Wednesday, September 29, 2004
Apache 2.0.52 released
Those who run their own internet facing* Apache webservers (like me) need to upgrade to the latest version 2.0.52 that can be downloaded from: http://httpd.apache.org/download.cgi. This version fixes a security vulnerability that was introduced in the 2.0.51 release.
*internet facing means that your webserver is open to the public and can be accessed through the internet.
*internet facing means that your webserver is open to the public and can be accessed through the internet.
Thursday, September 23, 2004
Default login and password for network devices
Came across this list of the default usernames and password assigned to network devices like routers, gateways, switches etc.
I have always wondered, why do device manufacturers put in the same default password for all the units of a particular product. Eg, all Netgear MR814 routers would have the same password - "password". Isnt it possible for manufacturers to generate a different password on every router and then they could add a password sticker either in the casing or on the manual. Is it really that difficult? With consumers lapping up wifi routers, we need to atleast have the basic password security taken care of. No amount of encryption strength can save you, if you have a weak or default password.
Needless to say, you should change the password (and if possible also the username) of any network device as soon as you install it. At the bare minimum, the password should be alphanumeric and atleast 8 characters long. For corporates, enterprises and businesses the network devices need to have stricter password rules.
I have always wondered, why do device manufacturers put in the same default password for all the units of a particular product. Eg, all Netgear MR814 routers would have the same password - "password". Isnt it possible for manufacturers to generate a different password on every router and then they could add a password sticker either in the casing or on the manual. Is it really that difficult? With consumers lapping up wifi routers, we need to atleast have the basic password security taken care of. No amount of encryption strength can save you, if you have a weak or default password.
Needless to say, you should change the password (and if possible also the username) of any network device as soon as you install it. At the bare minimum, the password should be alphanumeric and atleast 8 characters long. For corporates, enterprises and businesses the network devices need to have stricter password rules.
Sunday, September 19, 2004
Nigerian emails bounty share emails
I received an email late this evening, that was written by some "OKELEKE DUNBI" from the "BILL EXCHANGE DEPARTMENT, STANDARD BANK LTD, SOUTH AFRICA". Mr. Dunbi, wrote in to inform that there was a huge sum (US$10,000,000.00 to be precise) lying in his bank account and if I responded with the details of my personal saving/checking bank account we could divide the sum between us. Since, that money originally belonged to some warlord/king (who has been mysteriously killed now), he is trying to save the 'fruits of the old mans labor'.
I am sure, you might have guessed by now that this is one of the classic Nigerian/Zimbabwean/South African/Sierra Lone/Ivory Coast spam mails that are sent out to unsuspecting people. Yes, this is indeed the world famous Nigerian scam also known as the '4-1-9' or the 'Advance fee fraud'. To know more about this fraud check out this link: http://www.secretservice.gov/alert419.shtml
Rememeber mom's advice? If something is too good to be true, it probably is. Never ever respond back to such emails. Firstly, no one in their right mind is ever going to divide a few million dollars with you just for the fact that you happened to respond back with your bank details. Secondly, if they even had a few million dollars to share, do you you think they would be sending out anonymous emails?
Here are a few details worth nothing on these kind of emails:
1. The entire email is written in CAPITAL LETTERS.
2. It is from some guy in Sierra Lone, South Africa, Ivory Coast, Nigeria or some other war infested location in Africa.
3. The email is sent from a public (free!) email provider account like netscape, yahoo, msn etc. Eg. I got an email from "Mr Okeleke Dunbi", while the email address said "cybercafe40@yahoo.co.in". You get it? exactly!
4. No phone number to call mentioned in the email.
These scams have been well publicized and there are websites that inform visitors how to identify these kind of scam emails and warn them about the perils of responding. But do people still fall into these traps? You bet. The Nigerian scam is an 'industry' and employs thousands of people around the globe who manage to extract money from their unsuspecting victims.
Always use a good spam filter that basically weeds these out even before they reach your inbox. (Ofcourse, I use a spam filter but dont automatically delete these kind of mails. They are just tagged as spam and delivered to my inbox. I use my spare time to perform an autopsy on these). One good spam filter is spamassassin (now adopted by the apache group). Spamassassin is opensource, free to use and that is what powers my ypjain.com inbox.
I am sure, you might have guessed by now that this is one of the classic Nigerian/Zimbabwean/South African/Sierra Lone/Ivory Coast spam mails that are sent out to unsuspecting people. Yes, this is indeed the world famous Nigerian scam also known as the '4-1-9' or the 'Advance fee fraud'. To know more about this fraud check out this link: http://www.secretservice.gov/alert419.shtml
Rememeber mom's advice? If something is too good to be true, it probably is. Never ever respond back to such emails. Firstly, no one in their right mind is ever going to divide a few million dollars with you just for the fact that you happened to respond back with your bank details. Secondly, if they even had a few million dollars to share, do you you think they would be sending out anonymous emails?
Here are a few details worth nothing on these kind of emails:
1. The entire email is written in CAPITAL LETTERS.
2. It is from some guy in Sierra Lone, South Africa, Ivory Coast, Nigeria or some other war infested location in Africa.
3. The email is sent from a public (free!) email provider account like netscape, yahoo, msn etc. Eg. I got an email from "Mr Okeleke Dunbi", while the email address said "cybercafe40@yahoo.co.in". You get it? exactly!
4. No phone number to call mentioned in the email.
These scams have been well publicized and there are websites that inform visitors how to identify these kind of scam emails and warn them about the perils of responding. But do people still fall into these traps? You bet. The Nigerian scam is an 'industry' and employs thousands of people around the globe who manage to extract money from their unsuspecting victims.
Always use a good spam filter that basically weeds these out even before they reach your inbox. (Ofcourse, I use a spam filter but dont automatically delete these kind of mails. They are just tagged as spam and delivered to my inbox. I use my spare time to perform an autopsy on these). One good spam filter is spamassassin (now adopted by the apache group). Spamassassin is opensource, free to use and that is what powers my ypjain.com inbox.
Friday, September 17, 2004
Security blog
Will be posting notes on topics such as security, hacking, vulnerabilities, social engineering, cracking, script kiddies etc. These will be simple notes that can easily be read and understood by the average joe or jane. Feel free to copy, implement, change, grab, ignore, do whatever with the notes. Keep coming back to check out this blog. Over a period of time I am going to address/warn/explain security related stuff on all the layers, starting all the way from the wire, network, operating system, application, to the human layer. Feel free to leave your comments, ideas, understanding on this blog.
Copyright Anand Jain 2004, 2005. All rights
reserved.
Webmaster
