Kalimat al-Mutafalsif

At some point in the recent past my site was compromised by Wordpress.net.in spam. I don’t know exactly when the back door was put in place since I haven’t been very active on this site, though I do know that on March 20th 194.110.162.23 hit default-filters.php and uploaded the malicious code to inject spam into the footer of my pages. Unfortunately the attack is for a different version of Wordpress so rather than infect me with ads, it just screwed things up royally. Maybe that’s a good thing as I noticed it.

A great write up of how to clean this mess up can be found here.

To sum it up:

• Remove wp-includes/class-mail.php, its fake.
• Take out the lines hooking into the footer in wp-includes/default-filters.php
• Remove the line from the top of wp-includes/default-filters.php that accepts a file given a random GET variable.

The take away lesson here is: Even if you’re not actively publishing on your blog, you better make sure your software is up to date. I’ve been busy with other stuff and neglected mine, unfortunately.

EDIT: I’ve done some poking. 194.110.162.23 is out of “Extended Host” in New York City. I’ll refrain from scanning it, though I am darn tempted to see what back doors were opened on that box. As it is, I’ll just email the host and inform them of the troubles.

A friend of mine passed on his used 60GB video iPod to me, which was very much appreciated as my old Sony MD-Walkman still works, but is hindered by all kinds of nasty DRM. Nasty enough that I have been unable to even change any songs on there in the past three years as I lost the software. Nasty enough that nobody has bothered to reverse engineer it because even with documentation it’s a bear. So I had been planning on getting something, and this was quite a nice graduation present. I immediately replaced the firmware with something a bit more “free”, Rockbox, and named her ‘Katana’. Now I’ve got a nice flat file browser that lets me drop in almost any type of file I want. This doesn’t stop at music and videos, I can also read text files, view pictures, etc. Naturally, that’s not enough for me *wicked grin*. Read on to see some fun hacks that can be had with your iPod.

If you follow my blog, and sadly most of my readers have stopped checking, you’ll remember the security hole I found on a major website around Valentine’s Day. You should also remember I had a very good experience with the developers there, in terms of their competance and politness.
Well, I just tried to log [...]

I’m in a bad way right now. Personal issues just about every week have made this semester the semester from Hell. Well, today was the worst, I’ve almost snapped from stress, depression, lots of stuff. Not meaning for this to be emo, just want to set up what goes into these posts more. Anyways I went running tonight. Car’s messed up, needed to get out so I just lit out runnin. Ended up (so far, no where near done) at the school library, wanting to do some hacking. A lot of my hacking is done when I’m trying to clear my mind of larger issues, which is how I get issues so bottled up inside that I can snap. This is an problem, but tonight, I just need an escape. So I *just* hit publish on a semi-decent write up of fun I’ve had with printers, I want to show you some more in depth.

I’d like to start with saying I’m not doing this to be malicious… I’m just curious about these printers. Nothing I do will be aimed at hurting the printer in any way, nor the school network. I’m not doing anything here because I’m bitter or have pent up stress, I need an escape, and here’s a great way to spend 30 minutes off in a wonderful world of binary choices where everything works out right. Without further ado: a look at my schools printers.

Well, I’m awake on time (9 am), done my workout, eating breakfast as we speak and I’m sqeeky clean from my shower. This new morning routine gives me lots of time to ponder before starting my day, and I was reflecting on an interesting happening yesterday. Quickly summing it up, I was able to apply a hacking method for hardware to an AIM conversation, fun huh?

This is just a quick update about the story I posted last week regarding a nice security hole in a major Internet Site. The tech support there have actually been really, really great in working with me to fix this problem. They emailed me an intial “Hey we got your report” the day I sent it out, and later this email I’m sharing with you. I initially expected to lose that account (and at one point today, I kinda wish I had), but so far it hasn’t been locked or damaged in any way that I can see. I got en email from them that I’d like to share as an example of doing things the right way.

So I was feeling kinda down a few days ago, and I turned to the thing that always cheers me up, hacking. Nothing malicious, just seeing what bugs I could turn up. Found a great one dealing with why sites should use HTTPS instead of HTTP traffic by default. Oh, I’ve taken the liberty of attempting at clearing out all links to my accounts. Don’t worry, my account doesn’t use that security question any longer. Also, because this post isn’t malicious, I’m omitting the name of the site I found this on (and really, it could be any of the major sites out there, they all act a lot the same and I’ve yet to go check some other major ones) because they deserve anonymity as much as I do.

Last year I had a fairly, bleh, Valentine’s day post. It was rushed, poorly done, and all over the place. This year, this year is different. You may notice that this is BEFORE Valentine’s day… that’s true. I’m putting this out early, with the same hopes as last year, that some geek out there might score a date for the rest of us! Now, my plan this year, is a personalized Linux LiveCD that I’m calling the LoveCD. So, this post is going to be 10 fun ways to personalize a CD for that special someone (or laptop, in my case).

So there I was…. sitting in “Popular Religion and Cyberspace” minding my own darn business when BAM, professor assigns a paper! Uncool… What did the paper have to be on? A form of folk, popular, or vernacular religion that we’d experienced. That was the entire assignment description. Right quick I’ll tell you that these are folklore terms for religions that: differ from a formal religion slightly; are of a repressed group; or the personal beliefs of people and how they perceive religion, respectively.

Now I had an initial idea to write about the religion found in Walraven, but after talking with the creater for a bit, decided this wasn’t gonna work. So, the other guys on the IRC channel (developers of walraven / friends of them) started throwing out other ideas related to coding, and I took them and ran with it. Here’s what I came up with:

So, everyone in this age has heard of the “eeeeeviiiil botnets”, yes? They’re shown all over the media threatening our livelyhoods, they’re written about in the newspapers, and its obvious the world is going to end tomorrow due to these little buggers. Or is it? I for one am quite intriguied by botnets, and the viruses (I was formally corrected this weekend that viruses is the “correct” plural, so there ya go) that form them. In many ways these evil little guys are the best coding we see nowadays when OSes are…. abysmal to say the least. Now, of course I’m not intriguied enough to MAKE a botnet in the wild… that’d be evil and wrong, and obviously I’d be anti-freedom. But I’d still like to play with them, and to that end, I unveil the game Malap and I were working on this weekend.

Botnet!