Skip to main content

Posts

EC2 IP aliasing script is now ready for use

About a month and a half ago I grew so frustrated by the boneheaded way that Amazon EC2 handles IP aliasing that I wrote a pretty lengthy post about the problems entailed and included a small program that would fix those problems . Amazon provides some pretty productive documentation for some types of users. There is help available for you if you are any one of the following:      - You are willing to pay for a new ENI to support a second IP address      - You are multihoming / load balancing      - You want to use "Amazon Linux" and install their ec2-net-utils But, if you want to just add a second IP address to a pre-existing Linux server, you are pretty much screwed. Well, you were screwed. Now you can install my program - aliaser - as a service and it will route additional IP addresses for you without the need for an extra ENI. I've uploaded aliaser to Github   - it includes a shell script and a .service file, as well...

Wikileaks website that hosted torrent with infected files is migrated to a new domain

UPDATED: While wlstorage.net has been taken offline and is not currently being redirected elsewhere, it looks like all of that host's functionality is now being provided by https://file.wikileaks.org - mostly as a way to facilitate torrent downloads. The new host appears to require SSL, which wlstorage.net did not. The SSL issue was particularly troubling as all of the torrents available for download on wlstorage.net were created referencing the non-SSL version of the site (establishing an unencrypted client connection between the P2P client and wlstorage.net, another great way for the powers that be to identify Wikileaks users). The torrent that includes infected files, gifiles-2014.tar.bz2.torrent, remains available for download as well. As I discussed in my series of posts explaining how the Stratfor email dump hosted by Wikileaks contains malicious software , I first came across a series of infected files when I downloaded and reviewed a torrent file hosted on the Wikil...

An IRS tax refund phishing scam illustrates the widespread failure of hosting and antivirus providers' security measures

Scams focused on stealing tax refunds remain highly profitable, despite the fact that they are well known and understood by security professionals and the general public , and have been for years. A variety of distribution methods are used, with the common threads being the use of IRS logos and bureaucratic-sounding language to convince users to click a link, download and execute a file and/or send personally identifying information like a Social Security number. A recent example of one such a scam that I came across is a damning illustration of the failure of online service providers to protect users from obvious and simple malware distribution methods. In the example I wish to discuss today, the distribution method was a spammed email that on a small ISP's installation of SpamAssassin (note: I am not an admin or employee of this system; I'm a customer) received an X-Spam-Status score of 5.3 after being flagged with the following variables: X-Spam-Status: No, score=5.3 re...

Electronic Arts sending out phishing alerts for Origin accounts

I received a somewhat horrifying email from Electronic Arts in reference to my Origin account yesterday : I pissed my pants a little. The email definitely originated from EA, and there is very little resembling a phishing scam in the process they use to update security setting. I haven't used my Origin account for anything other than playing games on Xbox that require one... I haven't played my Xbox in months. There is no payment information associated with my Origin account, and the login information for it is not associated with any other accounts. There is nothing in the account activity to suggest purchases have been made. I would be a lot more comfortable with this sort of thing if the email was specific about what the issue was. So I am wondering a bit as to why I received this email. Has anyone else been receiving these emails? This whole "standard systems analysis" strikes me as .... suspicious. UPDATE: I've confirmed that I am not the only O...

Nasty little Dropbox phishing spam

This morning I received an interesting message from someone I haven't heard from in a while through email. The subject line was "FIND PDF COPY" (in all caps). Inside the body of the message, embedded within the normal garbage footer attached by their email client, was this: I may very well have gotten suckered into this one if it weren't for the all caps subject line. The person who ostensibly sent me this message is, somewhat ironically, the type of person to include all caps text in their email - but there was something a little too weird about the grammatical solipsism intrinsic to the phrase "FIND PDF COPY" even for this supposed sender. So I took the two seconds out of my day to hover my mouse over the link and, what would you know, dropbox was not the target at all. The link forwarded to "goto-saketen.com" instead. Just to be sure I took a look at the headers of the message. This did in fact come from the sender it claimed to, althou...

Toe's swellin' up - that mean's a hurricane's comin'

So Tropical Storm Erika is rapidly approaching my home in South Florida. Those who don't live on the Gulf Coast or the South East usually aren't familiar with the drama that is living through a hurricane. Its an emotional roller coaster similar to what war has been described as " boredom punctuated by moments of extreme terror ." The hurricane comes at somewhat of an odd time; coming almost exactly three years after I was caught outside my house in the middle of a tornado which sent me flying into a wall after being hit by a wall of water . The tornado three years ago was the remnants of Tropical Storm Debbie, which was supposed to completely miss my neighborhood. The winds were so strong that they snapped a solid concrete bench in my back yard in half, right down to the re-bar. A gentle summer breeze In my front yard, the tornado ripped a 15-20 foot tree out by the roots, twisted it until it cracked, and laid the whole mess to rest on the hood of my car - mis...

HOWTO Remove KB2876229 - the sneaky Skype 7 Windows "Update"

A ton of Skype users were unhappy with the update from Skype 6.x to 7.x. Most of what I have seen is complaining about a few minor changes to the user interface. In the usual baby/bathwater situation that follows this sort of thing, "Power Users" began circulating guides on how to modify hosts files to prevent TCP connections to skype and msn domains. You know, because making sure you have the correct proportion of whitespace is more important than stupid trivia like patching critical security vulnerabilities . To address this madness, Microsoft decided to get clever. In addition to sending the Skype 7 update through the Skype application and related packages like Lync, they would push it through as a Windows update - KB2876229 . The Skype application updates are pushed through *.skype.com and *.msn.com , while Windows updates come from domains like  *.microsoft.com , *.windowsupdate.com and *.windows.com . The looks over substance crowd hadn't yet reached the levels ...