I got hacked. I did it to teach you a lesson, and I’m sure you believe it.

The other day, this showed up in my e-mail:

A file change was detected on your system for site URL http://dfarq.homeip.net. Scan was generated on Tuesday, November 3rd, 2015 at 5:25 am

A summary of the scan results is shown below:

The following files were removed from your host:

/var/www/wordpress/wp-content/cache/supercache/dfarq.homeip.net/wordpress/index.html (modified on: 2015-11-03 03:23:52)
======================================

The following files were changed on your host:

/var/www/wp-content/themes/twentyfourteen/functions.php (modified on: 2015-08-19 22:24:04)
/var/www/wp-content/themes/twentyfourteen/header.php (modified on: 2015-08-19 22:24:04)
======================================

Login to your site to view the scan details.

I didn’t make those changes. Fortunately fixing it when changes appear in functions.php and header.php that you didn’t make is pretty easy.

Read more

All-in-One WP Security and Firewall plugin can be spectacular, but be careful

Over the weekend I installed the All-in-One WP Security and Firewall plugin to fix another issue–more on that tomorrow–and I ended up breaking my site. Hopefully I fixed it to a better state than it started in.

The lesson, as with many security tools, is to proceed with caution.

Read more

How to use the lock in your web browser’s location bar

How to use the lock in your web browser’s location bar

A commenter asked me last week if I really believe the lock in a web browser means something.

I’ve configured and tested and reviewed hundreds of web servers over the years, so I certainly hope it does. I spend a lot more time looking at these connections from the server side, but it means I understand what I’m seeing when I look at it from the web browser too.

So here’s how to use it to verify your web connections are secure, if you want to go beyond the lock-good, broken-lock-bad mantra.

Read more

Port 2381: What it is and how to manage it

I was doing some scanning with a new vulnerability scanner at work. It found something listening on a lot of servers, described only as Apache and OpenSSL listening on TCP port 2381. The versions varied.

Luckily I also had Qualys at my disposal, and scanning with Qualys solved the mystery for me quickly. It turned out to be the HP System Management Homepage, a remote administration/diagnostic tool that, as the title says, lets you manage HP server hardware. It runs on Windows, Linux, and HP-UX. Read more

CMD.EXE and its shellshock-like qualities

“So did you know there’s a Windows version of Shellshock?” a coworker asked the other day.

“What, Cygwin’s bash?” I asked.

“No, in CMD.EXE.”

I thought for a second, back to some really nasty batch files I’ve seen that do goofy stuff with variables and parenthesis and other reserved characters. Suddenly it made sense. Those cryptic batch files are exploiting the command interpreter to do things that shouldn’t be done. Then I smiled.

Read more

Macs aren’t the only computers that last forever

In the midst of Microsoft reminding everyone that Windows XP’s doomsday is less than a month away, Apple quietly announced that Mac OS 10.6’s doomsday was sometime last year, and no more security updates would be forthcoming for Snow Leopard.

That led to this piece about why anyone would still want to run Snow Leopard. Well, there are reasons for it–and for that matter, there are reasons why they would want/need to step back to 10.5 (Leopard). I don’t disagree with that part at all, but I do disagree with the point at the end, where he says that if you want a computer that lasts a long time, you have to buy a Mac.

Let me remind you that Microsoft is sending out reminders to people that it’s time to migrate off an operating system that hasn’t been generally available on new consumer PCs since 2007. Read more

More details on the Target hack come to light

Yesterday I read, via Ars Technica, that the malware resided on cash registers (which I’d heard elsewhere before), and that the first step to getting there was via a compromised web server.

And that led to a question in the comments, that sounds like it came from an IT professional:

don’t they have their network segregated into zones!!!? It shouldn’t be possible for a web server to touch a POS system in a store….

The commenter right, it shouldn’t be. But it doesn’t need to be, either. Read more

The Phoenix Project: A must-read book for anyone who aspires to IT leadership

After a bad day at work last week, I went home and ordered The Phoenix Project (or here it is on Amazon), started reading it, and felt better. Like Office Space, but there’s more to learn from it.

Phoenix is more realistic. Every problem every shop I’ve ever worked in is in that shop, plus some I’ve (luckily) only heard about. But unlike Office Space, it has solutions beyond burning the building down. Read more

How long does a hard drive last?

How long does a hard drive last?

If you’re asking how long does a hard drive last, I found this study on hard drive longevity last week.

I take issue with the opening paragraph but the rest of the article is very good. The opening paragraph is a bit deceptive—hard drives were anything but common 30 years ago. Even 25 years ago, they were a serious status symbol. I remember in 1988, a classmate told me his dad had just bought a computer with a hard drive, and swore me to secrecy. Why? Because in today’s dollars, a computer with a hard drive in 1988 cost around $2,000, minimum, and given that his dad was working towards his master’s degree at the time, he probably had a really hard time affording that. If you had a hard drive even in the late 1980s, you were either very rich, or you took your computing very seriously and were willing to make some serious sacrifices somewhere else.

But, like I said, the rest of the article is very good. I’m being a curmudgeon. Read more