Wednesday, 26 October 2011

Apache, php and dlls

For a while now I've been adding more and more features to Apache and PHP for testing. I want to add things like LDAP and SQL support in PHP but the libraries fail to load when I update the PHP.ini file. I have continually come up against error messages like these:

PHP Warning: PHP Startup: Unable to load dynamic library 'c:/php/php_ldap.dll' - The specified module could not be found.\r\n in Unknown on line 0

and

PHP Warning: PHP Startup: Unable to load dynamic library 'c:/php/php_pdo_mysql.dll' - The specified module could not be found.\r\n in Unknown on line 0

The problem I had was actually nothing to do with PHP trying to find these libraries. Instead it was to do with the other libraries that they needed. The Apache logs make no mention of this. You need to search the internet to find which dlls are needed depending on your web server and the dll you wish to include.

For example, running PHP and Apache, to include LDAP, update the php.ini and then also make sure that libeay32.dll and ssleay32.dll are in the Apache bin folder. Then voila! No more nasty errors.

Tuesday, 18 October 2011

Movember

So Movember isn't about just being manly, it's also an opportunity to raise any points that might help us men live a little healthier:

As men, we are told that we are genetically more likely to die from various diseases than women. Unfortunately (or should that be fortunately?) this is not the case. Many factors are actually more to do with our attitudes that our dna. I'm sure it's a similar story across the world but in the UK, women in our age group are twice as likely to go see a doctor than us men are. The top 10 reasons for us men not wanting to go are:

1. Sitting around - "they don't like the waiting time involved"
2. Health services are feminised - "the decor and bias of information towards women"
3. Embarassment - "Men are embarrassed to discuss intimate feelings and information"
4. No point unless there is something wrong - "Below 40 years of age, men only view doctors in terms of emergencies"
5. Men aren't socialized into visiting the doctor - "whenever men visit the doctors, they only see women and older people."
6. Suck it up' attitude - "men are socialized into internalizing their emotions and physical discomforts"
7. Defects are signs of weakness - "visiting doctors may signal illness or disability"
8. Fear of being judged - "their problem or physical state is something unique"
9. Men exaggerate the negative qualities of health provision - "men find the health care system inadequate, a waste of time."
10. Doctors aren't equated with preventive health - "at age 40, men generally have to see their doctor regularly. They realize the benefits of screening than waiting to happen."


Sadly, I can not stand up as a role model. I have never discussed cancer with my doctor, I remember something vaguely about checking yourself from school and the notion of a prostate exam is something I connect with the over 50 year olds.

People won't tell you what to do to keep you healthy. We don't stand around the bar discussing the best way to check your testicles for lumps (maybe that's not a bad thing). You need to go and find this out for yourself. Otherwise you are just waiting for something to go wrong, which is a really stupid idea when you think about it.


Links to answer your questions:
http://menshealth.about.com/od/diseases/u/concerns.htm - general concerns list
http://cancer.about.com/od/cancersaffectingmen/tp/menscancersign.htm

A statistic to finish up on. Testicular cancer normally affects men between 20 and 39. The survival rate is over 95%. Look after yourselves men.

Sunday, 14 August 2011

John the Ripp... oh wait, it's not working

John the Ripper (http://www.openwall.com/john/) is a fantastic Unix based password/hash cracker. If you want to crack md4 hashes then you need the jumbo install, which can fail without the correct bits installed beforehand.

This error:
/usr/bin/ld: cannot find -lcrypto

means you are missing libssl-dev package, which is not something that trips up the standard JtR install. Run this command to fix it all:

apt-get install libssl-dev

It should then complete the make process just fine.

Sunday, 31 July 2011

How much do we trust our email?

The purpose of this article is show how an attacker can trick someone into thinking that they are talking to someone else on email. It uses the following two websites:

1.Mailinator [http://mailinator.com] - Instant access and anonymous web mail.
2.Fake Emailer [http://emkei.cz/] - Builds fake emails.

Scenario
Bob wants to trick Alice that her boss is contacting her. Alice works for Fireweb in Japan. He wants to use social engineering to make Alice give up her home phone number.

Using Fake Emailer to create the engineered email
Fake emailer is a really quick and easy way to build an email that looks (from the outside at least), trustworthy. You can tailor it to have any from and two address, and reply-to address, any contents, even the headers themselves can be tailored.

We will use the following:
To address: Alice@herhomeemail.com
From: The.Boss@fireweb.ne.jp
Reply-to Address: The.Boss.a.fireweb.ne.jp
Message: Hi Alice, I'm afraid we are having an emergency here in the office, and I would like to contact you ASAP, could you please send me your home phone. Thank you. The Boss.

What Alice sees:
Alice gets a very official looking email. The from address is the boss' real address.

She clicks reply and the reply to address is The.Boss.a.fireweb.ne.jp . She then types her reply.

The result
Alice sends her information to the Mailinator address which Bob can instantly access anonymously.

Conclusions and preventions:
Alice had very few clues to tell her what was happening. The biggest and most obvious to us now is that the reply-to address is completely wrong. However it gets pretty well hidden. For starters the initial From address is completely legit (assuming Bob knew it). Not many people go out of their way to double check the email reply address is write, and even a quick glance here is still not enough to catch what is going on.

This could be furthered by putting HTML on the site to make it look more official, or getting Alice to do something that doesn't even involve replying to the address, like clicking on a contained link, or contacting a 3rd person on the Boss' behalf.

In this case, we have to look at the header information to see what is going on:

X-Originating-IP: [46.167.245.101]
Authentication-Results: mta1451.mail.mud.yahoo.com from=fireweb.ne.jp; domainkeys=neutral (no sig); from=fireweb.ne.jp; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO emkei.cz) (46.167.245.101)
by mta1451.mail.mud.yahoo.com with SMTP; Wed, 19 Jun 2011 01:18:08 -0700
Received: by emkei.cz (Postfix, from userid 43)
id 6096281AA11; Thu, 30 Jun 2011 06:18:11 +0200 (CEST)
To: alice@yahoo.com
Subject: firey shark
From: "The boss"
X-Priority: 3 (Normal)
Importance: Normal
Errors-To: boss@fireweb.ne.jp
Reply-To: The boss@fireweb.ne.jp
Content-Type: text/plain; charset=utf-8
Message-Id: <20110630041811.6096281AA11@emkei.cz>
Date: Thu, 30 Jun 2011 06:18:11 +0200 (CEST)
Content-Length: 1
Doing an IPlookup [http://ip-lookup.net/index.php], shows us that the originating IP of 46.167.245.101 is obviously wrong and the message-Id contains the source site.
The received information is also different from normal, as if it has bounced off of emkei.cz, not something you normally see on emails.

Despite all of these anomolies, both Yahoo and google mail both send through the information without detecting and warning the user.