Skip to main content

Posts

I just became a member of Open Knowledge Labs

Among the many pies I have my thumbs into at the moment, I am particularly interested in using technology to bring greater transparency to government. One of the most prominent problems as it relates to government transparency might be surprising: while most people immediately think of deliberate secrecy as the pre-eminent threat of transparency, simple dysfunction plays at least as large a role in preventing public access to state records. Immense troves of data remain solely available on ink & paper. Information that has been computerized remains in private intranets. Even data that is online, organized and available remains in a format that prevents semantic contextualization - either by storing documents in image files (TIFF) or difficult to decipher compressed formats (PDF or XPS). And in the rare cases where government agencies have made information public, semantically decipherable and accessible over the internet the problem remains of indexing that data using a common s...

Fedora Project's RHEL yum repo has been throwing errors since yesterday UPDATED

A few of my Red Hat servers run cron jobs to check for updates. starting yesterday (Thursday October 1st, 2015) at around 3PM I encountered 503 unavailable errors when attempting to contact a Fedora Project URL that hosts the metalink for the  rhui-REGION-rhel-server-releases repository - a core RHEL repository for EC2. Could not get metalink  https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=x86_64  error was 14: HTTPS Error 503 - Service Unavailable 3 hours later or so, the URL began responding again, but the problems remained. `yum` now reports corrupted update announcements from the repo: Update notice RHSA-2014:0679 (from rhui-REGION-rhel-server-releases) is broken, or a bad duplicate, skipping. You should report this problem to the owner of the rhui-REGION-rhel-server-releases repository. Update notice RHSA-2014:1327 (from rhui-REGION-rhel-server-releases) is broken, or a bad duplicate, skipping. Update notice RHEA-2015:0372 (from rhui-REG...

EC2 IP aliasing script is now ready for use

About a month and a half ago I grew so frustrated by the boneheaded way that Amazon EC2 handles IP aliasing that I wrote a pretty lengthy post about the problems entailed and included a small program that would fix those problems . Amazon provides some pretty productive documentation for some types of users. There is help available for you if you are any one of the following:      - You are willing to pay for a new ENI to support a second IP address      - You are multihoming / load balancing      - You want to use "Amazon Linux" and install their ec2-net-utils But, if you want to just add a second IP address to a pre-existing Linux server, you are pretty much screwed. Well, you were screwed. Now you can install my program - aliaser - as a service and it will route additional IP addresses for you without the need for an extra ENI. I've uploaded aliaser to Github   - it includes a shell script and a .service file, as well...

Wikileaks website that hosted torrent with infected files is migrated to a new domain

UPDATED: While wlstorage.net has been taken offline and is not currently being redirected elsewhere, it looks like all of that host's functionality is now being provided by https://file.wikileaks.org - mostly as a way to facilitate torrent downloads. The new host appears to require SSL, which wlstorage.net did not. The SSL issue was particularly troubling as all of the torrents available for download on wlstorage.net were created referencing the non-SSL version of the site (establishing an unencrypted client connection between the P2P client and wlstorage.net, another great way for the powers that be to identify Wikileaks users). The torrent that includes infected files, gifiles-2014.tar.bz2.torrent, remains available for download as well. As I discussed in my series of posts explaining how the Stratfor email dump hosted by Wikileaks contains malicious software , I first came across a series of infected files when I downloaded and reviewed a torrent file hosted on the Wikil...

An IRS tax refund phishing scam illustrates the widespread failure of hosting and antivirus providers' security measures

Scams focused on stealing tax refunds remain highly profitable, despite the fact that they are well known and understood by security professionals and the general public , and have been for years. A variety of distribution methods are used, with the common threads being the use of IRS logos and bureaucratic-sounding language to convince users to click a link, download and execute a file and/or send personally identifying information like a Social Security number. A recent example of one such a scam that I came across is a damning illustration of the failure of online service providers to protect users from obvious and simple malware distribution methods. In the example I wish to discuss today, the distribution method was a spammed email that on a small ISP's installation of SpamAssassin (note: I am not an admin or employee of this system; I'm a customer) received an X-Spam-Status score of 5.3 after being flagged with the following variables: X-Spam-Status: No, score=5.3 re...

Electronic Arts sending out phishing alerts for Origin accounts

I received a somewhat horrifying email from Electronic Arts in reference to my Origin account yesterday : I pissed my pants a little. The email definitely originated from EA, and there is very little resembling a phishing scam in the process they use to update security setting. I haven't used my Origin account for anything other than playing games on Xbox that require one... I haven't played my Xbox in months. There is no payment information associated with my Origin account, and the login information for it is not associated with any other accounts. There is nothing in the account activity to suggest purchases have been made. I would be a lot more comfortable with this sort of thing if the email was specific about what the issue was. So I am wondering a bit as to why I received this email. Has anyone else been receiving these emails? This whole "standard systems analysis" strikes me as .... suspicious. UPDATE: I've confirmed that I am not the only O...

Nasty little Dropbox phishing spam

This morning I received an interesting message from someone I haven't heard from in a while through email. The subject line was "FIND PDF COPY" (in all caps). Inside the body of the message, embedded within the normal garbage footer attached by their email client, was this: I may very well have gotten suckered into this one if it weren't for the all caps subject line. The person who ostensibly sent me this message is, somewhat ironically, the type of person to include all caps text in their email - but there was something a little too weird about the grammatical solipsism intrinsic to the phrase "FIND PDF COPY" even for this supposed sender. So I took the two seconds out of my day to hover my mouse over the link and, what would you know, dropbox was not the target at all. The link forwarded to "goto-saketen.com" instead. Just to be sure I took a look at the headers of the message. This did in fact come from the sender it claimed to, althou...