slideshow 01 slideshow 02 slideshow 03 slideshow 04 slideshow 05 slideshow 06 slideshow 07 slideshow 08 slideshow 09 slideshow 10 slideshow 11 slideshow 12 slideshow 13 slideshow 14 slideshow 15 slideshow 16 slideshow 16 slideshow 16 slideshow 16 slideshow 16 slideshow 16 slideshow 16 slideshow 16

And Dumb Security Company of the day goes to.....

Argh, dammit, I can't tell you.  But the imaginary conversation goes like this.
Me: "Hi security company, I see that you have an enterprise grade security product that my client has put at the heart of their enterprise?"
Dumb Security Company (DSC) "Yes, can I tell you about it, its great - it has elements that ..."
Me: "No, no, please stop.  Anyway, the client tells me that your security products runs on Windows"
DSC: "Yes, that's right we have a strategic realationship with Mi..."

New Password Hashing Method

Dammit, Bruce Schneier had a link this month to a password hashing competition, but I was too slow.  the link is here: https://password-hashing.net/
In the meantime it occurs that one way to try and defeat GPU based cracking is to increase the complexity of the hashing process so that it's harder to pipeline the functions on the GPU.

Certificate CA pinning

With many MITM attacks, you get fake certs.  CA pinning would help to fix this: The browser would retain a copy of every cert that it gets in a local DB and if it gets a different cert next time you visit the same domain or if the signing CA is different, it gives you a warning.  Carry on at your peril.   This kind of attack is mainly the state sponsored threat actor: they have the resources and the clout to persuade a CA operator to sign a bogus cert and\or onsert themselves in DNS traffic.

Tricks and Tips #1 Block 'em. Block 'em all.

One way that TurboTas.co.uk stops unwanted shite turning up on the website is with massive IP block lists.
As this is a very small blog, available in English only, I can take some pretty radical steps to prevent Eve from getting into my system.
The subject is somewhat evocative but I'll lay it out for you.  People visiting my website speak English and are mainly from the United Kingdom or the US.  Web logs and analytics support this.

Spammers Blocking Day

A day to stop spammers today with quite a few direct connections not picked up by the server.
189.194.93.86.  Looks like an insecure web application with an open PHP mailer script.  DOH!
186.51.53.86.  Another email spammer.
SSH attempts from 82.165.129.71 and 149.3.143.187.  Blocked both of those.
Spotted 89.67.253.49 in the HTTP logs and a check of project Honeypot shows them as massive spammers.  46.37.165.127 in same boat, also 78.157.192.24 and 46.37.189.182

USB Firewall

I have not found one of these,  but can't beleive it doesn't exist: A little USB dongle that plugs into your work desktop and will charge your mobile phone but without making the desktop see your phone as a device.   Basically, connect the volts, but not the data.  Obvious really.  Someone tell me why it won't work?

Another Day, Another set of IP blocks

Quite a big set of IP addresses today because I've been scanning the logs for the evening.  Rather an alarming list building up of stuff that needs fixing.
 
Chinese email spammers.  I spotted them via attempts to web spider sites that are now offline.  60.173.10.0/24  Block them while you can! Drat, just noticed a bunch from the class c under that one too, so best block .9. too!  Oh and .26.0.  Actually this is looking like a problem with a much larger block, No? 
 
Spanish hacking attempt via the Apache Logs: 81.44.219.18
 

7 Jan 13: Email Spamming from Poland

Do yourself a favour and block the following range: 91.236.74.128/25.   I was led to this block of addresses after noting access attempts from 91.236.74.144.  Oddly, the activity I saw was on a website that I no longer run and from host 144 in the range, so lots of errors in the access log for the main server, but it seems that this might be harvesting email addresses as the http://www.stopforumspam.com/ service shows mosts of the hosts above 128 are generating massive amounts of email spam.

Sky Customer Service #Fail

 Welcome to Sky Live Chat Service. A Sky Advisor will be with you shortly. You are now connected with Kavitha. Kavitha: Hello, you're chatting with Kavitha, a Sky advisor, may I take your name please? You: Hi, our sky box keeps crashing so we are fed up with it. Kavitha: I'm sorry to hear that. You: indeed Kavitha: I'll certainly help you to fix this issue. Kavitha: Can I take your name please? You: Mr Toby Seaman Kavitha: Toby, Can you describe the issue that you are having with your equipment please? You: yes, as above, about twice per day, the sky box just hangs completely.

Welcome to the new look TurboTas

Finally got fed up with Joomla and having done a poll of the other CMS out there, we are now on Drupal!  Come on in, the water is lovely!

Pages

Website copyright 2012 Lateral Thought Ltd, Registered in England no 6207696. 17 Fairfield Avenue, Horley, Surrey, RH6 7PB.