Everyone can submit news and votes decides whether it will be listed on the site’s frontpage or only a page in the back that barely anyone notices.

One of the issues that you may have with the site is that you cannot distinguish new links from old ones. Everything looks the same and the dynamic ranking system makes it incredible difficulty to near impossible to spot new news among the old listings.

Most users probably go through all news from top to bottom whenever they visit the site to spot the new items in the listing. While that may be a working strategy, it is not optimal as you spend more time than you should finding those new links among the old ones.

Enter Hacker News Newer Links. The Firefox extension’s sole purpose is to highlight new links on the Hacker News front page and first page. Note that those are the two only places on the site where new entries are highlighted.

You won’t notice the extension on your first visit to Hacker News after installing. It stores all links on the frontpage and first page, and compares them to the listings on consecutive visits.

All new listings are highlighted in red, while everything else is displayed in the normal colors.

With the extension installed, you are able to spot new listings on Hacker News immediately after the page is displayed in the web browser.

Hacker News regulars can download the Firefox add-on from the official Mozilla Firefox add-ons repository.

The attack was dreamt up by security expert Sam Kamkar who demonstrated at the Black Hat hackers conference a website exploiting common shortcomings in a router to reveal it’s real-world location.

He tricked the router into believing the request for it’s ID information was coming from the connected PC, not from the Internet.  He then used the revealed MAC address with a geo-location feature in Firefox to interrogate the database Google gathered when it made its Street View photographs.

The data, which was controversially gathered, linked the MAC addresses of routers to GPS co-ordinates.  “This is geo-location gone terrible,” said Mr Kamkar during his presentation. “Privacy is dead people. I’m sorry.”

Mikko Hyponnen, senior researcher at F Secure called the demonstration “very interesting” adding that such a technique could be used for “stalking or targeted attacks against an individual”.

“The fact that databases like Google Streetview’s Mac-to-Location database or the Skyhook database can be used in these attacks just underlines how much responsibility companies that collect such data have to safeguard it correctly.” said Mr Hypponen

In 2005, Mr Kamkar created a work that helped him gain more than 1 million MySpace friends in a single day.

I relay this story not just as a “silly me” anecdote, but more to illustrate an issue so that Linux users will also use the same type of caution any user of any operating system should use when said operating system is on line.

Allow me to set the stage

This whole ordeal happened because yours truly neglected to shut down (or secure) a service I covered for Ghacks a while ago. The article in question was “Vinagre remote desktop connection for Linux” which is a means to remotely connect to and manage a Linux desktop. Very simple. Very innocuous – or so one would think. Let me, instead, change your mind.

The other evening I was working on an article on a very different aspect of Linux, when all of a sudden my desktop started acting a bit odd. This is very much out of the ordinary as my desktop never has any problems. Odd windows were opening up, the cursor was jerking around…I bet you can see where this is going.

It didn’t take very long until Vinagre opened up a small window to inform me that another user had logged onto my desktop. Very strange, seeing as how I was the only one in the house who could even recite what the acronym RDP stood for. So something was afoot!

I quickly shut down the remote desktop server and started checking around for any signs that my culprit had found anything of use. Fortunately he (or she – I am, if anything, PC and think a hacker can be either male or female) managed nothing before I knew what was happening.

After this happened I went back and checked into why this was allowed. To my dismay I discovered that, after writing the article, I had left the remote system set up so that anyone could connect to my desktop WITHOUT a password! Yes, I did this to make the writing process more efficient – but usually I go back and close those holes. This time around, I didn’t…and nearly paid for it.

As soon as my lapse was realized I quickly fixed the error and then made sure my firewall was blocking any RPD (or VNC) traffic coming from the outside world and then made sure my router hadn’t been compromised. Since that incident, nothing had happened but my personal dining of crow and humble pie.

The lesson

Here’s the thing – allowing for remote desktop access is crucial in many situations. But making sure these connections are not open to just anyone is even more important than simplicity. When you are setting up these sorts of holes in your system, even when using Linux, make sure those holes can only been penetrated by known, friendly users. If not, you open yourself up to a world of possible bad issues. I have learned my lesson here – always go back and shut off (or uninstall) services that will not be used after writing about them!

Linux is a very powerful, secure operating system…but it’s not 100% (nor is any OS). This is especially true when the user (or administrator) is careless in the setup of the system. Alway use caution and do NOT rest on the reputation of an operating system. If that operating system has a live ethernet cable attached it is vulnerable.

The patch, released through version 10.1 of the Flash player is available now from www.adobe.com and there is also a new version of Adobe Air as well.

The company may have managed to shoot itself in the foot with this patch however as you’ll see from the amusing screenshot below, where the news story about the patch in the new version of the Flash Player is accompanied by a picture of Homer Simplson asking “Ooh. They have the Internet on Computers now!”

Okay, so this is a banner advert for an Adobe Air app, but I had to share the irony of the event with you.

The patch fixes a critical vulnerability which could allow your PC to be hijacked remotely and it covers Windows, Mac and Linux users, so everybody should upgrade.  All PC users should upgrade their version of Flash as soon as possible to prevent their PCs being vulnerable to the flaw.

An update for Acrobat and Acrobat reader is due sometime in the next week or so to fix the same vulnerability.

The group, calling themselves Goatse Security harvested the data using nothing more than a PHP script and are now in possession of some very high profile people’s contact details which include celebrities, white house officials and high ranking military officers.

So who is responsible for this, Apple or AT&T?  To be honest it’s going to be a bit of both and questions need to be asked why the hashing technique, common for exchanging passwords online, hasn’t been implemented here.

Hashing runs your password through a cipher that scrambles it.  It’s a one-way cipher so that the password can never be unscrambled.  A similar cipher scrambles the password on the authenticating computer and then both of these ‘hash codes’ are compared.  The reason for doing this is so that no password is ever put in the open where it can be intercepted.

This is clearly what happened with the iPad hack and it will come as a blow to Apple’s reputation for developing secure operating systems, the iPad OS is based on the same Unix code as their OS X desktop and server operating systems after all.

It remains to be seen if and how quickly a firmware update will be rolled out by Apple to encrypt sensitive data as it’s broadcast over 3G and other wireless networks to authenticate users.  AT&T also have questions to answer on whether this technique can be used to gather sensitive data from any other devices on their network.

Fortunately the hackers notified AT&T of the breach so they could close the hole and came clean about the hack.  The next group of hackers might not feel so benevolent.

Creating NTFS Alternate Data Streams is not complicated at all. You can use the “type” command to do that. To fork the file virus.exe into calc.exe you would use the command type virus.exe > calc.exe:virus:exe if they are in the same directory. Add the path if they are not. The size of the calculator does not change, the only indicator is that the file changed stamp is altered.

But executing those files must be harder, right ? Wrong again. To execute virus.exe you use the command “start”, in our example it would be start calc.exe:virus:exe.

A software like Stream Explorer can find those NTFS Alternate Data Streams on your hard drive. An alternative is List Alternate Data Streams

Anti-Phishing toolbars and implementations in the major browsers are useful but can, as you will see, give the user a false sense of security. This can be attributed to the fact that databases that contain the information are not updated in real time. Someone has to report a phishing website before it will be added to the database, it would be more than difficulty to create a automatic solution for this problem.

A second difficulty are new techniques used by hackers that are not detected by ant-phishing toolbars and implementations.

Flash Phishing

Anti-Phishing toolbars do check the page content for signs of phishing but do not analyze flash objects at all. Hackers know this and tend to use this to their advantage by using flash to emulate the original website. Users tend to believe that the site is “clean” because their anti-phishing toolbar did not react to it.

It is however relatively easy to find out if the current website is fake.

1. You need to take a look at the url in the address bar. If it is not the original address leave it immediately.
2. Check if it is using https instead of http. If it is using http leave the site immediately.
3. If it is using https check the certificate.
4. If the site is only using flash leave it.
5. Never follow links in emails (unless you know the person)
6. Never follow links in chats (unless you know the person)

You should immediately contact the supposed owner of the website and ask for advice.

Social Phishing

Phishers use other means of getting sensitive data from users. We all know that we should contact the company if we have doubts about a website. What if you would receive a mail from your bank asking you to call them back because there was a security breach ? Would you call them back ?

What if the number was redirecting you to someone in China speaking fluent English ? Would you give him the information he would be asking for to verify´that you are the customer ? Sir, we need to make sure that you are indeed our customer. Could you please supply your credit card information so that I can verify your identity ?

This is not a huge market yet but it will grow over time.

After explaining various netstat -commands ports are explained which might help you identify suspicious connections to your computer. It is a good idea to know the standard basic ports like 80 for a http connection and 21 for a ftp connection. This does not mean that every connection on port 80 for instance is harmless but it is a good indicator to leave those ports alone for the beginning and concentrate on more “suspicious ports first. Ok, so we know about netstat and ports, next in the line is tracert which lets you trace a connection to its beginning. If the hacker is not using a proxy to mask his real ip you find out about his internet service provider this way.

After that reverse dns querries and dns are explained. The last chapter lists common ports that are often used by trojans and the like. All in all a very good article for everyone who wants to know more about his computer. This is of course aimed at beginners and a good starting point for them. Its easy to use google for further information.

It explains the netstat command which shows all connections to your computer and how to interpretate them. After that the tracert command is explained which traces a connection. Finally it gives information on dns, how to lookup a ip and get the host of the connection.

It´s a useful tutorial that everyone who does not understand this concepts should read. It does not explain proxies which most hackers nowadays use. A tracert would lead to the proxy but not to the hacker himself.