RSS Feed
Twitter
Had to pay an extra £70, but I'm going to be back tonight, so it's worth it (train leaves in 6 mins), saves me spending 10 hours at Birmingham station ....
This is featured post 1 title
Replace these every slider sentences with your featured post descriptions.Go to Blogger edit html and find these sentences.Now replace these with your own descriptions.This theme is Bloggerized by Lasantha - Premiumbloggertemplates.com.
This is featured post 2 title
Replace these every slider sentences with your featured post descriptions.Go to Blogger edit html and find these sentences.Now replace these with your own descriptions.This theme is Bloggerized by Lasantha - Premiumbloggertemplates.com.
This is featured post 3 title
Replace these every slider sentences with your featured post descriptions.Go to Blogger edit html and find these sentences.Now replace these with your own descriptions.This theme is Bloggerized by Lasantha - Premiumbloggertemplates.com.
Thứ Bảy, 31 tháng 10, 2009
08:12
nam tóc xù
Can you believe it? We’ve made it to thirty. That’s right; thirty issues of FCM, and they wouldn’t have happened without you! Here’s a giant thank you to all the editors, translators, writers, hosting donators, and everyone else that’s made FCM and Ubuntu possible.This month:- How-To: Program in Python – Part 4, Applications for Bookworms, Installing OpenOffice.org Base. - My Story – The Doctor
06:43
nam tóc xù
The MVP Open day (more like a weekend thingy, but still) has now ended, with everyone else buggering off home. Stuck here till late tonight myself as the train isn't due until 21:40, and I'll then have a 10 hour wait at Birmingham train station thanks to the train back to Newcastle not being until 0900 tomorrow morning (yipee!).Aside from a lack of WiFi, it's been absolutely great, got to meet a
Thứ Năm, 29 tháng 10, 2009
15:16
nam tóc xù
Just a note folks. I arrived at Reading at lunchtime, annoyingly, with 5 hours of absolute boredom on the train thanks to a complete lack of WiFi on the train (thanks once again to CrossCountry Trains, a company I'll never be using again, and 3G, whose mobile connection decided it didn't actually want to connect to err - anything).Got a connection now at the hotel, but it's as slow as molasses,
15:14
nam tóc xù
Looks like CyberDefender haven't learnt, and are still up to their previously published tricks;http://www.gl1800riders.com/forums/showthread.php?t=230204Is the poster in the thread real? Is their experience real? Who knows, but knowing CyberDefender, I'm inclined to believe .... yep, the poster.
Thứ Tư, 28 tháng 10, 2009
03:29
nam tóc xù
I am pleased to announce, albeit a day later than planned, the October release of hpHosts.The hpHOSTS Hosts file has been updated. There is now a total of 108,234 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)Latest Updated: 28/10/2009 09:30Last Verified: 27/10/2009 23:00Download hpHosts now!http://
Thứ Bảy, 24 tháng 10, 2009
18:04
nam tóc xù
I received an interesting Abbey National phish yesterday, that decided, instead of simply pointing me to a URL, they'd try a better method of evading suspicion and phish/spam etc filters.The e-mail arrived from 81.252.149.105, with a PDF (shown left) attached (Dear Abbey Internet Bankiewng Holder.pdf), and the following bit of text;You need to update your account information for more reasons: 1.
Thứ Sáu, 23 tháng 10, 2009
20:27
nam tóc xù
You may be wondering where the October release of hpHosts has wandered off to. Let me assure you, it's not gone on holiday, it's not gone to Vulcan and it's not gotten itself lost on the tube (that's my job ;o)).Due to server issues and work, amongst other things, the October release of hpHosts is due for release on Tuesday (I would say Monday, but want to give myself some room). It's been going
18:18
nam tóc xù
... as if it ever really vanished (nope, at least, not completely, as thousands of site owners have never cleaned up their sites, leaving the original infection and/or backdoors in place - woops!).Read the write ups by FireEye and Unmkask Parasites;Gumblar, not Gumby!http://blog.fireeye.com/research/2009/10/gumblar-not-gumby.htmlRevenge of the Gumblarhttp://blog.unmaskparasites.com/2009/10/23/
15:16
nam tóc xù
I'm happy to report, the hpHosts server (formerly the backup server) is now back online. Thanks to a BIOS flash update that I was finally able to get hold of, it's got the 300GB drive in (formerly in the network backup server), though annoyingly, the BIOS update has removed the ability to boot from CD/DVD (option is no longer in the BIOS, boot options are there, just can't change the boot order),
02:41
nam tóc xù
And here comes yet another fake Windows update. This one claims to be an update for Outlook/Outlook Express, but nope, it's not. Rather predictably, it's the Zbot infection (Forgot to disable NOD32 when grabbing a sample, and it flagged it as Kryptic.ATQ).URL in the e-mail points to;hxxp://update.microsoft.com.bbttyak.org.uk/microsoftofficeupdate/KB910737/default.aspx?ln=en-us&email=zerozen@
02:28
nam tóc xù
Just an update concerning this.The machine annoyingly, does not recognize the new HDD (500GB), so I thought I'd swap the 500 for the drive in the network's backup machine and annoyingly, it doesn't recognize that either. It would appear, given it's recognizing the 40GB out of the test machine, that it only likes drives up to 80GB, which is a major annoyance. I was going to look for a BIOS update
Thứ Năm, 22 tháng 10, 2009
Thứ Ba, 20 tháng 10, 2009
16:32
nam tóc xù
I was trying to decide who to name and shame next, and it was a toss up between Bigness (AS49093), Ecatel and Krypt Technologies. I thought this time, we'd go with Bigness and leave Ecatel and Krypt Technologies for next time.Bigness came across the radar a few months ago, due to it's hosting a slew of malicious domains, and ONLY hosting malicious domains (I've not seen a single legit site hosted
Chủ Nhật, 18 tháng 10, 2009
20:54
nam tóc xù
.... Otherwise known as, what happens when you let complete morons onto the interwebs? Why this of course (and if the popup blocker (it tried loading 12 popups!), flash and ActiveX hadn't been disabled, it would've likely led to alot more (Wepawet timed out when analyzing it, or I'd have linked you to a full summary)).It all started on a Monday morning at cantosencantos.com (IP: 74.63.81.226 -
12:51
nam tóc xù
Whilst analyzing URL's in the malware DB, I noticed a URL with .sys, which are associated with Koobface. I decided to analyze the executable and noticed something interesting.The executable is UPX packed, and contains some interesting strings. Most notably, references to Facebook, captchastop.com and capthcabreak.com. The only things I could get from both of these domains, were a login page, so I
Thứ Bảy, 17 tháng 10, 2009
01:00
nam tóc xù
I've just noticed this latest episode, publicized by S!Ri. We all knew it was happening, but now thanks to S!Ri, we have the proof we needed. Makes me glad I stuck to my guns about keeping the likes of Loaris, included in hpHosts (as if we didn't already have enough evidence against them - now they've provided us with even more!).Some blog webmasters are regularly using the screenshots I made on
Thứ Sáu, 16 tháng 10, 2009
21:42
nam tóc xù
Just a note folks, the hpHosts server just died with a BSOD (STOP c0000218). It's in the process of dumping physical memory to disk, and once it's finished, I'll begin diagnostics./edit 06:57CHKDSK and defrag have finished, as has the analysis, and sadly, CHKDSK revealed bad blocks on the main system drive. I'm going to get the drive replaced as soon as I can (likely not going to be until next
Thứ Tư, 14 tháng 10, 2009
16:50
nam tóc xù
I'm sorry to say, I've just received the following e-mail from ClamWin, which means I'll now no longer recommend ANYONE use their software, and will be removing it from all computers I own and/or look after for others.Hi again,ClamWin team would like to thank all of you who voted in our poll and helped us form a broader opinion about the partnership with Ask.com.Based on your feedback and our
15:47
nam tóc xù
I've just spent the last couple of hours or there abouts (wouldn't normally take that long, but I'm a sadist, so spent time analyzing each file), downloading/analyzing, more downloading, then uploading/re-setting-up and re-configuring a friends site, after his WordPress installation got hacked and a malicious script installed on ALL PHP pages, with a simple script format, placed in all of the .
11:50
nam tóc xù
Netelligent have been around the block a few times, and are no strangers when it comes to malicious activity within their networks. Their network has been found to be involved in everything from exploits to rogues, blackhat SEO, and everything else besides.Alas, someone from Netelligent recently dropped by the Malwarebytes forums, professing their innocence (their last post was September 21st).
07:49
nam tóc xù
That email address of trafficbuyer@gmail.com is well known. The subdomain traffic.firedogred.com is dual-homed on 207.57.97.233 and 161.58.56.25 (both NTT America, Inc).The next hop is show.sheathssubtotal.info/rotate?m=3;b=2;c=0;z=406377sheathssubtotal.info was regisitered on 17th September with the same "trafficbuyer@gmail.com" contact details as firedogred.com.show.sheathssubtotal.info is dual
05:58
nam tóc xù
Just an update folks, I noticed a few minutes ago, that the server was returning resource exceeded messages again, which means the backup server it's on, has made a difference in terms of the site processing, but no difference to the DB processing. I've already ruled out corruption in the database, and errors in the sites codes, so the next step, is to re-write the site to use MySQL instead of
Thứ Hai, 12 tháng 10, 2009
23:26
nam tóc xù
Just a note folks, myself and Jasmine (Avant Force) have just finished moving the it-mate.co.uk, forum.avantbrowser.com etc sites, over to the new server (209.160.20.35). Sadly, the server doesn't seem to be publicly accessable at present (atleast, not from HTTP, and tracert is failing), so the sites will be down for a little while.
13:24
nam tóc xù
It would appear folks, that I forgot to use the non-thread safe installer when setting up PHP on the backup server for hpHosts (hpHosts itself doesn't use it, but certain routines do). Consequently leading to a couple of the DNS routines having to use the long way round (i.e. the Windows API) for DNS resolution.I've now installed IIS FastCGI (prefer the ISAPI myself, but apparently can't use that
Chủ Nhật, 11 tháng 10, 2009
19:45
nam tóc xù
I was asked by a friend earlier, to look at spywaretimes.com, due to it's appearing either hacked, or sold. Sadly, from what I've found, it appears to have been sold to an entity involved in fake meds.spywaretimes.com, for those unaware, is a former CoU sister site, and provided various anti-malware services (i.e. help with removal etc). What is surprising, is the Wayback Machine, shows the site
Đăng ký:
Bài đăng (Atom)
