Browsed by
Month: July 2008

How to check if your DNS server is vulnerable to the recently discovered DNS exploit

How to check if your DNS server is vulnerable to the recently discovered DNS exploit

In case you’ve missed the recent news about the major DNS exploit problem and haven’t checked to see if your DNS server is vulnerable, this site has a checker that will test to see if your DNS server appears to be patched or not.

Recently, a significant threat to DNS, the system that translates names you can remember (such as www.doxpara.com) to numbers the Internet can route (66.240.226.139) was discovered, that would allow malicious people to impersonate almost any website on the Internet. Software companies across the industry have quietly collaborated to simultaneously release fixes for all affected name servers. To find out if the DNS server you use is vulnerable, click below.

Check your DNS server here: DoxPara Research.

(via David Shea @ Mezzoblue, found on RSS2)

Dr. Horrible’s Sing-Along Blog – WATCH ALL 3 EPISODES ONLINE *THIS* WEEKEND ONLY!

Dr. Horrible’s Sing-Along Blog – WATCH ALL 3 EPISODES ONLINE *THIS* WEEKEND ONLY!

Run, don’t walk, to the Dr. Horrible website and watch his micro-epic masterpiece of musical genius.

You know you love the musicals. Do it, do it now.

This will be gone after this weekend, and then you’ll be sorry you weren’t one of the cool kids who saw it when it first came out. Be part of the sensation.

That is all.

Update: It’s now available on Hulu to watch again (free). Hulu FTW!

Why you should upgrade your WordPress installation to version 2.6 (just released) today

Why you should upgrade your WordPress installation to version 2.6 (just released) today

WordPress 2.6 is Available! Security Advisory to upgrade ASAP!

First, the good news: Matt & his brave crew of WordPress coders have just released version 2.6 of the Open Source award-winningly awesome content management system called WordPress (download it here). I’ve been using it since it was called b2, and love it. I recommend it for most of my clients, and they love the simplicity and ease of use. I also really like how easy it is to customize and extend, using the excellent theme and plugin system.

If you have a WordPress installation yourself, please upgrade it today. Why should you do it today? In short, not only does the latest version of WordPress have some awesome new features (like content change tracking, a new “Press this” browser bookmark, using Google’s Gears system to make it faster, and about 194 bug fixes) it also contains the latest SECURITY FIXES.

Why should you care about security fixes? Because older versions of WordPress are vulnerable to exploits. I know this for a fact, and have been working on cleaning out a number of older installations of WordPress that have been hacked. This isn’t a fun process, and if you stay up to date, you will have the best chance of not getting hacked yourself.

This isn’t a problem exclusive to WordPress, and they’ve done a really good job generally at fixing holes (the current release proactively fixes a number of potential issues), but it is an issue you should definitely look into.

On a Unix machine, one thing to look for is this pattern in any files: md5($_COOKIE'

You can do a search through all your hosting accounts by running this command (run as root):
# grep -R 'md5($_COOKIE' /home/

That will tell you if you have any infected files (for this particular exploit). If you find any, you need to clean out those files. If you are running your sites out of version control (like using svn), this may be slightly easier.

$ svn st should tell you if any files were changed from the last time you checked them out. If you see unexpected files show up, you’ve been hacked.

To clean out your installation, not using version control method (done as root in this case):

  1. Copy your whole public_html directory to another location so you can do forensics on it and copy valid files back into your new installation:
    # cd /home/USERNAME/
    # mkdir public_html-hacked
    # mv public_html/* public_html-hacked/
  2. Download a clean copy of WordPress into your public_html:
    # cd /home/USERNAME/
    # wget http://wordpress.org/latest.zip .
    # unzip latest.zip
    # cp -R wordpress/* public_html/
    # chown -R USERNAME:USERNAME public_html/*
  3. Create a new wp-config.php file. It’s probably a really good idea to first change your MySQL database password. To create your new config file:
    #cd public_html/
    # cp wp-config-sample.php wp-config.php
    # vi wp-config.php

    Enter the correct (new) values for your MySQL database name, username, password, and the (currently 3) authorization unique key values (go to http://api.wordpress.org/secret-key/1.1/ to automatically generate the 3 keys for you to copy/paste into your config file.
  4. Next, upgrade your WordPress database: http://example.com/wp-admin/upgrade.php. You’ll have to sign in with your admin username and password. Once this is done (should go without a hitch, hopefully), examine your user table to see if there are any entries there that shouldn’t be. Delete any users that you didn’t create. Also, it would be a good idea to update the password for each user in the system.
  5. Go through all of your Settings, looking for any suspicious changes. Specifically notice what the Uploads directory is set to (in Settings->Miscellaneous). It should probably be set to something like wp-content/uploads. If it says something like ../../../../../tmp/ change it back. Also go look there to see if there are any left-over files that need to be investigated and removed.
  6. Make a local copy backup of your database and then clean out entries that don’t belong there. Check your raw database (using something like PHPMyAdmin or command line mysql tools) and examine the wp_users table. Look for a user called WordPress. Delete it! If you found it, also check the wp_usermeta table and delete all entries associated with the bogus WordPress user ID. Next, check through your other MySQL tables to look for any suspicious entries (attached files, comments, posts, etc.) Delete anything that looks incorrect or wrong, but be sure not to delete your actual content.

As you can see, there are lots of things to check for if your installation of WordPress gets compromised. So, to save yourself a lot of pain and suffering, make sure you upgrade your WordPress installation(s) just as soon as you can.

More good info if you think your WordPress installation has been hacked:

Unsubscribed. (Open letter to Barack Obama re: FISA vote)

Unsubscribed. (Open letter to Barack Obama re: FISA vote)

FISA vote = unsubscribed from Obama's emails. Now member ACLU.

UPDATE: Lessig weighs in on the reaction to Obama’s vote. Lessig is the man. His analysis of the possible reasons for this vote is very well stated. It doesn’t change my mind about unsubscribing from Obama’s email money train (for now).

Dear Barack,

You know I love you. Your voice and message has given me actual real hope in a presidential candidate for basically the first time in my life. That’s why it pains me to unsubscribe from your mailing list today and suspend my ongoing giving of time and money to your campaign.

On July 9, 2008 you used your power as a U.S. Senator to vote for giving telecoms retroactive immunity for actions that they KNEW were illegal. I’m just…baffled by your action on this issue. Perhaps you’re playing some kind of election chess or something. Maybe you have some masterful plan that you’re just waiting to execute. This was a pretty big disappointment for me, and many of my friends. Whatever your reasons, it comes across as being very uncharacteristic of your previous strong stances for freedom, the rule of law, accountability, etc.

I want you to know that today I joined the ACLU and donated $50 to their efforts to defend American civil rights that I would have gladly given you instead.

So far, I’ve contributed $700 of my own money to you to help you win, because I believed in you. That you were intelligent (finally!), understood sensible and subtle approaches to policy, war, and other issues. Lately, however, with your seeming backsliding on a number of issues that you previously strongly stated support for, well, it’s been harder and harder for me to consider clicking the nice red Donate button that you include in each of your emails.

I hope you win the election. I have zero desire to see McCain in the White House. Don’t be like Kerry, where in the end, it was like, oh well, guess he just wasn’t strong enough or good enough or tough enough to win it. Against Bush for God’s sake.

Have fun at your ‘open’ convention in Denver. I still hope that you really do, in fact, mean all the things that you said when you were busy drumming up support by delivering your inspiring messages. You had me inspired. Now you have me disappointed, and wondering if you’re actually real, if you really and truly have the integrity you promised. Your well-developed brand of authentic leadership has just taken a major, major hit.

Be the strong leader we want, that we need. Being strong means taking a principled stand, and not backing down, watering down, or standing down.

I still want you to win. With your recent vote, however, I’ve been ‘inspired’ to take my own action, to go ahead and donate future contributions and time to other people and parties who have demonstrated their willingness to stand up against the errors of our day.

Thanks for the ride. Good luck, and peace out.

Unsubscribed.


Gabriel

Cross-posted to the biggest group on Barack’s social networking site: SenatorObama-PleaseVoteAgainstFISA.

Video of Olberman’s commentary on Barack’s opportunity to do the right thing on FISA, before the vote.

More info: Barack+Obama+FISA

I BELIEVE I CAN UNSUBSCRIBE.  Result of Barack Obama's FAIL vote on FISA.