JAWW (beta)

The ward is a factory for the Combine

Category Archives: Security

is BrowseHappy.com hacked again?

oh, noes, it appears our old fella browsehappy.com is hacked again!

O, NOES -- HAKID EGAN! RLY?

O, NOES -- HAKID EGAN! RLY?

(don’t bother deleting this topic. it’s cached)

Browse Happy Online Worry-free

Browse Happy. Online. Worry-free

and finally the source of HTML code. every footer’s affected.

source code of hacked browsehappy.com

source code of hacked browsehappy.com

now, I wander whether cache of the search engines constitutes a valid reliable source? and if so should the WikiPedia entry on BrowseHappy.com be updated (including the Matt’s rollback of the previous ‘hack’)?

Terms of Use and Abuse of this blog (alpha)

The gist

We (the folks behind the options handle) run a blog and would not like at all for you to use it. Although our basic service is free, we do plan to charge you for advanced features such as <to be done, please help me — comments on what advanced features we could charge you are greatly appreciated ;->.

Our blog is designed to give you as little control and ownership over what goes on our blog as possible and encourage you to not express yourself freely, but instead, be responsible in what you send us in your comments.

In particular, make sure that none of the prohibited items listed below appear on comments or get linked to from comments (things like spam, viruses, hate content, etc), i.e. work by the Super-Akismet yourself, guys. 

Please make sure you read through the list and the rest of the terms and disagree with them before you get started to comment or contribute by another means on this blog.

Creative Commons Sharealike licenseNote, we’ve decided to make the below Terms of Use and Abuse available under a Creative Commons Sharealike license, which means you’re more than welcome to steal it and repurpose it for your own use, just make sure to replace references to us with ones to you, and even if you don’t want we’d appreciate a link to options.WordPress.com somewhere on your site.

Terms of Use and Abuse

The options.WordPress.com (currently titled ‘JAWW’) is a hosted on the WordPress.com domain and completely owned by Automattic Inc. (see below; to be done) blog (hereafter “Blog”) operated by poor me (“poor me”).

Any use of the Blog is subject to the following Terms and Conditions of Use (“Terms and Conditions” — to be done, your help is invaluable), as well as to poor me’s Privacy Policy (somewhat done, but your help is always invaluable), all of which are incorporated by reference into these Terms and Conditions. Your use of the Blog will constitute your acceptance of these terms and conditions.

Responsibility of Contributors

If you comment on this Blog, post material to this Blog, post links on this Blog to material on, or otherwise make material available by means of this Blog (any such material, “Content”), you are entirely responsible for the content of, and any harm resulting from, that Content. That is the case regardless of whether the Content in question constitutes text, graphics, an audio file, or computer software. By making Content available, you represent and warrant that:

    • the downloading, copying and use of the Content will not infringe the proprietary rights, including but not limited to the copyright, patent, trademark or trade secret rights, of any third party;
    • if your employer has rights to intellectual property you create, you have either (i) received permission from your employer to post or make available the Content, including but not limited to any software, or (ii) secured from your employer a waiver as to all rights in or to the Content;
    • you have fully complied with any third-party licenses relating to the Content, and have done all things necessary to successfully pass through to end users any required terms;
    • the Content does not contain or install any viruses, worms, malware, Trojan horses or other harmful or destructive content;
    • the Content is not spam, and does not contain unethical or unwanted commercial content designed to drive traffic to third party sites or boost the search engine rankings of third party sites, or to further unlawful acts (such as phishing) or mislead recipients as to the source of the material (such as spoofing);
    • the Content is not obscene or libelous, and does not violate the privacy or publicity rights of any third party; and
    • you have, in the case of Content that includes computer code, accurately categorized and/or described the type, nature, uses and effects of the materials, whether requested to do so by poor me or otherwise.

By submitting Content to poor me for inclusion on this Blog, you grant poor me a world-wide, royalty-free, and non-exclusive license to reproduce, modify, adapt and publish the Content with commercial (and not only, poor me needs earning money) purposes by displaying, distributing and promoting your material.

If you want to delete Content, poor me may (or may not, depending upon our current mood and a good will level) use reasonable efforts to remove it from the Blog, but you acknowledge that caching or references to the Content may not be made immediately unavailable.

Without limiting any of those representations or warranties, poor me has the right (though not the obligation) to, in poor mine sole discretion (i) refuse or remove any content that, in poor mine reasonable opinion, violates any poor mine policy or is in any way harmful or objectionable, or (ii) terminate or deny access to and use of the Blog to any individual or entity for any reason, in poor mine sole discretion. poor me will have no obligation to provide a refund of any amounts previously paid.

Read more of this post

0-day vulnerability in Microsoft Word: Do Not Open Untrusted Microsoft Office Documents!

Secunia logo

Microsoft Word Unspecified Code Execution Vulnerability

Secunia Advisory: SA20153
Release Date: 2006-05-19
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office XP
Microsoft Word 2002
Microsoft Word 2003

A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to an unspecified error. This can be exploited to execute arbitrary code.

NOTE: This vulnerability is being actively exploited.

The vulnerability has been reported in Microsoft Word 2002 and Microsoft Word 2003.

Internet Storm Center Infocon Status

“We are still analyzing the trojan dropped by the exploit. What we do know is that it communicates back to localhosts[dot]3322[dot]org via HTTP. It is proxy-aware, and “pings” this server using HTTP POSTs of 0 bytes (no data actually POSTed) with a periodicity of approximately one minute. It has rootkit-like functionality, hiding binary files associated with the exploit (all files on the system named winguis.dll will not be shown in Explorer, etc.), and invokes itself automatically by including the trojan binary in HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run.

Note that, as of this morning, no anti-virus signatures detected this file as problematic according to virustotal.com

Have You Ever Seen Such a Big Security Hole?

Click on the thumbnail to enlarge screenshot // Owned IP address 0day SSH/RPC exploit

just wander whose unlucky owned IP address is that?

Security Is a Top Priority for You

Thom Robbins announces the upcoming MS sponsored Security Summits. creatiff MS copywriters enabled it with the following slogan:

“Security is a top priority for you and a top priority for M$.”

BU-A-GA-GA!

Read more of this post