Hakin9 asked me to be a bimonthly contributor to their new column entitled "Tool Time" and here is an excerpt of it.
"Hispasec Sistemas has managed the service, VirusTotal, since 1st June 2004. The website (http://www.virustotal.com) offers the public access to multiple Antivirus (AV) engines hosted by them to provision online scanning of individual files to uncover malware by harnessing a combination of signature-based and heuristic detection."
v3.0
I updated "ubuntuprivacy.sh" to comment out wiping of OpenOffice history and include wiping of LibreOffice history.
#!/bin/sh
echo "\033[0;34mProceeding to clean your system to ensure your privacy.\033[0m"
echo
echo "\033[0;31mWiping Firefox history and cache.\033[0m"
#sudo srm -rllv .mozilla/firefox/*.default/*.sqlite
sudo srm -rllv .mozilla/firefox/*.default/addons.sqlite
sudo srm -rllv .mozilla/firefox/*.default/chromeappsstore.sqlite
#sudo srm -rllv .mozilla/firefox/*.default/content-prefs.sqlite
sudo srm -rllv .mozilla/firefox/*.default/cookies.sqlite
sudo srm -rllv .mozilla/firefox/*.default/downloads.sqlite
sudo srm -rllv .mozilla/firefox/*.default/extensions.sqlite
sudo srm -rllv .mozilla/firefox/*.default/formhistory.sqlite
sudo srm -rllv .mozilla/firefox/*.default/permissions.sqlite
#sudo srm -rllv .mozilla/firefox/*.default/places.sqlite
sudo srm -rllv .mozilla/firefox/*.default/search.sqlite
sudo srm -rllv .mozilla/firefox/*.default/urlclassifier3.sqlite
sudo srm -rllv .mozilla/firefox/*.default/webappsstore.sqlite
sudo srm -rllv .mozilla/firefox/*.default/Cache/*
echo "\033[0;32mFirefox history and cache wiped.\033[0m"
echo "\033[0;31mWiping Trash.\033[0m"
sudo srm -rllv .local/share/Trash/
echo "\033[0;32mTrash wiped.\033[0m"
echo "\033[0;31mWiping Applications history and cache.\033[0m"
sudo srm -rllv .recently-used
sudo srm -rllv .recently-used.xbel
sudo srm -rllv .thumbnails
sudo srm -rllv .macromedia/Flash_Player/#SharedObjects/*
#sudo srm -rllv .openoffice.org/*/user/temp
#sudo srm -rllv .openoffice.org/*/user/backup
sudo srm -rllv .libreoffice/*/user/temp/*
sudo srm -rllv .libreoffice/*/user/backup/*
sudo srm -rllv .purple/logs/*/*
sudo srm -rllv .xsession-errors
sudo srm -rllv .gimp-*/tmp
echo "\033[0;32mApplications history wiped.\033[0m"
#"ubuntuprivacy" written by commandrine.
#Please send comments and queries to commandrine[at]gmail[dot]com.
#Version 3.0 dated 22th July 2011.
#Pre-requisite is having "secure-delete" installed. Install it using "sudo apt-get install secure-delete".
#Save this script to your home folder. Run "sudo chmod +x ubuntuprivacy.sh" to make it executable.
The wiping of Flash cookies (which I blogged about previously) is also appended into this version.
#!/bin/sh
echo "\033[0;34mProceeding to clean your system to ensure your privacy.\033[0m"
echo
echo "\033[0;31mWiping Firefox history and cache.\033[0m"
#sudo srm -rllv .mozilla/firefox/*.default/*.sqlite
sudo srm -rllv .mozilla/firefox/*.default/addons.sqlite
sudo srm -rllv .mozilla/firefox/*.default/chromeappsstore.sqlite
#sudo srm -rllv .mozilla/firefox/*.default/content-prefs.sqlite
sudo srm -rllv .mozilla/firefox/*.default/cookies.sqlite
sudo srm -rllv .mozilla/firefox/*.default/downloads.sqlite
sudo srm -rllv .mozilla/firefox/*.default/extensions.sqlite
sudo srm -rllv .mozilla/firefox/*.default/formhistory.sqlite
sudo srm -rllv .mozilla/firefox/*.default/permissions.sqlite
#sudo srm -rllv .mozilla/firefox/*.default/places.sqlite
sudo srm -rllv .mozilla/firefox/*.default/search.sqlite
sudo srm -rllv .mozilla/firefox/*.default/urlclassifier3.sqlite
sudo srm -rllv .mozilla/firefox/*.default/webappsstore.sqlite
sudo srm -rllv .mozilla/firefox/*.default/Cache/*
echo "\033[0;32mFirefox history and cache wiped.\033[0m"
echo "\033[0;31mWiping Trash.\033[0m"
sudo srm -rllv .local/share/Trash/
echo "\033[0;32mTrash wiped.\033[0m"
echo "\033[0;31mWiping Applications history and cache.\033[0m"
sudo srm -rllv .recently-used
sudo srm -rllv .recently-used.xbel
sudo srm -rllv .thumbnails
sudo srm -rllv .macromedia/Flash_Player/#SharedObjects/*
#sudo srm -rllv .openoffice.org/*/user/temp
#sudo srm -rllv .openoffice.org/*/user/backup
sudo srm -rllv .libreoffice/*/user/temp/*
sudo srm -rllv .libreoffice/*/user/backup/*
sudo srm -rllv .purple/logs/*/*
sudo srm -rllv .xsession-errors
sudo srm -rllv .gimp-*/tmp
echo "\033[0;32mApplications history wiped.\033[0m"
#"ubuntuprivacy" written by commandrine.
#Please send comments and queries to commandrine[at]gmail[dot]com.
#Version 3.0 dated 22th July 2011.
#Pre-requisite is having "secure-delete" installed. Install it using "sudo apt-get install secure-delete".
#Save this script to your home folder. Run "sudo chmod +x ubuntuprivacy.sh" to make it executable.
The wiping of Flash cookies (which I blogged about previously) is also appended into this version.
Ubuntu update error
When I ran "sudo-apt update" command in Terminal, I get the following error.
commandrine@bridge:~$ sudo apt-get update
[sudo] password for commandrine:
Hit http://sg.archive.ubuntu.com lucid Release.gpg
Ign http://sg.archive.ubuntu.com/ubuntu/ lucid/main Translation-en_SG
Ign http://sg.archive.ubuntu.com/ubuntu/ lucid/restricted Translation-en_SG
Ign http://sg.archive.ubuntu.com/ubuntu/ lucid/universe Translation-en_SG
Ign http://sg.archive.ubuntu.com/ubuntu/ lucid/multiverse Translation-en_SG
Hit http://sg.archive.ubuntu.com lucid-updates Release.gpg
Ign http://sg.archive.ubuntu.com/ubuntu/ lucid-updates/main Translation-en_SG
Ign http://sg.archive.ubuntu.com/ubuntu/ lucid-updates/restricted Translation-en_SG
Ign http://sg.archive.ubuntu.com/ubuntu/ lucid-updates/universe Translation-en_SG
Ign http://sg.archive.ubuntu.com/ubuntu/ lucid-updates/multiverse Translation-en_SG
Hit http://sg.archive.ubuntu.com lucid Release
Hit http://sg.archive.ubuntu.com lucid-updates Release
Hit http://sg.archive.ubuntu.com lucid/main Packages
Hit http://sg.archive.ubuntu.com lucid/restricted Packages
Hit http://sg.archive.ubuntu.com lucid/main Sources
Hit http://sg.archive.ubuntu.com lucid/restricted Sources
Hit http://sg.archive.ubuntu.com lucid/universe Packages
Hit http://sg.archive.ubuntu.com lucid/universe Sources
Hit http://sg.archive.ubuntu.com lucid/multiverse Packages
Hit http://sg.archive.ubuntu.com lucid/multiverse Sources
Hit http://sg.archive.ubuntu.com lucid-updates/main Packages
Hit http://sg.archive.ubuntu.com lucid-updates/restricted Packages
Hit http://sg.archive.ubuntu.com lucid-updates/main Sources
Hit http://sg.archive.ubuntu.com lucid-updates/restricted Sources
Hit http://sg.archive.ubuntu.com lucid-updates/universe Packages
Hit http://sg.archive.ubuntu.com lucid-updates/universe Sources
Hit http://sg.archive.ubuntu.com lucid-updates/multiverse Packages
Hit http://sg.archive.ubuntu.com lucid-updates/multiverse Sources
Hit http://ppa.launchpad.net lucid Release.gpg
Hit http://security.ubuntu.com lucid-security Release.gpg
Ign http://ppa.launchpad.net/docky-core/ppa/ubuntu/ lucid/main Translation-en_SG
Ign http://security.ubuntu.com/ubuntu/ lucid-security/main Translation-en_SG
Hit http://ppa.launchpad.net lucid Release.gpg
Ign http://security.ubuntu.com/ubuntu/ lucid-security/restricted Translation-en_SG
Ign http://ppa.launchpad.net/docky-core/stable/ubuntu/ lucid/main Translation-en_SG
Ign http://security.ubuntu.com/ubuntu/ lucid-security/universe Translation-en_SG
Get:1 http://ppa.launchpad.net lucid Release.gpg [316B]
Ign http://ppa.launchpad.net/moonlight-team/pinta/ubuntu/ lucid/main Translation-en_SG
Ign http://security.ubuntu.com/ubuntu/ lucid-security/multiverse Translation-en_SG
Get:2 http://ppa.launchpad.net lucid Release.gpg [316B]
Get:3 http://security.ubuntu.com lucid-security Release [44.7kB]
Ign http://ppa.launchpad.net/mozillateam/firefox-stable/ubuntu/ lucid/main Translation-en_SG
Hit http://ppa.launchpad.net lucid Release.gpg
Ign http://ppa.launchpad.net/pidgin-developers/ppa/ubuntu/ lucid/main Translation-en_SG
Hit http://security.ubuntu.com lucid-security/main Packages
Get:4 http://ppa.launchpad.net lucid Release.gpg [316B]
Ign http://ppa.launchpad.net/ubuntu-mozilla-security/ppa/ubuntu/ lucid/main Translation-en_SG
Hit http://security.ubuntu.com lucid-security/restricted Packages
Hit http://ppa.launchpad.net lucid Release
Hit http://security.ubuntu.com lucid-security/main Sources
Get:5 http://security.ubuntu.com lucid-security/restricted Sources [14B]
Hit http://ppa.launchpad.net lucid Release
Hit http://security.ubuntu.com lucid-security/universe Packages
Get:6 http://ppa.launchpad.net lucid Release [57.3kB]
Ign http://ppa.launchpad.net lucid Release
Get:7 http://ppa.launchpad.net lucid Release [14.0kB]
Ign http://ppa.launchpad.net lucid Release
Hit http://security.ubuntu.com lucid-security/universe Sources
Get:8 http://ppa.launchpad.net lucid Release [14.0kB]
Hit http://security.ubuntu.com lucid-security/multiverse Packages
Hit http://security.ubuntu.com lucid-security/multiverse Sources
Get:9 http://ppa.launchpad.net lucid Release [14.0kB]
Ign http://ppa.launchpad.net lucid Release
Hit http://ppa.launchpad.net lucid/main Packages
Get:10 http://ppa.launchpad.net lucid/main Packages [1,506B]
Get:11 http://ppa.launchpad.net lucid/main Packages [752B]
Hit http://ppa.launchpad.net lucid/main Packages
Hit http://ppa.launchpad.net lucid/main Packages
Ign http://ppa.launchpad.net lucid/main Sources
Hit http://ppa.launchpad.net lucid/main Packages
Ign http://ppa.launchpad.net lucid/main Sources
Err http://ppa.launchpad.net lucid/main Sources
416 Requested Range Not Satisfiable 20003
Fetched 61.8kB in 22s (2,794B/s)
W: GPG error: http://ppa.launchpad.net lucid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3AD52A40B98E84D3
W: GPG error: http://ppa.launchpad.net lucid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9BDB3D89CE49EC21
W: GPG error: http://ppa.launchpad.net lucid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A6DCF7707EBC211F
W: Failed to fetch http://ppa.launchpad.net/pidgin-developers/ppa/ubuntu/dists/lucid/main/source/Sources.gz 416 Requested Range Not Satisfiable 20003
E: Some index files failed to download, they have been ignored, or old ones used instead.
Turning to the Ubuntu Forum, I get advise on running the following commands to rectify the missing keys issue.
gpg --keyserver keyserver.ubuntu.com --recv 3AD52A40B98E84D3
gpg --export --armor 3AD52A40B98E84D3 | sudo apt-key add -
gpg --keyserver keyserver.ubuntu.com --recv 9BDB3D89CE49EC21
gpg --export --armor 9BDB3D89CE49EC21 | sudo apt-key add -
gpg --keyserver keyserver.ubuntu.com --recv A6DCF7707EBC211F
gpg --export --armor A6DCF7707EBC211F | sudo apt-key add -
I encountered 2 keys that still generate update errors. Heading back to the Forum, I get the following steps to rectify the issue.
sudo -i
apt-get clean
cd /var/lib/apt
mv lists lists.old
mkdir -p lists/partial
apt-get clean
apt-get update
Problem solved.
commandrine@bridge:~$ sudo apt-get update
[sudo] password for commandrine:
Hit http://sg.archive.ubuntu.com lucid Release.gpg
Ign http://sg.archive.ubuntu.com/ubuntu/ lucid/main Translation-en_SG
Ign http://sg.archive.ubuntu.com/ubuntu/ lucid/restricted Translation-en_SG
Ign http://sg.archive.ubuntu.com/ubuntu/ lucid/universe Translation-en_SG
Ign http://sg.archive.ubuntu.com/ubuntu/ lucid/multiverse Translation-en_SG
Hit http://sg.archive.ubuntu.com lucid-updates Release.gpg
Ign http://sg.archive.ubuntu.com/ubuntu/ lucid-updates/main Translation-en_SG
Ign http://sg.archive.ubuntu.com/ubuntu/ lucid-updates/restricted Translation-en_SG
Ign http://sg.archive.ubuntu.com/ubuntu/ lucid-updates/universe Translation-en_SG
Ign http://sg.archive.ubuntu.com/ubuntu/ lucid-updates/multiverse Translation-en_SG
Hit http://sg.archive.ubuntu.com lucid Release
Hit http://sg.archive.ubuntu.com lucid-updates Release
Hit http://sg.archive.ubuntu.com lucid/main Packages
Hit http://sg.archive.ubuntu.com lucid/restricted Packages
Hit http://sg.archive.ubuntu.com lucid/main Sources
Hit http://sg.archive.ubuntu.com lucid/restricted Sources
Hit http://sg.archive.ubuntu.com lucid/universe Packages
Hit http://sg.archive.ubuntu.com lucid/universe Sources
Hit http://sg.archive.ubuntu.com lucid/multiverse Packages
Hit http://sg.archive.ubuntu.com lucid/multiverse Sources
Hit http://sg.archive.ubuntu.com lucid-updates/main Packages
Hit http://sg.archive.ubuntu.com lucid-updates/restricted Packages
Hit http://sg.archive.ubuntu.com lucid-updates/main Sources
Hit http://sg.archive.ubuntu.com lucid-updates/restricted Sources
Hit http://sg.archive.ubuntu.com lucid-updates/universe Packages
Hit http://sg.archive.ubuntu.com lucid-updates/universe Sources
Hit http://sg.archive.ubuntu.com lucid-updates/multiverse Packages
Hit http://sg.archive.ubuntu.com lucid-updates/multiverse Sources
Hit http://ppa.launchpad.net lucid Release.gpg
Hit http://security.ubuntu.com lucid-security Release.gpg
Ign http://ppa.launchpad.net/docky-core/ppa/ubuntu/ lucid/main Translation-en_SG
Ign http://security.ubuntu.com/ubuntu/ lucid-security/main Translation-en_SG
Hit http://ppa.launchpad.net lucid Release.gpg
Ign http://security.ubuntu.com/ubuntu/ lucid-security/restricted Translation-en_SG
Ign http://ppa.launchpad.net/docky-core/stable/ubuntu/ lucid/main Translation-en_SG
Ign http://security.ubuntu.com/ubuntu/ lucid-security/universe Translation-en_SG
Get:1 http://ppa.launchpad.net lucid Release.gpg [316B]
Ign http://ppa.launchpad.net/moonlight-team/pinta/ubuntu/ lucid/main Translation-en_SG
Ign http://security.ubuntu.com/ubuntu/ lucid-security/multiverse Translation-en_SG
Get:2 http://ppa.launchpad.net lucid Release.gpg [316B]
Get:3 http://security.ubuntu.com lucid-security Release [44.7kB]
Ign http://ppa.launchpad.net/mozillateam/firefox-stable/ubuntu/ lucid/main Translation-en_SG
Hit http://ppa.launchpad.net lucid Release.gpg
Ign http://ppa.launchpad.net/pidgin-developers/ppa/ubuntu/ lucid/main Translation-en_SG
Hit http://security.ubuntu.com lucid-security/main Packages
Get:4 http://ppa.launchpad.net lucid Release.gpg [316B]
Ign http://ppa.launchpad.net/ubuntu-mozilla-security/ppa/ubuntu/ lucid/main Translation-en_SG
Hit http://security.ubuntu.com lucid-security/restricted Packages
Hit http://ppa.launchpad.net lucid Release
Hit http://security.ubuntu.com lucid-security/main Sources
Get:5 http://security.ubuntu.com lucid-security/restricted Sources [14B]
Hit http://ppa.launchpad.net lucid Release
Hit http://security.ubuntu.com lucid-security/universe Packages
Get:6 http://ppa.launchpad.net lucid Release [57.3kB]
Ign http://ppa.launchpad.net lucid Release
Get:7 http://ppa.launchpad.net lucid Release [14.0kB]
Ign http://ppa.launchpad.net lucid Release
Hit http://security.ubuntu.com lucid-security/universe Sources
Get:8 http://ppa.launchpad.net lucid Release [14.0kB]
Hit http://security.ubuntu.com lucid-security/multiverse Packages
Hit http://security.ubuntu.com lucid-security/multiverse Sources
Get:9 http://ppa.launchpad.net lucid Release [14.0kB]
Ign http://ppa.launchpad.net lucid Release
Hit http://ppa.launchpad.net lucid/main Packages
Get:10 http://ppa.launchpad.net lucid/main Packages [1,506B]
Get:11 http://ppa.launchpad.net lucid/main Packages [752B]
Hit http://ppa.launchpad.net lucid/main Packages
Hit http://ppa.launchpad.net lucid/main Packages
Ign http://ppa.launchpad.net lucid/main Sources
Hit http://ppa.launchpad.net lucid/main Packages
Ign http://ppa.launchpad.net lucid/main Sources
Err http://ppa.launchpad.net lucid/main Sources
416 Requested Range Not Satisfiable 20003
Fetched 61.8kB in 22s (2,794B/s)
W: GPG error: http://ppa.launchpad.net lucid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3AD52A40B98E84D3
W: GPG error: http://ppa.launchpad.net lucid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9BDB3D89CE49EC21
W: GPG error: http://ppa.launchpad.net lucid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A6DCF7707EBC211F
W: Failed to fetch http://ppa.launchpad.net/pidgin-developers/ppa/ubuntu/dists/lucid/main/source/Sources.gz 416 Requested Range Not Satisfiable 20003
E: Some index files failed to download, they have been ignored, or old ones used instead.
Turning to the Ubuntu Forum, I get advise on running the following commands to rectify the missing keys issue.
gpg --keyserver keyserver.ubuntu.com --recv 3AD52A40B98E84D3
gpg --export --armor 3AD52A40B98E84D3 | sudo apt-key add -
gpg --keyserver keyserver.ubuntu.com --recv 9BDB3D89CE49EC21
gpg --export --armor 9BDB3D89CE49EC21 | sudo apt-key add -
gpg --keyserver keyserver.ubuntu.com --recv A6DCF7707EBC211F
gpg --export --armor A6DCF7707EBC211F | sudo apt-key add -
I encountered 2 keys that still generate update errors. Heading back to the Forum, I get the following steps to rectify the issue.
sudo -i
apt-get clean
cd /var/lib/apt
mv lists lists.old
mkdir -p lists/partial
apt-get clean
apt-get update
Problem solved.
“aspydrv.asp;.jpg”
Was reading this article about an alleged Anonymous hacker uploading a file “aspydrv.asp;.jpg” onto servers to compromise them.
This piqued my interest. I Googled the above file and found numerous sites hosting this file. Further research educated me that using the ";.jpg" at the end of the ASP file can fool insecure IIS servers.
Accessing one of the vulnerable sites, I try uploading a test ASP page written by my buddy, Simon, and the file successfully bypasses the file type check. I click on the uploaded ASP page and the "Hello World" message is published on my browser.
It is a simple trick to gain control of a vulnerable webserver but timely patching and hardening will thwart this threat.
This piqued my interest. I Googled the above file and found numerous sites hosting this file. Further research educated me that using the ";.jpg" at the end of the ASP file can fool insecure IIS servers.
It is a simple trick to gain control of a vulnerable webserver but timely patching and hardening will thwart this threat.
The seedy underworld of fake AV
Interesting research done on the fake AV industry and eye-popping statistics.
"Firestarter: Starter for your Firewall"
My new article is out this month in Hakin9 magazine. It is for paid subscribers only and here is an excerpt of it.
"The firewall is the first line of defense on the network perimeter and end points. Firewalls are susceptible to targeted attacks (eg. social engineering, application vulnerabilities) but they are still the foundation upon which access control is built upon."
"The firewall is the first line of defense on the network perimeter and end points. Firewalls are susceptible to targeted attacks (eg. social engineering, application vulnerabilities) but they are still the foundation upon which access control is built upon."
Android smarphone screen capture
I wanted to take screenshots of my Android smartphone screen for my new security article and was having a nightmare doing so. It took 3 hours of research and troubleshooting to finally achieve success.
I relied on detailed information from this article to setup the Android SDK on my Ubuntu laptop.
Watch out for my new security article in Hakin9 magazine.
I relied on detailed information from this article to setup the Android SDK on my Ubuntu laptop.
Watch out for my new security article in Hakin9 magazine.
Insider threat
Friends I talk to are confident that their personal information is not important or critical but this is a scary and real example of what hackers will do with your details.
No password needed
New malware targeting Mac OS X that will not prompt users to enter their administrator password before infecting the victim's machine. Mac users and Apple can continue to be in denial but it is a reality now.
Install an AV on your Mac.
Install an AV on your Mac.
Encrypted mails
I decided to install a digital certificate for my Gmail account. This is simple and free to set up.
You need to allow outbound TCP traffic on port 465 if you have a host firewall running on your system. If you want to export the installed certificate for use in other software, click on "Preferences">"Advanced">"Encryption">"View Certificates".
- Apply for a free certificate from Comodo.
- The certificate will be automatically installed to your browser when you click on the link in the email from Comodo.
- Install the "Gmail S/MIME" addon from the Firefox addon source.
- Log into Gmail and the "Encrypt" icon is visible when you compose new mails.
Graphics Engine threat
A recently added Graphics Engine, WebGL, in Firefox 4 and Chrome 9 are vulnerable to exploit.
The article provisions solutions to disabling this component in both browsers. I will quickly summarise how to disable WebGL in Firefox 4.
Simple steps that will give you peace of mind.
The article provisions solutions to disabling this component in both browsers. I will quickly summarise how to disable WebGL in Firefox 4.
- Type in "about:config" in the address bar.
- Search for "webgl".
- Set value for "webgl.disabled" to "true".
- Restart Firefox.
Subscribe to:
Posts (Atom)
-
This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
-
I decided to install a digital certificate for my Gmail account. This is simple and free to set up. Apply for a free certificate from Comod...