Ramblings of a heathen

Wrote a bash script that will download my del.icio.us bookmarks locally, then delete any backups older than 3 days. Going to run it as a cron job. Figured I’d share.

#!/bin/bash
 
user='your username'
password='your password'
backupdir='/var/media/backups/delicious/'
 
backupfile='delicious_'$(date --rfc-3339=date)'.xml'
log='/var/log/delicious_backup.log'
old=$(find $backupdir -mtime +3 -type f -iname 'delicious*')
 
#get bookmarks
wget --user=$user --password=$password -O $backupdir$backupfile https://api.del.icio.us/v1/posts/all &>>$log
 
#check to see if backup is a sane size
if [ $(stat -c%s $backupdir$backupfile) -lt 1024 ]; then
     zenity --error --text "Del.icio.us backup is borked!"
else
     #delete backups older than 3 days
     if [ -n "$old" ]; then
          rm $old;
     fi
fi
 
#keep log file size in check. remove entry older than 30 days.
if [ $(stat -c%s $log) -gt 43008 ]; then
     sed -i '1,25d' $log
fi
 
exit 0

So I was logging into my (much maligned) Faceblag account the other day and I couldn’t remember my password. At first I was greeted by the usual incorrect password screen like so.

So I continue entering what I hope will be my password when I am greeted by the following.

This just flies in the face of security. What if someone happened to know your email address and was guessing at your password. I know the first thing I would do in their case would be to take said email and password and try to log in to a few dozen or so other popular sites on the net.

This got me wondering what other interesting log in errors I could produce trying to log into Faceblag. I started entering this, that, and the other thing in the password prompt for my account to see what would happen. After about a dozen log in attempts I was finally confronted with a captcha and a prompt stating there had been a high number of unsuccessful log in attempts to my account.

And yet another interesting prompt I got after apparently mistyping my email address into the prompt.

Got 2 of my email accounts hacked into this morning. I recovered them pretty quickly, but not before the following was sent out to most of my contacts:

From:
To:
Date: Tue, 10 Aug 2010 13:34:56 +0100
Subject: SAD NEWS!!!!!!!!!!!!!!!!!!!!!!!!!PLS
I’m writing this with tears in my eyes,sorry I did not inform you about our trip.We actually made a quick travel to London and unfortunately attacked and mugged at gun point on the way to our hotel,all cash,credit card and cell phone were taken away from us but luckily we still have our passport with us.

We`ve been to the embassy and the Police here but they’re not helping issues at all and our return flight leaves anytime from now but we`re having problems settling the hotel bills and the hotel manager won’t let us leave until we settle the bills.

am freaked out at the moment and need help right away.

After recovering my gmail account and looking at the access history, I discovered these two entries:

Browser Nigeria (41.138.172.93) 6:30 am (10 hours ago)
Browser Nigeria (41.138.172.93) 5:30 am (11 hours ago)

Needless to say I wasn’t pleased by any of this.

While trying to determine the root cause of this whole fiasco I did discover an interesting tidbit about Mozilla Thunderbird, my email client of choice. The option network.prefetch-next is set to true by default! To those that have no clue what this is, here’s the quick and dirty from mozilla. Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, so the browser downloads them immediately so they can be displayed immediately when the user requests it. This preference controls whether link prefetching is enabled. Essentially the client will go and download a page to disk before the user has even visited it in the name of speedier internet. I discovered this little tidbit after downloading a couple more virus scanners and doing a full system scan just to discover that not only was some spam mail I had deleted about a week ago still sitting in the trash for that inbox, but some other malicious things had shown up in there with it as well. This led me to look into whether Thunderbird had a prefetch setting similar to that enabled by default in Mozilla Firefox. Turns out it did and it was enabled by default.

While this isn’t necessarily a bad thing in a normal web browser since you have a fair bit more control on where you’re going, having something like this enabled by default in an email client, which tend to be prone to getting malicious content sent to them no matter how hard a company may try to filter it, just seems like a terrible idea to me. When I received the original spam mail, the source and subject seemed somewhat legit at the time, so I had a quick look at the content. Once I realized it was spam, I promptly deleted it without visiting (or so I thought, thanks prefetch) any of the links contained in it. Goes to show technology isn’t always working for the proper end user.

Since I’ve spent all this time talking about the evils of prefetch, I’ll go ahead and quickly outline how you can go about disabling it in both Firefox and Thunderbird.

Firefox:
1. Open a new tab and in the address bar, type about:config and press Enter.
Thunderbird:
1. Go to Tools->Preferences (Microsoft Windows) or Edit->Preferences (most if not all *nix distros). Go to the Advanced tab, and on the General tab click the Config Editor… button.
Both:
2. You’ll get a warning page saying that “This might void your warranty!”. Click the I’ll be careful, I promise! button.
3. In the filter box, type in prefetch. The only option that comes up should be network.prefetch-next. If not, we’re only working with network.prefetch-next. Unless you have a clever network admin, it will be set to true when it comes up.
4. Double click the network.prefetch-next entry. This should set it to false. If not, you can always right click on the entry and select the Toggle menu entry.
5. Close the window/tab. That’s it. You’re done.

While this isn’t an end all be all security solution for Thunderbird or Firefox, it is definitely a step in the right direction in trying to trip the baddies up when they’re out to get you. And remember. The only effective security is proactive security.

So I noticed recently Cox had begun redirecting some pages that were 404′ing. I’m not terribly fond of things like this due to the possibility of other things possibly getting redirected as well. You can read the many articles about it here should you feel so inclined. Thankfully, though a bit obfuscated, they have instructions for opting out of this “service”. Cox’ main page on the process is here. Expand the “Opt-out” option under the “Service Features” heading about 2/3 the way down the page. I chose to do it manually due to mistrust on my part. It really does amaze me that ISPs are allowed to get away with this shit. What would happen if the page they’re redirecting their customers to somehow became compromised? There would suddenly be quite a few compromised users as well I’d imagine, though maybe not quite as many as the days predating massive search engines. But all it would take is a user mistyping one web address…