At the end, you need to define passwords for applications, which do not support 2-step authentication. This includes your Android device (email and Google Account), your Adwords profile, desktop tools (Adium, GTalk). Each password is assigned with a custom, 16 character password.

Let’s see how this all works out in the future.

Related Posts

• Google, You And Me In Front, Better Call Your Doctor
• Google Android Market Launches Stats
• “The Dirty Little Secrets of Search” – Additional Information

My name is Corsin Camichel and I am working for Compass Security AG. The views expressed on this blog are mine alone and do not necessarily reflect the views of my employer. Everything here, though, is my personal opinion and is not read or approved before it is posted. No warranties or other guarantees will be offered as to the quality of the opinions or anything else offered here.

This little paragraph is now very important. As of October 2010 I am employed by Compass Security, a leader in Penetration Tests and Security Checks in Switzerland. As a security analyst I am conducting such checks and tests. Everything I do is confidential and can not be discussed in public. Just a note to my blog readers. If I describe or write about security related issues (which I think I will do in the future) it expressed my personal opinion, findings and research and is not backed or sourced by work I have done. I will occasionally publish or link to stuff which is work related, but only information that is or should be public knowledge. Like events or presentation we are holding. But I will do my best to disclose my relationship on all those posts.

Web: http://www.csnc.ch/
Position: IT Security Analyst
Company Description: Compass Security AG is a leading European service company based in Rapperswil-Jona (CH), which was founded in 1999, specialising in security assessments for the confidentiality, availability and integrity of corporate data. With penetration tests, ethical hacking and reviews Compass preventatively assesses ICT solutions in respect of security risks, detects existing weaknesses and supports the customers in their elimination. Hands-on workshops and trainings on IT-security topics as well as live-hacking-presentations to raise awareness of users complete the portfolio. Neutrality and product independence are essential components of the corporate policy. The clientele consists of national and international customers of any size and in various fields.
Additional Projects:

• FileBox, a secure document exchange solution.
• Hacking-Lab, an online IT security learning environment and lab. Learn and understand newest attack vectors and learn how to avoid and protect yourself and your product from those.
• Swiss Cyberstorm III, 2-day conference about IT security, with a 2-day hands-on security and hacking event.

Jobs: Yes, we are looking for talented and skilled people.

If you have a project or product that you think could benefit from a security audit or review, please contact me at any time. We love to discuss any options with you.

Corsin Camichel, corsin.camichel@csnc.ch

Related Posts

• Google Account 2-Step Verification
• Internet Storm Center lists suspiciuos .ch Domains
• qq829.com – A Quick Investigation

Original post:
The Swiss Domain Name registry SWITCH is allowed by law to remove/block access to malicious domains. I won’t talk if this makes sense or not… But today, thanks to Roman of abuse.ch I have found a new list by the Internet Storm Center. That list contains malicious or suspecious websites and domains. Not less than 11 of those domains are .ch domains.

• all-switzerland.ch (88.198.58.152)
• alpine-balloon-challenge.ch (78.138.113.46)
• artsimone.ch (217.26.52.28)
• feuerwehr-zermatt.ch (80.86.198.13)
• fivestar.ch (77.72.71.43)
• jaquemet-zehnder.ch (82.195.224.107)
• jes.ch (78.46.93.8)
• jugendfeuerwehr-zermatt.ch (255.255.255.255, VERY strange)
• mg-bern.ch (213.133.103.19)
• tamiljugend.ch (66.147.240.158)
• ushan.ch (not registered)

What I have discovered, is that the websites are hosted with different providers. Therefor this does not seem to be a compromised server or anything.
The question that remains is, if Switch (or nic.ch) will block those domains and if so, what can the owners of those domain names do against it?

Please keep in mind, these domains are only being suspected of hosting and distributing malicious content! But it is recommended to not visit any of these hosts!

Related Posts

• Google Account 2-Step Verification
• My New Job: Security Analyst
• qq829.com – A Quick Investigation

For now all you can do if TV.Centerr or Zattoo.com is not working for you, remove Adobe Flash player and install this version:
Download Adobe Flash Player 10.1.92.8 for Android

I am really sorry, but this is out of my hands.


DEBUG/QCvdec(161): VDEC Open with new H 352 and W 416
DEBUG/QCvdec(161): portDefn->nBufferSize 219648 m_height 352 m_width 416
DEBUG/QCvdec(161): portDefn->nBufferSize 219648 m_height 352 m_width 416
DEBUG/QCvdec(161): portDefn->nBufferSize 219648 m_height 352 m_width 416
WARN/QCvdec(161): H264_Utils::check_header
WARN/QCvdec(161): check_header: start code 31
WARN/QCvdec(161): check_header: start code got fisrt NAL 4
WARN/QCvdec(161): check_header: start code looking for second NAL 4
WARN/QCvdec(161): Error at extract rbsp line 1548
WARN/QCvdec(161): check_header: start code partial nal in one buffer 31
WARN/QCvdec(161): H264_Utils::check_header
WARN/QCvdec(161): check_header: start code 8
WARN/QCvdec(161): check_header: start code got fisrt NAL 4
WARN/QCvdec(161): check_header: start code looking for second NAL 4
WARN/QCvdec(161): Error at extract rbsp line 1548
WARN/QCvdec(161): check_header: start code partial nal in one buffer 8
WARN/QCvdec(161): H264 profile 77, level 21
WARN/QCvdec(161): vdec_open
ERROR/QCvdec(161): adsp: cannot open cpu_dma_latency, fd: 23 (Permission denied)
WARN/QCvdec(161): add_entry_subframe_stitching- H264
WARN/QCvdec(161): add_entry_subframe_stitching- H264
WARN/QCvdec(161): add_entry_subframe_stitching arbitrary bytes - SUBFRAME_TYPE_PREVIOUS_FRAME
WARN/QCvdec(161): add_entry_subframe_stitching- H264
WARN/QCvdec(161): add_entry_subframe_stitching arbitrary bytes - SUBFRAME_TYPE_PREVIOUS_FRAME
WARN/QCvdec(161): add_entry_subframe_stitching- H264
WARN/QCvdec(161): add_entry_subframe_stitching arbitrary bytes - SUBFRAME_TYPE_PREVIOUS_FRAME
WARN/QCvdec(161): add_entry_subframe_stitching- H264
WARN/QCvdec(161): add_entry_subframe_stitching - add entry previous buffer
WARN/QCvdec(161): add_entry_subframe_stitching- H264
WARN/QCvdec(161): add_entry_subframe_stitching arbitrary bytes - SUBFRAME_TYPE_PREVIOUS_FRAME
WARN/QCvdec(161): add_entry_subframe_stitching- H264
WARN/QCvdec(161): add_entry_subframe_stitching - add entry previous buffer


Related Posts

• Unofficial Zattoo Android App (Android 2.2)
• Adobe Flash Player for Android … *lol*
• Zattoo on Android Mobile Phones

Reason why I Love Android from September 8th, 2010
Cloud2Android aka Android Cloud to Device Messaging – send any website, Google Map (including navigation) or a phone number to your Android device and work with it. Need to read on the road? Send a URL. Need to make a call? Don’t type in the number, select it and send it to your device. Uses ChromeToPhone.

Remote Notifier – See on your Mac/Linux/Windows computer any notifications. Got an SMS? Let Growl display it on your Mac. Get notified about your current battery state. Display incoming phone calls right on your desktop. This is sooo cool

These are the two features for today. Both show what you can do with an open system like Android is. There is data pushing in both directions. And it is easy and everything I showed to you is open source and you can use it in your own applications. Just make sure to take security in your hands

Related Posts

• Android Market comes to the web
• Hey @Google WTF?? Chrome To Phone Update
• @HTC removes Desire Kernel Sources?

And indeed, this Javascript file tracks visitors to the qq829.com domain. The hosted domain cnzz.com seems to offer website tracking stats and other services.

As far as I can tell now, it does not look like this is a malicious service (yet). What I do not understand is, why somebody wants to track webesites of mine for some stats. I have never registered anything at cnzz.com. And the exact affiliation of qq829.com and cnzz.com is unclear at this point. As a security measure, don’t click any links and do not visit those sites. For now there seems to be no real solution to block such access.

qq829.com was registered in August 2009 and is hosted in China.

More information can be found on the Google Analytics Support forum.

Related Posts

• Google Account 2-Step Verification
• My New Job: Security Analyst
• Internet Storm Center lists suspiciuos .ch Domains

You may wonder why people want to add an email address to your profile. The reason is, that if you do this, they can request a password reset and can then use your Facebook profile.

Related Posts

• Internet Storm Center lists suspiciuos .ch Domains
• Facebook – New Privacy Settings
• Do Not Let Idiots Send Emails

Hat man das Dokument in den Papierkorb verschoben, kann man es ganz einfach auf den Desktop verschieben und hat vollen Zugriff auf das Dokument. Also kopieren oder per E-Mail versenden.

Vielleicht klappt der Trick auch für andere Steuersoftware. Verifizieren kann ich das selbst nicht . Auch nicht, ob es einen ähnlichen Tipp für Windows Systeme gibt.

Related Posts

• Perfect Online Backup Strategy
• Xtra Zone App von Android Market entfernt
• XtraZone Android App

For over 15 months I am using BackBlaze as an online backup system. Once installed and configured, it automatically backs up all my data in the background. No matter how many files or how large your backup is, everything is safe. BackBlaze currently backs up 38 GB of data in 634’244 files for me.

Now you might wonder how much BackBlaze costs. All with unlimited space and file storage. It is just $5/month. This price is insanely low.

The system works for Windows and Mac OS X computers. It is very easy to set up and use. Why not give it a quick try? It’s free and if you like it, you already have started your backup strategy!

A feature list:

• Online Backup
• Web Download Restore
• Unlimited Storage
• DVD or USB Drive Restore
• Backup External Drives
• FSCAN Performance
• Automatically Finds Files
• Versioning
• Finer Control Options
• Activity Reports
• Military-Grade Encryption
• 11 Language Interface
• Idle-Time Backup
• Custom Network Throttle
• Scheduled Backup
• Just $5/Month

Screenshots

Settings panel, allows you to set the backup speed, external devices and so on.

Schedule backup or continuously back up your data.

Exclude folder you do not want secured.

Encrypt your files. Set a password and your files are stored with high encryption.

Detailed view of what files you have stored.

Online Restore View

Online Restore Options

Give Backblaze a try. It’s is free and your first step to a satisfying online backup system.

Related Posts

• Breaking the Network: SSH Server as Proxy for Secure Browsing
• Web 2.0 and Open Source in Startups – A Sun Event
• SofTax 2009 PDF Speichern/Kopieren

Dear Sir/Madam

We are a internet service (software development, website design and development, wifi network works to promote the protection of brands, search engine optimization, etc.) company in China,

Several days ago we received a formal application submited by Robert Jiang who wanted to use the keyword “keyword” to register the Internet Brand and with

suffix .cn /.com.cn /.net.cn/.hk/ .asia/ domain names.

After our initial checking through Internet , we found that the keyword “keyword” to be applied for registration is same as your keyword.Accordingly,before we finish his registration,we would like to get your final decision about this,whether you mind his registration,if you believe his registration would affect your bussiness and produce conflict,then we could give your priority to register them,as the keyword is first used by your company.However,if you do not think so,please advise of that and then we will finish his registration.

For proceeding the next step, Please contact us by Fax ,Telephone or Email as soon as possible. Under the circumstance of no your reply during the next 5 working days ,we will consider you to give it up and finish his registration.

Yours sincerely

Hannah

Checking Department
Tel: 86 513 85330968
Fax: 86 513 80260106
Email:Hannah@wifint.cn
Website: www.wifint.cn

Nice try Hannah but I call your bluff. There is no way that somebody wants that domain name and for sure are you not allowed to display names of a potential buyer. And no, I do not want you to “take action” and send me a bill for “your work avoiding some third party” to register a domain name.
If you get an email like that, just delete it. This will not harm you.

Related Posts

• Do Not Let Idiots Send Emails
• Facebook Scam: Additional E-Mail Addresses
• SRG SSR Buys sfr.ch For 6000 EUR

More security for adding administrators

First of all I really would like to have a method in WordPress that sends an administrator an email once a new admin is created. This email has to be verified (by clicking a link inside the email for example) and only after that has been done the new admin user is allowed to login and change settings and permissions.
This of course only works if the new user is created via the web interface. If an attacker has rights to the underlying layer, the database, this method is useless.

WordPress Table Names

Which brings me to my second suggestion. Each and every WordPress installation uses tables in the format of “wp_“. This simplifies the method to inject SQL. A simple solution to this is to have a random string in front of wp_ at the installation. Currently the default is just wp_. But what, if the default is randomly generated? Each installation would be in different tables. So instead of wp_users my users would be in as3202_wp_users.

What about a system that checks once a day what content has been changed on my blog. Like for example a hacker creates 100 new pages, the system sends me an email in the morning with all the changes. This allows me to have a quick overview what happened and has been changed. Or I can even tell the system I am on vacation and it should send me an email as soon as any content is altered. This sounds a little like a watchdog .

Of course, it is not all WordPress’ fault. What about faulty plugins? Everybody can create a malicious plugin or even a theme and distribute it. But there I see more the webmaster or blog owner to be responsible.

These are just three ideas that quickly came to mind. I am sure there are many more ideas and things one could use to make WordPress more secure.

What do you think? Do you have your own ideas? Or think mine are crap? Please, share your ideas and thoughts in the comments!

Update: Matt just posted an entry on the WordPress.org that explains a little bit what the worm does and that you always should update as soon as possible.

Related Posts

• Perfect Online Backup Strategy
• STIS Update and News
• Annoying WordPress Bug

• A UNIX (Linux/Ubuntu for example) server with a SSH server and your account
• Firefox 3.5 (works with earlier versions)
• FoxyProxy Addon for Firefox

Install Foxyproxy and restart Firefox. If you install Foxyproxy later, the windows below will look differently! You will than have to use the settings below and add regex and so on later.

First open a xterm console and enter the following command:

ssh -C2qTnN -D <port-you-want> <ssh-user>@<sshserver>

Now edit your Firefox proxy settings under

Preferences -> Advanced -> Network -> Connection -> Settings

In this window enter the following values:


Enter localhost or 127.0.0.1 as the server and as port the number you used in the SSH command.

I used a regex https?://.*:2083/.* that checks any URL I visit and if it matches, the “SSH Proxy” is activated. Of course the SSH connection has to be open to work. You can alter my regex and use any other port like 10000 for Webmin or 443 and that will redirect ALL SSL traffic trough your SSH server.

This works like a charm and is almost perfect. Next thing is to have the SSH connection being started directly by Foxyproxy.

Settings for non Foxyproxy users

If you do not want to use Foxyproxy, your proxy window should look like this:

Make sure you only enter the IP address or localhost in the Sockets proxy section! If you try this and it wont work, enter about:config in your browser bar and search this entry: network.proxy.socks_remote_dns and set it to true. Without Foxyproxy you will not be able to define different proxy server or use the proxy server based on rules/regular expressions. All your traffic will be routed trough your SSH server. And this could make surfing slower and your downloads even slower.

Some information from calomel.org. Thanks to Christian for testing and researching with me.

Related Posts

• Perfect Online Backup Strategy
• vim: Regex Search and Delete Line
• Readings for Today: 10/13/2008

Notice the counter on the bottom? 987994 people have read this email after 2 and a half hours of sending. Including me.
The counter is hosted at a site called “Right Stats” (www.rightstats.com). It looks like a “real free counter” website. But once you snooped around a little, you get 404 error messages all the time. A whois query shows that the page is hosted in Pakistan. They seem to offer a special counter version for emails.

Nevertheless, this is pretty new I think to embed a counter in your spam message. I will keep an eye on the counter and try to get access to the stats.

Related Posts

• Do Not Let Idiots Send Emails
• Facebook Scam: Additional E-Mail Addresses
• Spam of the Day: WifiNt Domain Spam

Gamlor is also here having a lot of phuns Cross Site Scripting his way up the ladder . Gugelhopf also has some fun I guess . She’s my favorite hacking girl this weekend!

If you have time you definitely should drop by tomorrow and have some fun with cool hackers.

Related Posts

• Google Account 2-Step Verification
• My New Job: Security Analyst
• Internet Storm Center lists suspiciuos .ch Domains