* Posts by Simon Edwards

7 posts • joined 23 Feb 2007

Spotted in the wild: Home router attack serves up counterfeit pages

Simon Edwards

It's not uPNP

Just to clarify, although uPNP may (or may not) provide a vulnerability that attackers could use in this type of attack, the real-world attack in question used a design flaw in the 2Wire router. This did not involve uPNP and neither did it require a cracked password.

More details at http://www.computershopper.co.uk/news/159414/hackers-attack-broadband-routers.html

Kaspersky false alarm quarantines Windows Explorer

Simon Edwards

@ Tawakalna

Windows Explorer is not the same as Internet Explorer.

Interpol launches worldwide hunt for abuse pics man

Simon Edwards

Is it just my connection..?

Or has Interpol's site been down all day?

Tor at heart of embassy passwords leak

Simon Edwards


It seems to me a bit odd that someone would go to the trouble of using Tor (to avoid traffic analysis, presumably) and then fail to use both encryption and a decent password (or either, for that matter). From what I can remember about the original story, some of the passwords were ridiculously simple.

I guess my question would be, how sure can we be that Tor was used to capture this data? Just an observation...

Are you serious about security?

Simon Edwards

@ Robert Grant

You said, "rootkits are bloody difficult to deploy compared to how easy Windows exploits have always been." Exploits are usually the path via which rootkits and other resident malware is introduced to a system, regardless of the OS. Just check your Unix-based system's SSH logs and you'll see a lot of automated attempts to log in. These are, in my experience, part of an attack that will attempt to drop a rootkit onto the system. In light of that, "you have to do so much to deploy a rootkit you may as well go create a Windows virus" does not make much sense.

Regarding the 'root' account: as we are playing with words here (root -> rootkit), it's only fair to point out that Windows does not have a default account called root. The administrator account is probably what you are thinking of. Mr Miles' point about the etymology of the word 'rootkit' still stands, to my mind, and further support can be found on the net. For example:

"The term rootkit (also written as root kit) originally referred to a set of precompiled Unix tools such as ps, netstat, w and passwd that would carefully hide any trace of the intruder that those commands would normally display, thus allowing the intruders to maintain root access (highest privilege) on the system without the system administrator even seeing them." [Wikipedia]

Simon Edwards

Rootin' tootin'

chkroot is a Linux tool used to detect rootkits on, well, Linux. These threats existed long before the Windows rootkits became prevalent. Not that long ago an alpha version of a proof of concept rootkit for NT was available. That was the first, AFAIK.

Torture and '24' - because it hurts us less than the real thing?

Simon Edwards

Months of torture

It is worth bearing in mind that one reason why the show "24" doesn't show months of interrogation is that one entire series is supposed to represent just "24" hours. A single month of interrogation would span 12 series, which would amount to a rather slow-paced show.


Biting the hand that feeds IT © 1998–2022