I just found this small personal firewall yesterday while i was searching for an update for the ProcX program. Although in the end i did not get an update for ProcX, i found another good personal firewall (freeware) named Ghostwall by Ghostsecurity

At first i did not believe that there was a personal firewall with only 656 KB because all personal firewall i have tried before have at least of 10MB filesize, and that’s just the setup file before the original program uncompressed

And at last i decided to download and install this small firewall and tested it right away by using online port checking from Gibson Research Corporation website. And i get this result :

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

But i also get the same result even if i disable Windows Firewall, Ghostwall, or other firewall software. And that’s because my router does the job very fine :D

But since i really interested on testing this program … i tested it by opening a port on my computer that was used by Torrent to accept incoming connection and the results are (windows firewall disabled, beside i don’t use windows firewall) …

1. With Ghostwall Enabled (Torrent Incoming Port Allowed) : There’s no problem at all from other to connect to my computer, and the GRC website also says that the port used by Torrent on my computer is open
2. With Ghostwall Enabled (Torrent Incoming Port Blocked but the port is open) : Ghostwall successfully blocked everything that tries to connect through the open port used by Torrent (including the online port test)

And from the result i can see that this firewall worked as it should … and i tried another test by sending ICMP Echo Request known as Ping with the same condition like above … and yet another success

And the last thing i do is check, how much memory Ghostwall use. And suprisingly this program only use 1 MB of memory (checked via task manager and other similar program like task manager). Beside the highest amount of memory used by this program when i do the above test is only as small as 2.6 MB

So what is the final result ? … well … this personal firewall worked as it should, and it’s not a resource hog … and best of all it is free ! so i’d recommend this program to anyone who’s searching for small personal firewall without any other bloated stuff included

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Freeware, Network and Security, Software, Windows

Time for another wordpress upgrade, because right now there’s another update to the Wordpress 2.1.x series and 2.0.x series. And this update file contains security update from several publicly known XSS vulnerabilities and one major XMLRPC issue. Here’s what Matt said about this releases :

These releases include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the WordPress codebase to protect against future problems

And the conclusion is you’d better upgrade your wordpress installation as soon as possible to prevent issue on your wordpress installation

As an addition i’ve upgraded several blogs managed by myself to the latest wordpress version available for download without problem at all :)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 2 comments

0x87485B96 | Tags : Internet, Network and Security, PHP, Software, Wordpress

I think most of you already knew about Zone Alarm, Norton Personal Firewall, Sygate Personal Firewall, Kerio Personal Firewall / Sunbelt Personal Firewall, and many other personal firewall software. But if you run a Small to Medium sized business, i'm sure that those firewall can’t satisfy your needs especially if you got bored of pop up message saying that your application needs access to the internet and you need to make rules for it first before it can access the internet

And thanks to that annoying popup message, i decided to try another firewall software for my windows xp box from Kerio called Kerio Winroute Firewall / KWF. Suprisingly this firewall get the job very well unlike many other firewall, and it does not disturb me with annoying popup message. And if you ask me what is the main features of KWF that other firewall does not have ?

Well here’s the main features of KWF with my own explaination about it :

1. Built-in Content filtering : If you need to block specific site from displaying ads, or control which site can be accessed from your network this feature really useful for you. Other than that you can also deny web pages that contains forbidden words such as sex, porn from being loaded. Another good example is you can block Streaming files from being loaded automatically by defining it’s mime type (i'm using this to save my monthly internet usage)
2. Has Transparent or Non Transparent Proxy Server / Cache Proxy Server : This feature could be useful to you if you want to speed up your browsing experience, but if it’s for me, i use it in conjunction with Squid Proxy server installed on my machine to make it even more useful. But if you don’t run Squid cache proxy on your machine, you can also use the built in features of KWF to cache pages
3. Antivirus Scanning to scan HTTP Traffic : With the integrated McAfee Antivirus scanning engine built into KWF, it’ll scan everypage for harmful objects. But if you don’t feel like using the integrated McAfee scan engine you can also use other supported antivirus software
4. Built-in VPN : If you want to set up VPN access to your machine, you can do it easily using KWF
5. Blocking P2P Network : Let’s say, you run an internet cafe business and you don’t want your client / users to use P2P program. You can enable this feature to block all P2P network from being used
6. Sharing Internet Connection : You can share internet access within your network easily with KWF, even you can limit the bandwidth used for your client
7. DNS Forwarder, Configuring Users and more

What’s Kerio Interface Looks like ?

HTTP Policy

Traffic Policy

Filters Log

So what are the actual differences between KWF and other Firewall software ?

By default Kerio Winroute Firewall block all traffic unlike many other firewall, which means you can’t access the internet without configuring it first (of course this is the most safest way). And if there’s an application requesting access to the internet (in most case it’s going to be Online Games or MMORPG Games), you’ll need to know which port those games used to access the internet before it can access the net

And as i said before, that KWF is different from other firewal because it did not show you any popup message prompting you to insert new internet access rules

Wow .. it’s sound difficult for me to configure KWF ?

Actually it’s easy (depending on your computer technical experience), by looking at the Filters log, you can see which address and which port are used from your games easily :) But as you can see that this firewall is intended to those who run Small to Medium sized business

If it’s for business class that means KWF is a little bit expensive ?

That’s true. The KWF version with McAfee Scan Engine included cost for about $499 for 10 users and KWF without McAfee cost for about $399. But to those who are running small business, i'm pretty sure the KWF price is quite normal. For more detail you can read more from KWF Pricing page

And that’s all about it ;)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | One comment

0x87485B96 | Tags : Network and Security, Security Tools, Shareware, Software, Windows

I just found about this Firefox extension today and this extension could be useful especially to those who’s a little bit paranoid about their computer security. And here’s the Firekeeper description taken from the project page :

Firekeeper is an Intrusion Detection and Prevention System for Firefox. It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts. Rules can also be used to effectively filter different kinds of unwanted content

Other features of Firekeeper :

• Ability to scan incoming Firefox traffic - HTTP(S) response headers, body and URL and to cancel processing of suspicious responses
• HTTPS and compressed responses are scanned after decryption/decompression
• Very fast pattern matching algorithm (taken directly from Snort)
• Interactive alerts that give an ability to choose a response to detected attack attempt
• Ability to use any number of files with rules and to automatically load files from remote locations

As a note, the currently available Firekeeper release is still in Alpha stage, which main purpose is to get feedback from users about Firekeeper's functionality and to test if Firekeeper works well on various different systems. Currently Firekeeper support Linux based OS and Windows based OS

Related Link : Firekeeper Project Page – Firekeeper Weblog

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Browsers, Firefox, Freeware, Internet, Mozilla, Network and Security, Open Source, Software

It seems there’s another update for Wordpress 2.1.x users, unfortunately this time is a serious upgrade. Because the Wordpress 2.1.1 files has been tampered by unknown person. Here’s the story :

This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution. – Full Story

As always .. if there’s a wordpress update. I always check the Mark Jaquith site first to see if he is already released the small upgrade pack files for wordpress or not (this is really handy to those who’s using slow connection like myself for an example) .. but this time .. he’s not releasing the small upgrade pack :P (by the look of this post) ..

Anyway if you’re using Wordpress 2.1.1 whether you get it from the first release of 2.1.1 or not .. you should upgrade your wordpress installation into 2.1.2 because it’s already contain another fix for the recent XSS vulnerabilities on WP 2.1.1 (Ticket #3789) and some other fix as well (Ticket #3759)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | One comment

0x87485B96 | Tags : Internet, Network and Security, PHP, Website, Wordpress

I found this from SecFocus website regarding the XSS problem on Wordpress 2.1.1 (0day) yesterday .. and this new xss exploit works on version 2.1.1 .. (i’ve already tested it on my local server) – Link (SecFocus) / Link 2 (Secunia) and here’s what it said :

Samenspender has discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "post" parameter in wp-admin/post.php (when "action" is set to "delete") is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that the target user is logged in as administrator.

The vulnerability is confirmed in version 2.1.1. Other versions may also be affected.

And today, i read another possible script injection attack on wordpress <= 2.1.1 based blogging platform discovered by Stefan Friedli – Link

The only solution i’ve found so far to prevent / reduce the damage of this attack is by protecting your wordpress admin directory using .htaccess or you can also use mod_security if it’s installed on your webserver

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : Apache, Network and Security, PHP, Website, Wordpress

Google recently added a new feature by sending you an email message containing a detailed information if there’s badware found on your site. And here’s what Google said about this :

Webmaster tools notifications

Now instead of simply informing webmasters that their sites have been flagged and suggesting next steps, we're also showing example URLs that we've determined to be dangerous. This can be helpful when the malicious content is hard to find. For example, a common occurrence with compromised sites is the insertion of a 1-pixel iframe causing the automatic download of badware from another site. By providing example URLs, webmasters are one step closer to diagnosing the problem and ultimately re-securing their sites.

Email notifications

In addition to notifying webmaster tools users, we've also begun sending email notifications to some of the webmasters of sites that we flag for badware. We don't have a perfect process for determining a webmaster's email address, so for now we're sending the notifications to likely webmaster aliases for the domain in question (e.g., webmaster@, admin@, etc). We considered using whois records, but these often contain contact information for the hosting provider or registrar, and you can guess what might happen if a web host learned that one of its client sites was distributing badware. We're planning to allow webmasters to provide a preferred email address for notifications through webmaster tools, so look for this change in the future.

So far i haven’t received any of the notification about badware problems on my site (hopefully i wont receive an email message saying that mysite has been infected by badware problems or distributing badware), so i can not give you a more detailed explanation about this. Fortunately Matt Cutts already wrote about this badware problems before, so it’d be best for you to read it on his blog

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Google, Network and Security, Webmaster Tools, Website, Website Monitoring

I just read this from the Hostgator announcements forums (link). And what makes it interesting is that because i’ve never seen a phishing (can be considered a hacking attempt) like this before. Because the attached file in that email message is a shell script. And of course if there’s someone able upload a shell script into your webhosting account .. you can be sure, your server / your website will get defaced within short time or .. they’ll delete everything in your webhosting account and i'm sure you don't want that to happen, right ?

So if you get the same email message like below, just ignore it ;)

 ---------- Forwarded message ----------
From: Website Welcome Inc.
Date: Feb 13, 2007 5:56 AM
Subject: Hosting Regular Security Maintenance
To:

Dear Website Welcome Inc. valued Members

Regarding our new security regulations, as a part of our yearly maintenance
we have provided a security guard script in the attachment.

So, to secure your websites, please use the attached file and (for
UNIX/Linux Based servers) upload the file "webguard.php" in: "./public_html"
or (for Windows Based servers) in: "./wwwroot" in your site.

If you do not know how to use it, you can use the following instruction:

For Unix/Linux or Windows based websites that use PHP/CGI/PERL/ASP:
1) Download the attachment named "webguard.php"
2) Login to your site Control panel.
3) Open "File Manager" window.
4) Go through "Public_html" or "htdocs" (for UNIX/Linux Based servers), but
for Windows Based server, please Go through "wwwroot" directory.
5) Choose "Upload Files"
6) Upload the file "webguard.php"
7) Check its URL too "yoursite.com/webguard.php", if it is ok

Thank you for using our services and products. We look forward to providing
you with a unique and high quality service.

Best Regards

Website Welcome Inc.

websitewelcome.com

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Hacking, Network and Security, Personal, Web Servers, Website

I read about this yesterday on BugTraq and within just one day i read another interesting news from Symantec (i found it via techmeme) regarding this new xss issue with pdf files

And what makes this interesting, because this problem only occur at Mozilla Firefox browser (with Adobe Reader 7 and below), and Internet Explorer 6 and 7 isn't affected by this vulnerability issue as noted by Symantec :

This problem appears to be limited to the Firefox browser, which has a relatively large user base.

Although some other people are getting different results (look at the comments), and if it's for me .. i already tried this with Firefox 2.0.0.1 installed on Windows XP SP1 .. and i don't find any problem with it .. and that’s because i already disabled the PDF / Adobe Reader Plugin for Firefox browser since a long time ago because of another reason (actually i don't really like opening files directly from the web especially PDF because it can cause a big slowdown to my system)

As a note, if you’re using Firefox you might try reading the Symantec weblog about this issue to find the quick fix for this problem

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : Browsers, Computer Security, Firefox, Hacking, Internet, Mozilla, Network and Security

Wow .. i just got back .. and i read a very interesting news about the recent wordpress html injection vulnerability issue that is exists on several .. um .. almost all versions of wordpress below 2.0.6 (well i dont know anything about the 1.x series of wordpress because i never use it before)

Fortunately there is already a fix for this problem and you can do it by applying the latest patch from Wordpress Trac into the templates.php file in your wp-admin directory

As as a note, if you want to see a proof of concept regarding this wordpress issue, you can go to David Kierznowski homepage and see it by yourself

And yet another note, Wordpress 2.0.6 RC2 has been released (from the WP-Testers Mailing Lists) and this new release candidate already include a fix for this problem

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 5 comments

0x87485B96 | Tags : Computer Security, Freeware, Network and Security, Open Source, PHP, Software, Wordpress

Why does everyone like to hide their IP Address ? do they think it's cool to show off using someone else IP Address ? No matter what the reason is, i always think proxy is useless if it's used just to browse around the web (i mean normal browsing around the web). Why did i say that ? Because proxy made every web statistical information results become inaccurate (if it's an anonymous proxy). And to make things clearer for you here’s an example.

Some site using tracking script to track geographical information of their site visitor and they’re doing this only for statistical purpose and make them write content specifically for that region. Now .. you’re frequently access their site using proxy, and let’s say you’re using proxy from somewhere in China. And because of it course the site author will think that most of his / her site visitors is coming from China .. and what are going to happen next ? he / she will create content specifically for China .. and this is just one example of what makes stats tracking inaccurate if most of your site visitors using proxy

So the conclusion is .. why there’s a need to use proxy if you just like browsing around the web ? other than that if you didn't know about this before, proxy server always create log files of the accessed url even if they say they’re giving a complete privacy or high anonymity proxy

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : Internet, Internet Tools, Network and Security, Opinion, Personal, Privacy

You’ve heard about good things about Mozilla Firefox anywhere on the net, but did you know that Mozilla Firefox also has their truth lies somewhere on the web. Unfortunately because the owner of that website doesn't allow me to put his content anywhere (i always respect other copyright and terms of use) ;) .. so you should go to his website for more info about this matter. You can visit his website at :

And yes, because i'm not a fanboy of specific software nor hardware so i post about this matter, because the most important to me is security, despite what the browser offer. Because no matter what you’re using if there’s a big security hole in it there’s no guarantee your precious data will be safe

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 5 comments

0x87485B96 | Tags : Browsers, Firefox, Mozilla, Network and Security, Personal, Web Links

Yesterday i just read about the recent security flaw in mod_rewrite modules in Apache HTTP Server that can make the web server process crash or allow arbitrary code execution by a malicious user. And here’s the announcement from the Apache HTTP Security team :

CVE-2006-3747: An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.

Depending on the manner in which Apache HTTP Server was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team.

This flaw does not affect a default installation of Apache HTTP Server. Users who do not use, or have not enabled, the Rewrite module mod_rewrite are not affected by this issue. This issue only affects installations using a Rewrite rule with the following characteristics:

• The RewriteRule allows the attacker to control the initial part of the rewritten URL (for example if the substitution URL starts with $1)
• The RewriteRule flags do NOT include any of the following flags: Forbidden (F), Gone (G), or NoEscape (NE).

Please note that ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler used to compile Apache HTTP Server has added padding to the stack immediately after the buffer being overwritten, it will not be possible to exploit this issue, and Apache HTTP Server will continue operating normally.

So in the other words, every users should update their Apache installation immediately, especially for those who’s already using a blogging platform like Wordpress, because if you want to use the Permalink feature, you’ll have to use mod_rewrite function and the Wordpress installation included that by default (except it doesn't have write access to the .htaccess file) but if you’re using your own computer as a server, then you should apply this update immediately

And here’s a link if you want to get more information about this issue :

• Apache HTTP Server 1.3.37 Released
• US-CERT Vulnerability Note VU#395412
• Apache Official Website

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Apache, Computer Security, Journal, Network and Security, Web Servers

I’ve been reading some security vulnerabilities on Wordpress based blogging platform, especially the PHP Code Injection vulnerability on Wordpress 2.0.2 and below, because just yesterday i read about most users that is using Wordpress 2.0.3+ feel their wordpress installation is slowing down because of upgrading their wordpress installation, and they choose to revert back or downgrade into wordpress 2.0.2 or below which has some serious security problem … and i just don't understand why did they choose to downgrade their version just to get more speed on their wordpress platform by sacrificing their Security … anyway that’s just my opinion …

Related Article :

• WordPress Username Remote PHP Code Injection Vulnerability
• WordPress Multiple Unspecified Security Vulnerabilities

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : Blogging, General Blogging, Internet, Network and Security, Personal, Wordpress

Do you always search for some ready to use url blocklist for your Squid Proxy, Dans Guardian, or other similar web proxy or content filtering software ? There’s no need to worry about that anymore since you can get an updated Blacklisted URL for free at http://www.malware.com.br  or from http://www.urlblacklist.com, although to get an updated url blacklist frequently you must pay for their service but you can get an already made blacklist for free. So don’t forget to visit their site to get an updated blocklist for your web content filtering software

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Network and Security, Security Tools, Squid, Web Links