I suggest big corporations, and important public services stop using insecure operating systems

On April 21, 2010, beginning at approximately 14:00 UTC, millions of computers worldwide running Windows XP Service Pack 3 were affected by an erroneous virus definition file update by McAfee, resulting in the removal of a Windows system file (svchost.exe) on those machines, causing machines to lose network access and, in some cases, enter a reboot loop. Mcafee rectified this by removing and replacing the faulty DAT file, version 5958, with an emergency DAT file, version 5959 and has posted a fix for the affected machines in their consumer knowledge base. The University of Michigan’s medical school reported that 8,000 of its 25,000 computers crashed. Police in Lexington, Ky., resorted to hand-writing reports and turned off their patrol car terminals as a precaution. Some jails canceled visitation, and Rhode Island hospitals turned away non-trauma patients at emergency rooms and postponed some elective surgeries. Australian supermarket behemoth Coles reported that 10 percent (1,100) of its point-of-sales terminals were affected and was forced to shut down stores in both western and southern parts of the country.

http://en.wikipedia.org/wiki/McAfee#History

zenphoto upgrades

I was initially having some issues doing an upgrade. It was, as it always seems to be, because I did not RTFM.

  • Backup your MySQL database.
  • Backup customised themes or plugins or any other files
  • Delete the following files and folders:
    • The zp-core folder
    • The themes that were distributed with Zenphoto
    • The files in the home dir (index.php, rss.php, sitemap.php etc.) that came with the distribution
  • Download the latest version and upload it to your server. Do not replace your albums or cache folder!
  • Make sure the .htaccess file is writeable. (If you do not have a .htaccess file, you will be given the opportunity to create one during setup.)
  • Move robots.txt
  • Visit www.example.org/zenphoto/ to start the automated setup wizard.
  • If it does not automatically start, visit www.example.org/zenphoto/zp-core/setup.php
  • Make sure everything checks out, and click go!
  • Follow the instructions.
  • You’re done! Enjoy.

LSO local shared object flash cookies

better privacy lso flash cookiesWhy are Flash Cookies Harmful?

  • they are never expiring – staying on your computer for an unlimited time.
  • by default they offer a storage of 100 KB (compare: Usual cookies 4 KB).
  • browsers are not aware of those cookies, LSO’s usually cannot be removed by browsers.
  • via Flash they can access and store highly specific personal and technical information (system, user name, .).
  • ability to send the stored information to the appropriate server, without user’s permission.
  • flash applications do not need to be visible to the user
  • there is no easy way to tell which flash-cookie sites are tracking you.
  • shared folders allow cross-browser tracking, all browsers use the same LSO folder
  • the company doesn’t provide a user-friendly way to manage LSO’s, in fact it’s incredible cumbersome.
  • many domains and tracking companies make extensive use of flash-cookies.
  • flash-cookies are used to re-create data of deleted traditional cookies.

Read more about LSO’s on wikipedia and Download Better Privacy firefox extension to keep track of those who keep track of you!

Amarok cannot connect to MySQL database

I deleted all instances of ‘amarok’ in $HOME/.kde4/share, and dropped the ‘amarokdb’ database, and dropped ‘amarokuser’, and re-created everything, but it still wouldn’t connect.

It turns out the solution is simple. Just change the password in the Amarok settings page from ‘password’ to something else (e.g. ‘password123’). Change the ‘amarokuser’ password, too, in mysql. Restart Amarok, and they can connect.

This is a bug in Amarok, as it doesn’t have a default password configured, one must be explicitly set.  Source

aircrack-NG Intel PRO Wireless 3945 a/b/g SUPPORT!

Iwl3945 is the new driver for the Intel PRO/Wireless 3945ABG wireless chipset. It includes new features like:

  • Managed and monitor mode support in one driver
  • Enhanced injection support
  • Multiple interfaces on one device – use the aircrack suite on a monitor interface while remaining associated on a managed interface
  • Full radiotap support, for both incoming and outgoing packets
  • No more binary regulatory daemon needed, regulatory enforcement is done by the firmware

The driver is based on the mac80211 stack, so the usual requirements apply (aircrack-ng 1.0-rc1, a recent version of libnl, a fairly new kernel, etc.)

I’m quite excited about this, because previously my chip wasn’t able to do packet injection. Now, I can force WEP client to dissassociate from their WAPs, and I can potentially break WEP! My Core2Duo 1.8GHz machine may not have the horsepower, but my AMD 6400+ X2 can certainly handle it.

Aircrack-NG and Intel iwl3945 Driver

Yahoo! Shuts down Geocities – Download Geocities via Bittorrent

Hello there. You mailed geotorrent@******.com to be notified when the torrent file for the download of Geocities was ready. Well, it’s ready. This letter has the details, and I’ve attached the 1.3mb .torrent file that you will use to make it work. We’ve been running tests at archive team for a while, we’re about 99% sure everything is working.

In the words spoken by so many before me and ignored every single time, please read this whole letter before starting, to make sure you understand what you’re getting.

The final size of this archive is 642 gigabytes, which decompresses to roughly 909gb. The archive contains roughly 100,000 user accounts from Geocities and related sites. The files are gtar .tar files compressed into .7z archives, hence the space savings. If you do not know what a .tar file is, or what .7z archives are, this is a warning sign you might be getting a lot of data that will not interest you.

There was a lot of press that hit when this torrent was announced. Some of the press started using phrases like “download all of Geocities” or “A 900gb archive of Geocities that expands to terabytes”. Maybe next time they’ll e-mail people directly, instead of making things up by reading random blogs. Maybe next time we’ll not see a Geocities be shut down either. This is a percentage of Geocities we got through our methods. We hardly got everything. A lot had been deleted over the years by Yahoo! and a lot of data was linked from nowhere else, so we will not pretend this is anywhere near complete. But it will be quite enough for most people.

IF ALL YOU WANT TO DO IS SPEND A FEW MINUTES BROWSING GEOCITIES LIKE IT WAS THE OLD DAYS, GO BROWSE A MIRROR. Here are a set of them:

You’ll get your fix and you won’t go into internet rage when you find you downloaded hundreds of gigabytes of THING YOU DO NOT WANT.

Others have different sets of the Geocities data, and some are larger (and some are smaller). We hope they make an effort to create torrents or distribution methods as well, but here we are with what we have. The attention to this issue was always the main intent, and we got a lot of it. The hope is that “the next time”, a shutdown of this magnitude with no easy export function or hope for retrieval afterwards will be a source of derision and horror.

THE SEEDING WILL BE SLOW AT FIRST – but there are plans underway to ferry hard drives to a number of entities to add a larger amount of seeds. So expect it to speed up.

As fun as watching 15 years of history be destroyed can be, we had fun putting this together. We hope you make use of this material in whatever way you feel best. There’s a lot to learn and a lot of use for it – if nothing else, to remember a time now gone.

Catch you at the next shutdown.

Jason Scott
For Archive Team

Download the .torrent

 

Nmap on Cygwin

Installed nmap on cygwin. Dead easy!

  1. Download and install Cygwin
  2. Download and install WinPCAP
  3. Accept most defaults
  4. Do the default installation, typically C:\cygwin\
  5. Download nmap for windows (zip)
  6. Open the zip file
  7. Double click the folder inside the zip, a large list of files should appear
  8. Extract these files (and not the folder which contains them) to C:\cygwin\usr\local\bin
  9. Open cygwin
  10. Type
    • nmap --version
  11. Your nmap installation on cygwin is now complete

Update 3/May/2012: Try running the vcredist_x86.exe file found in the zip archive if nmap doesn’t seem to run.

For a general understanding of nmap, just type nmap. For a more detailed comprehension, read the manual, and search the web.

Secret or Hidden page in Linksys WAG54g2 ADSL Modem and Wireless Router

Trying to Google this problem was very frustrating. Hopefully it will help someone else. The Linksys WAG54G2 ADSL modem + Wireless Router does not have a GUI page to show more technical information, such as line attenuation, among others.

Therefore, there are some secret or hidden pages built into the device that will reveal this information. The router’s default IP address is 192.168.1.1, but if you have changed yours, the links won’t work, and you should know what to do.