Fall 2015 security topics

October is a great month and one of my favorite seasons. As the consumer holiday shopping season comes up, the amount of disclosures seem to scale up as well. Granted the last year continues a steady stream of disclosures on bugs, exploits, and patches that may address them. Allow me to take a moment to point out that malware distribution through advertising networks, is not only a thing but has become pretty common. This has been one of those things I suspected, but have more recently seen to become a common attach vector.

Speaking of security, we certainly live in a world where more than windows platforms are targeted. Be it flash, java, or some other variant… issues arise. Social network sites like to do post-reactive security. However putting up a condition based lock for something originally designed to be accessible, tends to lead into the additive protection being side-stepped. For some odd reason, security in the design phase seems to remain under-looked or overlooked completely. Scale also is a factor, since getting the scope of all use is difficult to do, before implementation and feature requests come into play.

Rambling aside, let’s note the more common infection of linux machines being herded into botnets. A nice technical read at the link.
Mobile phones are not immune either. Android has it’s abandoned versions (4.3 and lower) and apple iOS has patches until a device is considered ‘end of life’. Keeping in mind the patches, only cover the disclosed and more publicly disclosed exploits. So yes, mobile phones are being used as attack vectors.

Cryptography wise, your key is great, but when the machine gets exploited, your credentials to that encrypted drive have (multiple) risks of being stolen. If a government can do it, you should bet individuals or 3rd party contracting groups have the same or potentially more means to do the same.

Finally, you can enjoy some art of the security nature.
Source: FTB Threads

Fall 2015 security topics

October is a great month and one of my favorite seasons. As the consumer holiday shopping season comes up, the amount of disclosures seem to scale up as well. Granted the last year continues a steady stream of disclosures on bugs, exploits, and patches that may address them. Allow me to take a moment to point out that malware distribution through advertising networks, is not only a thing but has become pretty common. This has been one of those things I suspected, but have more recently seen to become a common attach vector.

Speaking of security, we certainly live in a world where more than windows platforms are targeted. Be it flash, java, or some other variant… issues arise. Social network sites like to do post-reactive security. However putting up a condition based lock for something originally designed to be accessible, tends to lead into the additive protection being side-stepped. For some odd reason, security in the design phase seems to remain under-looked or overlooked completely. Scale also is a factor, since getting the scope of all use is difficult to do, before implementation and feature requests come into play.

Rambling aside, let’s note the more common infection of linux machines being herded into botnets. A nice technical read at the link.
Mobile phones are not immune either. Android has it’s abandoned versions (4.3 and lower) and apple iOS has patches until a device is considered ‘end of life’. Keeping in mind the patches, only cover the disclosed and more publicly disclosed exploits. So yes, mobile phones are being used as attack vectors.

Cryptography wise, your key is great, but when the machine gets exploited, your credentials to that encrypted drive have (multiple) risks of being stolen. If a government can do it, you should bet individuals or 3rd party contracting groups have the same or potentially more means to do the same.

Finally, you can enjoy some art of the security nature.
Source: FTB Threads

Red Faction Speedrun

As a primarily multi-player gamer in Red Faction, I remember the single player campaign was pretty bad. I probably stopped around the giant mech robot section.

Excellent speedrun and humorous uses of time saving glitches and tricks. Respect! :)
Thanks to nick for letting me know this exists.

 
www.youtube.com/watch?v=Kb0R2wZt0Ao

Fun bug on this site. Media external code, only works on the HTTP and not HTTPS version. That is on my list of things to fix at some point.
Ahh. Firefox says the page shows ‘insecure content’ showing the Media block. That explains what is happening, to fix it is a later thing.
So in the mean time, I put the url in plaintext.
Source: FTB Threads

Red Faction Speedrun

As a primarily multi-player gamer in Red Faction, I remember the single player campaign was pretty bad. I probably stopped around the giant mech robot section.

Excellent speedrun and humorous uses of time saving glitches and tricks. Respect! :)
Thanks to nick for letting me know this exists.

 
www.youtube.com/watch?v=Kb0R2wZt0Ao

Fun bug on this site. Media external code, only works on the HTTP and not HTTPS version. That is on my list of things to fix at some point.
Ahh. Firefox says the page shows ‘insecure content’ showing the Media block. That explains what is happening, to fix it is a later thing.
So in the mean time, I put the url in plaintext.
Source: FTB Threads

Private FFXI Server

I heard a bit about these, and wanted to drop info on how to setup a Private FFXI Server, and be a GM, etc.

I shall prolly give this a try, as I want to super solo stuff. :p

How do I setup pXI so that it works?
1) Install mySQL and run the Server Config Wizard. (If you already had mySQL, run the wizard and select Reconfigure Instance.) Select Detailed Configuration, then go through the next few screens until you see the option Disable Strict Mode. You must UNCHECK this box, or else you will get stuck on character creation. You may set a password for your server if you want, but remember this password for later.
2) Install SQLyog and run a new connection. The name is root, port is 3306, and the password is whatever password you set in step 1. Go to the file menu and select DB, then click Create New Database. Name it pxidb. Leave SQLyog open for now.
3) Unzip the pXI release to wherever you want. Replace the client.exe with the new one in the second link. Unzip pxidb in the misc folder. Now go back to SQLyog and click on pxidb and press Ctrl-Shift-Q Find pxidb_svn.sql and press Execute. This will take a few minutes.
4) While that is going, you can open pxi.ini and edit the settings. Change SERVER to localhost, PORT to 3306, USER to root, PASS to your password from step 1, DATABASE to pxidb, SERVIP to 127.0.0.1, and UDPPORT to 54230. Many of these settings may already be right.
5) This step is the trickiest. Go to Windows/system32/drivers/etc/ and select the file called hosts. Note that this file does NOT have a file extension. You can open it with notepad. You’ll need to erase the bottom few lines (the ones without the # in front, and change it to this:
127.0.0.1 localhost
127.0.0.1 ffxi00.pol.com
::1 localhost
Save it and make sure it saved the changes. Note that if POL or FFXI is on at this point you must shut it down and restart it. By now SQLyog should be done importing your database, you can close it now.
6) Make sure POL and FFXI are set to windowed mode, and run POL. Log in and run FFXI. When you get to the blue screen asking you to accept/decline, STOP. Now run pxi-server0.6.0b.exe, and client.exe. Now you may hit Accept. If you set everything up right, you should be able to create as many as 16 characters and play!

Keep in mind, this is for a Local Only Server.  SE would be super mad if this was spawning a custom remote server setup.
Source: FTB Threads

Private FFXI Server

I heard a bit about these, and wanted to drop info on how to setup a Private FFXI Server, and be a GM, etc.

I shall prolly give this a try, as I want to super solo stuff. :p

How do I setup pXI so that it works?
1) Install mySQL and run the Server Config Wizard. (If you already had mySQL, run the wizard and select Reconfigure Instance.) Select Detailed Configuration, then go through the next few screens until you see the option Disable Strict Mode. You must UNCHECK this box, or else you will get stuck on character creation. You may set a password for your server if you want, but remember this password for later.
2) Install SQLyog and run a new connection. The name is root, port is 3306, and the password is whatever password you set in step 1. Go to the file menu and select DB, then click Create New Database. Name it pxidb. Leave SQLyog open for now.
3) Unzip the pXI release to wherever you want. Replace the client.exe with the new one in the second link. Unzip pxidb in the misc folder. Now go back to SQLyog and click on pxidb and press Ctrl-Shift-Q Find pxidb_svn.sql and press Execute. This will take a few minutes.
4) While that is going, you can open pxi.ini and edit the settings. Change SERVER to localhost, PORT to 3306, USER to root, PASS to your password from step 1, DATABASE to pxidb, SERVIP to 127.0.0.1, and UDPPORT to 54230. Many of these settings may already be right.
5) This step is the trickiest. Go to Windows/system32/drivers/etc/ and select the file called hosts. Note that this file does NOT have a file extension. You can open it with notepad. You’ll need to erase the bottom few lines (the ones without the # in front, and change it to this:
127.0.0.1 localhost
127.0.0.1 ffxi00.pol.com
::1 localhost
Save it and make sure it saved the changes. Note that if POL or FFXI is on at this point you must shut it down and restart it. By now SQLyog should be done importing your database, you can close it now.
6) Make sure POL and FFXI are set to windowed mode, and run POL. Log in and run FFXI. When you get to the blue screen asking you to accept/decline, STOP. Now run pxi-server0.6.0b.exe, and client.exe. Now you may hit Accept. If you set everything up right, you should be able to create as many as 16 characters and play!

Keep in mind, this is for a Local Only Server.  SE would be super mad if this was spawning a custom remote server setup.
Source: FTB Threads