Recent SSH vulnerabilities
Exploit code for two different implementations of SSH were made public yesterday. Tectia SSH (www.ssh.com) a commercial solution and freeSSH/freeFTP. I currently do not see any public announcements from the vendor, nor any CVEs for tracking.
More to come on this.
John McAfee Exposes His Location in Photo About His Being on Run
Generally speaking, if you're on the run from the authorities over a homicide, you're probably best laying low and not making too much noise. Sure, there is a case for trolling "the man", but it usually comes back to haunt you.
Take the case of John McAfee who is currently on the run. A journalist for a shady website involving narcotics is apparently spending some time with him while he's on the run. It put up a post with a picture with John and the Editor-in-chief of said publication. (You can find it without too much effort, but it's NSFW).
Well, if you download the picture and use any of the standard tools to get metadata (I use exiftool), it happily reports not only the make and model of the camera, but the GPS coordinates of where the picture was taken (today). We can say that, yes, John McAfee is apparently no longer in Belize. ;)
A humorous post to point out something many of us don't realize, our smartphones and devices are increasingly location-aware and that information makes it into the media that those devices create.
UPDATE: The website with the original image has replaced it with images that do not have GPS coordinates in them.
See earlier SANS ISC posts on EXIF/location information:
Twitpic, EXIF and GPS: I Know Where You Did it Last Summer
Snipping Leaks
--
John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting
Mobile Malware: Request for Field Reports
At my last two speaking engagements, I asked a simple question: "'Have you, or anyone you know been infected with malware on you smartphone?" So far, no one has raised their hand.
I'd like to ask the same question here, since there's a much wider audience of people who have the skills/instinct to notice such an infection.
If you, or someone you know (no friend of a friend reports, please) have witnessed a mobile malware infection in the wild please leave a comment below or send in a report via our contact page.
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago