http://www.ted.com/index.php/talks/view/id/129

Words fail me. The power shown in this 7 minute long video of what we can expect to see in a few years is literally mind blowing.

Check it out.

Rich

Hi friends,

Here is an update to the hack attack on SurvivalRing yesterday, as mentioned in the email below.

This hack attack seems to have darker overtones than I originally suspected.

While I believe the hack was as I stated yesterday ( a web bot spamming program, which gained access to the site via php script vulnerabilities), I’ve done a bit more research on the destination website that all the spam links were pointing to.

Every one of the nearly fifty hidden links point to a hacked website hosted in the middle east…

hxxp://qasweb.org/library/universe/online/?page=49 (link disabled on purpose)

A quick search found an arabic language based website is the home of

http://qasweb.org/

This is the Qatif Astronomical Society forum website…in Arabic.

You can view a mostly translated into english version here (google cache file)

Following the path of the hacked files, we see this…

Continue Reading »
SurvivalRing hacked by Islamists?

After being offline for a few months, I have finally been able to replace our dead forum board, with a brand new state of the art forum system called the Invision Power Board.

We HAD been using IkonBoard 3.1.1, which suffered massive unfixable security issues, and upon trying to update many different ways to the latest version of 3.1.5, it promptly committed suicide. Hundreds of spams a day were being injected, and the Ikonforum team in the years since I had originally installed the software no longer existed or cared for full path upgrades. This was very disconcerting, and painful to loose so many useful posts.

I was able to save the data in a database, but attempts to salvage them coherently into the new software haven’t been fully successfull…yet.

But… the NEW board is COMPLETELY operational. I’ve already got two new moderators, and more to come.

Jump on over to the SRCC (SurvivalRing Community Center) and register a username and start posting away.

The more the merrier…

Rich
Founder - SurvivalRing

As a (nearly) degreed web design student, I pay particularly close attention to web and internet threats to the average user. First, I don’t want my site or software to be hacked. Second, I don’t want to be the source of someone else getting hacked.

It appears that Macromedia (now Adobe) Flash has been found to have some security holes. Why is this an issue? Well, it seems that 98% of Web users have the Flash Player installed on their computer. Here is today’s report from the CERT team.

National Cyber Alert System

Cyber Security Alert SA06-075A

Adobe Macromedia Flash Products Contain Vulnerabilities

Original release date: March 16, 2006
Last revised: –
Source: US-CERT

Systems Affected

Microsoft Windows, Mac OS X, and other operating systems that use
the following products:
* Adobe Macromedia Flash Player
* Adobe Macromedia Flash
* Adobe Macromedia Flex
* Adobe Macromedia Breeze
* Adobe Macromedia Shockwave Player

Overview

There are critical vulnerabilities in Macromedia Flash player and
related software that may allow an attacker to take control of your
computer.

Solution

Apply Updates
Adobe has provided the updates for these vulnerabilities. To obtain
the update, visit the Security Bulletin. US-CERT recommends that
you update to the most current version of your Macromedia product.

Description

Some features of Macromedia products contain critical
vulnerabilities. If an attacker can convince you to open a
malicious Flash file, which may be hosted on a web site, he or she
may be able to take control of your computer or cause it to crash.
The Macromedia Security Bulletin provides updates that address
these vulnerabilities. For more technical information, see US-CERT
Technical Cyber Security Alert TA06-075A.

References

* US-CERT Technical Cyber Security Alert TA06-075A.html -

* US-CERT Vulnerability Note VU#945060 -

* Macromedia - APSB06-03: Flash Player Update to Address Security
Vulnerabilities -

* Microsoft Security Advisory (916208) -

Hi folks,

The Madness was mine… at my website host.
The last couple of days, SurvivalRing.org and most of the other domains associated with the website crashed because of issues at our webhost, which happens to be Hostrocket.

A day of tracking down domain settings, many trouble tickets, and several long distance phone calls, resulted with a very tough ticket being sent at high priority to the Hostrocket techs. This last 0ne got their attention. I threatened to find a new host if this wasn’t resolved.

At 3am this morning (thank God for 24 hour tech support), a tech named Joe dug deep into the settings of my website config system, and found the problem.

It seems my entire website was moved to another server without my knowledge, using an automated hosting tool. Problem came about because the script didn’t finish the job, and corrupted many settings…leaving SurvivalRing a smoking hole in the ground.

He found the problem, corrected the major issues, and brought the site back up so that the domain pointers could find my site again on a server shared with 250 other websites.

I still had a problem with missing subdomains (which contain my other websites, such as theblastshelter.com, sundancerdigipros.com, cosmicechoes.org, yaaaonline.com, and many others), and dead programs including my blogs, forums, and other tools. He recovered over 30 subdomains in the next hour, and everything seems to be working now.

I was seriously considering finding a new host that last half of yesterday, and had looked at Hostgator and 1and1, both of which seem to have good references and some really good packages with lots of storage space and bandwidth…my major concerns for immediate upgrade.

After the last response on this issue from Hostrocket, they took responsibility for the site issues, and upgraded my account to 5 gigs of space and unlimited bandwidth, at a savings to me of 30% off what I was going to pay, and which beat the prices at the two hosts above.

For the time being, which means the next year, I’ll hang with Hostrocket, and see what comes out of it. I can always upgrade later, and may still create a mirror backup site of SurvivalRing…for the next time things go awry.

Rich

I haven’t seen this email threat yet, but I do get dozens of other threats in email EVERY day…including paypal, ebay, multiple banks and more used in phishing attemptes to steal my login data. I simply roll over the link, and if it’s NOT the URL I expect, I kill the email.

Notice of this new threat below is making the rounds of the web, so DON’T get bit by an attempt to open anything from the FBI. If it’s REALLY the FBI, they’ll be at your front door…flashing badges…

Rich

U.S. Department of Justice, Federal Bureau of Investigation

For Immediate Release
Tuesday, November 22, 2005

Washington D.C.

FBI National Press Office

FBI ALERTS PUBLIC TO RECENT E-MAIL SCHEME

E-mails purporting to come from FBI are phony

Washington, D.C. - The FBI is warning the public to avoid falling victim to
an on-going mass e-mail scheme wherein computer users received unsolicited
e-mails purportedly sent by the FBI. These scam e-mails tell the recipients
that their Internet use has been monitored by the FBI and that they have
accessed illegal web sites. The e-mails then direct recipients to open an
attachment and answer questions.

The e-mail appears to be sent from the e-mail addresses of mail@fbi.gov,
post@fbi.gov and admin@fbi.gov. There may be other similarly styled
addresses. The recipient is enticed to open the zip attachment which
contains a variant of the w32/sober virus. If the program within the zip
attachment is executed then the virus is launched and may affect the user’s
computer.

The text of the email is as follows:

Dear Sir/Madam,

We have logged your IP-address on more than 30 illegal Websites.

Important: Please answer our questions! The list of questions are attached.

Yours faithfully,
Steven Allison
Federal Bureau of Investigation-FBI-

These e-mails did not come from the FBI. Recipients of this or similar
solicitations should know that the FBI does not engage in the practice of
sending unsolicited e-mails to the public in this manner.

Opening e-mail attachments from an unknown sender is a risky and dangerous
endeavor as such attachments frequently contain viruses that can infect the
recipient’s computer. The FBI strongly encourages computer users not to open
such attachments. For detailed information on the effects of running this
virus please log onto http://www.cert.org .

The FBI takes this matter seriously and is investigating. Users are
instructed to delete the e-mail without opening it.

#####

Graphic Bar
| Press Releases | FBI Home Page
|

…for website downtime.

It seems that my host, Hostrocket.com, is having issues on my server, Server18, on a regular basis the past couple of weeks.

If you can’t view any part of SurvivalRing, use this link to see if the server is “Having Issues”…

http://admin.hrwebservices.net/serverstatus.php?host=host18.hrwebservices.net

I’m trying to trackdown WHY this is happening, and have called the company a couple of times already…they’ve referenced Apache processes as one possible issue. I’ll be digging future into tools to see what I can dig out on my own…and share it here…

Rich