Siege 4.0.4

Your JoeDog is pleased to announce the release of siege-4.0.4. Exciting!

This release includes numerous bug fixes. If you have cooties, then it has the cure. In addition to fixes, it offers three new command line options:

-p URL, –print=URL
This option is similar to -g / –get but it PRINTS the page it received from the server.

–no-parser
Turn off the HTML parser. When siege downloads a page, it parses it for additional page elements such as style-sheets, javascript and images. It will make additional requests for any elements it finds. With this option enabled, siege will stop after it pulls down the main page.

–no-follow
This directive instructs siege not to follow 3xx redirects.

This release also includes support for PATCH and PUT.



Siege: Zip encoding disabled

Your JoeDog was just alerted to this behavior in siege:

[alert] Zip encoding disabled; siege requires zlib support to enable it
Segmentation fault: 11

Certainly the segmentation fault is the result of a bug, but we also have a configuration error. Siege is accepting a content encoding that it doesn’t support.

HTTP protocol allows servers to encode content before they send it. If a page is really large, the server might compress it first. But here’s the thing: If the server uses an encoding the client doesn’t support, then it’s pointless to encode it, right? HTTP provides a mechanism by which you can tell the server the encodings you support.

That brings us to the Accept-encoding request header. In this case, siege is sending something like ‘Accept-encoding: gzip’ although it wasn’t compiled with a compression library. To fix this problem, you can do one of two things: 1.) recompile siege with zlib and zlib-devel installed on your system. 2.) Send an empty Accept-encoding header.

You can configure that in your $HOME/.siege/siege.conf file like this:

accept-encoding =

But honestly, you should probably recompile siege with zlib and zlib-devel installed on your system…

UPDATE: Your JoeDog is unable to reproduce this segmentation fault. The sieger who reported this issue hasn’t responded with the version he is using. If you’re experiencing this, we recommend updating to version 4.0.3rc5 or higher.



You won’t guess where Russian spies are hiding their control servers

Brittany Spears

In the natural world, some predators bide their time near a watering hole waiting for thirsty prey to stop by for a drink. In the cyber world, this is aptly known as a watering hole attack. It’s a favorite tactic of Turla, a Russian hacker group.

According to a new report by Eset, an antivirus manufacturer, Turla used Brittany Spears official Instagram page to hide instructions its malware could use to locate the command server. Once it has that address, the malware can upload its stolen details. We Live Security has the sordid details

[We Live Security]: Turla’s Watering Hole Campaign



Covert Channels and Poor Decisions: The Tale of DNSMessenger

This is why our emails and sensitive documents are all over Wikileaks. Stop clicking shit.  (Geekish)

Talos recently analyzed an interesting malware sample that made use of DNS TXT record queries and responses to create a bidirectional Command and Control (C2) channel. This allows the attacker to use DNS communications to submit new commands to be run on infected machines and return the results of the command execution to the attacker. This is an extremely uncommon and evasive way of administering a RAT. The use of multiple stages of Powershell with various stages being completely fileless indicates an attacker who has taken significant measures to avoid detection.



Trump’s cyber-guru Giuliani runs ancient ‘easily hackable website’

A good way to undermine your “security” brand is to launch a website rife with publicly known exploits.

But how does this even happen? If Rudy Giuliani erred on the side of eye-candy, if he relied on designers instead of infosec specialists, then he’d still have a website built with the most contemporary tools. Designers love new stuff. Instead giulianisecurity.com was built on an end-of-life PHP (5.4) and Joomla (3.1.1). His team exposed LDAP, sshd and mysql — all of which were old and EOL’d.

We can’t trust these people to set up our DVRs, let alone harden our country’s cyber infrastructure.  It’s stunning, really.

Stunned security experts tear strips off president-elect pick hours after announcement

Source: www.theregister.co.uk/2017/01/13/giuliani_joomla_outdated_site/

UPDATE: The DNS record has been taken down but you can still reach giulianisecurity.com by it’s raw IP address.



Frenemies List

Your JoeDog has been following the President-elect on Twitter for quite some time. He’s a Howard Stern fan and Trump was part of the Howard Stern universe. Then something unexpected happened to this frequent Stern Show guest. He won the presidency. Yep, saw that coming….

So while it’s now possible that a tweet from atop a gilded toilet could touch off a nuclear holocaust and get us all killed, there another more awesome possibility. See, Your JoeDog’s greatest disappointment was his exclusion from Richard Nixon’s Enemies List. He was very young when Nixon left office but that guy was assholish enough to put a child on his Enemies List. It could have happened! Sadly, it never happened. Now according to news reports, Trump blocks people from his Twitter feed. That’s the contemporary equivalent to an Enemies List. Could Your JoeDog get himself blocked???

Now anyone can get on the Presidential Twitter feed and throw some F-bombs and get himself blocked. I was determined to play it clean. Full-frontal snark! I wanted blocked for getting under his skin, like Nixon’s enemies got under his. So how’s that effort going? Sadly, not so good….

It probably wasn’t an intern who liked that tweet. This appeared in my notifications while Trump was in the midst of a Tweet storm. He was probably scrolling replies and read the first part of a compound thought. “You won the Electoral College by a landslide…” LIKE “… if by ‘landslide’ you mean ‘one of the all time slimmest margins’.” Attention to detail isn’t a trait Americans look for in a President.

You can follow Your JoeDog’s attempts to get blocked by the 45th President @jeffyguy