Tag: Hackers

Nuke the Site from Orbit…

(It’s the only way to be sure.) Hello again — So the problem around here has been some kind of malware injecting tiny iframes that link to suspect sites when people visited through Google. This is a relatively common hack, but I’ve been having serious trouble figuring out the vector. (It didn’t help that my soon-to-be-ex-host is AWOL, the Movable Type forums are a dead zone, and that I’m very much of the n00b persuasion when it comes to coding and server-side issues, although I’m considerably savvier now than I was this time last week.)

Anyway, after rolling back everything and reinstalling MT (twice), a lucky scan using this White Fir tool uncovered this nasty bit of work lurking in my mt.js file:

// document.w***e(‘ =diu bsatr=#s6ygocbxtt”>=igsale rrc<"htup:./ktihha/ch,21024453.itbm"'wikth<"519" oehfhu<"409#>‘);//

(I say lucky, but I have a suspicion this code is only visible on the first scan from a given source. The reason I started suspecting mt.js is because it was considered an additional link on the first Sucuri Sitecheck scan I did…but only that first scan, not on subsequent ones.)

Anyway, even with my changing that first “write” above, this code still looks scrambled to all hell. But, whatever it does, unlike Mr. Pibb and Red Vines, it’s also clearly crazy malicious, and thus has been swiftly airlocked.

To be honest, I’m not still not sure what the original vector of infection was — I’m hoping it was some sort of cross-scripting vulnerability of an earlier version of MT. But I also feel like I deleted this mt.js file and rebuilt it from scratch using an all-new MT 5.14 default template a few days ago, and the problem was still extant. (I’ve also scoured my MySQL database for tricksy scripts like “eval,” “unescape,” “basecode64” etc. Nothing there.)

So, at the moment, Google’s given GitM a clean bill of health again. Let’s hope it holds. In the meantime, everything I said in the last post stands — I’ll need to find a new host for GitM at some point. But, for now, I’m trying to knock out these last few chapters, so I’d best get back to it. Hope everyone out there is well.

P.S. I’m aware comments have been acting funky as well and that the comment box comes and goes. Apologies if you are a real human being who has tried to leave one in recent days. I think it’s fixed now — the comment spam seems to be getting through, in any event.

The Ghost Rises?

Actually, no, not yet. But I wanted to quickly explain the reason for the retro-look around here, and since tonight is also the movie event of the summer, it seemed like a good time for a brief update regardless. (All apologies to The Avengers, of course. If it’s any consolation to Whedon’s fine film, the “movie event of the year” will be The Hobbit in December. And at least you were great fun and not a half-assed disappointment like Prometheus.)

Anyway, life continues much as it has this past age. I work, Berk — fully recovered, minus one toe — barks at things. We’re leading a pretty solitary existence these days — hello, 2007 again — and it has its depressing moments, to be sure. But we’re getting by.

The good news is, and the reason why I won’t be returning to GitM for now, is that I’ve spent pretty much all my free time these past few months cracking out my long-neglected dissertation. At this point, I’ve got ten chapters and 800 pages written, which, I’ve been informed, is more than enough to defend for the degree. (I defend this fall.) But since I’ve finally come this far, I want to push through until I complete the project in its intended scope — which means four more chapters and, assuming a productive August recess, probably at least two-to-three more months of working evenings and weekends to go. When that’s finally done, I’ll be more inclined to reconnect with the world at large and take up the Ghost once more.

(And, yes, I know that nobody wants to read 800+ pages on progressives in the Twenties, or for that matter, 800+ pages on anything. I also know that all the time I’ve spent on this would probably have been better served just writing bondage-y Twilight fan fiction. Oh well.)

The bad news is, along with a gunfight breaking out above my head last weekend, the forces of entropy have conspired to infect the old blog here with some sort of google-hit-stealing malware. This has made the Google wrathful, and it has banished this poor, lowly Ghost to the unclicked shadowlands with the other leprous websites. It’s my fault — MT was way out-of-date. I was going to have it updated this past winter, along with a general overhaul of the look of the site. But the old blog-“friend” I hired to do the job took my money and then disappeared with it. (That turned out to be the opening salvo of the frozen-run-of-luck that precipitated this whole “interregnum of despair” around here.)

Anyway, in order to root out the infection, I’ve upgraded to MT 5, rolled back to the default templates, and rebuilt the site — Hopefully this finally does the trick and Google takes us back. If it does, and when I have the time, I’ll work on gradually fixing up the look of the Ghost again. (That is, presuming I learn to master all the intricacies of the non-coder-unfriendly new Movable Type. (Zemanta? What the?)) Until then, thanks for the patience and understanding, have fun in Gotham this weekend, and thanks, as always, for stopping by.

Update: Still on the wrong side of Google, and running out of ideas at this point. And my host — the once reliable Cornerhost — appears to have fallen off the Earth. So I guess, first things first, I’ll have to move everything to a more reliable host. If anyone has any keen infection-fighting ideas, please do pass them along. Otherwise, I’ll see ya when I have time to sort all this out.

Palantir Pervasive.


After the Anonymous attacks and the release of Barr’s e-mails, his partners furiously distanced themselves from Barr’s work. Palantir CEO Dr. Alex Karp wrote, ‘We do not provide — nor do we have any plans to develop — offensive cyber capabilities…’ But both of the Team Themis leads at these companies knew exactly what was being proposed…They saw Barr’s e-mails, and they used his work. His ideas on attacking WikiLeaks made it almost verbatim into a Palantir slide about ‘proactive tactics.’

Strange powers have our enemies, and strange weaknesses! In Wired, Nate Anderson of Ars Technica fdelves into the story behind the highly troubling HBGary leaks. Among other things, these leaks have already revealed that:

  1. Bank of America contemplated hiring private-intelligence goons — the aforementioned HBGary, the aptly-named Palantir Technologies, and third-wheel Berico Technologies — to spread anti-Wikileaks disinformation discredit Salon’s Glenn Greenwald.

  2. The Chamber of Commerce has been using their services to conduct surveillance on and smear progressives and unions.

  3. These organizations are manufacturing sock-puppets wholesale to create an “illusion of consensus” on behalf of their clients.

  4. Private security firms like the aforementioned ones above are, as Marcy Wheeler puts it, deploying “intelligence techniques developed for use on terrorists [against] citizens exercising their First Amendment rights.” And

  5. These morons actually tried to charge their clients $2000 a day for what amounts to trolling services.

As HBGary target Glenn sums it up: “What is set forth in these proposals for Bank of America quite possibly constitutes serious crimes. Manufacturing and submitting fake documents with the intent they be published likely constitutes forgery and fraud. Threatening the careers of journalists and activists in order to force them to be silent is possibly extortion…Attacking WikiLeaks’ computer infrastructure in an attempt to compromise their sources undoubtedly violates numerous cyber laws. Yet these firms had no compunction about proposing such measures…and even writing them down. What accounts for that brazen disregard of risk? In this world, law does not exist as a constraint.

In other words, they do not fear the law because it has forsaken these lands. And, hey, when you consider that nobody has yet gone to jail for lying the American people into a trillion-dollar war, setting up an illegal, unconstitutional, and inhumane torture regime, or fraudulently abetting or even precipitating a multi-trillion-dollar economic meltdown, their brazen calculation seems like a pretty safe bet.

Shadiness, Inc.

Tom De Lay’s homegrown PAC, Texans for a Republican Majority, comes under scrutiny for misusing corporate donations. I never would have guessed. In semi-related news, the Senate GOP feels the heat from the soon-to-be-concluded investigation into stolen Dem documents. Lie, cheat, steal…all in a day’s work for today’s Republican Party.

The Real Filegate.

The Congressional Sergeant-at-Arms nears the end of his investigation into a GOP scandal involving illegally stolen Democratic e-mails. It’d be nice to see some heads roll for this, (and they certainly would have if the parties had been switched) but somehow I doubt it. If the media can shrug off the Dubya deserter story, they certainly don’t care about this sort of shenanigan.

Fire in the Hole.

The source code of the much-anticipated Halflife 2 is stolen and pirated online, knocking back its release until April 2004. Hmm, that’s very annoying, and particularly if, as feared, the leak allows unsavory types to exploit further the myriad holes in Valve’s new STEAM launcher. As it is, the DoD servers I admin for are being overrun anew with h4x0rs, teamkillers, and other FPS annoyances, who’ve all received a new lease on life in the shift from WONID to STEAM. I shudder to think what will happen if the smartest of the bunch get their hands on the code and find ways to hack directly into players’ PCs.