Evernote hacked – all users have to change passwords
I got no email about this. Seems that happened to many if you read the article.
Thursday, March 7, 2013
Thursday, February 28, 2013
EMSI Malware Blog
blog.emsisoft.com
Since this blog seems dead and forgotten this is another source of information and a good product for protection.
Since this blog seems dead and forgotten this is another source of information and a good product for protection.
Friday, October 26, 2007
TinkerToys #3
I've been surfing through the TinkerToys splog farm for over a week now, using prjSiteOnline, and vURL. And the size of this thing I have yet to estimate. A friend at church, who teaches mathematics, thinks that maybe we can look at the mathematical structure of the thing, and develop a formula to estimate the size.
So I'm surfing downward, through the tree.
Let's look at some of the branches. I'm going to start with http://dhgisnavk.blogspot.com.
Dhgi contains links to the following 4 branch blogs.
Dhgi contains links to the following 10 leaf blogs.
And Dhgi contains links to 486 other branch and leaf blogs, some active, others not.
Let's next look at http://bgsxtrpfkn.blogspot.com.
Bgsx contains links to the following 4 branch blogs.
Bgsx contains links to the following 10 leaf blogs.
And Bgsx contains links to 486 other branch and leaf blogs, some active, others not.
Let's next look at http://cokeitkiht.blogspot.com.
Coke contains links to the following 4 branch blogs.
Coke contains links to the following 10 leaf blogs.
And Coke contains links to 486 other branch and leaf blogs, some active, others not.
-- More --
>> Top
So I'm surfing downward, through the tree.
Let's look at some of the branches. I'm going to start with http://dhgisnavk.blogspot.com.
Dhgi contains links to the following 4 branch blogs.
http://acoipaova.blogspot.com
http://bgsxtrpfkn.blogspot.com
http://flliwlyghiur.blogspot.com
http://hbovryhpsin.blogspot.com
Dhgi contains links to the following 10 leaf blogs.
http://aahuflbuj.blogspot.com
http://acsvphkjisgy.blogspot.com
http://acwpdqlqeynr.blogspot.com
http://aebmcwaiyo.blogspot.com
http://aevgtmkqlbp.blogspot.com
http://agglzqqyaf.blogspot.com
http://amferszfj.blogspot.com
http://ammrsikoimdp.blogspot.com
http://anycnoryz.blogspot.com
http://aoygsicfgd.blogspot.com
And Dhgi contains links to 486 other branch and leaf blogs, some active, others not.
Let's next look at http://bgsxtrpfkn.blogspot.com.
Bgsx contains links to the following 4 branch blogs.
http://cokeitkiht.blogspot.com
http://cuzuqvnlxbkt.blogspot.com
http://ouqawohck.blogspot.com
http://pjgjwghhtc.blogspot.com
Bgsx contains links to the following 10 leaf blogs.
http://afbhyiojtpwr.blogspot.com
http://ahhkstfoq.blogspot.com
http://ajryyyslbrda.blogspot.com
http://asqmipefp.blogspot.com
http://atohutuvnv.blogspot.com
http://bahuyxklu.blogspot.com
http://baiycdstyg.blogspot.com
http://bexznmibwyt.blogspot.com
http://binxnphbzoin.blogspot.com
http://biurjkjirpr.blogspot.com
And Bgsx contains links to 486 other branch and leaf blogs, some active, others not.
Let's next look at http://cokeitkiht.blogspot.com.
Coke contains links to the following 4 branch blogs.
http://gcilbqgta.blogspot.com
http://hkbhuzqabmkn.blogspot.com
http://khkdjivbbln.blogspot.com
http://mwxrqfijjb.blogspot.com
Coke contains links to the following 10 leaf blogs.
http://adavbhmsgdt.blogspot.com
http://aebgdipcjyo.blogspot.com
http://afvchzeplux.blogspot.com
http://akngpknbpum.blogspot.com
http://aptttnvuwu.blogspot.com
http://arftdzhmagsu.blogspot.com
http://atskxcyrotg.blogspot.com
http://auecoondnzwr.blogspot.com
http://avalbxsuu.blogspot.com
http://bbrwhjtfoa.blogspot.com
And Coke contains links to 486 other branch and leaf blogs, some active, others not.
-- More --
>> Top
Sunday, October 21, 2007
TinkerToys #2
Interesting news this evening. The following TinkerToys splogs, discussed earlier, are now offline.
http://krdrffpgv.blogspot.com/
http://ieqjiravs.blogspot.com/
http://iiebbmogoii.blogspot.com/
You have to look at vURL logs, if you've already cached any one of them on your computer.
But let us not become complacent. This is but 3 splogs, in one huge farm. Next we look at the peers to krdr, ieqj, and iieb, which are still in business.
>> Top
http://krdrffpgv.blogspot.com/
http://ieqjiravs.blogspot.com/
http://iiebbmogoii.blogspot.com/
You have to look at vURL logs, if you've already cached any one of them on your computer.
*****************************************************************
vURL Desktop Edition v0.1.7 Results
Source code for: http://krdrffpgv.blogspot.com/
Server IP: 72.14.207.191
Date: Sunday, October 21, 2007
Time: 23:07:38:07
*****************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html dir="ltr"><head><meta http-equiv="Content-type" content="text/html; charset=utf-8">
<title>Blogger: Login to read</title>
<link href="/v-css/3241057453-blogger_lowend.css" rel="stylesheet" type="text/css">
<style type="text/css">
@import url("/v-css/417867530-blogger_main.css");
@import url("/v-css/1877526874-flexible_buttons.css");
@import url("/v-css/3884842752-buttons.css");
@media tty {
i{content:"\";/*" "*/}} @import url("/v-css/1784484781-blogger_ie5win.css"); /*";}
}/* */
</style>
<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script> <script type="text/javascript">
_uacct="UA-18003-7";
_uanchor=1;
urchinTracker();
</script> </head>
<body><div id="header"><div id="h2"><div id="h3"><a href="/" id="logo" title="Blogger home"><img src="/img/logo40.gif" width="150" height="40" alt="Blogger"></a>
<p id="tag"><em>Push-Button Publishing</em></p>
<span class="r"></span></div></div></div>
<div id="body"><div id="main"><div id="m3"><h2>This blog is in violation of Blogger's Terms of Service and is open to authors only</h2>
car rental buffalo ny
<br>
<a href="http://krdrffpgv.blogspot.com/">http://krdrffpgv.blogspot.com/</a>
<p style="margin-top:2em; line-height:1em;">If you are an author of this blog, tell us who you are! Sign in using your
<img src="/img/google_transparent_accounts.gif" style="vertical-align:middle;" alt="Google"> Account.</p></div>
<iframe id="login-iframe" name="login-iframe" src="https://www.google.com/accounts/ServiceLoginBox?service=blogger&continue=https%3A%2F%2Fwww.blogger.com%2Floginz%3Fd%3Dhttps%253A%252F%252Fwww.blogger.com%252Fblogin.g%253FblogspotURL%253Dhttp%25253A%25252F%25252Fkrdrffpgv.blogspot.com%25252F%2526zx%253Dj8zbj94xuedm&alwf=true&uilel=3&skipvpage=true&rm=false&naui=8&showra=1&fpui=2&hl=en&nui=6&alinsu=1&skipll=true" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" height="450" width="100%"><a href="https://www.google.com/accounts/ServiceLogin?service=blogger&continue=https%3A%2F%2Fwww.blogger.com%2Floginz%3Fd%3Dhttps%253A%252F%252Fwww.blogger.com%252Fblogin.g%253FblogspotURL%253Dhttp%25253A%25252F%25252Fkrdrffpgv.blogspot.com%25252F%2526zx%253Dj8zbj94xuedm&alwf=true&uilel=3&skipvpage=true&rm=false&naui=8&showra=1&fpui=2&hl=en&alinsu=1&skipll=true">Click here to sign in.</a></iframe></div></div></body></html>
But let us not become complacent. This is but 3 splogs, in one huge farm. Next we look at the peers to krdr, ieqj, and iieb, which are still in business.
>> Top
Tuesday, October 16, 2007
Tools
None of the probing of the TinkerToys, or even the AFF, splog farms, could be done by hand. Clicking on each link in the browser, and waiting while another page loaded, would take forever.
All of this was done thanks to Steven of IT-Mate, who provided a pair of essential utilities.
To find the links in splogs like http://orowmsagn.blogspot.com/, I use vURL. I provide the URL of any web site to vURL, and it walks through the web site, and strips out all links. I save the result of a vURL probe to a text file, clean up the file, and in 10 minutes can have a clean list of all links, from any one splog, to the other splogs in the farm.
Taking any list from vURL, I run a second utility, prjSiteOnline. prjSiteOnline checks each URL in the list for existence, and returns a response byte count. When you run SO, you'll see about 10% are non-existent blogs. Of the remaining 90%, anywhere from half to 3/4 will show a byte count of under 50 bytes. This corresponds to leaf blogs. The remainder will show over 300 bytes, which corresponds to branch blogs.
Observing any one of the entries in SO to show 300+ bytes, I take that URL and run it through vURL. This gives another control file for SO, and so on.
vURL is useful in another way - parsing the Recently Updated Blogs list. You feed it the RUB URL, and it presents you with a neatly alphabetised and un duplicated list - of URLs, not titles - making it possible to look for naming patterns. You do have to have patience - 1 to 2 hours for a 10 minute RUB List. So if we're ever going to have a constant monitoring of the list, we'll need a couple dozen computers, running in parallel. If anybody has access to a small botnet, this wouldn't be a bad thing to do with one.
Both prjSiteOnline and vURL are free, and you are welcome to install and run either one, and verify what I am telling you. vURL requires that you close all applications, and prjSiteOnline runs immediately from any folder where it's downloaded. As noted above, loading any of the splogs in your browser may not be a good idea, but you can run any web site of interest through prjSiteOnline and / or vURL, in perfect safety.
>> Top
All of this was done thanks to Steven of IT-Mate, who provided a pair of essential utilities.
To find the links in splogs like http://orowmsagn.blogspot.com/, I use vURL. I provide the URL of any web site to vURL, and it walks through the web site, and strips out all links. I save the result of a vURL probe to a text file, clean up the file, and in 10 minutes can have a clean list of all links, from any one splog, to the other splogs in the farm.
Taking any list from vURL, I run a second utility, prjSiteOnline. prjSiteOnline checks each URL in the list for existence, and returns a response byte count. When you run SO, you'll see about 10% are non-existent blogs. Of the remaining 90%, anywhere from half to 3/4 will show a byte count of under 50 bytes. This corresponds to leaf blogs. The remainder will show over 300 bytes, which corresponds to branch blogs.
Observing any one of the entries in SO to show 300+ bytes, I take that URL and run it through vURL. This gives another control file for SO, and so on.
vURL is useful in another way - parsing the Recently Updated Blogs list. You feed it the RUB URL, and it presents you with a neatly alphabetised and un duplicated list - of URLs, not titles - making it possible to look for naming patterns. You do have to have patience - 1 to 2 hours for a 10 minute RUB List. So if we're ever going to have a constant monitoring of the list, we'll need a couple dozen computers, running in parallel. If anybody has access to a small botnet, this wouldn't be a bad thing to do with one.
Both prjSiteOnline and vURL are free, and you are welcome to install and run either one, and verify what I am telling you. vURL requires that you close all applications, and prjSiteOnline runs immediately from any folder where it's downloaded. As noted above, loading any of the splogs in your browser may not be a good idea, but you can run any web site of interest through prjSiteOnline and / or vURL, in perfect safety.
>> Top
Subscribe to:
Posts (Atom)