Fork me on Github
Fork me on Github

Joe Dog Software

Proudly serving the Internets since 1999

Siege 4.0.8

Your JoeDog fixed more bugs, you guys. We’d like to thank all contributors for their Issue reports and their patch submissions. Good job!

This release fixes two issues. The parser could blow up and segfault on some less than exemplary HTML formatting. And while we own every segfault, we encourage better HTML. We’re all in this together! This release also fixes a compile issue on some platforms. All siege users are encouraged to update to 4.0.8

Siege 4.0.7

Your JoeDog is pleased to announce the release of siege-4.0.7 This release fixes several issues with cookies, namely issues with expiry and persistence. We recommend that all siege users update to this release.

Siege 4.0.6

Your JoeDog is pleased to announce the release of siege-4.0.6 This release fixes a bug that caused siege to hang when it was invoked for time-based testing (-t/–time). Your JoeDog ran this version over 5000 times without it hanging.

Your JoeDog would like to thank GitHub user ks1322 for a detailed bug report complete with back traces which helped us pinpoint the problem

Siege 4.0.5

Your JoeDog is pleased to announce the release of siege-4.0.5. Exciting!

This release includes several bug fixes and minor corrections. It also includes support for IPv6. It allows you to override content-type at the command line and it provides an option for outputting the results in JSON.

You can turn on JSON output with -j/–json-output

$ siege --no-parser -j -c5 -r5

"transactions": 50,
"availability": 100.00,
"elapsed_time": 7.34,
"data_transferred": 0.86,
"response_time": 0.67,
"transaction_rate": 6.81,
"throughput": 0.12,
"concurrency": 4.54,
"successful_transactions": 50,
"failed_transactions": 0,
"longest_transaction": 2.21,
"shortest_transaction": 0.14

Siege 4.0.4

Your JoeDog is pleased to announce the release of siege-4.0.4. Exciting!

This release includes numerous bug fixes. If you have cooties, then it has the cure. In addition to fixes, it offers three new command line options:

-p URL, –print=URL
This option is similar to -g / –get but it PRINTS the page it received from the server.

Turn off the HTML parser. When siege downloads a page, it parses it for additional page elements such as style-sheets, javascript and images. It will make additional requests for any elements it finds. With this option enabled, siege will stop after it pulls down the main page.

This directive instructs siege not to follow 3xx redirects.

This release also includes support for PATCH and PUT.

Siege: Zip encoding disabled

Your JoeDog was just alerted to this behavior in siege:

[alert] Zip encoding disabled; siege requires zlib support to enable it
Segmentation fault: 11

Certainly the segmentation fault is the result of a bug, but we also have a configuration error. Siege is accepting a content encoding that it doesn’t support.

HTTP protocol allows servers to encode content before they send it. If a page is really large, the server might compress it first. But here’s the thing: If the server uses an encoding the client doesn’t support, then it’s pointless to encode it, right? HTTP provides a mechanism by which you can tell the server the encodings you support.

That brings us to the Accept-encoding request header. In this case, siege is sending something like ‘Accept-encoding: gzip’ although it wasn’t compiled with a compression library. To fix this problem, you can do one of two things: 1.) recompile siege with zlib and zlib-devel installed on your system. 2.) Send an empty Accept-encoding header.

You can configure that in your $HOME/.siege/siege.conf file like this:

accept-encoding =

But honestly, you should probably recompile siege with zlib and zlib-devel installed on your system…

UPDATE: Your JoeDog is unable to reproduce this segmentation fault. The sieger who reported this issue hasn’t responded with the version he is using. If you’re experiencing this, we recommend updating to version 4.0.3rc5 or higher.

You won’t guess where Russian spies are hiding their control servers

Brittany Spears

In the natural world, some predators bide their time near a watering hole waiting for thirsty prey to stop by for a drink. In the cyber world, this is aptly known as a watering hole attack. It’s a favorite tactic of Turla, a Russian hacker group.

According to a new report by Eset, an antivirus manufacturer, Turla used Brittany Spears official Instagram page to hide instructions its malware could use to locate the command server. Once it has that address, the malware can upload its stolen details. We Live Security has the sordid details

[We Live Security]: Turla’s Watering Hole Campaign

Covert Channels and Poor Decisions: The Tale of DNSMessenger

This is why our emails and sensitive documents are all over Wikileaks. Stop clicking shit.  (Geekish)

Talos recently analyzed an interesting malware sample that made use of DNS TXT record queries and responses to create a bidirectional Command and Control (C2) channel. This allows the attacker to use DNS communications to submit new commands to be run on infected machines and return the results of the command execution to the attacker. This is an extremely uncommon and evasive way of administering a RAT. The use of multiple stages of Powershell with various stages being completely fileless indicates an attacker who has taken significant measures to avoid detection.