Security

Bloogle error

Leave a comment

So I admit that I work on several other blogs as well, and one of them happens to run on Google’s system. I was given a hot item to post this morning and so I tried to access the Bloogle site this morning to no avail. I tried from several locations, but all of them either timeout, get a 503 error, or give me an annoying “you’re not welcome here” warning:

We’re sorry…

… but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can’t process your request right now.

We’ll restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected, you might want to run a virus checker or spyware remover to make sure that your systems are free of viruses and other spurious software.

We apologize for the inconvenience, and hope we’ll see you again on Google.

I see. My query? I went to the main page. Does that look “automated” to you? Click on the link above and see what happens. From their recent not-so-secret discussions about a lack of internal continuity and gaps in security management (e.g. while everyone has been encouraged to jump around from project to project, guess who was left to follow-up and maintain existing systems/patches — nobody), you can only hope things start to get better from here instead of where they appear to be headed.

UPDATE: The problems continue as a scheduled morning two-hour maintenance has now stretched long into the afternoon. I finally was able to get to the main page and login, only to have my post deleted when I clicked “publish”. Love that feature. Naturally, as I fumed about the loss of my post, the site gleefully redirected me to a “you must be a Google user to continue” page instead. Since I do not have one associated with this particular blog, I was then kicked out to a forgot-password flow for an account I do not have. This sent a secret to an email account. The secret was simply a URL parameter (easy to forward) that gives you the option of entering a new password. Nice. No connection with my old account, no verification, nothing. Ugh. I tried to then login with my newly minted google account and password, only to be bumped back out again and left with a “server not responding” error. Seems like they’re still working on things…my favorite part so far is actually getting the same exact captcha every single time I am able to load the edit page. Still the same one, hours later. When will this hit the news?

Security

Airport security flour arrest leads to civil rights suit

2 Comments

Well, as someone just asked me, the big question is did she use “self-rising” flour?

Reuters reports on a strange case of airport security and false positives:

A U.S. college student imprisoned for three weeks for trying to take flour-filled condoms onto an airplane has settled her lawsuit against Philadelphia for $180,000, a city spokesman said on Friday.

Janet Lee, 21, a student at Bryn Mawr College in Pennsylvania, was arrested at Philadelphia International Airport in 2003 after police and security officials thought the flour was an illegal drug.

Three weeks? Ok, I have to ask, how long does it take security experts to figure out what’s in a condom? Can you imagine if it took three weeks for email to clear your spam filters?

Depending on the type of grain involved, I guess you might be able to say the TSA went awry…

Flour power? Ok, enough puns for one day.

Energy, Poetry, Security

Hiatus and paradigms

Leave a comment

I had a bit of a hiatus from the blog this weekend. My first vacation in a while. Shame, really, as I have about a dozen stories to post now, all of which I expect should show up sometime this week. Meanwhile, someone was kind enough to send me a link to some real eye-candy advertisements posted on Dark Roasted Blend that exemplify the paradigm shift of flyingpenguin. For example:

x-ing

Insect

Very cool. I had to look twice to find the car in the second ad. I wish more advertising had this kind of balance.

Security

dangerous (lokkest) worm on the loose

Leave a comment

2007 is really starting with a bang, eh? The latest outbreak seems to be defined so far by a Windows Mutex Object service. Mutex are meant to provide mutual exclusion for resource contention to allow synchronization. Here’s what seems to happen to affected systems:

  1. mutex.exe starts and runs in task manager, and can restart itself if you terminate it
  2. attempts to contact link.hottest.es over random high ports
  3. kills the RPC service
  4. prevents regedit from running
  5. disables services

The first symptom appears to be loss of network connectivity.

Symantec is calling this lokkest and warns of backdoors and keyloggers. They also suggest a large number of attack vectors:

11. Spreads through Yahoo! Messenger, AOL Instant Messenger, MSN Messenger, and ICQ.

12. Spreads to SQL server and to network shares protected by weak passwords, and by exploiting the following vulnerabilities:

* Symantec Client Security and Symantec AntiVirus Elevation of Privilege (as described in Symantec Advisory SYM06-010)
* The RealVNC Remote Authentication Bypass Vulnerability (as described in Bugtraq ID 17978)
* The Microsoft Windows Server Service Remote Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS06-040)
* The Microsoft ASN.1 Library Multiple Stack-Based Buffer Overflow vulnerabilities (as described in Microsoft Security Bulletin MS04-007)

Patch, patch, patch…