John Shepp Org :: Providing Solutions For An Unsure World

Anthem Challenge - My Bid

Give a listen to my HNIC anthem submission, entitled Nikki

Mea Culpa From Somewhere On The Hill

You know me, or you think you did. I was too busy glad-handing with my elite backers to read any of the bills that passed over my desk, no matter how much they limit your freedom to speak, protest or travel

Crack Book Tales

Like the Facebook? Well lately it?s been the bane of Rod Bruno?s existence, likely because he over-tickled his hundreds of friends, and brought the facebook?s mail system to it?s knees, caused massive floods and bridges to collapse, forcing DHS to shut him down?

Spinal Chord - Variety Telethon 1991

Spinal Chord was a truly integrated band ? keyboardist/vocalist Sam Sullivan and drummer Dave Symington are both C4-5 quadriplegics who perform with the aid of customized midi mapping software. What you hear is all live, not a sequence, and there are no backtracks?

Burnin' Tires

In 2005 I put together this animated video for the Craig Jacks song ?Burnin? Tires?. The secret? Lots of Chickens and violence. Now it?s on YouTube.

Kobrashell Hell

Back in the late 1990’s it was trés cool for hackers to attempt to overwrite the home page of well known sites with their own and declare the site “Pwn3d”. I thought this was far since over as the newly initiated script kiddies tend to want much more for their entertainment dollar these days.

I guess that isn’t the case in Turkey.

_{Hacker’s uploaded page. Perhaps they should retail it at Starbucks?}

A recent signup uploaded an avatar to a forum I administer, the file, called kobrashell.gif.php was uploaded as kobrashell.gif. This file is widely available and was written by a Russian. It allows the user to pretty much do what they like to the directories on your server, as long as the permissions are set to allow it, which is generally the case with file upload directories, allowing them to be written to by the web client.

_{Portion of the file with GIF Header}

The forum was a part of a CMS authored by e107.org which allowed signups to upload avatars and photos and was secure as far as those go, but it also has an html area which includes a filemanager, allowing images to be renamed. One can upload an image, resize it, rename it, even with a new extention. Once uploaded and run, the file was used to rewrite the index pages.

These folks took their time, however, as the signup was a full 10 days before they used the file, and as I have uncovered, the CMS at that point had a number of people exploit it using this file, as was discovered by a quick google search.

Since forums are popular and image upload sites are all the rage, the use of any type of file manager has become alot less common, as was the case with this older CMS. But forums are generally under the most danger as they generally allow users to signup with only a valid hotmail account, and even then, as was the case here, “hacking” and international laws are not well defined still. Site administrators generally only allow forums to appear on servers that are heavily hardened. A good lesson learned.

Mail Server DOS Hell Italian Celibrates World Cup Victory With SSH Attack

Recent Visitors

69.156.14.108 80.201.180.35 80.32.108.148 67.195.37.113 217.212.224.179 91.205.124.17 208.80.194.38 117.47.72.115 66.249.67.213 65.214.45.214 74.6.22.106 64.246.161.42 88.7.142.155 92.194.100.117 80.201.2.57 74.6.18.220 150.70.84.25 80.222.206.81 80.100.119.22 208.80.194.28 69.179.105.78 68.108.215.214 74.6.17.172 151.197.205.79 74.6.22.104 208.80.194.37 63.194.235.178 74.6.18.236 86.40.255.207 208.80.194.30 213.51.237.166 208.80.194.35 68.43.107.119 91.193.166.218 66.34.204.26 208.80.194.26 200.164.100.7 74.6.18.238 99.144.233.26 77.193.118.250 92.5.42.172 74.6.8.97 193.47.80.48 74.6.18.219 220.246.157.86 208.80.194.50 213.41.244.82 84.192.210.214 70.244.60.121 79.126.130.216 69.137.96.66 218.93.248.238 208.80.194.41 216.222.192.4 74.6.18.239 82.166.163.10 216.142.158.226 209.167.50.27 74.6.8.96 75.0.149.203 88.239.63.218 74.6.22.184 208.80.194.33 64.246.178.34 74.6.17.151 208.80.194.31 128.2.213.66 74.6.8.100 208.80.194.40 65.55.210.24 38.108.180.70 209.85.238.8 38.99.44.101 218.18.143.142 74.6.22.158 74.6.8.114 208.80.194.36 189.106.62.38 74.6.18.230 66.231.188.128 208.80.194.29 208.80.194.42 65.55.212.166 38.108.180.69 220.181.61.220 74.6.18.217 74.6.22.175 83.168.240.15 217.237.149.206 78.167.221.230 38.99.186.39 123.211.28.164 66.249.67.8 74.6.22.169 213.226.254.8 66.249.67.82 41.251.98.32 213.192.60.19 77.135.147.169 74.6.22.156 78.175.28.109 208.80.194.32 67.172.153.149 69.71.222.186 74.6.8.125 65.55.110.85 78.38.23.87 38.105.86.201 208.115.111.248 41.204.193.43 74.6.8.93 206.196.111.204 88.230.47.246 204.69.115.56 74.6.18.241 66.235.124.11 195.241.174.202 83.133.125.202 69.206.141.133 70.48.112.13 208.80.194.43 220.181.61.192 195.46.251.2 120.7.166.66 207.178.4.6 38.108.180.86 74.59.101.26 208.80.194.55 82.198.20.4 69.180.209.106 86.135.9.220 74.6.18.229 198.87.2.45 74.6.22.168 88.226.22.192 88.217.20.175 75.18.213.72 119.63.194.131 38.108.180.88 217.212.224.186 74.6.8.106 74.6.17.169 189.106.84.123 189.61.196.181 38.108.180.93 121.205.183.31 124.124.60.6 66.249.85.133 74.6.22.95 75.58.35.188 150.70.84.47 81.213.163.181 24.8.156.63 74.6.8.119 203.73.176.33 72.13.36.13 66.249.73.151 64.39.0.68 74.6.8.120 83.60.108.76 77.102.24.35 82.99.30.30 82.99.30.18 82.99.30.49 82.99.30.35 98.112.230.85 208.111.154.15 66.187.122.210 74.6.22.187 204.182.3.235 74.6.18.245 204.10.132.7 82.99.30.32 82.99.30.46 82.99.30.11 74.6.22.171 72.30.78.225 207.6.150.72 72.30.78.234 195.221.212.241 65.214.45.215 66.235.124.58 72.30.65.54 72.30.79.25 208.80.194.27 64.246.187.42 209.112.29.211 65.214.45.217 66.235.124.54 66.249.70.91 210.233.9.232 193.206.186.101 58.71.125.123 84.162.121.63 64.39.0.38 72.94.249.34 195.208.13.62 74.6.18.251 70.69.45.101 217.227.55.93 212.77.204.115 66.90.118.101 205.209.170.2 85.104.233.106 74.6.22.99 74.6.22.107 99.245.133.213 194.74.238.60 74.6.8.90 207.216.160.220 96.57.221.106 74.6.22.180 217.148.95.133 207.216.162.222 208.131.186.19 74.6.22.181 97.74.95.93 86.81.235.120 38.108.180.94 208.80.194.44 75.101.231.175 82.99.30.21 66.249.67.5 82.161.231.16 74.6.22.177 85.104.246.218 202.74.194.16 208.80.194.46 98.163.246.226 64.246.165.170 91.16.243.223 83.136.24.45 82.99.30.54 82.99.30.10 208.80.194.49 203.88.220.187 24.85.251.181 81.213.89.56 193.47.80.77 38.100.41.105 85.96.142.145 208.80.194.48 58.39.113.158 85.167.229.250 203.34.143.18 82.99.30.15 82.99.30.29 82.99.30.37 82.99.30.20 82.99.30.47 147.162.3.221 147.52.180.201 164.140.159.143 74.86.176.75 219.234.81.41 74.52.245.146 69.154.225.218 83.146.14.3 72.30.161.217 72.30.79.124 82.99.30.60 82.99.30.13 82.99.30.58 82.99.30.44 72.30.81.169 67.161.54.212 64.246.165.237 72.30.79.55 124.180.95.219 70.38.71.168 70.244.98.204 72.30.161.220 72.30.65.27 69.84.207.147 82.169.24.81 72.30.142.90 88.240.4.5 72.30.142.89 72.30.81.164 72.30.81.154 208.80.194.54 66.249.67.3 24.204.3.242 72.30.78.229 82.166.163.11 74.6.17.162 82.66.148.215 72.30.142.187 71.61.0.194 72.30.79.60 66.249.70.118 72.30.142.178 82.166.163.13 194.138.12.146 72.30.142.182 72.30.142.96 65.199.185.44 72.30.79.82 122.227.41.162 65.55.210.23 65.55.109.62 65.55.210.22 65.55.107.209 65.55.210.13 65.55.109.69 65.55.210.21 38.103.63.62

Anthem Challenge - My Bid

Mea Culpa From Somewhere On The Hill

Crack Book Tales

Spinal Chord - Variety Telethon 1991

Burnin' Tires

Kobrashell Hell

Recent Articles

Sites of Interest

Network Neutrality — Without Regulation

Lessig, Zittrain, Barlow To Square Off Against RIAA

Study Recommends Online Gaming, Social Networking For Kids

CRTC Rules Bell Can Squeeze Downloads

MIT and NASA Designing Silent Aircraft

Spider Missing After Trip To Space Station

Studios Sue Oz ISP Over Allowing Piracy

Google Terminates Lively

IRS Looking at Google/Mozilla Relationship

Most of Woolly Mammoth Genome Reconstructed

New Xbox Experience Goes Live

NASA Exploring 8 New Space Expeditions

Towards a World Wide Grid?

Researchers Getting the Lead Out of Electronics

Adobe Releases C/C++ To Flash Compiler

Recent Visitors