sleeplessbeastie's notes

Check out OSF Data Loss a research project aimed at documenting known and reported data loss incidents world-wide.

To check established TCP connections using Ubuntu enter command:

ss  -o state established -t -p

If you want nice looking output then use longer version with printf, awk and sed:

printf "%-15.15s %5s %20s %7.7s\n" "Process" "PID" "Destination IP" "Port"&& ss  -o state established -t -p  | \
sed -e 1d -e 's/[0-9]*[\ ]\{2,10\}[0-9]*[\ ]\{2,20\}.*:[0-9]*[\ ]\{2,20\}\(.*\):\(.*\)[\ ]\{2,20\}.*:(("\(.*\)",\(.*\),[0-9]*))/\3\t\4\t\1\t\2/g' | \
awk '{printf "%-15.15s %5s %20s %7.7s\n",$1,$2,$3,$4}'

Example output:

Process           PID       Destination IP    Port
firefox          2495        74.125.79.120   https
firefox          2495       173.194.65.138     www
firefox          2495       213.241.88.216     www
firefox          2495        74.125.79.102   https
firefox          2495        74.125.79.132   https
firefox          2495        173.194.65.99   https
firefox          2495       173.194.65.147   https
firefox          2495       173.194.65.102     www
kio_http         5332       213.241.88.216     www
firefox          2495       173.194.65.147   https
firefox          2495       213.241.88.216     www
firefox          2495        74.125.79.120   https
kio_ftp          5341       89.161.173.250     ftp

When you want to leave terminal open but force sudo to forget password then enter command:

$ sudo -K

I tend to forget passwords from time to time so I installed KeePassX today.
Now I can store them in one place, organize and perform auto type.

Application can be easily installed in Ubuntu using command:

$ sudo apt-get install keepassx

Do you want to check if your Windows is vulnerable to DLL hijacking originating from the Internet?

If your answer is yes then you need to read Updated Online Binary Planting Exposure Test blog post and jump directly to Online Binary Planting Exposure Tests.

At home I prefer using small netbook over desktop pc for web browsing and email. It’s very comfortable but as I like using Chromium web browser I really need something to filter ads and other nasty things.

Installing Squid is rather overkill, so I checked two other solutions: Polipo and Privoxy. Both of them are easy to configure, offer interesting features (really check it out!) and are constantly updated.

After some time I decided to stay with Privoxy just because I have more experience with it but for some reason I am really curious about Polipo.

Generally all I need is messing with browser headers, ads filtering and possibility to transparently switch to Tor network.

Two days ago there was interesting post on BugTraq list about hidden user on HP StorageWorks MSA2000 G3.

To login as user admin just enter password !admin
Hopefully password can be changed from CLI.

Couple weeks ago there was somewhat similar case with affect the Cisco UVC Linux operating system products (see security advisory).

Today I joined Project Honey Pot and donated accident.sleeplessbeastie.eu as Honey Pot (in jail) and MX entry.

Http:BL API Specification looks quite interesting. I need to look at later.

If you are searching for spyware removal tool for Windows then check out Spybot-S&D.
It’s a free tool that offers couple of interesting solutions like passive protection (via hosts file), multi-language support and easy update path. I can’t even count how many times I installed this app (without TeaTimer) as it just works!

Recently I was searching for quite accurate and up-to-date hosts file so I could put it on friend computer to add little more security by preventing access to some nasty sites.

After I spent some time searching I found three websites that offer needed solution:
hpHosts online!
Blocking Unwanted Parasites with a Hosts File
Malware Domain List

Installation is very easy – copy/append downloaded hosts file to C:\WINDOWS\system32\drivers\etc\ directory on Windows or /etc/ directory on Linux box.