Uncategorized

Source: blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/

Want to scan your network?

# Get the memcached nmap script - https://nmap.org/nsedoc/scripts/memcached-info.html

# Nmap network for open memcached ports (example, replace with your range)
sudo nmap 127.0.0.1/18 -p 11211 -sU -sS --script memcached-info >> memcrashed.log 

# Sort nmap log and find IPs that are actually vuln 
cat memcrashed.log | grep -B 16 Authentication | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" >> sorted_memcrashed.log 

# Can verify with this one liner
cat sorted_memcrashed.log | while read a; do echo -en "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n" | nc -q1 -u $a 11211 ; done

Does anyone remember when Saudi Arabia threatened to sue anyone online that compared them to ISIS? I do..

Do you remember when Ashraf Fayadh received the death sentence for apostasy? I do..

Although the sentence was overturned (most likely due to public outcry) he got an 8 year sentence and 800 lashes.. 800 lashes… In addition to his severe punishments he is forced to repent through an announcement in official media, 1984 style. Are we supposed to feel better about this? They probably think so. Should we? Hell no. The fact that Saudi Arabia continually violates human rights according to Amnesty International’s research is daunting. This is the same country that is allied with the US and UK.. The same country that is on the UN human rights panel, even though they execute people in brutal fashion, on public display at times, and for ludicrous reasons.

Do you realize that Saudi Arabia is comparable to ISIS? I do.. And you should too. 🙂

So… I recently called into AT&T to reset a password for an @sbcglobal.net email address, firstly I want to explain some things. It seems AT&T reps are able to reset passwords with crappy 6 character passwords only containing numbers and are authorized to give that password to someone over the phone.

What I really only needed to reset the password for this @sbcglobal.net email address…

  1. A valid account number, and name of account owner.
  2. An “I’m stupid” mentality.
  3. The ability to act confused.
  4. The email address you’d like the password to be reset on.
  5. The name of the person who owns the email account.

Really.. I’m serious.. That’s truly all I needed. It could have been the rep’s fault, and I do think she got pissed off and just thought I was some idiot who knew nothing about computers. She might have just gave in to get me off the phone. How the emails and account got setup was an utter mess though. So I genuinely was confused, and AT&T made me call in to perform the password reset.

So, I called up and was directed to a rep who eventually directed my call to the “technical support” department. After giving the lady with an attitude my client’s details (account # & name on the account) and explaining the situation. She asked me verification questions such as the “passcode” on the account. I was unable to answer the questions as I genuinely didn’t know what it was and neither did my client. I then asked if there was any other way I could verify. She then asked me one of the security questions, again, I didn’t know the answers. She seemed quite frustrated at that point. And it wasn’t just me playing dumb 😀 the person who setup the account didn’t pass down the details and a couple days ago that became a problem. After explaining the situation to her further, with interruptions from her, she angrily said she’s closing out the window because clearly this isn’t my account because I can’t verify my identity. She then asked what the email was where I’d like the password reset on. I told her the email and acted clueless at this point. She took a few minutes and asked me the name of the person who owns the account. She then told me to enter a URL where I could login. She gave me the temporary password. I entered it and was prompted to set a new password along with security questions. At that point I was thinking wtf.. But I was happy to have gotten in anyways.

I’m not sure if this is some big mistake by the rep or a hole in AT&T’s verification process. Nonetheless, it shows that I was able to get into an email account without any verification that I truly was the owner. I would stay FAR away from AT&T for this purpose along with their garbage “U-verse” internet.

If you find that your /var/log/prosody/prosody.err log is being spammed with things like;

Failed to load accounts storage (‘cannot open /var/lib/prosody/xmpp%2eis/accounts/lunar.dat: Too many open files’) for user: lunar@xmpp.is

Then the solution is to increase your system’s open file limit in /etc/sysctl.conf, /etc/security/limits.conf and to create a new file called /etc/default/prosody with the limits. You will need to run nano, vi, etc as root or use sudo for this to work.

To do this

nano /etc/sysctl.conf

And add

fs.file-max = 999999

Run sysctl -p to apply the changes to /etc/sysctl.conf

Then also

nano /etc/security/limits.conf

And add

prosody hard nofile 999999
prosody soft nofile 999999

UPDATE 9/23/17

If you’re using systemd garbage you need to modify /etc/systemd/system.conf as well and add this parameter.

DefaultLimitNOFILE=999999

Then finally

nano /etc/default/prosody

And add

MAXFDS=999999

After you’ve done all this you shouldn’t have a problem and Prosody will be able to open more files. Hope this helps anyone that runs into the same issue!

I Like Posteo

I’ve been using an email service called Posteo for a little more than a year and I’ve really been enjoying it. It’s stable, seems secure and is low-cost (12 eur a year). Here is a little more info on their service.

Screenshot_2016-07-20_18-50-08

If you’ve been searching for an email provider that respects your privacy and doesn’t use your data for ads, look no further! I recommend you check out their site for more info 🙂