nDarkness

Archive for October, 2009

WordPress – DM Albums Version 2.0 Critical Vulnerability

by on Oct.21, 2009, under Computer Security, Privacy

The latest version of DM Albums was released on 10/21/2009 to all WordPress users and it contains a serious flaw that can allow an attacker to remotely delete any file or folder they wish. The author has been notified of the problem and I have listed a work around below to prevent directory traversal.

After upgrading to the latest version of DM Albums I was playing with the new features and noticed the function to delete albums. I dug into the code located at wp-content/plugins/dm-albums/wp-dm-albums-ajax.php and found that there is no check to see if someone has used directory traversal. This means that anyone can delete files or directories outside of the upload directory.

Example:

    http://someblogsite/wp-content/plugins/dm-albums/wp-dm-albums-ajax.php?delete_album=../../../public_html

The vulnerable section that allows this to take place is:

    if(isset($_GET[“delete_album”]) && !empty($_GET[“delete_album”]) && strlen($_GET[“delete_album”]) > 0)
    {
    //delete the album directory
    dm_get_album_delete($DM_UPLOAD_DIRECTORY . $_GET[“delete_album”]);
    }

In this code there is no check to see what is contained in the GET variable and you don’t even need to be logged in to delete files.

Below is a quick and dirty work around to prevent the problem and I would suspect there will be more checks to ensure that user input is sanitized in the near future. This work around will not prevent malicious users from deleting your albums but it will keep folders outside of the upload directory safe.

    if(isset($_GET[“delete_album”]) && !empty($_GET[“delete_album”]) && strlen($_GET[“delete_album”]) > 0)
    {
    //remove the / character from user input
    $_GET[“delete_album”] = str_replace(“/”, “”, $_GET[“delete_album”]);

    //delete the album directory
    dm_get_album_delete($DM_UPLOAD_DIRECTORY . $_GET[“delete_album”]);
    }

Once I hear back from the author I will update this post to let everyone know the outcome.

Update: A new release, v2.0.1, with the above mentioned work around has been released. We should also expect to see another update in the next few days that will employ more security checks and some upgrades for WordPress multi user environments as well.

Leave a Comment :, , , , , more...

Sprint and Their Poor Customer Service – A Case Study

by on Oct.15, 2009, under Cell Phones, Sprint

My previous cell phone contract was about to expire in March of this year, so I decided to renew my contract and get a new smart phone. After doing some research, I chose the BlackBerry 8330 and went with the everything data plan. I have been extremely satisfied with the phone’s abilities, features and battery life.

With a fully charged battery I was able to get anywhere from two to three days of use out of the phone before needing to be recharged. At least that was the case until about two days ago. Without warning or notice, the battery life on the phone significantly began to diminish from 2-3 days of use to 10 hours. Decreased battery life is an expected occurrence with any type of battery and I am not blind to that fact. However, after only 7 months of owning this phone, it seems to be more of a defect than something I should expect.

I decided to contact Sprint and find out what their take on the situation was. Now if you haven’t had the pleasure of calling Sprint, here is what you can expect.

  1. English/Spanish prompt.
  2. Enter your phone number prompt (Expect to give this again to everyone you speak to).
  3. A list of prompts that are supposed to route you to the correct department.
  4. A new list of prompts to route you to the correct department.
  5. A final list of prompts to route you to the correct department (Very efficient system…).
  6. If you make it here, be prepared to wait 3 minutes to ∞ to hear a real voice.
  7. In my experience, the first person you speak with will not be able to help you and will transfer you after you give them your phone number, name and pin number (in that exact order).
  8. Now here is the tricky part, you will either be disconnected during this transfer or after being placed on hold with the next person, once you again give them your phone number, name and pin number (in that exact order), while they “speak with their supervisor”.
  9. Call back, repeat steps 1-7 and get an almost believable answer.
  10. Try bogus solution and repeat steps 1-9 all over again…

Ok, enough of the fun stuff and back to the story. The first gentleman I had the pleasure of being transfered to, gave me RIM’s number and told that they would be responsible for the warranty. Without hesitation I called the number I was given and plead my case. The RIM employee told me that Sprint had a 1 year warranty on there devices and that they only shipped the phones to Sprint, not the batteries. This is where the run around began. I called Sprint back armed with the new information I had just received. After a “brief” hold period, while a solitary game…I mean conversation with a supervisor was initiated, I was told by Sprint that there was no warranty on batteries. So I inquired about the one year warranty and what it covered. I was then put on hold again and conveniently the phone disconnected.

Now I don’t want to bore you with all of the fuzzy details from my wonderfully productive use of time, so I will condense the remainder. It took a total of 2.5 hours and 10 phone calls including the 4 times I was disconnected, 2 bogus answers, 2 calls to RIM, 1 time of being laughed at by a Sprint employee and the final 40 minute wait while the problem was resolved.

The question I’m sure you are all wondering now is, how did you get the issue resolved? The resolution came on the 10th and final call when I listened to the prompts and chose disconnect service. I was connected to a very pleasant young lady that read the notes on my account, listened to my side of the story (see notes below), escalated the issue and arranged to have a battery sent to me at no cost.

I work for a small business owner that will sacrifice the profit of a job to make sure that he always does the right thing for the customer. This philosophy has allowed him to enjoy a great customer base, a very successful business and a staff of employees that give him the utmost respect. Now I have to ask myself, why can’t a large multi-million dollar corporation like Sprint, embrace this philosophy as well?

*Notes – My side of the store consisted of simple math:

  • $140 per month for 17 remaining contract months = Sprint income of $2380
  • $200 disconnect fee minus $2380 = Sprint loss of -$2180
  • $45 battery minus $2380 = Sprint income of $2335
  • Knowing how to bypass steps 1-10 in the future, priceless
Leave a Comment :, more...

Quickly Rename Folders and Files in Windows for Free

by on Oct.13, 2009, under Utilities, Windows

FoldersHave you ever needed to rename a bulk quantity of files and/or folders? In my day to day life, I use template folder structures to contain various aspects of job information. Before these folders are usable, I must add a unique job name to the beginning of the folder and/or file name to make searching easier. This renaming task can quickly become very tedious and time consuming.

Thanks to Denis Kozlov over at [den4b] there is a solution that saves loads of time and effort. The program is called, ReNamer and it allows us to select a list of files and/or folders and perform various renaming operations on them.

Since the task at hand is to work on already designed folder structures, all I need to do is find a method that does the job and save the preset for the different types folder structures. I chose to use a delete rule to remove the generic job name and then an insert rule to insert a unique job name.

After going through a few short test runs, I came up with a working solution that I was able to
save, customize and slightly change to suit other needs.

If you have similar renaming needs, check out this
program and I’m sure you will agree it is definitely worth your time.

Leave a Comment :, , more...

Apple’s Snow Leopard Bug Deletes All User Data

by on Oct.12, 2009, under Mac OS X

Apple Snow LeopardA bug has been reported on the Apple discussion boards and references a condition that causes all user data to be deleted.

The bug seems to be caused by a user that logs into a guest account only to find out when they log back into their account, all of their data is gone. The guest account, in OS X, by default deletes all user data when the user logs out.

Apple has yet to comment on this bug and so far the only fix is to restore the information from backup.

Until this issue is addressed and resolved, the only workaround is to disable the guest account in system preferences.

If anyone is brave enough to try this out, post back and let us all know the outcome.

Leave a Comment :, , more...

Flash Cookies and What You Don’t Know

by on Oct.10, 2009, under Computer Security, Linux, Mac OS X, Privacy, Windows

Apple Snow LeopardIf you have been browsing the internet for any period of time, I’m sure you have heard of cookies. Even though you may not be entirely sure what they do, you certainly know how to delete them. Right?

Cookies are files websites save on your computer that contain information about you. There are several legitimate purposes for these files such as remembering your login information so you don’t have to sign in every time you visit a site, keeping up with cart information as you shop online and in some cases online security such as banking sites.

With the good also comes the bad. A quick search on Google for tracking cookies will return page after page of articles on this topic. A tracking cookie will monitor your movement around the internet and will phone home to let its authors know what you are doing online. With this information they will taylor their advertising on affiliate sites so that you only get ads for what they believe interests you or they will sale this information to other advertisers.

“So what’s the big deal? My browser is set up to delete cookies at regular intervals and I don’t allow them from third party sites.”

Well here is a little fact that you may not know. The same technology that powers streaming video, online games, and animated movies, has the ability to set these cookies as well. The technology I am referring to is the flash plugin, currently developed by Adobe. These “special” cookies are not created or treated the same way as the cookies that we have all come to know and love. In fact your browser has, on its own, no control over these cookies at all.

To illustrate this point, clear your browser cookies and then take a look in the following location(s):

  • Windows: Under your current user’s Application Data directory, click on Macromedia\Flash Player\#SharedObjects and Macromedia\Flash Player\macromedia.com\support\flashplayer\sys.
  • Mac OS X: ~/Library/Preferences/Macromedia/Flash Player/#SharedObjects/[package ID of your app]/ and ~/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/
  • GNU-Linux: ~/.macromedia

Using your browser to clear cookies had no effect whatsoever on the flash cookies. That possibly and probably means that your actions are still being tracked as you surf the net. What’s more, flash cookies have the ability to restore the normal cookies that your browser just deleted.

“So what can I do about these cookies? You said earlier that my browser on its own could not delete these cookies, what does that mean?”

A developer going by the name of NettiCat, has developed an addon for Firefox called Better Privacy that will do the dirty work for you. This addon allows you to clear these cookies when you open or close your browser, at regular intervals and manually.

Now feel free to go trash those stale cookies and be on the lookout for them popping up again.

4 Comments :, , , , , , more...

MacBook/MacBook Pro Hibernation Modes

by on Oct.09, 2009, under Mac OS X

As a power saving feature of most modern operating systems, you have the ability to save your current system state to ram, go into a power saving mode and consume very little battery power. This is a very convenient feature among portable computer users that are always on the go.

MacBooks have this feature enabled by default and there are three ways to activate it:

  1. close the lid
  2. press option+command+eject
  3. click the apple icon and select sleep

I prefer to save all of the battery life I can on my laptop when I won’t be using it for several days. Sleep mode works very well in accomplishing this goal but we can actually save virtually all of our battery power by using hibernation.

Hibernation will save the operating state to the hard drive and eliminates the need for power at all. This allows us to travel with our computer for several days at a time and not need to plug it up after that extended period to use it.

There are several methods available to activate hibernation mode in OS X. The first method is to put your laptop to sleep, unplug it and remove the battery. This will cause your laptop to enter hibernation mode and you will need to replace the battery and press the power button to wake it. I have a protective case for my laptop to protect it so this method is definitely out for me. The next method is to download one of the several available apps that will do the job for you. This is the easy method but requires no skill and very little effort on your part.

The method we will be using will require us to us the terminal and add a few lines to our .bash_profile file.  Before we begin editing the file, lets talk about the command we will be using.

There are 5 different hibernation modes for the Mac. To find out which mode your computer is using, press command+<space bar> and type in terminal. Select the terminal program from the list and type:

    pmset -g | grep hibernate

This is the output I received:

    hibernatefile    /var/vm/sleepimage
    hibernatemode    3

So what does all of this mean and how is this going to help us turn on hibernation? Below is a list of the different hibernation modes with explanations:

  • 0 – Old style sleep mode, with RAM powered on while sleeping, safe sleep disabled, and super-fast wake.
  • 1 – Hibernation mode, with RAM contents written to disk, system totally shut down while “sleeping,” and slower wake up, due to reading the contents of RAM off the hard drive.
  • 3 – The default mode on machines introduced since about fall 2005. RAM is powered on while sleeping, but RAM contents are also written to disk before sleeping. In the event of total power loss, the system enters hibernation mode automatically.
  • 5 – This is the same as mode 1, but it is for those using secure virtual memory (in System Preferences -> Security).
  • 7 – This is the same as mode 3, but it is for those using secure virtual memory.

Now lets make the changes necessary to switch back and forth from our current mode to a new one. While still in terminal enter the following commands.

    vi .bash_profile

Now add the following lines to this file:

    alias hibernateon="sudo pmset -a hibernatemode 5; pmset -g | grep hibernate"
    alias hibernateoff="sudo pmset -a hibernatemode 3; pmset -g | grep hibernate"

To exit this editor, press esc :wq enter. This will save the file with our changes and we will need to quit terminal and restart it again for our changes to take effect. Once we have restarted the terminal, type hibernateon, enter your password and now close your lid and your computer will enter hibernation mode automatically. To revert back from this new mode, open terminal again and type hibernateoff. This will return your computer to its original mode and the power saving features will work the way they did previously.

Leave a Comment :, , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Blogroll

A few highly recommended websites...