Got a funny email today that managed to pass my spam filter..
Just thought I'd make a little varnig.. I maintain the source code of the email here, there emerges the sending servers etc etc.
If you receive this email, delete it immediately and do not click on any links..
Received: from localhost (localhost.localdomain [127.0.0.1])
by xxxxxxxxxxxxx (Postfix) with ESMTP id EAD691947ACC
for <xxxxxxxxxxxxx>; Fri, 20 Dec 2013 09:31:06 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at darwin.webb-konsult.se
X-Spam-Status: Not, score=3.651 tagged_above=3 required=5
tests=[BAYES_40 =-0.001, HTML_IMAGE_ONLY_16=1.092, HTML_MESSAGE=0.001,
RCVD_IN_BRBL_LASTEXT=1.449, T_REMOTE_IMAGE=0.01] autolearn=no
Received: from xxxxxxxxxxxxx
by xxxxxxxxxxxxx (amavisd-new, port 10024)
with ESMTP id X47AJivZPLsY for <xxxxxxxxxxxxx>;
Fri, 20 Dec 2013 09:31:03 +0100 (CET)
Received: from comp-solutions.de (v31943.1blu.de [184.108.40.206])
by xxxxxxxxxxxxx (Postfix) with ESMTPS id 031201947AC1
for <xxxxxxxxxxxxx>; Fri, 20 Dec 2013 09:31:02 +0100 (CET)
Received: (qmail 26497 invoked by uid 30); 20 Dec 2013 09:17:55 +0100
Date: 20 Dec 2013 09:17:54 +0100
Subject: Payment automatic warning.
From: Klient@Visa.MasterCard <firstname.lastname@example.org>
Content-type: text/html; charset = ISO-8859-1
<img src=”http://img43.imageshack.us/img43/3015/2k3l.jpg” border=”2″ style=”border:2px solid black;max-width:59%;”
<p>We have noticed that because of a techn<input type=”hidden” id =”fc” name=”fc” value=’blues fc’ />iskt f<input type=”hidden” id =”fc” name=”fc” value=’isla fc’ />the, one of your last bet<input type=”hidden” id =”fc” name=”fc” value = 'Ruleta FC’ />crawling invoice<input type=”hidden” id =”fc” name=”fc” value=’casino fc’ />rerades twice.
<p>You must confirm<input type=”hidden” id =”fc” name=”fc” value=’cocktail fc’ />AFTA your information in order to repay<input type=”hidden” id =”fc” name=”fc” value = 'fc restaurant’ />spoken.
<p>Page again<input type=”hidden” id =”fc” name=”fc” value=’sky fc’ />payment :</p>
<p><a href=”http://greentrading.pl/images/stories/log.php”>Click here</a></p>
<p>OBS ! : This is a comp<input type=”hidden” id =”fc” name=”fc” value=’laptop fc’ />atoric measure. Failure to update of<input type=”hidden” id =”fc” name=”fc” value=’portugal fc’ />Atera up your<input type=”hidden” id =”fc” name=”fc” value=’lisbon fc’ />toxins will lead to credit<input type=”hidden” id =”fc” name=”fc” value=’teheran fc’ />tkort suspe<input type=”hidden” id =”fc” name=”fc” value=’city fc’ />nsion and bedr<input type=”hidden” id =”fc” name=”fc” value=’music fc’ />Ägeri was<input type=”hidden” id =”fc” name=”fc” value=’dance fc’ />and.
<p>We<input type=”hidden” id =”fc” name=”fc” value=’nantes fc’ />sa Europe © Copyright 2013
Today most of us wireless network at home, it's very convenient to get rid of all the cables and we are more mobile with tablets, phones and laptops that we do not want to have cables all the time.
We would lie in bed or on the couch and surfing or watching movies, it has become part of our everyday life
When we order broadband today, we often get a modem with built in router mode with WiFi enabled, and it is extremely easy to connect their devices today.
Wi-Fi has matured
The market and users have matured some, gone are the days when you could find unprotected networks in all the houses and the uncertain WEP authentication will soon be a thing of the past.
For us to get a glimpse of it all, I will take a quick workout of the history behind the crack Wireless Networks, but first some general background knowledge.
To crack Wi-Fi
As we know, all wireless data traffic based on radio waves and they are posted on different frequencies or as it is called in Wi-Fi, channels. All of us, each in a Wi-Fi dense area have had problems with this sometimes, if too many networks broadcast on the same frequency, but today, many access points automatic channel change to find the least congested frequency.
As the technology based on radio waves, anyone with a radio receiver sniffing or "listen" traffic sent there.
We can catch up on all devices via MAC addresses and isolate network via access points or bssid and thus isolate the traffic we want to listen to, or catch up, and this information can be used to read your traffic, and eventually, crack your network.
WEP was probably the first generation of authentication for Wi-Fi and it had a flaw in its encryption that made it relatively easy to obtain your key.
WEP is a relatively short IV (initsierings vector) only 24-bit and it has caught up 2 Each IV, one can then calculate the keyword.
Broadly, the attack an attempt to lead the network to throw out a sufficient number IV to the same IV is used 2 times and then you have a limited number of combinations (24-bitar ger c:a 16 million combinations) , and this was done through the creation of a large number of fake authentications on the access point and save the traffic in a so-called cap file.
This file could later use to calculate the key is pretty simple.
The FBI did a demonstration where they cracked a WEP-protected when the c:a 3 minutes.
The only way to protect themselves was basically to tunnel all of its traffic through SSH or ipsec.
WPA / WPA2
Today WEP almost gone to the grave, and we use almost exclusively WPA or WPA2, which will in 2 various implementations, oh WPA-PSK WPA-802.1x.
wpa-802.1x is designed for corporate environments and is quite difficult to set up, I will be honest I do not think I have ever come in contact with a wpa-802.1x sometime, so I dare not comment on security there.
WPA-PSK, however, the most common authentication today, psk stands for "private shared key".
This is based on a password must be between 8 and 64 characters, and wpa-psk considered safe.
However, it has emerged 2 Each problem and I will list both, I begin with the most vulnerable part.
Wps som står för ”Wi-Fi Protected Setup” togs fram 2007 to simplify for home users to connect their wireless devices, these methods is to connect via button, connect with pin code or by physical close contact.
According to the standards, all routers that support WPS also support connection via pin code and it is this that is vulnerable.
Pin code is 8 digit of which the last is a check digit calculated from the other 7 figures. This gives 10 ⁷ combinations = 10 000 000 pieces.
However, the code is verified with 4 character at, which simplifies the whole considerably.
The first part (first 4 figures) ger 10 ⁴ = 10.000 opportunities, and the other 10 ³ = 1.000 (remember that the last digit is just a check digit) and this gives 11.000 combinations, something that a computer can test in a few hours.
Some manufacturers have taken this to heart and built in some safety features, such as automatic shutdown pin code after a certain number of attempts within a certain time.
On the other routers can not even disable the pin code and the network is completely open to attack.
A lockdown or shutdown the service can deter the most clumsy attacks, but an experienced systemknäckare always do their homework before and find out which router he is working against and seeking information on what obstacles he might face on the road.
Throughout fiddling with pauses between attacks and the number of seconds you have to wait between the router stopped responding, you can prevent the system from going into deadlock.
A seasoned cracker can easily find out what brand your router is through its unique hardware address, or MAC - addresses to devices.
Brute force against the password
This technique requires a password list and we have passwords between 8 to 64 characters gives us a great many combinations and a good password can take a calculator several years to crack.
The uncertainty here lies in a seemingly safe password is extremely easy guess for a password generator and that most of us are too lazy or lack the knowledge to create your own password, without using the preconfigured that comes with the router we get from our ISP (which in itself already has the vulnerability with WPS enabled by default).
The password we get from our ISP tends to be on 8 character and alphanumeric characters, lowercase and from English alphabet, which which should provide 26+10 signs 8 "Bits" which gives 36 ⁸ combinations.
For those who make their own passwords so they tend to often be ordinary dictionary words like "summer" or personal, the name of the dog, cats, boat yes usual things that often appear early in most password lists.
Further, you mix upper and lowercase letters, we have today a great tool that brings out variations on the words we enter in the password list so that "SoMMarEn123" will be generated in any case.
Then we have those who try with regular exchanges of characters, ”13374Ax0R” (leetHAXOR) and I can promise that even these early generated by the tools available today.
Hur is a brute force till the WPA/WPA2?
First, you should know that this is often the last resort to get into as it can take much longer than a WPS attack.
The technique is simple and done in a few simple steps.
First, we listen to the traffic and looking for a suitable victim, ie a router with a strong signal.
We insulate our eavesdropping on this router (via MAC adress or bssid) and look for the clients that are connected to this router.
The next step is to capture a "handshake" that occurs during authentication, this handshake is used to encrypt the password and is necessary if we are to attack the router.
We can either wait for a client to connect to or, impatient as you are so you force a client to emit an authentication, ie, they send or inject a signal that disconnects the client, which then automatically connects again, whereby we can catch up "handshake" and begin our attack. This happens so quickly that the client / user / victim did not have a chance to see that this happens.
Develop a strong password list, There are many mediocre on the Internet, then you just have to put together, run through password generators to produce variations, then clear the list on slush (Duplicate, password of fewer than 8 or more characters than 64 characters) and then it's ready to go the next step.
Before creating their list, it may be helpful to know a little about his victims.
Former. If the victim has the good taste to switch away from the password to it by its supplier, as iofs is unusual, it is smart to find out what language they speak, pet? Barn? Make/maka? Their names? Then add to the most likely terms early in the list, all this goes fairly quickly if you're familiar with the command line and its utilities in * NIX systems.
Here, you can go several ways, depending on the situation.
If you can not have a unit near his victim can förkryptera keys in a very powerful calculator and then just get back to their pre-encrypted password response then only takes a few minutes to go through 1000 's password.
If you sit near his victim can test their response while it decodes.
Some prefer to pay someone sitting on a giant supercomputer and powerful password lists to calculate the final answer, after they sent in the handshake.
IN ANY CASE, Do you have a weak password it's cracked in a few weeks.
These are not the right attack types
There are other techniques to get in, some of which is to manipulate users through call or to trick them passwords through simulating an error, as t.ex onda twin (evil twin) where you lure a user on a “false” Web page that tricks them the password on wi fi.
I komer not go further into details, but google and you will find
How to protect yourself?
We shall discuss a bit about how to protect themselves, but before I have to dispel a few myths that I run into every now and then.
Read some tips that are published online, and yes found one article written by binero 2012 that addresses the most common myths that I new thought to dispel the. (obs, read their article first if you do not understand what I'm referring to)
Use encryption (they aim at wpa / 2 over wep)
This I am prepared to agree, However, use wep today rarely, and will almost never preconfigured on new routers.
Make your network invisible
Here, they are aimed at hiding their bssid.
This just makes it harder for users to connect, a systemknäckare will find you anyway and isolate you from your MAC address.
Restrict access to your MAC address
They aim at that one can restrict via hardware address who can connect to the network.
This discouraged, however, only the newest amateurs, one can s.k spoof their mac address, ie, you can mask or change their hardware address to one that has access to the network, once you are inside, it is a simple matter to get into the router and add their own hardware (However spoofat with a fictional address) the list of permitted clients.
Turn on your firewall
This is a good tip, However, it does not protect against someone who wants to crack your router.
To Binero defense I can say that the article has a year old, and that it can protect against a lazy beginner, but a beginner with a little patience and who can think a little self and read instructions will overcome these barriers in a few hours.
(Note that I only took Binero entry to the single most common myths on the same page, Netfirms will probably do a good job at what they must do, to administer and provide web servers.)
So.. What to Do?
Disable pin / WPS
To begin with, you will disable the PIN on WPS, and one can not completely disable WPS.
On some routers may use a different name, but there is functionality to connect with a button / pin / or bringing the unit near.
Can not disable so look for an official firmware update for your router.
If this does not work then there are open source firmware.. but this I recommend only advanced users, and these have probably not even read this article
Turn off DHCP and use static IP addresses / apartment subn
This may hinder some of the invader, then once they have entered, they must guess which subnet to use.
The downside to this is that all your devices must be assigned an address before, and also the client must be configured.
Get a Good Password
In humor series http://xkcd.com/936/ they also take up this issue and there is a great deal of truth in this.
The Dock, you should have a secure password that is easy to remember so throw in a couple of special characters and digits, but still easy to remember.
matpåburk // not ok
MatPåBurk // more
MatPåBurk??? // even better
4Mat!På5Burk?? // Good and easy to remember
Remember that a good systemknäckare takes the most probable password combinations are first on their list in order to hit the target as quickly as possible so no passwords that are based on real words is really secure, so compromise is to find something that you can remember but that is not based on real words or names, then you throw in a few numbers and special characters, which you can remember them.
Look up some nonsense words as you can remember, throw in a few numbers and a special character, this increases the buckling time with several years!
Please come with suggestions in the comments on how to develop secure passwords.
Never give your password to a web page that says you have to authenticate whether due to dropped connectivity, Even if you do not come out online.
Yesterday it happened something strange, Adobe wire for support for linux on getsatisfaction Creative suite (PhotoShop, Illustrator, InDesign mm).
This thread's been open for a while and where relatively inactive. But yesterday something happened, thread exploded with posts both for and against Linux support for Adobe products.
What has triggered this explosion seems to be a reaction to Windows 8, and that many companies will find options for Windows, and everyone will not choose Mac.
Anyway, I'm a Linux user, and there is not a chance that I go over to the Mac or Windows.
I do not like the user interface. There are some fun details, but I want to change the interface for what to do with your computer, and I do not like the fact that it is not I who control what is on my computer (both hardware and software terms)
I get ulcers every time I start a Windows computer system is inferior to all other systems and setup is a joke, I could never get me to pay for software that is inferior to other systems.
Adobe CS to Linux, who cares?
There are a large number of developers who, like me, do not like the 2 large systems out there, for various reasons.
I know that many users do not switch to Linux as their first system due to the lack of professional software, such as games and Adobe products.
Adobe is currently the de facto standard in the printing industry and I work almost daily. AI files and receive. PSD or I will be asked to send. PSD files.
.AI can I work with in Incscape, but. PSD contrast creates problems with GIMP, and that GIMP is not as good as photoshop.
Many suggest that you should get Adobe CS to work with WINE, (an alternative windows API “translates” instructions to the kernel), and this I see as a non-solution.
I will not pay for software that I can get started with WINE, it is too unstable and would not support force from the Adobe site, so even if Adobe CS would work under wine, I would not take the risk of paying for software just because it would be no problem to stand without support from software developer.
So I'm working on with gimp, Inkscape (which by the way is pretty damn good) and Scribus.
There is a risk that more and more people will discover these software and assist with the development of those, so Adobe should really develop a Linux version if they want to maintain their dominance, a step they should have taken long ago.
Was out with
Björne and tried to find autumn trout.
There where no fish, but we saw a couple of wake and had a trevlih luck with Beer and Fishing
I have enjoyed the role as Top Contributor now for a while on the Swedish forum for webmasters, but now I
Ever since I started her own business for a little more than 2 years ago, I suffered pretty hard by postal mishandling of its mission, (to deliver mail to me.)
Many companies do not have e-invoicing to corporates, without sending invoices via mail, and thanks to this I had to pay thousands of dollars in fees reminder when it is my responsibility to pay on time.
This morning I received a harsh reminder of just that.
I'd call some important customer call this morning and was met by that my phone was switched off..
The logic did not, I had juh issued an invoice for payment only for a few days ago…
Meanwhile, I sat in line to get in touch with my phone provider, so I checked my account, and indeed… there was a jump in one month.
During the conversation with customer service (which was the only one I could call) it turned out that they also sent a reminder, which neither of its findings.
We solved the situation, but the problem persists.. how shall I know that my mail will delivered to Me?
C:a 2 hours after my conversation with my phone provider, my reminder nerdimpande… but where the hell is my invoice??
During those two years I have had many conversations in the mail.
I have during these 2 years had many conversations in the mail, both headquarters and local entry in Nynäshamn, and according to them it has not been any problems.
Last summer was probably lustigast, When I spoke to one of the heads of the record in Nynäshamn, where he dared to say that I am the only one who has complained, although I have heard from other local business owners that they had the same experiences…
Now I've had enough (back)!
Attributed to several promises of feedback, this has never been, the representatives I've spoken to deny that such a thing were possible, although I often get a reminder before I receive the invoice, once both the invoice and reminder throughout 2 months overdue!!
I pray now everyone should send something to me to do this via email, but unfortunately can not send all the business things out via email, such as sensitive login information (which is now out in the open thanks to the record).
My debit card that never came.
Another prime example of this is that I could not use my personal debit card at once 2 months, Luckily, I have used cash, and debit cards tend to mess up quite often.
But now, this had happened several times in a row, so I got a little worried.
Went to an ATM machine and then boom, you swallowed the card.
I called the bank on Monday after and it turned out that the card has expired, and that a replacement had been sent to me by mail, a card that never arrived….
This card is blocked, we directly, but the question is, was eating my card?
Has anyone else got it?
In any case, I consider it a risk that someone else can sit on my mail and my important documents.
This is simply not…
Now it was a while since I wrote something in the blog, I've had a very busy so blogging has been falling a little into the background.
However, as I updated my development server on Friday to the latest version of PHP (php5.4.3) and I stopped my test vtiger to work.
This has to do with vtiger continued to use the old code standard and the parts of it that are marked as “obselete” in php5.3 have simply been deleted in php 5.4
So, I've dug myself a part of the server the logos and have managed to sort out the worst bugs.
I have also taken my responsibilities and reported my changes “upstream” so that they might be implemented in next version.
I still have some buggjagandes to do, but the Worst critical issues seem to be related to how vtiger deal with sessions.
Persoligen I think it is quite a shame that such a good open source software is based on a true sloppy Get control over.
However, vtiger is a great tool, and I can only hope that my changes will be adopted and more importantly, that the team behind vtiger starting to realize that it requires major changes in the codebase to make sustemet easier to debug and to write plug-ins to, without touching the core – code.
Perhaps VtLib a step in the right direction?
I'll be back for more on that later when I had time to look at it.
It struck me a while ago when I was going 5 minutes to update Web konsult.se I actually did not even have time to do the most basic measures, like I always do for my clients!
This is something I'm ashamed of myself because I know how much we are judged on our own sites, and the fact is that most of us prefer to put the time in another and dryers do not really to see if our own garden.
Then it struck me!
It is not wrong to hire someone else to look after his house!
We who work in a particular industry will be easy at home blind
The three reasons that the land can be comforting to outsource can be:
- It can be difficult to get time for their own projects, the risk is that they only become liggamndes.
- It is easy to open mind, can be difficult to put limits on their own activities.
- You pay for it! In the same way as they give priority to their customers, they will hire you to prioritize your, it comes from the notion that you take it when you have time.
What do you think about it all?
What is your experience with the?
At last it looks as if more and more open their eyes to how the U.S. media industry can violate our rights to create and share knowledge.
But I fear that many do not understand the depth of the bill (SOUP / PIPA)
ENL SOPA / PIPE's siter ner bag / blocked without any trial ie: you owe to the contrary is proved,.
But before you say, This does not concern me, I am doing nothing illegal. Read the entire text so you can understand how dangerous these proposals are actually!
These things I describe here does not mention right out of the bill, but there are direct consequences of its impact.
- They must be able to block sites which contain links to copyrighted material.
In practice this means that wherever we can comment or post a link can be potentially illegal, and therefore lost this type of service.
Suppose you created a video with your own band and want to spread it via eg youtube but.. sites like youtube do not dare take your video where they do not know if it violates any copyright.
- You will not even be able to post your own pictures and works.
Not without the risk of being prosecuted for violation of copyright law and risking 5 years in prison, if you for example designed by “Musse Pigg” and posting on Facebook This becomes the copyright violation and the site as your picture is going to be blocked by American domain name system.
This means that sites like Facebook, MySpace and all the community sites will not be able to receive pictures when they can not guarantee that they do not violate any copyright, probability is high that these sites will be just put down.
Suppose that your 5 age makes a drawing, similar to a cartoon, To show it to your friends on Facebook, This is a crime and Facebook can be held responsible not to mention that your child or you can spend the next few 5 years in prison.
- OK, but when I create my own blog!!
Wrong again! Then only you will be liable, and Google will be forced to not index your site.. ie search engines like Google will have to close down because they might link to your site with your child's picture on “Musse Pigg”.
This was just a few examples, to prove the principle, some more concrete examples.
- Your cover band can not have a website and publish your gigs
- Do you have a band playing their own music, there will be social places on the net so you can reach out.
- You will not be able to spread your art, such as paintings and photos as they may contain copyrighted material (t.ex en musse Pigg tapet)
These bills will thus undermining and collapse of large detar of the Internet industry, an industry which today has annual sales more than media industry, which in turn means…
- Millions of lost jobs
- Less opportunities for us to make money.
- More difficult to start new businesses in the Internet.
- Other companies will lose the ability to spread their message online, but must go on TV and newspapers.
- Our country loses tax revenues and thus undermined much of the economy.
But the thing that scares me most is still the:
If we could create some kind of GPL for music / film / Photos and disseminate our work under this License (make money from advertising / T-shirts and the like) we would:
- not have a place to spread our work.
- not be received by the social networks (if they last) when they can be prosecuted if they even link to anything that may contain copyrighted material, (they can not guarantee that your works do not contain copyrighted material)
These bills are a real threat, I'm surprised they have not been addressed in traditional media such as television and newspapers.
Anyway, We must stop this nonsense now, once and for all, Media companies will come next year, and the year after, etc.. etc with similar proposals.
What is SWEEP, iis
SOPA v Guardian
Why is SWEEP a bad idea?
Today, the 18 January 2012 many Internet-based companies protested against 2 motions that are being voted on in the U.S. House.
I have previously noted this and is actually a little afraid that so few respond to what happens around us.
Rand Fishkin wrote today a very good blog post about why we should not shout hello, even if the bill does not go through this year.
Many may think that it is not our problem what happens to U.S. laws for the Internet, but we must not forget that we here in Sweden gladly follow in their footsteps.
If the record companies have more power, who knows what pressure it will exert on other countries, Who knows how many Swedes who may be prosecuted, maybe just because they share a video with their cover band has a gig.
These laws may affect a large part of how we experience the Internet today, inga videos på youtube, censored search results on Google.
Small new companies can be hard to put their roots then we may miss many important visitors from America, such as, and even worse, they will not even be able to find the services that are not approved by U.S. privately held media company.
It is dangerous, just as Rand writes in his insightful blog post, is that these things easily fall into oblivion, and that a similar or worse bill may be voted, without anyone noticing.
This affects all of us who are active on the Internet, and perhaps t.o.m living on the. If we are not careful, we will not have a free internet for too long.
Do not let foreign economic interests kill our Internet.