|
|
[13:08:10] [nnnn says] says:
titta på min bild  http ://space.facebook-pics.net/image.php?=PIC9167288.JPG?
Again, more MSN viruses, this time from facebook-pics.net:
http://www.networksolutions.com/whois-search/facebook-pics.net
Domain Name.......... facebook-pics.net
Creation Date........ 2010-03-06
Registration Date.... 2010-03-06
Expiry Date.......... 2011-03-06
Organisation Name.... Raffaele Tolotta
Organisation Address. PO Box 61359
Organisation Address. Sunnyvale
Organisation Address. 94088
Organisation Address. CA
Organisation Address. US
| Current Registrar: |
MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE |
| IP Address: |
98.136.50.138 (ARIN & RIPE IP search) |
| IP Location: |
US(UNITED STATES)-CALIFORNIA-SUNNYVALE |
Whois Server: whois.melbourneit.com
Referral URL: http://www.melbourneit.com
Another breed of msn viruses is out in the wild.
This time it links to facebook-photo.org / image.php?=PIC…..JPG?
which is a Windows type .exe file when you download the link.
I sent the file to Virustotal for analysis, seems like a lot of virus scanners don’t recognize it just yet: Result: 7/42 (16.67%)
McAfee says “Artemis!AC20BF7EE912″, F-Secure identifies it as “Trojan:W32/Agent.NRY”.
Whatever this nasty bugger does, DO NOT CLICK ON THE LINKS you get from your friends on MSN. And don’t be so stupid to actually install the .exe…
Since this file most certainly has no good intentions, the scan result SHOULD show lots more warnings… but it’s frightening that there aren’t more of them. But maybe some info will emerge in the next few days.
I know for sure Microsoft already blocks certain types of links or messages on their MSN network. I wonder if they have an infrastructure to block virus links like this? I assume it’s easy for them to blacklist a few keywords or text patterns and disable sending them via the MSN protocol. Yet, I’ve received numerous messages from my contacts during the course of the day containing this virus/trojan link.
It’s not even a holiday, what’s taking them (MSN and the virus scanner vendors) so long to fix this? Yes, I expect problems like this to be corrected in a few hours or even minutes, not 20 hours and counting! They are failing their duties.
Whois is Facebook-photo.org?
http://www.aawhois.com/facebook-photo.org
Name: Bernadette Evans
Handle: 31fcccecd0c354fe
Address: unit A/9 forrest Avenue
Bunbury
6230
AU
Phone: +61.897212040
Email: cuti@ilirida.net
Last Update: 2009-11-09
Created Date: 2009-09-09
Expiry Date: 2010-09-09
Host name: facebook-photo.org
IP address: 98.124.198.1
Location: Bellevue, WA, UNITED STATES
My Tomcat access graphs for munin had stopped logging data and I set out to find out why it isn’t working anymore. After some debugging, I concluded it must have been because of AJP/APR/libtcnative-1 changes I did just recently (oh don’t we all love these silly abbreviations and cryptic package names…)
 Tomcat logging with Munin I log server stats with Munin-Node, I even have some custom made plugins to monitor a few changing numbers like cable modem Signal-to-Noise ratio, number of people online on a remote website etc. It’s really simple.
The script I am using can be found originally, on Ubuntu, in /usr/share/munin/plugins/tomcat_access . Okay, so I don’t actually use the default plugin as is, because it’s pretty broken on a mod_jk configuration with Apache 2.2 in front of Tomcat. Conventional method is to make a symbolic link of that script into /etc/munin/plugins/ but instead I copied the original and made some custom modifications. I once made the mistake of modifying the original file and lost all my customizations when I did a system upgrade. Please everyone, don’t make the same mistake!
I’ve added the following environment parameter into the script:
my $CONN = exists $ENV{'connector'}? $ENV{'connector'} : 'jk-80';
In the munin-node configuration file /etc/munin/plugins/munin-node I have
[tomcat_*]
env.url "http://%s:%s@example.com/manager/status?XML=true"
env.port 80
env.user secret
env.password something
env.timeout 20
env.connector jk-8109
The jk-8109 had changed into ajp-8109. After changing the parameter, munin can read the Tomcat status servlet variables again.
Oh, and in order to use the $CONN parameter, I have this
if($xml->{'connector'}->{$CONN}->{'requestInfo'}->{'requestCount'}) {
print "accesses.value " . $xml->{'connector'}->{$CONN}->{'requestInfo'}->{'requestCount'} . "\n";
} else {
print "accesses.value U\n";
}
Now… this current AJP connector solution is far from optimal, I think I will have to drop it for now.
When I have 1 GB of logs in less than an hour for crap like this:
Dec 3, 2009 1:10:32 PM org.apache.tomcat.util.net.AprEndpoint$Acceptor run
SEVERE: Socket accept failed
org.apache.tomcat.jni.Error: Too many open files
at org.apache.tomcat.jni.Socket.accept(Native Method)
at org.apache.tomcat.util.net.AprEndpoint$Acceptor.run(AprEndpoint.java:1110)
at java.lang.Thread.run(Thread.java:717)
…it makes me want to return to the old configuration. *sigh* At least without the native connector, errors weren’t logged too fast.
Doing same mistakes over and over again is no fun. Faintly knowing what the fault is, and applying a fix to get a solution but still not rectifying your problem, that’s even less fun.
During Tomcat startup, I get this informative message:
org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/i386:/lib:/usr/lib
I reset my Tomcat fairly often cause it’s a development server, so I kept getting reminded of it over and over again. It’s claimed to raise Tomcat performance greatly and do lots of fantastic things. Believing the amazing promises, I decided to reinstall the native library. I used to have it previously on my other server, but didn’t have it installed yet on my new configuration.
Remembering from my previous errors, there was some tweak to be done to get it working right in Ubuntu. After a quick readup, I was reminded that the libtcnative-1 package does not work when IPv6 is enabled. It may have been fixed in the latest SVN sources etc, but it isn’t available yet with apt-get as a Debian/Ubuntu package. Right now the most recent Tomcat version from apt is 6.0.18 and the Tomcat native library is says “Version: 1.1.16-0ubuntu1″. (I’m not really sure if the IPv6 fix is supposed to be in 1.1.16 or 1.1.17?)
So, how to disable IPv6 then? Funny thing is, none of the old methods apply anymore. It used to be as simple as disabling the module from loading into the kernel, but the 2.6.28-16 kernel I happen to be running has the IPv6 module baked in, so it has to be disabled as a kernel parameter.
This is done by editing /boot/grub/menu.lst
kernel /boot/vmlinuz-2.6.28-16-generic ro vga=0x317 ipv6.disable=1
I’ve added the ipv6.disable=1 parameter. Who needs IPv6 anyway, my modem+router nor ISP doesn’t support it, and from what I’ve seen others complaining, having it disabled has made DNS lookups faster etc.. There’s no need to have IPv6 enabled for another year I suppose, unless something amazing happens on the Internet or the government pressures everyone to switch over like they did with digital TV broadcast.
After rebooting the system (yes, this is unfortunately required), Tomcat should start up using the native library without any problems. If IPv6 is enabled and you install libtcnative-1, then rebooting Tomcat will fail if you use buggy versions. This may have been fixed in Tomcat 6.0.20 and newer.
So are you running an Ubuntu based linux distro (I’m running Kubuntu).
Did your network configuration change eth0 into something else, for example eth1. I managed to get up to eth4, and after 2 reboots after a system reconfiguration, it wanted me to use eth5 then eth6… the interface card (NIC) is built-in into my motherboard, so why the sudden change?
Well one reason is the fact I had fiddled with the NIC’s MAC-address in the system setup, so basically the hardware address change made Ubuntu think I had installed a new card. So it assigns it a unique device name, eth1 and so on. I’m fairly certain I didn’t change the MAC that often, so there’s gotta be something else to it. Right, so the quick solution is to remove these hardware mappings which are stored in a peculiar place
Look in the folder /etc/udev/rules.d
for a file named 70-persistent-net.rules
Edit the file at your own peril. I removed most of the crap entries from there, since I prefer my NIC to be named eth0 no matter what MAC-address it happens to have. Changing the device name broke my munin-stats grapher/logger, so I’m happy to get rid of this piece-of-crap annoying feature for now. Don’t ask me how to disable udev from adding new entries there, I don’t know why it kept incrementing the interface number in the first place!
Everybody owes it to themselves to go to Macromedia’s website to find out what sites have stored persistent data on your computer so they can track your activities:
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
Lots of weird sites there, I removed them all since I don’t remember visiting most of them and I doubt I’ll miss them anyway, they’ll probably miss me more now that they can’t spy on me anymore 
Clearing out your third party cookies from time to time in Firefox is also a wise move. Unfortunately it’s almost impossible to allow only some third party cookies but disable the rest. For that you will need some kind of specialized add-on. Good luck in finding one, I will start investigating today.
Just a big FYI, Most of these persistent Flash cookies and normal browser cookies can even violate your local legislations. Do you know what they store in your browser, does the website’s privacy policy explain in detail what information is gathered and what purposes it is used for? Do you even know what third party sites you consented to track your movement on the Internet? I bet you don’t, most of us don’t… Some countries demand that companies clearly state this information and make it (easily?) available to everyone. Yea right. People are lazy, and the information is hidden behind minimal footnote links behind dozens of links. Happy hunting!
http://eur-lex.europa.eu/…numdoc=32002L0058&model=guichett
Seriously, people need to be aware. And those who aren’t, need to be locked out and kept safe by default. Like any safe operating system, you are locked down by default and only open incoming data ports when you specifically need it and ask for it. Same should go for third party cookies and shit. No by default, yes only when it’s needed. Rarely should be!
Right now Firefox and all other browsers happily suck in everything from everywhere and keeps it for an unspecified length of time. How did we ever get into this situation that accepting all (most) third party cookies is mandatory. Many big sites refuse to function properly if they’re not enabled.
Link of the day:
https://www.google.com/dashboard/
Go check what data Google has stored, how many email conversations there are on record, if all your search history is being logged, your Orkut contacts etc. etc. There can be lots of information there. And while you’re at it, you can update any information that is wrong or outdated
Also, very much worth a read:
http://en.wikipedia.org/wiki/HTTP_cookie
Mozilla has launched a web page where you can check if your plugins are up to date and preferably the latest version. The reason of course is to make sure you are not running some outdated version that has security flaws.
My Firefox 3.5.5 lists these plugins
Shockwave Flash 10.0 r32 |
10.0.32.0 |
Xine Plugin version 1.0.2, (c) The Xine Project.
Windows Media Player / RealPlayer / QuickTime compatible. |
Unable to Detect Plugin Version |
|
Version 0.9.9a Grishenko, copyright 1996-2007 The VideoLAN Team
http://www.videolan.org/ |
Unable to Detect Plugin Version |
Java(TM) Plug-in 1.6.0_16 |
Unable to Detect Plugin Version |
So how useful is this when it can’t even check the version in 3 out of 4 plugins anyway (75% useless)? Feels pretty pointless if you have to manually click on a link and investigate. It’s not even certain you will end up on a relevant page.
On a positive note, at least I feel safe that a website can’t access all of this sensitive information in the first place! It shouldn’t be any website’s business to know if I have version 0.9.1 or 0.9.2 etc. The fact the any site can access the list of plugins with some simple Javascript (the navigator.plugins array) is already a breach of privacy and could be a concern. The more they know about your browser, the easier they can build a digital signature of you. Even if you mask yourself behind an IP proxy, your browser can send many types of uniquely identifiable data! Plugins are enabled for every user account and every Firefox Profile. Even if you were to use a separate profile, you might risk of being identified by someone trying to figure who you are.
To be truely unidentifiable and unique, you would have to send out random browser version data, filter out referrer information, block third party cookies, restrict JavaScript etc. etc. Even then, any irregular traffic makes you again very unique and easy to trace… Anonymity is just too difficult to achieve.
Javascript
Today I was browsing through a Lucene version 2.4 index with Luke 0.9.9 and I finished off my session by running optimize. This broke my web application, as it couldn’t read the database anymore. Glancing at the server logs, I quickly realized the data files had been converted into latest Lucene 2.9 format. Okay, no problems I thought, I might as well upgrade.
I stopped Tomcat, removed all lucene-*2.4*.jar files and copied the new lucene-2.9.jars into place. After a Tomcat restart everything went back to working as it should for a while.
Now… I must have made a grave mistake somewhere after that since all of a sudden my index was broken. Since Luke didn’t want to shut down properly and it did seem a bit sluggish on quit, I must have terminated the process without even making a mental notice of it and maybe Luke damaged the index?
The error I get in my Tomcat log is as follows:
Caused by: java.io.FileNotFoundException: /var/lib/databases/forum-search/_t8.fnm (No such file or directory)
at java.io.RandomAccessFile.open(Native Method)
at java.io.RandomAccessFile.<init>(RandomAccessFile.java:233)
at org.apache.lucene.store.SimpleFSDirectory$SimpleFSIndexInput$Descriptor.<init>(SimpleFSDirectory.java:78)
at org.apache.lucene.store.SimpleFSDirectory$SimpleFSIndexInput.<init>(SimpleFSDirectory.java:108)
at org.apache.lucene.store.NIOFSDirectory$NIOFSIndexInput.<init>(NIOFSDirectory.java:94)
at org.apache.lucene.store.NIOFSDirectory.openInput(NIOFSDirectory.java:70)
at org.apache.lucene.store.FSDirectory.openInput(FSDirectory.java:691)
at org.apache.lucene.index.FieldInfos.<init>(FieldInfos.java:68)
at org.apache.lucene.index.SegmentReader$CoreReaders.<init>(SegmentReader.java:116)
at org.apache.lucene.index.SegmentReader.get(SegmentReader.java:638)
at org.apache.lucene.index.SegmentReader.get(SegmentReader.java:599)
at org.apache.lucene.index.DirectoryReader.<init>(DirectoryReader.java:103)
at org.apache.lucene.index.ReadOnlyDirectoryReader.<init>(ReadOnlyDirectoryReader.java:27)
at org.apache.lucene.index.DirectoryReader$1.doBody(DirectoryReader.java:73)
at org.apache.lucene.index.SegmentInfos$FindSegmentsFile.run(SegmentInfos.java:704)
at org.apache.lucene.index.DirectoryReader.open(DirectoryReader.java:68)
at org.apache.lucene.index.IndexReader.open(IndexReader.java:476)
at org.apache.lucene.index.IndexReader.open(IndexReader.java:314)
at com.popodeus.forum.search.ForumSearcher.reopenReader(ForumSearcher.java:218)
<snip>
Just perfect… What have I done to deserve this treatment…
Luke won’t open it anymore either. What I am looking for is some low-level index manager that can remove any offending files or clear the reference to the missing segment.
So far I’ve been unable to find such a tool, maybe I need to make one myself?
I’ll try and write progress reports as I try coming up with a solution. I would hate to lose all of my 420k entries from the index. Rebuilding the database isn’t really an option since I don’t have access to the original data anymore, or re-indexing it all would take too much time.
To be continued…
After a long break, I’ve decided to re-add my blog about me, my insights and thoughts on photography, web technology, internet privacy and security. So hello world, welcome (back?) to my blog!
I don’t blog for anyone else but myself, it’s sort of a concerned Netizen’s diary. I have no posting schedules, but I’ll try to add an entry whenever I read something interesting that I feel like sharing or want to remind myself of it, if I ever read back on what I wrote.
I’d rather share my links on my personal blog than say, Facebook. There data seems to disappear rather quickly and become irrelevant and invalid before you can say “Hi, I am Seppo Vuolteenaho, I’m a big optimistic pessimist and I would like to say this…”. By the time you’ve done that you notice you were flooded by messages about cute pink Farmville cows and ducks that have lost their way who need your immediate attention. I’m fairly certain that duck was just a decoy to make us ignore more important matters such as Keystroke Dynamics.
Who would be interested in technology that could be used to figure out your anonymous identity anyway? If someone invested enough time into wiretapping your keystrokes via some malicious Firefox add-on or even a JavaScript library included on each web page this could certainly be plausible. What if we have this type of system installed in every public library and internet café? The pessimist in me says it’s gonna happen for sure some day. When an idea or system is made into a simple-to-use dynamic library that is easy to install, we’ll be subjects to multitude logging and monitoring methods. Before you know it, we’ll have fingerprint scanning inside the mouse – click a link, et voilà, your index finger was just scanned and the data logged forever without you ever knowing who stored the information and where.
Paranoia? Crazy? Why would it be. The government and law enforcement is already surprisingly keen on tracking your communication and behavior. I’m usually pretty lazy in showing evidence of things we all should already know (recent EU legislation changes, FRA-law in Sweden, blah blah), so I won’t link you to sites telling how our internet traffic is already being recorded, how there are plenty of surveillance systems installed in that street corner, that GSM network, that email system, that internet service provider’s router, that payment system. I’m sure you can take my word for it that everything you do, is somehow traceable back many years. You might not care that very moment you did it. But how about 10 years later? 50 years later?
If you think you didn’t do anything wrong now, you might think there’s no problem with anyone knowing then. But I’m more of the attitude, that if I say “it’s none of your business”, then it really is none of anyone’s business. If you can’t justify why you need to know, then you shouldn’t ask. Likewise, if there’s no reason to record everything, then they shouldn’t just because it’s possible.
So you just happened to be in that city that specific date when there was some parade demonstrating that thought and idea, your location can be backtracked based on data from credit cards, phone details etc. And you clicked on that website talking about that issue. Oh well, now you’re automatically labeled as a person into that, whatever it happens to be.
As more and more information is recorded, even minute details can be recorded. Iinstead of the normal “Female, in her fifties, likes knitting” -profile, we’ll be able to build up huge databases collected by some automated computerized system: “Female, 55.2 years, loves pink sneakers, into naked pictures of underage puppies, supports ultra-left-wing political ideologies, takes a skinny-dip every Monday and Thursday, 23% homosexual tendencies, 15% racist tendencies towards Caucasians, 10% towards Cubans, predominantly watches TV shows tagged with labels: weapons, drugs, rape. Possible psychological disorders: Paranoid Schizophrenia 5%”. And those are just the basic details.
I’m not being completely serious, but I’m still concerned. I don’t dare go speculate too much of a dark future where we’ll all be categorized into demographics with aforementioned pinpoint precision. There will most likely never be complete profiles for all of us, but there certainly will be profiles containing probabilities and estimations based on our actions. In a way it’s quite interesting too, if (and when!) this becomes possible.
Most simplistically a telemarketer’s dream scenario is to have as accurate a profile as possible. On a broader view, accepting the fact that all people have many kinds of tendencies, we’ll learn to accept diversity more than ever when they get proper labels and are trivialized. There’s certainly more to us than religious beliefs, skin color, age and gender!
Widespread introspection of the human psyche and understanding “who and what you are” might aid the general population in accepting minorities by making things come out in the open. Educating people about observed deviations from the norm would make it easier to handle problems instead of sweeping them under the rug: Oh, did you hear our little boy Johnny has 15% arsonistic tendencies, so we’re sending him to little arsonist summer camp to burn some things and learn to keep his inhibitions at bay with like minded people. Oh and he would like to molest grandma, but he’s undergoing therapy for that. Luckily the Government funded Mind-Monitor alerted us in time before he did something stupid.
Arsonists Anonymous wouldn’t have to or wouldn’t be able to be so anonymous anymore. But don’t worry. We’ll keep an eye on you and we love you the way you are (right..?) Maybe we’ll finally feel less guilt for not having the sensation of belonging into a big lump of too broadly generalized individuals.
Would it assist in controlling the society if we become too pedantic about it?
If for example we learn that someone with tendency x likes to push the pedal to the metal whenever they hear a crazy tune at 130 bpm on the radio? Okay, so let’s prevent their car radio from playing that kind of music, because otherwise there’s an increased risk of a traffic accident! This is of course possible in the future, since everyone will have a personalized radio station with a mix of talkers and songs created on the basis of your mental profile. Maybe it would even be government enforced: You’re only allowed to own a car radio that has a “Biometric Personality Encoded Ribonucleic Vector” (B-PERV) lock and key to unlock it. That way you’ll never listen to content that can trigger any unwanted behavior.
Call me crazy, but the more they know, the more they will want to excerpt control. Sorry, but that’s how it goes and there’s going to be more and more (speed) limits on your preferences that aren’t accepted. Comply, get treated or get locked away – or run off to the wilderness and be cast away from the perfectly controlled society.
Links for this blog:
http://33bits.org/2009/01/15/de-anonymizing-the-internet/ (the whole blog is worthy of a proper read!)
A movie I like and is related to the topic of this blog:
http://www.imdb.com/title/tt0238380/ Equilibrium. A future dystopia in which all forms of emotional expression are illegal, and citizens are forced to take daily injections of drugs to suppress their emotions.
|
|
