The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,861 other subscribers

Archive for the ‘Security’ Category

« Previous Entries
Next Entries »

Thread by @malmoeb on attacks: Visibility is key for eradication

Posted by jpluimers on 2024/06/28

[Wayback/Archive] Thread by @malmoeb on Thread Reader App: Visibility is key for eradication.

The thread is about attacks on networks with Windows machines, but the concept works on all networks.

Start of thread: [Wayback/Archive] Stephan Berger on Twitter: “1/ Visibility is key for eradication 🥷 In a recent IR case, the TA created persistences with #QakBot on almost every system in the network. If only individual systems in the network were forensically examined, one or more infected systems would undoubtedly be missed. 🧵”

The gist is to setup your network monitoring in such a way that you can quickly identify compromised systems based on network traffic patterns.

–jeroen

Posted in LifeHacker, Pen Testing, Power User, Security, Windows | Leave a Comment »

Cyberteletekst

Posted by jpluimers on 2024/06/17

With the ever decreasing content on Teletekst and and Teletext, this is so cool: [Wayback/Archive] Cyberteletekst

Via:

–jeroen

Posted in Cable TV/Radio, Hardware, History, Power User, Security | Leave a Comment »

Script alternatives to the Windows-L keyboard shortcut (SwitchUser / LockWorkstation)

Posted by jpluimers on 2024/05/23

More than a decade ago I wrote about Programmatic alternatives to Windows-L keyboard shortcut (SwitchUser / LockWorkstation).

Still, I see many scripts invoke rundll32.exe or  to call the [Wayback/Archive] LockWorkStation function (winuser.h) inside user32.dll. Don’t!

The BOOL LockWorkStation()function has a calling convention that is incompatible with rundll32.exe () which will corrupt the call stack likely will lead to random problems as after two decades, this post from Raymond Chen still holds: [Wayback/Archive] What can go wrong when you mismatch the calling convention? – The Old New Thing

Read the rest of this entry »

Posted in .NET, Batch-Files, C#, CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Security, Software Development, Windows, Windows 10, Windows 11, Windows 7, Windows 8, Windows 8.1, Windows Server 2016 | Leave a Comment »

Albert Heijn needs to give their AH-mobiel pre-paid user-experience more love

Posted by jpluimers on 2024/05/09

If you have an prepaid Dutch AH-mobiel SIM card, topping it up or refilling is a hell as none of the web-links you get via SMS or top vouchers function.

When you get an SMS warning that your account is almost running out, it contains the link to [Wayback/Archive] ah.nl/opwaarderen which has no indication how to refill.

When buying a refill voucher at the Albert Heijn store, it contains two links that lead to HTTP 404 error pages:

Albert Heijn has their own [Wayback/Archive] ah.nl domain (which sometimes is totally down), but the refill link is on a completely different domain which – from a phishing point of view – is ideal to lure people into other refill pages.

The only Albert Heijn web-page linking to the actual refill link is [Wayback/Archive] Sim Only | Albert Heijn: ah.nl/over-ah/winkelservices/mobiel/sim-only.

The on-line refill link is [Wayback/Archive] AH mobiel opwaarderen: https://reload.alphacomm.network/web/ah which raises all kinds of red phishing flags:

Read the rest of this entry »

Posted in Cellular telephony, Development, Power User, Security, Software Development, Telephony, User Experience (ux), Web Development | Leave a Comment »

RBAC: root based access control

Posted by jpluimers on 2024/04/01

From a while ago, but a good day to share this:

Although for some scenarios, having two roles “all access” and “no access” is quite sufficient.

–jeroen

Posted in Access Control, Apri1st, Fun, Power User, Security | Leave a Comment »

XZ 5.6.x are backdoored and present in many systems: downgrade to 5.4.x or earlier now; consider libarchive compromised until proven otherwise

Posted by jpluimers on 2024/03/30

Edit 20240331: because of

https://mastodon.social/@kobold/112183756981119562

Debian is working on reverting back to even earlier than 5.4.x

[Wayback/Archive] #1068024 – revert to version that does not contain changes by bad actor – Debian Bug report logs

> I'd suggest reverting to 5.3.1. Bearing in mind that there were security
> fixes after that point for ZDI-CAN-16587 that would need to be reapplied.

Note that reverted to such an old version will break packages that use
new symbols introduced since then. From a quick look, this is at least:
- dpkg
- erofs-utils
- kmod

Having dpkg in that list means that such downgrade has to be planned
carefully.

Original post:

Everything I know about the XZ backdoor

Note that because of the Wayback Machine limit of 5 archivals per URL per day, the archived versions are rapidly getting out-of-date.

It is way worse:

[Wayback/Archive] Thread by @_ruby on Thread Reader App – Thread Reader App

@_ruby: The setup behind the CVE-2024-3094 supply-chain attack is fascinating. I originally wanted to finish and share a tool to audit other OSS projects for anomalous contributor behavior, but I feel what I found tr……

How it was found:

Analogy on how it was found:

Via:

Related:

If you are running homebrew on a Mac, then update too:

Of course this “XKCD dependency” adoption applies:

[Wayback/Archive] GJ4KvbeWIAAS_mu (535×680)

Posted in C, Compression, Development, Infosec (Information Security), Power User, Security, Software Development, xz | Leave a Comment »

Walls and Ladders when pasting e-mail on account sign-up forms: Paste It – Chrome Web Store

Posted by jpluimers on 2024/02/06

In a game of Walls and Ladders (similar to Arms Race), the Ladders usually win, see the references at the end of the post.

The actual “game” in this case is more and more sites trying to build walls prevent pasting credential related information like user IDs (often e-mail addresses) or passwords often citing “more safety” or “less security risks”, and users get taller ladders wanting to do just that because of their own security concerns:

[Wayback/Archive] Stef 🎈 on Twitter: “Dear mobile/web-apps, please never never disable copy and paste “due to security reasons”. -everybody with a password manager.”

The walls will always loose so it is better to invest the money for the walls into other security measures.

Given that most of the risks are web-sites getting that information exfiltrated, I wish they put more energy into bolting down that side of the security risk side than the hampering legitimate users entering that information in the first place.

Since so many of these sites have leaked my information in the past, any email address I use for activating an account is like 50 characters long. Something I am not going to type once (because of typing mistakes) and definitely not twice (to confirm I did not make typing mistakes).

Read the rest of this entry »

Posted in Authentication, Chrome, Clipboard, Development, Google, HTML, JavaScript/ECMAScript, Power User, Scripting, Security, Software Development, Web Development | Leave a Comment »

Today is the day that video identification died.

Posted by jpluimers on 2024/02/04

[Wayback/Archive] Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’ | CNN

Via:

--jeroen

Posted in Power User, Security | Leave a Comment »

PRANK: Windows XP Updates

Posted by jpluimers on 2024/01/25

This one is cool: [Wayback/Archive] PRANK: Windows XP Updates.

Note that unlike the screenshot below, the actual prank does count the percentage. The actual page does.

You can start this one and various other OSes plus Windows versions and other pranks via [Wayback/Archive] FakeUpdate.net – Windows Update Prank by fediaFedia (at the time of writing Windows 98 install, Windows Vista update, Windows 8 update, Windows 7 update, Mac OS boot, Windows 10 install, Windows 10 update, steam and “fake ransomware”).

It is a cool and relatively harmless way of teaching people to use their lock screen when away from their machine (Windows: Win+L, Mac OS: Ctrl+Shift+Power).

Read the rest of this entry »

Posted in Awareness, Fun, Power User, Security, Windows, Windows 10, Windows 11, Windows 7, Windows 8, Windows 8.1, Windows 9, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Vista, Windows XP | Leave a Comment »

Threads by @BillDemirkapi about the Okta Breach by LAPSUS$

Posted by jpluimers on 2024/01/16

There are many interesting threads about the Okta breach (via Sitel) by LAPSUS$.

Two of them in reverse chronological order (and their starting points on Twitter):

Read the rest of this entry »

Posted in Power User, Security | Leave a Comment »

« Previous Entries
Next Entries »