[Java 0day exploit] – Protect yourself – Turn off Java in browser

A new Java 0-day exploit is running around the Internet this week.

Every browser which use the newest Java version is vulnerable! No matter which operating system you use.
If you think about installing older version of Java, that’s also bad idea, because older versions are full of security bugs as well!

What you need to do is to turn off Java in your browsers!

If you want to check if Java in your browser is vulnerable, go to http://www.isjavaexploitable.com/ and you will see.

To disable Java in your browser, in Windows, do next:

Mozilla Firefox: From the main menu select Add-ons, and then disable any plugins with the word “Java” in them. Restart the browser.

Google Chrome: Click the wrench icon in the upper right corner of the browser window, then select Settings. In the search results box to the right in the next screen, type “Java”. A box labeled “Content settings” should be highlighted. Click that, and then scroll down to the Plug-ins section. Click the “Disable individual plug-ins” link, find Java in the list, and click the disable link next to it.

For those who want to find out more about exploit

For those who are interested in details of this exploit, check here good analysis. The beauty of this bug class is that it provides 100% reliability and is multiplatform. PoC exploit was first published by Jduck and exploit itself you can see here

Experience tells us that Oracle will not be fast with an update, so most probably this bug will not be fixed soon.

Picture source.

If you liked the post, we should get connected - follow me on Twitter

Follow @jovica

The “Just look at it” hack to problem solving

This past week I was faced with a difficult problem. A really difficult problem.

In fact, it was painfully difficult. And I was struck with a flood of emotions: fear, anxiety, despair, etc.

I just wanted to sleep and not deal with it.

But instead, I did the “Just look at it” hack.

The “Just look at it” hack is something I’ve been thinking about the past few weeks. The essence is that if you just face a challenging problem by looking at it, then your brain will naturally respond with creativity and ideas to overcome and solve the problem. In other words, you don’t need to try to solve the problem with your raw effort. Rather, just stare at the problem and let you brain do the work for you.

I printed out all my notes regarding my difficult problem onto two 8.5 x11 pieces of paper. And then I went to the couch in my living room, and just stared at it. I told myself, “you don’t need to solve it or fix it right away. You don’t need to do anything but just look at it and let your brain think about it.” So that’s what I did.

I sat for about an hour, just staring at the two pieces of paper and letting my brain do it’s work. Then, it started to happen. One by one ideas started to form and I began jotting them down. No magic moment of epiphany, yet.

I kept going and in another hour or two, I was getting epiphany. I had the solution to my really difficult problem. And my fear and despair turned to ecstatic relief and confidence.

So the next time you’re faced with a really difficult problem and you want to run away and not face it, try the “Just look at it” hack.

1. Jot down all the notes regarding your problem/challenge and print it out.

2. Just look at the printed notes and let your brain mull it over.

3. Keep at it. It’s ok if you start dozing. Just wake up and keep looking at the printed notes.

4. When inspiration comes, start taking notes. But keep going until you get the creative solution you need.

Great mind hack, isn’t it?

Original article source. Picture source.

If you liked the post, we should get connected - follow me on Twitter

Follow @jovica

Great SQL Injection Guide – MySQL, Oracle, MSSQL

This is one of the best guides/references I have found online about SQL Injections – The SQL Injection Knowledge Base

Have fun :)

If you liked the post, we should get connected - follow me on Twitter

Follow @jovica

How to enable General Query Log in MySQL under Linux

The general query log is a general record of what mysqld is doing. The server writes information to this log when clients connect or disconnect, and it logs each SQL statement received from clients. The general query log can be very useful when you suspect an error in a client and want to know exactly what the client sent to mysqld. More about General query log

So if you have some bug or problem with database, one of the way to trace the problem in turning on this log, and check what is happening.

General query log is disabled by default, and to enable it, in Linux, you should do this:

Edit mysql configuration file:

vi /etc/my.cnf

Enable logging file, under [mysqld] section:

log=/var/log/mysql.general.log

Save the file. Then create log file and set mysql ownership:

touch /var/log/mysql.general.log
chown mysql.mysql /var/log/mysql.general.log

Now, restart the mysql service:

/etc/init.d/mysql restart

You can now use your applications/scripts, run queries, etc. and everything will be logged. To see real time logging, run:

tail -f /var/log/mysql.general.log

Just be careful with this, log file can become big pretty fast.

When you want to disable General query log, just delete the line you have added in my.cnf, and restart mysql server.

If you liked the post, we should get connected - follow me on Twitter

Follow @jovica

Control more servers at once – via Putty and PuTTYCS

Have you ever thought about how to control more servers at once? For example, you need to update few or more Linux servers. In Linux, you can use great tool called Cluster SSH, which controls a number of xterm windows via a single graphical console window to allow commands to be interactively run on multiple servers over an ssh connection.

When you’re running Windows, and want to do something like this, you can use great little application PuTTYCS.
Just start your PuTTY sessions, and then start PuTTYCS. Here is how it looks like:

Now just type command you need, and click Send. For example, I use it to control my CentOS servers. When I want to update all of them, I just type in here: yum update

Makes life easier.

If you liked the post, we should get connected - follow me on Twitter

Follow @jovica

Tunneling applications with TSocks for anonymity using TOR

Have you ever thought how great it would be if you could run your hacking tools for information gathering/scanning/exploiting anonymously from terminal?

Here is one of the ways to do this, even your tools are without options for proxy.

You will need TSocks, and Tor installed. Nothing more.
In my BackTrack machine, TSocks is already installed. If you don’t have it, install it first.
After you do this, open /etc/tsocks.conf and edit server_port line, to port 9050 (default Tor port):

server_port = 9050

Then, you need to install Tor. Here you have simply explained how to install Tor. Install just Tor, you don’t need Privoxy.
After configuring tsocks, try to check if it’s working good by using the lynx web browser to connect to a website which will show you your current IP address. So when you want to run your tool anonymously, just add tsocks at the beginning. For example, to run lynx:

tsocks lynx whatismyip.net

If everything works fine, you will get some address from Tor network, and not your private:

Just to make sure, run the same application without tsocks:

lynx whatismyip.net

Here is how it looks now, with my real IP address:

So now, when you are sure that tsocks tunelling works fine, you can run all your nasty tools anonymously. Also, you can start f.e. Firefox and surf anonymously this way, just with typing:

tsocks firefox

That’s it! It’s just one of the ways. Have fun ;)

If you liked the post, we should get connected - follow me on Twitter

Follow @jovica

Jovica Ilic

linux | vim | life

Author Archives → jole

[Java 0day exploit] – Protect yourself – Turn off Java in browser

For those who want to find out more about exploit

The “Just look at it” hack to problem solving

Great mind hack, isn’t it?

Great SQL Injection Guide – MySQL, Oracle, MSSQL

How to enable General Query Log in MySQL under Linux

Control more servers at once – via Putty and PuTTYCS

Tunneling applications with TSocks for anonymity using TOR