very rarely the case.

Why should I use it?

By now you’re probably hyped about the possibility of committing online fraud, hacking, identity theft and other illegal activities. Perhaps not. Either way, it’s certainly possible — just don’t consider yourself the next Kevin Mitnick quite yet. If the CIA really wanted to get to you, I’m sure they could. Besides, Kevin Mitnick’s true strength was social engineering. …Oh yes, there’s some moral/legal issues, too.

Jokes aside, there’s various scenarios where you might want to hide your identity. Personally, I use onion routing when I’m online on campus. Even though there’s no real reason why I should, as I don’t perform criminal acts (that you know of), I just don’t like having someone breathe down my neck. What I do and where I go while online is my business, not the school’s internet administrator with his sparkling Microsoft diplomas and Microsoft Windows Server 2003 running ISA. Yes, we’re quite up-to-date here in ol’ Denmark.

Other scenarios include:

• You want to find information on treatment for an illness that you do not want anyone to know about.
• You’re in a country that is known to actively monitor internet traffic.
• You participate in e.g. online chat-rooms for victims of abuse, rape, etc.
• etc…

Quote from the Tor website:

Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor’s hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.

Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they’re in a foreign country, without notifying everybody nearby that they’re working with that organization.

Using it

Tor is the most popular installment of onion routing. It is being used by hundreds of thousands of people around the world. This means that there are thousands of potential servers on your traffic’s path, which ensures your anonymity. For a visual demonstration of how Tor (and onion routing in general) works, see the pictures below.

Tor is surprisingly easy to install, configure, and use — regardless of operating system. For download and installation instructions, please see the Tor download page. For more information about online routing and Tor, see their website.

Stay safe, and happy peeling!

There’s an interesting article on ShoeMoney that demonstrates how simple it is to explore vulnerabilities in public code using Google Code Search. The article may be of use to you if you’re in doubt about your site’s security. It also shows how incredibly easy it is to find vulnerabilities in scripts indexed by Google. In addition, here’s a few tips to help you strengthen your site’s security:

• Don’t leave backups of any of your files in plain view, e.g. a config.php.BAK file in the same file as the config.php, supposing the config is readable by everyone — at the very least, if you have to leave them in plain sight, protect the directory they’re in with something like .htaccess Password Protection. This applies especially to those who are using the Google Sitemap generator and have the option to scan the file tree enabled (because it will index files that aren’t necessarily linked to from anywhere on the web).
• Don’t display version numbers. If you’re running well-known software on your site such as phpBB, Wordpress, etc., be sure to remove any display of the current software version (it’s typically in the page footer, e.g. change “Powered by Wordpress 2.0.5″ to “Powered by Wordpress”). Searching for those ‘Powered by’ lines is the easiest way for a hacker to find sites to compromise.
• Make a global config file. If you’re designing your own dynamic pages, try to keep sensitive data in one file, e.g. config.php rather than creating database connections manually in several PHP files — especially if you’re the kind of guy who edits a live site manually and might make temporary backups. If, say, listitems.php.bak was viewed from somewhere else, hackers wouldn’t be able to obtain login credentials by looking at the source (note that hackers can still find XSS/SQL Inject vulnerabilities if you leave them in plain view). It is rather self-explanatory why you should not leave backups of your config.php file lying around.
• Limit your database access. If you’re running your web server on the same server as your database server, limit database access to localhost/127.0.0.1 only. If a hacker somehow acquires your login credentials, he can’t do much with it.
• Ensure your Apache handlers are in place. Verify that all dynamic scripts are actually being processed on your server rather than output in plain text. If you need to make backups of your scripts, keep the original extension:
  BAD: listitems.php~ - listitems.php.bak
  GOOD: listitems.bak.php - listitems.old.php

Just for clarification: The Google Sitemap Generator, Google Search or Google Code Search can’t read your code unless it is being output as plain text - also, the Sitemap Generator does not read the contents of your files, it merely compiles a list of links that the Google Spider then crawls.

One thing I’ve always hated about the “big, bad” antivirus solutions like Norton and Mcafee, is their tendency to literally wrestle with my system’s resources, taking up a tremendous amount of RAM space and processor time. Sure, that’d be all fine and dandy if I just used my computer a few times a day to check my e-mail and chat with my friends, but that’s just not the case. I need something that just works, stays in the background and only bugs me when there is something of importance I need to respond to — and of course, it also needs to be capable of removing viruses.

I’ve tried out a few of the big ones: F-Secure, BitDefender, BullGuard, AntiVir, Mcafee, Avast, Norman, F-Prot, Norton Professional, AVG, Panda, PC-Cillin, etc… - but when it comes to “just working” and working damn well, my undisputed favorites are ESET NOD32 and Kaspersky. While NOD32 is marginally worse at detecting viruses (~95% compared to Kaspersky’s ~99%), it has powerful heuristics scanning (helps detect “in-the-wild” viruses, before they’re officially added to the virus definition database and the client is updated), and it is more quiet than Kaspersky. Kaspersky, however, detected 99.62% of 147,000 viruses in a large test conducted by Virus.gr, offers a lot more than NOD32, and it’s even available for free as the AOL-branded “Active Virus Shield“. Active Virus Shield is an AOL-branded clone of the commercial Kaspersky Antivirus with some features removed - If you’re just looking for good antivirus protection, it’s more than fit for the job.

The only real difference between Kaspersky Antivirus and Active Virus Shield is that Kaspersky (the commercial one) has a feature called Proactive Defense. It takes measures to stop unknown viruses before they break in, by e.g. monitoring Windows Registry changes, application hijacking attempts and what not. Another feature of Kaspersky and Active Virus Shield is that they scale based on CPU usage, so they won’t slow down your system when you’re running something demanding.

My recommendations:

• If you don’t mind shaking up a few bucks, want ultra-fast performance with minimal annoyance - go with NOD32 from ESET.
• If you still have money to spare, want the absolute maximum protection including paranoia features, go with Kaspersky Antivirus.
• If you don’t want to pay and just want maximum virus protection with little interruption, go with Active Virus Shield from AOL.

For further reading, see the article “And the best antivirus is…” at CyberNet Technology News that focuses on the results of the 147.000 virus detection test.