April 29, 2012

The so-called Skype SDK IP leaks

For the last few days, there has been a buzzing news in the community, following the recent discovery of a so-called information leak in the skype SDK. [email protected], published a python code sample “exploiting this vulnerability” https://github.com/zhovner/Skype-iplookup/ using a de-obfuscated SDK and published a demo site @http://skype-ip-finder.tk/. More related information on the skype-open-source project can be found @ http://skype-open-source.blogspot.de/ So to sump-up, the “so-called leak” takes place by: 1. having “debug logging enabled” in the hi-jacked SDK 2. ... Read more

February 20, 2009

Squid with Ldap authentication - Centos

Here is a small easy way to set a simple web proxy to authenticate against an ldap server. Squid Install - (using the rpmforge repository) do a ‘yum install squid’ Locate squid_ldap_auth - locate squid_ldap_auth ==> /usr/lib64/squid/squid_ldap_auth Test connection against your ldap server - /usr/lib64/squid/squid_ldap_auth -b “dc=alouche,dc=net” -f “uid=%s” -h auth.alouche.net myUser myPassword OK The OK prompt back shows us that we can easily connect to the ldap server ... Read more

October 8, 2008

Denial of Service - Sockstress

Sock Stress is a new type of Denial of Service which was developed by Jack C. Louis. According to nmap creator Fyodor, the attacker sends a TCP SYN packet to a targeted port, but first by making sure that a firewall protects his own machine as to prevent it to interfere with the attack process. The main reason for the protection is as to avoid the attacker’s computer to reset the unexpected returned SYN/ACK packet (2nd step of the TCP 3 way handshake). ... Read more