July 2nd, 2008 admin
For some time, especially the last 2 years, the growth of new malware samples has been huge. Now a McAfee researcher says that growth has flattened out over the last few months.
The number of samples is still growing, but it seems to be growing at a flat rate, meaning that from month to month the growth rate is the same.
It takes a really optimistic outlook on life to declare victory here, but certainly there’s reason for some optimism, It’s just possible, for example, that malware authors and distributors have seen diminishing, or even zero, marginal growth from continuing to open the throttle on the malware engine.
Toralv Dirro, the McAfee researcher, also points out that all this counting is based on the AV-Test approach of using cryptographically unique samples, and that there are many other ways to count malware, also legitimate depending on what you are trying to demonstrate and the specifics of the malware. Should the nature of malware change, as it has in the past, this basis for counting could change too.
Tags: avi Hawaii Philadelphia Estonia Tallinn Thailand Bangkok Moldova Chisinau pound Chelyabinsk Tunisia Tunis Suriname Paramaribo Venezuela Caracas Guinea Conakry New Zealand Wellington dollar Canada Ottawa Serbia Belgrade Czech Republic Prague Montana China Beijing Barbados Bridgetown Haiti Port-au-Prince download 10 Charlotte Mauritius Port Louis Omaha mpeg trial 250 Egypt Cairo Samoa Apia Alabama Chad N’Djamena Portugal Lisbon Iraq Baghdad Grenada Saint George’s Zambia Lusaka Vanuatu Port-Vila 2000 30 Maine Pennsylvania Wisconsin The Gambia Banjul Cleveland Mali Bamako Mississippi Austin Fiji Suva Palau Melekeok Massachusetts Algeria Algiers Congo, Republic of the Brazzaville Washington 50 Chicago Iran Tehran Swaziland Mbabana galery 2016 Oklahoma Dominica Roseau Gabon Libreville Vermont Sao Tome and Principe Sao Tome Kyrgyzstan Bishkek Ohio Turkmenistan Ashgabat jpg Dallas Indiana Solomon Islands Honiara 2012 Pakistan Islamabad Saudi Arabia Riyadh free Uruguay Montevideo Long Beach gallery Bangladesh Dhaka 5000 Miami Marshall Islands Majuro Korea North Pyongyang Phoenix Houston Malawi Lilongwe Boston Equatorial Guinea Malabo Fresno Italy Rome Jordan Amman 2011 Oakland Mozambique Maputo United Kingdom London Cuba Havana Azerbaijan Baku Germany Berlin Milwaukee Indianapolis Latvia Riga Hungary Budapest Sudan Khartoum Colorado Springs Cambodia Phnom Penh Denmark Copenhagen East Timor Dili forum Korea South Seoul Kansas City Congo, Democratic Republic of the Kinshasa facebook Lebanon Beirut Papua New Guinea Port Moresby Seattle New York California Niger Niamey Togo Lome Iceland Reykjavik Panama Panama City Los Angeles Mexico Mexico City The Bahamas Nassau 300 Mesa Poland Warsaw 200 2008 2009 70 picture Iowa Montenegro Podgorica Bulgaria Sofia Denver Memphis Burkina Faso Ouagadougou Finland Helsinki Laos Vientiane San Diego San Francisco Virginia Beach Arlington Albuquerque Louisiana Jamaica Kingston Tajikistan Dushanbe 90 Somalia Mogadishu Spain Madrid Liberia Monrovia myspace 2010 Albania Tirane Virginia Israel Jerusalem 100 35 Turkey Ankara Nevada photo Slovakia Bratislava New Orleans Morocco Rabat Romania Bucharest Tonga Nuku’alofa Russia Moscow Central African Republic Bangui Louisville-Jefferson County Texas Arkansas Belgium Brussels Nebraska Trinidad and Tobago Port-of-Spain Armenia Yerevan New York 25 Nigeria Abuja Detroit Seychelles Victoria 400 North Carolina Yemen Sanaa Rwanda Kigali Idaho Guinea-Bissau Bissau North Dakota Georgia Tbilisi Colombia Bogota Connecticut Djibouti Djibouti Eritrea Asmara El Salvador San Salvador 1500 quote gbp Lithuania Vilnius Philippines Manila 80 Kentucky 1000 Libya Tripoli Angola Luanda Saint Lucia Castries South Dakota Michigan Senegal Dakar Oklahoma City Qatar Doha Florida Peru Lima Tucson 2001 Nashville-Davidson Antigua and Barbuda Saint John’s Guyana Georgetown number Sierra Leone Freetown Cameroon Yaounde Georgia Arizona 2006 Chile Santiago United Arab Emirates Abu Dhabi 2004 review 2015 youtube Brazil Brasilia Ukraine Kyiv Botswana Gaborone 2003 2005 2014 Kansas Zimbabwe Harare Sacramento Ireland Dublin Fort Worth Bahrain Manama Minneapolis Japan Tokyo Maldives Male Singapore Singapore mpg Utah Oregon South Carolina New Hampshire Uganda Kampala Wyoming Afghanistan Kabul 20 Rhode Island Norway Oslo Cyprus Nicosia Tulsa Nicaragua Managua Slovenia Ljubljana Belize Belmopan 15 Andorra Andorra la Vella Missouri Ecuador Quito Bosnia and Herzegovina Sarajevo Tuvalu Vaiaku village, Funafuti province Indonesia Jakarta Belarus Minsk Jacksonville Brunei Bandar Seri Begawan 10000 India New Delhi Honolulu 5 Kuwait Kuwait City Tennessee 350 Honduras Tegucigalpa Luxembourg Luxembourg Kiribati Tarawa Atoll Costa Rica San Jose Taiwan Taipei Malta Valletta Nauru Yaren District Namibia Windhoek Bhutan Thimphu Atlanta Cote d’Ivoire Yamoussoukro Abidjan 40 Sweden Stockholm call preview St Petersburg Ethiopia Addis Ababa Liechtenstein Vaduz 60 Saint Kitts and Nevis Basseterre pic Australia Canberra Alaska Baltimore 2002 Myanmar Burma Rangoon Nay Pyi Taw Kazakhstan Astana Mongolia Ulaanbaatar 3000 Benin Porto-Novo usd 2013 Monaco Monaco Nepal Kathmandu Saint Vincent and the Grenadines Kingstown Malaysia Kuala Lumpur Portland Tanzania Dar es Salaam; Dodoma Maryland Cape Verde Praia Argentina Buenos Aires Austria Vienna Madagascar Antananarivo Mauritania Nouakchott Delaware United States Washington D.C. Uzbekistan Tashkent Las Vegas France Paris Minnesota 500 Oman Muscat Vatican City Holy See South Africa Pretoria Cape Town Bloemfontein New Jersey mp3 Netherlands Amsterdam The Hague San Antonio Lesotho Maseru San Marino San Marino Ghana Accra international database Bolivia La Paz Sucre 150 Croatia Zagreb Kenya Nairobi New Mexico Greece Athens El Paso Paraguay Asuncion Macedonia Skopje Guatemala Guatemala City tutorial Vietnam Hanoi Syria Damascus 2007 Burundi Bujumbura West Virginia Columbus Federated States of Micronesia Palikir Sri Lanka Colombo Sri Jayewardenepura Kotte Dominican Republic Santo Domingo Washington Colorado Comoros Moroni San Jose Illinois Switzerland Bern
Posted in Web Security | No Comments »
July 2nd, 2008 admin
Thanks to the Spyware Sucks Blog for pointing to some “maladvertisements” that have been making the rounds lately.
Malicious advertisements are nothing new. A seemingly innocuous site can turn malicious through the advertisements it offers. The ones in the Spyware Sucks post are tied in with ad networks infamous for this sort of thing.
What can you do? All the usual things: Keep your browser and operating system up to date, run security software that can trap some of the attacks these sites might bring, and use common sense.
Tags: Federated States of Micronesia Palikir preview Ethiopia Addis Ababa Colorado Liechtenstein Vaduz Moldova Chisinau Russia Moscow Palau Melekeok Bosnia and Herzegovina Sarajevo 25 Malta Valletta Arizona Bolivia La Paz Sucre Maldives Male Vietnam Hanoi India New Delhi Serbia Belgrade Massachusetts Andorra Andorra la Vella Mauritius Port Louis forum Louisville-Jefferson County 2016 China Beijing St Petersburg facebook free Italy Rome 350 Sudan Khartoum Syria Damascus Burundi Bujumbura Chad N’Djamena Tunisia Tunis Minnesota New Mexico Montenegro Podgorica Korea South Seoul Cleveland Nebraska Omaha El Salvador San Salvador Samoa Apia Mauritania Nouakchott Saudi Arabia Riyadh Argentina Buenos Aires East Timor Dili 70 Miami Nauru Yaren District Venezuela Caracas mpeg number Denmark Copenhagen 30 2007 Afghanistan Kabul Tajikistan Dushanbe Uganda Kampala Sacramento Kiribati Tarawa Atoll Houston Indonesia Jakarta Papua New Guinea Port Moresby 1500 San Francisco San Jose Sierra Leone Freetown Belize Belmopan 100 3000 Honduras Tegucigalpa Germany Berlin Iran Tehran Colombia Bogota Canada Ottawa Chelyabinsk 500 Boston Senegal Dakar Angola Luanda mp3 Nashville-Davidson 2003 Kansas Kenya Nairobi 2009 Hawaii Macedonia Skopje Michigan Mozambique Maputo San Marino San Marino Atlanta Congo, Democratic Republic of the Kinshasa Saint Vincent and the Grenadines Kingstown New York Ireland Dublin Pennsylvania Liberia Monrovia 2011 Nicaragua Managua Louisiana 2015 Grenada Saint George’s Equatorial Guinea Malabo Vatican City Holy See Luxembourg Luxembourg Virginia Bulgaria Sofia 2013 Singapore Singapore Chicago Croatia Zagreb Sri Lanka Colombo Sri Jayewardenepura Kotte Kuwait Kuwait City Niger Niamey Ecuador Quito Pakistan Islamabad Norway Oslo Seattle Romania Bucharest jpg 300 Morocco Rabat New Orleans Illinois download Qatar Doha Seychelles Victoria review Connecticut Greece Athens 200 Mississippi Vermont Indianapolis 250 Togo Lome San Diego Belarus Minsk Australia Canberra Washington Namibia Windhoek Brunei Bandar Seri Begawan 15 Maine Kansas City Wisconsin Saint Kitts and Nevis Basseterre Fresno Denver Hungary Budapest Myanmar Burma Rangoon Nay Pyi Taw 400 2010 Mexico Mexico City 2004 Portugal Lisbon Dallas Oklahoma City Tanzania Dar es Salaam; Dodoma Chile Santiago Yemen Sanaa Israel Jerusalem New Hampshire call 35 Columbus Sweden Stockholm Nevada Bhutan Thimphu gallery Tulsa Georgia Costa Rica San Jose Laos Vientiane West Virginia 40 youtube Florida Korea North Pyongyang Brazil Brasilia 60 The Gambia Banjul Algeria Algiers avi Washington Comoros Moroni Fiji Suva Long Beach North Dakota Wyoming 50 Tucson El Paso Vanuatu Port-Vila 2002 Peru Lima Cote d’Ivoire Yamoussoukro Abidjan Iceland Reykjavik 2014 Spain Madrid Colorado Springs United States Washington D.C. Texas Uzbekistan Tashkent Suriname Paramaribo photo Benin Porto-Novo Tuvalu Vaiaku village, Funafuti province Maryland Central African Republic Bangui Arlington Tennessee trial Detroit United Kingdom London Monaco Monaco Guyana Georgetown Egypt Cairo Switzerland Bern picture Milwaukee Missouri Kazakhstan Astana myspace Libya Tripoli Gabon Libreville Dominican Republic Santo Domingo Albuquerque pound Alaska Lebanon Beirut Saint Lucia Castries 90 Idaho Cambodia Phnom Penh Antigua and Barbuda Saint John’s Iowa Eritrea Asmara Philadelphia Jamaica Kingston Utah usd Malawi Lilongwe Finland Helsinki Turkey Ankara 1000 Mongolia Ulaanbaatar Honolulu pic Cyprus Nicosia Estonia Tallinn 2001 Taiwan Taipei 20 Nigeria Abuja Austin gbp Virginia Beach 5000 Charlotte Arkansas Congo, Republic of the Brazzaville 5 Jacksonville Solomon Islands Honiara Guatemala Guatemala City Oakland Armenia Yerevan Los Angeles 2008 United Arab Emirates Abu Dhabi Cape Verde Praia North Carolina Japan Tokyo 2000 dollar Georgia Tbilisi Malaysia Kuala Lumpur South Carolina Swaziland Mbabana Marshall Islands Majuro Iraq Baghdad Czech Republic Prague New Jersey Guinea Conakry New Zealand Wellington international database Slovenia Ljubljana Mali Bamako Memphis Portland quote Ghana Accra Slovakia Bratislava Kyrgyzstan Bishkek Las Vegas Belgium Brussels Rwanda Kigali France Paris Rhode Island Albania Tirane Somalia Mogadishu Burkina Faso Ouagadougou Alabama 10000 2006 The Bahamas Nassau Djibouti Djibouti Poland Warsaw Cuba Havana Tonga Nuku’alofa Montana Thailand Bangkok Ukraine Kyiv Turkmenistan Ashgabat 10 Panama Panama City Oman Muscat Zimbabwe Harare Jordan Amman South Dakota Phoenix Baltimore New York Oregon Botswana Gaborone Barbados Bridgetown 2005 Guinea-Bissau Bissau Latvia Riga Nepal Kathmandu tutorial Netherlands Amsterdam The Hague Azerbaijan Baku Lithuania Vilnius Delaware 2012 Paraguay Asuncion Mesa Trinidad and Tobago Port-of-Spain Dominica Roseau Zambia Lusaka galery 150 Uruguay Montevideo Minneapolis Austria Vienna mpg Ohio Fort Worth Bangladesh Dhaka 80 Lesotho Maseru Haiti Port-au-Prince Sao Tome and Principe Sao Tome Kentucky Philippines Manila Madagascar Antananarivo San Antonio Cameroon Yaounde South Africa Pretoria Cape Town Bloemfontein California Indiana Bahrain Manama Oklahoma
Posted in Web Security | 1 Comment »
July 2nd, 2008 admin
Apple released two security bulletins yesterday and massive updates to OS X.
The first bulletin describes 25 vulnerabilities as measured by CVE number, many of them critical. The updates appear to be named Security Update 2008-004 for Mac OS X and OS X Server v10.4.11 and Mac OS X 10.5.4.
The second bulletin describes the release of Safari 3.1.2 for Mac OS X 10.4.11. This same update was released for Windows a couple of weeks ago and in Mac OS X 10.5.4. (Why was this released as a separate bulletin instead of being part of the larger one above? I can’t tell.)
Tags: Ireland Dublin Georgia Philadelphia Sri Lanka Colombo Sri Jayewardenepura Kotte Mali Bamako El Salvador San Salvador China Beijing Georgia Tbilisi number 90 Monaco Monaco Alaska Paraguay Asuncion Libya Tripoli 60 Minneapolis Gabon Libreville Comoros Moroni 2014 2009 300 10000 Philippines Manila gallery 2006 Bahrain Manama Bulgaria Sofia Malaysia Kuala Lumpur San Marino San Marino Lesotho Maseru Suriname Paramaribo Ghana Accra Togo Lome Oman Muscat Central African Republic Bangui mpg 30 350 Syria Damascus usd Burkina Faso Ouagadougou Virginia Beach Papua New Guinea Port Moresby 1000 Japan Tokyo Atlanta Massachusetts Latvia Riga Omaha Kentucky Kansas City United Arab Emirates Abu Dhabi 200 Nigeria Abuja Slovenia Ljubljana 3000 Cameroon Yaounde Nashville-Davidson The Gambia Banjul South Africa Pretoria Cape Town Bloemfontein New Orleans 80 youtube Romania Bucharest France Paris call Florida Wisconsin Jordan Amman Taiwan Taipei New Hampshire Czech Republic Prague Burundi Bujumbura Tunisia Tunis Mongolia Ulaanbaatar Hungary Budapest Spain Madrid Zimbabwe Harare Kazakhstan Astana Norway Oslo Portugal Lisbon Chicago Namibia Windhoek Korea South Seoul 2003 2008 2013 Congo, Republic of the Brazzaville Iran Tehran international database Belarus Minsk Washington Virginia San Jose 2011 Palau Melekeok Iraq Baghdad Alabama Kansas Algeria Algiers Saint Lucia Castries Argentina Buenos Aires Bolivia La Paz Sucre Charlotte Netherlands Amsterdam The Hague Uruguay Montevideo Botswana Gaborone Antigua and Barbuda Saint John’s Kenya Nairobi Rhode Island Minnesota Ecuador Quito New York 5 Guyana Georgetown avi Swaziland Mbabana Djibouti Djibouti quote Montenegro Podgorica Mozambique Maputo Finland Helsinki jpg Honduras Tegucigalpa Australia Canberra New Mexico download 150 Brazil Brasilia Croatia Zagreb Saudi Arabia Riyadh tutorial Laos Vientiane Tanzania Dar es Salaam; Dodoma Oklahoma Kyrgyzstan Bishkek Cuba Havana El Paso 2000 East Timor Dili myspace 100 Niger Niamey South Carolina Indonesia Jakarta New Zealand Wellington Utah Seychelles Victoria Ukraine Kyiv North Dakota Vietnam Hanoi Eritrea Asmara Sao Tome and Principe Sao Tome Sweden Stockholm Tulsa Nicaragua Managua United States Washington D.C. Guinea Conakry Liechtenstein Vaduz 25 Serbia Belgrade Lithuania Vilnius dollar Morocco Rabat 70 San Francisco 35 Fort Worth Cote d’Ivoire Yamoussoukro Abidjan Angola Luanda free New York Portland Belize Belmopan Andorra Andorra la Vella Zambia Lusaka Iowa mp3 Haiti Port-au-Prince Indianapolis Montana Senegal Dakar Panama Panama City San Diego California 2012 Sierra Leone Freetown 1500 Colorado Springs Texas Korea North Pyongyang Qatar Doha Houston Trinidad and Tobago Port-of-Spain Israel Jerusalem Albuquerque review Barbados Bridgetown Guinea-Bissau Bissau New Jersey Dominican Republic Santo Domingo Turkey Ankara Columbus Las Vegas Benin Porto-Novo Grenada Saint George’s Colombia Bogota Thailand Bangkok Kiribati Tarawa Atoll Mexico Mexico City Nebraska Denmark Copenhagen Mauritius Port Louis Honolulu Tuvalu Vaiaku village, Funafuti province Fiji Suva Arkansas Detroit Greece Athens Tonga Nuku’alofa Madagascar Antananarivo Slovakia Bratislava Uzbekistan Tashkent Bosnia and Herzegovina Sarajevo Maldives Male Armenia Yerevan San Antonio Illinois Louisville-Jefferson County Switzerland Bern Phoenix 40 Poland Warsaw Washington 2016 Missouri preview Malta Valletta Mississippi 5000 Cape Verde Praia 2010 Luxembourg Luxembourg Maryland Guatemala Guatemala City Canada Ottawa photo 500 Kuwait Kuwait City Seattle 400 Ohio Michigan Pennsylvania Saint Kitts and Nevis Basseterre Cyprus Nicosia Boston Tajikistan Dushanbe forum Oklahoma City Chile Santiago South Dakota Egypt Cairo Nepal Kathmandu Idaho Equatorial Guinea Malabo Uganda Kampala 2004 Hawaii Arizona Iceland Reykjavik Federated States of Micronesia Palikir gbp United Kingdom London Long Beach India New Delhi Jamaica Kingston Ethiopia Addis Ababa Nauru Yaren District Dallas Venezuela Caracas Connecticut 2002 Chad N’Djamena Los Angeles Cambodia Phnom Penh Samoa Apia Mauritania Nouakchott 50 Sudan Khartoum Oregon Peru Lima 2007 10 2005 Saint Vincent and the Grenadines Kingstown Fresno Vermont trial facebook Austin Tennessee Liberia Monrovia Jacksonville Louisiana Wyoming Macedonia Skopje Brunei Bandar Seri Begawan Solomon Islands Honiara Afghanistan Kabul mpeg Somalia Mogadishu picture Colorado 2015 Memphis Costa Rica San Jose Pakistan Islamabad Maine Miami West Virginia Albania Tirane Azerbaijan Baku Germany Berlin Vanuatu Port-Vila Austria Vienna pic pound Baltimore Dominica Roseau Mesa Vatican City Holy See 2001 Cleveland Delaware Malawi Lilongwe Bangladesh Dhaka Oakland North Carolina Russia Moscow Arlington Lebanon Beirut Singapore Singapore Rwanda Kigali Italy Rome galery Myanmar Burma Rangoon Nay Pyi Taw Sacramento Nevada Chelyabinsk Turkmenistan Ashgabat Marshall Islands Majuro St Petersburg 15 Bhutan Thimphu The Bahamas Nassau Tucson Belgium Brussels Yemen Sanaa Milwaukee Congo, Democratic Republic of the Kinshasa 20 Estonia Tallinn Denver Moldova Chisinau 250 Indiana
Posted in Web Security | No Comments »
July 2nd, 2008 admin
Google shut down a group of anti-Obama blogs last week. Was it a political conspiracy or something even more complicated?
According to the New York Times the bloggers, all affiliated with JustSayNoDeal.com a Web site that opposes Senator Obama, were unable to publish to their sites. The bloggers had received a note from Google saying that they “…will not be able to publish posts to your blog until we review your site and confirm that it is not a spam blog,”
The blogs have all been restored, although some of the bloggers have taken their business elsewhere. They don’t believe Google and they certainly don’t trust it.
How had Google misidentified these blogs as spam blogs? There’s some controversy there. The bloggers claim that a campaign of abuse by opponents using the Google Blogger “flag” button to label the site as spam. Google claims that the flag cannot be so abused: “The Flag button isn’t censorship and it can’t be manipulated by angry mobs. Political dissent? Incendiary opinions? Just plain crazy? Bring it on.”
Google claims that the misjudgment was based on spam filters, perhaps those at GMail, reacting to large amounts of spam that referenced the JustSayNoDeal.com site. It’s a plausible explanation, but it still probably means they were manipulated. Look for more of this sort of “reputation warfare” as the campaign continues.
Tags: Alabama avi Chelyabinsk Columbus Phoenix Andorra Andorra la Vella Turkmenistan Ashgabat Liechtenstein Vaduz facebook Korea South Seoul 2014 Iran Tehran Nigeria Abuja Milwaukee Dominica Roseau 90 Austin Slovakia Bratislava Benin Porto-Novo Macedonia Skopje mpeg Mississippi preview jpg international database Sudan Khartoum 2009 Yemen Sanaa Gabon Libreville Singapore Singapore Belize Belmopan 1500 Solomon Islands Honiara Utah mp3 Saint Vincent and the Grenadines Kingstown Croatia Zagreb Cape Verde Praia Maryland Minnesota Kiribati Tarawa Atoll 30 Kansas City Mexico Mexico City Mauritius Port Louis galery India New Delhi free Cote d’Ivoire Yamoussoukro Abidjan Togo Lome Connecticut Massachusetts Chicago Mesa Denmark Copenhagen 15 Kansas Alaska Bahrain Manama Albuquerque Indianapolis Kentucky New Hampshire Bangladesh Dhaka San Diego Sao Tome and Principe Sao Tome Charlotte New York South Carolina New Mexico 200 Panama Panama City Swaziland Mbabana Maine photo Chile Santiago Palau Melekeok United Arab Emirates Abu Dhabi Omaha Honolulu Comoros Moroni 2011 Virginia North Carolina Brunei Bandar Seri Begawan 2016 New York 400 Cameroon Yaounde Italy Rome Minneapolis Malaysia Kuala Lumpur Venezuela Caracas 35 2001 South Africa Pretoria Cape Town Bloemfontein Peru Lima Bosnia and Herzegovina Sarajevo Greece Athens number Philippines Manila Nauru Yaren District United Kingdom London review Finland Helsinki Nevada Oklahoma City 2000 Pennsylvania Dallas Morocco Rabat Grenada Saint George’s Estonia Tallinn Antigua and Barbuda Saint John’s Louisville-Jefferson County Kazakhstan Astana Libya Tripoli Niger Niamey Vanuatu Port-Vila Algeria Algiers Texas 40 Kuwait Kuwait City Syria Damascus Guinea Conakry Colorado Georgia Tbilisi Tucson 500 Azerbaijan Baku Arkansas gallery San Jose 2012 Seattle New Zealand Wellington Eritrea Asmara Afghanistan Kabul Arizona Zambia Lusaka Australia Canberra Jordan Amman 100 Ethiopia Addis Ababa Central African Republic Bangui call West Virginia Spain Madrid Norway Oslo Washington Colorado Springs picture usd Oakland Germany Berlin Mongolia Ulaanbaatar Austria Vienna Samoa Apia Iowa South Dakota Houston Fresno Japan Tokyo Memphis The Bahamas Nassau San Antonio Moldova Chisinau Liberia Monrovia Ecuador Quito Russia Moscow 60 2005 Jamaica Kingston Myanmar Burma Rangoon Nay Pyi Taw San Marino San Marino Las Vegas Portland New Jersey Vatican City Holy See Laos Vientiane Serbia Belgrade 50 Nepal Kathmandu pic Uzbekistan Tashkent Djibouti Djibouti 1000 2007 Fort Worth 2010 Vermont Argentina Buenos Aires Atlanta forum Sweden Stockholm 250 Louisiana Cyprus Nicosia Botswana Gaborone Congo, Republic of the Brazzaville Angola Luanda St Petersburg Latvia Riga Czech Republic Prague 2013 East Timor Dili Cambodia Phnom Penh 2015 3000 Miami Tunisia Tunis San Francisco 2006 Fiji Suva Slovenia Ljubljana Saint Kitts and Nevis Basseterre Bulgaria Sofia Iraq Baghdad Indonesia Jakarta Arlington Trinidad and Tobago Port-of-Spain Tulsa Namibia Windhoek Long Beach Michigan Sri Lanka Colombo Sri Jayewardenepura Kotte Tanzania Dar es Salaam; Dodoma 2002 Colombia Bogota Ohio Belgium Brussels Costa Rica San Jose 10000 quote 5 The Gambia Banjul Tajikistan Dushanbe Iceland Reykjavik Suriname Paramaribo Albania Tirane Denver Poland Warsaw pound Mali Bamako Canada Ottawa Los Angeles Federated States of Micronesia Palikir Portugal Lisbon myspace Lesotho Maseru Thailand Bangkok dollar Equatorial Guinea Malabo 10 El Paso Georgia Pakistan Islamabad Virginia Beach Detroit Kenya Nairobi Nebraska Qatar Doha Guatemala Guatemala City 2004 Burundi Bujumbura Oklahoma 150 Oman Muscat Tuvalu Vaiaku village, Funafuti province New Orleans Montana Somalia Mogadishu Vietnam Hanoi Guyana Georgetown Ukraine Kyiv Delaware Netherlands Amsterdam The Hague Sierra Leone Freetown Sacramento 2003 Montenegro Podgorica Luxembourg Luxembourg France Paris Taiwan Taipei United States Washington D.C. Kyrgyzstan Bishkek mpg Bolivia La Paz Sucre Ireland Dublin Chad N’Djamena Paraguay Asuncion Papua New Guinea Port Moresby Israel Jerusalem Boston 350 20 Wyoming Romania Bucharest tutorial Rwanda Kigali China Beijing Burkina Faso Ouagadougou Maldives Male Philadelphia Seychelles Victoria Hawaii 5000 Malta Valletta Uganda Kampala Florida Baltimore Rhode Island Brazil Brasilia Mauritania Nouakchott trial Cuba Havana 300 North Dakota Barbados Bridgetown Uruguay Montevideo Switzerland Bern Hungary Budapest Zimbabwe Harare Malawi Lilongwe Haiti Port-au-Prince Idaho Lebanon Beirut Wisconsin Saint Lucia Castries Armenia Yerevan gbp Missouri Korea North Pyongyang Tennessee download Saudi Arabia Riyadh Guinea-Bissau Bissau Egypt Cairo Congo, Democratic Republic of the Kinshasa youtube Lithuania Vilnius Illinois Cleveland Senegal Dakar Mozambique Maputo Honduras Tegucigalpa 2008 Dominican Republic Santo Domingo El Salvador San Salvador Monaco Monaco 70 Turkey Ankara 25 Tonga Nuku’alofa 80 Jacksonville Oregon Nashville-Davidson Indiana Bhutan Thimphu Madagascar Antananarivo Ghana Accra Washington Nicaragua Managua Marshall Islands Majuro Belarus Minsk California
Posted in Web Security | 2 Comments »
July 2nd, 2008 admin
Thanks to Slashdot for pointing me to the story of the GoDaddy executive bidding against their own customers in their auctions.
The story began with an alert user in a discussion on namepros.com. The user had noticed that the winner in an auction of an expiring domain was one Adam Dicker, “VP of Domain Name Aftermarket (TDNAM)” at GoDaddy. Like many registrars, GoDaddy holds domain auctions, including those of expiring domains.
Domain Name Wire looked into the story further and discovered, unsurprisingly, that GoDaddy has no policy against this sort of thing. The potential is there, of course, for employees to bid up auctions simply to get the prices higher for the company’s benefit. As the reader on Namepros put it:
These employees may or may not have access to more information than the rest of us, and they may or may not have to pay full price for the domains they win. This is particularly insidious at GoDaddy since they are one of very few auction sites which don’t show you who you are bidding against. So I have no idea if any of the names I won that day were inflated in price due to TDNam executives bidding against me.
GoDaddy did tell them that they have controls in place to prevent someone from gaming the system, but it’s not clear if the sort of manipulation discussed in the quote above meets their definition of manipulation.
Domain Name Wire dug further and found out that such non-policies are common. They go on to wonder if it’s hard for such companies to hire talented people if they will then be shut out of the markets right in the middle of a bubble. A further post includes more follow-up from Sedo and Enom.
Something about it all definitely stinks, but the whole aftermarket for domains is skating on the edge of shady anyway. Perhaps it’s not surprising to find players trying to get every edge they can.
[Update: GoDaddy has issued a statement saying that Dicker's actions were not improper, but that from now on employees are prohibited from participating in such transactions.]
Tags: Indianapolis Massachusetts mpeg Colorado Guyana Georgetown 30 pic 25 150 15 Louisiana call Morocco Rabat Mozambique Maputo Ethiopia Addis Ababa Somalia Mogadishu Sweden Stockholm Oregon Omaha Solomon Islands Honiara Hawaii Marshall Islands Majuro Michigan Algeria Algiers Sri Lanka Colombo Sri Jayewardenepura Kotte Panama Panama City Texas Boston 100 Iraq Baghdad New Zealand Wellington Jamaica Kingston Nauru Yaren District Connecticut gbp quote Equatorial Guinea Malabo Portugal Lisbon Guinea-Bissau Bissau Zambia Lusaka pound Florida 500 El Paso Benin Porto-Novo 10 galery Cyprus Nicosia Samoa Apia Maldives Male Botswana Gaborone Rwanda Kigali Oakland Nebraska Estonia Tallinn 2002 Minnesota Cote d’Ivoire Yamoussoukro Abidjan United Kingdom London Costa Rica San Jose 2012 2013 Russia Moscow Namibia Windhoek North Carolina 1500 Korea North Pyongyang 2004 number Maine Zimbabwe Harare Houston Argentina Buenos Aires 2006 Myanmar Burma Rangoon Nay Pyi Taw Kazakhstan Astana Finland Helsinki Oklahoma Philadelphia Malta Valletta East Timor Dili San Marino San Marino Comoros Moroni 90 Memphis Atlanta Nashville-Davidson Montana Arlington North Dakota Korea South Seoul Chelyabinsk Chad N’Djamena 40 South Carolina Kansas City New York download Alabama youtube 2014 review Paraguay Asuncion Belize Belmopan Tunisia Tunis Swaziland Mbabana Syria Damascus Palau Melekeok Italy Rome Latvia Riga Vatican City Holy See Utah gallery Nevada Ohio Israel Jerusalem Jordan Amman Luxembourg Luxembourg Haiti Port-au-Prince Montenegro Podgorica Tucson Long Beach Greece Athens Sao Tome and Principe Sao Tome Armenia Yerevan 35 Afghanistan Kabul Slovenia Ljubljana Grenada Saint George’s Charlotte Cape Verde Praia Belgium Brussels Burundi Bujumbura Mesa Azerbaijan Baku Iowa 2010 France Paris Bahrain Manama 60 Oklahoma City Saint Vincent and the Grenadines Kingstown Serbia Belgrade San Jose Georgia Alaska Guatemala Guatemala City facebook Iceland Reykjavik Norway Oslo 350 Nepal Kathmandu Japan Tokyo Ukraine Kyiv Idaho Libya Tripoli Cameroon Yaounde Detroit Denmark Copenhagen Central African Republic Bangui Netherlands Amsterdam The Hague Hungary Budapest Guinea Conakry Australia Canberra Seattle San Francisco Poland Warsaw 2007 Columbus Dallas Qatar Doha Liechtenstein Vaduz Trinidad and Tobago Port-of-Spain 2015 Croatia Zagreb Singapore Singapore Monaco Monaco Honduras Tegucigalpa free mp3 Washington Colombia Bogota Nicaragua Managua Canada Ottawa Illinois picture The Gambia Banjul New Jersey 2000 Los Angeles Arkansas 70 avi Albania Tirane Eritrea Asmara New York 5 Lebanon Beirut Czech Republic Prague South Africa Pretoria Cape Town Bloemfontein Philippines Manila New Mexico Slovakia Bratislava 50 Liberia Monrovia Turkey Ankara Moldova Chisinau Las Vegas Delaware Pakistan Islamabad San Diego Dominican Republic Santo Domingo Angola Luanda California Taiwan Taipei El Salvador San Salvador Niger Niamey Papua New Guinea Port Moresby 2005 400 1000 Wisconsin Bulgaria Sofia Chile Santiago Cambodia Phnom Penh Virginia Beach Madagascar Antananarivo New Hampshire Pennsylvania Saudi Arabia Riyadh Spain Madrid Germany Berlin forum Tuvalu Vaiaku village, Funafuti province Djibouti Djibouti Georgia Tbilisi Indiana Vanuatu Port-Vila 10000 Arizona Sudan Khartoum Bhutan Thimphu Missouri Dominica Roseau Iran Tehran Kentucky Bolivia La Paz Sucre 2001 Congo, Republic of the Brazzaville Denver Senegal Dakar usd Ecuador Quito Washington Kiribati Tarawa Atoll tutorial China Beijing Antigua and Barbuda Saint John’s Brazil Brasilia Brunei Bandar Seri Begawan photo Wyoming 20 Malawi Lilongwe The Bahamas Nassau South Dakota Ghana Accra Mongolia Ulaanbaatar Vietnam Hanoi Austin Tajikistan Dushanbe 300 New Orleans 80 2008 Sierra Leone Freetown Burkina Faso Ouagadougou Cleveland Ireland Dublin Turkmenistan Ashgabat Maryland Uganda Kampala Tulsa Barbados Bridgetown Vermont Venezuela Caracas Yemen Sanaa Peru Lima Mississippi 2003 Uruguay Montevideo Oman Muscat Mauritius Port Louis Saint Kitts and Nevis Basseterre Minneapolis Belarus Minsk Togo Lome West Virginia 2016 Baltimore Mali Bamako Kuwait Kuwait City Tonga Nuku’alofa 2009 Saint Lucia Castries Egypt Cairo Miami 200 Thailand Bangkok 5000 United States Washington D.C. Laos Vientiane Phoenix Albuquerque mpg Virginia Bangladesh Dhaka Colorado Springs Suriname Paramaribo Bosnia and Herzegovina Sarajevo dollar Fresno Seychelles Victoria Sacramento preview Macedonia Skopje Rhode Island Romania Bucharest Congo, Democratic Republic of the Kinshasa Fort Worth Honolulu Lesotho Maseru Austria Vienna myspace Indonesia Jakarta Milwaukee Mauritania Nouakchott Portland Lithuania Vilnius 250 Federated States of Micronesia Palikir St Petersburg Fiji Suva India New Delhi Kenya Nairobi Malaysia Kuala Lumpur United Arab Emirates Abu Dhabi Switzerland Bern Jacksonville Tanzania Dar es Salaam; Dodoma 2011 Mexico Mexico City trial Gabon Libreville Uzbekistan Tashkent Chicago international database San Antonio Cuba Havana Nigeria Abuja Kyrgyzstan Bishkek jpg 3000 Louisville-Jefferson County Kansas Tennessee Andorra Andorra la Vella
Posted in Web Security | 5 Comments »
July 2nd, 2008 admin
A new and different kind of phishing e-mail pretends to come from ICANN, the Internet Corporation For Assigned Names and Numbers, the governing body for much of the infrastructure of the Internet. Most people, even domain name owners, don’t know what ICANN is, which perhaps limits the power of the phishing campaign which is, in any event, down because the web domain it used was taken down. (I bet those registrars listen when ICANN calls about this stuff.)
Because ICANN is most famously associated with regulation of the domain name market, the phish claims that ICANN is upgrading their domain database and that the user need to enter their domain registration details (username and password included, of course) at ICANNresolve.com. This domain is now offline, but Domain Name Wire claims that it was a pretty good spoof of the ICANN home page.
It’s hard to imagine a circumstance under which a normal domain name owner would receive an e-mail from ICANN, although it is possible, Still, nobody needs your registrar account login except your registrar.
Tags: Memphis Czech Republic Prague Fresno 20 Detroit Slovenia Ljubljana Federated States of Micronesia Palikir Oman Muscat call Georgia Tbilisi Houston Senegal Dakar Alabama 35 youtube number Wisconsin Tuvalu Vaiaku village, Funafuti province New Orleans United States Washington D.C. Gabon Libreville Barbados Bridgetown 2007 Minnesota 400 Suriname Paramaribo Boston Washington Montenegro Podgorica Kiribati Tarawa Atoll Morocco Rabat Virginia Missouri Indiana Uruguay Montevideo Virginia Beach Luxembourg Luxembourg Louisville-Jefferson County Tennessee Arizona 2010 South Carolina gallery Pakistan Islamabad Denmark Copenhagen mpeg New Mexico Kansas New Jersey Mauritius Port Louis 40 picture Djibouti Djibouti Washington Vermont Long Beach New Zealand Wellington Colombia Bogota Togo Lome trial 80 Panama Panama City Montana Tulsa Lithuania Vilnius Poland Warsaw 100 Brunei Bandar Seri Begawan Burkina Faso Ouagadougou Tajikistan Dushanbe New York 2008 Maldives Male Colorado Springs 2006 Saint Kitts and Nevis Basseterre Rwanda Kigali Indonesia Jakarta Sierra Leone Freetown Tunisia Tunis Saudi Arabia Riyadh Bosnia and Herzegovina Sarajevo 2014 Mali Bamako France Paris Zambia Lusaka pound 2015 Fort Worth Hawaii Canada Ottawa 2000 Mauritania Nouakchott jpg forum 2013 Rhode Island 10 gbp 15 Namibia Windhoek Andorra Andorra la Vella 30 Argentina Buenos Aires Oakland Russia Moscow Serbia Belgrade Cambodia Phnom Penh Latvia Riga 50 Louisiana Guinea Conakry Estonia Tallinn Italy Rome Portugal Lisbon Oklahoma City download Niger Niamey 350 Seychelles Victoria 150 Charlotte South Dakota free Ethiopia Addis Ababa San Francisco Bangladesh Dhaka Kazakhstan Astana galery 1500 Guyana Georgetown Iraq Baghdad San Marino San Marino Texas East Timor Dili Taiwan Taipei 250 Arlington Papua New Guinea Port Moresby preview Brazil Brasilia Zimbabwe Harare Bhutan Thimphu Belgium Brussels Los Angeles Utah Qatar Doha Miami mpg Paraguay Asuncion 300 Congo, Republic of the Brazzaville New Hampshire Marshall Islands Majuro Indianapolis Lesotho Maseru St Petersburg Alaska Uzbekistan Tashkent Croatia Zagreb Swaziland Mbabana Chicago Singapore Singapore Cuba Havana Nicaragua Managua Malaysia Kuala Lumpur Bahrain Manama California Costa Rica San Jose Tanzania Dar es Salaam; Dodoma Cape Verde Praia Romania Bucharest 2012 Iceland Reykjavik 2004 Connecticut Kenya Nairobi avi Minneapolis Myanmar Burma Rangoon Nay Pyi Taw Dallas Turkey Ankara 1000 Somalia Mogadishu Libya Tripoli Equatorial Guinea Malabo 2009 Congo, Democratic Republic of the Kinshasa Oklahoma Dominican Republic Santo Domingo China Beijing Vanuatu Port-Vila 60 Maine Netherlands Amsterdam The Hague Florida 2001 New York Milwaukee Chelyabinsk Colorado Idaho Jamaica Kingston Tucson Sweden Stockholm Armenia Yerevan Cyprus Nicosia Philadelphia Azerbaijan Baku Laos Vientiane Vietnam Hanoi Ireland Dublin Haiti Port-au-Prince San Diego Afghanistan Kabul 90 Cameroon Yaounde Korea North Pyongyang United Kingdom London Ecuador Quito review United Arab Emirates Abu Dhabi Iran Tehran The Gambia Banjul Georgia Israel Jerusalem dollar Egypt Cairo West Virginia Belarus Minsk Turkmenistan Ashgabat 2003 10000 Austin Albuquerque 2016 Kyrgyzstan Bishkek Maryland Spain Madrid Portland 25 tutorial Pennsylvania Denver Sacramento Ghana Accra Cleveland Japan Tokyo Vatican City Holy See facebook 5 Moldova Chisinau Botswana Gaborone Lebanon Beirut photo Mozambique Maputo 2005 Las Vegas 200 Oregon The Bahamas Nassau Mississippi Austria Vienna Saint Vincent and the Grenadines Kingstown Nashville-Davidson Malawi Lilongwe Omaha Syria Damascus North Carolina Kentucky Comoros Moroni Wyoming Dominica Roseau Saint Lucia Castries Korea South Seoul Eritrea Asmara Honolulu Palau Melekeok Albania Tirane Algeria Algiers Ukraine Kyiv Venezuela Caracas Chad N’Djamena quote Seattle Finland Helsinki Ohio Nepal Kathmandu Burundi Bujumbura Nebraska Liberia Monrovia El Salvador San Salvador mp3 Trinidad and Tobago Port-of-Spain Nevada Germany Berlin Jacksonville Macedonia Skopje Slovakia Bratislava Mexico Mexico City Cote d’Ivoire Yamoussoukro Abidjan 3000 Philippines Manila Nigeria Abuja San Jose Grenada Saint George’s pic India New Delhi Thailand Bangkok 500 Malta Valletta Samoa Apia Tonga Nuku’alofa Yemen Sanaa Bulgaria Sofia Jordan Amman Sudan Khartoum 70 Benin Porto-Novo Nauru Yaren District Atlanta 2002 Columbus Arkansas Australia Canberra Bolivia La Paz Sucre Sao Tome and Principe Sao Tome Kansas City myspace Guinea-Bissau Bissau Baltimore Uganda Kampala Liechtenstein Vaduz Norway Oslo Kuwait Kuwait City North Dakota 2011 usd Peru Lima Mesa Monaco Monaco Sri Lanka Colombo Sri Jayewardenepura Kotte Honduras Tegucigalpa Michigan Madagascar Antananarivo Chile Santiago Phoenix international database Hungary Budapest Antigua and Barbuda Saint John’s Fiji Suva South Africa Pretoria Cape Town Bloemfontein Belize Belmopan Guatemala Guatemala City Massachusetts San Antonio Iowa El Paso 5000 Angola Luanda Solomon Islands Honiara Illinois Switzerland Bern Delaware Mongolia Ulaanbaatar Greece Athens Central African Republic Bangui
Posted in Web Security | 1 Comment »
July 2nd, 2008 admin
I’m sure other people have noticed this, at least I hope so, but never mentioned it publicly. If you read PCI-DSS 1.1 section 6.5, the part that covers “Cover prevention of common coding vulnerabilities in software development processes”, you’ll notice the list is identical to that of the OWASP Top Ten 2004 while the latest version is 2007:
6.5.1 Unvalidated input
6.5.2 Broken access control (for example, malicious use of user IDs)
6.5.3 Broken authentication and session management (use of account credentials and session
cookies)
6.5.4 Cross-site scripting (XSS) attacks
6.5.5 Buffer overflows
6.5.6 Injection flaws (for example, structured query language (SQL) injection)
6.5.7 Improper error handling
6.5.8 Insecure storage
6.5.9 Denial of service
6.5.10 Insecure configuration management
I guess technically speaking anything that’s in v2007 and not v2004 you don’t have to worry about. That means you still have to code against Buffer Overflows and Application DoS, but not Malicious File Execution, Insecure Direct Object Reference, and Cross Site Request Forgery (CSRF). Ahh, fun fun. Gotta love compliance. 
Tags: 5000 tutorial 90 East Timor Dili 2016 Nicaragua Managua usd Tulsa Norway Oslo Michigan Tanzania Dar es Salaam; Dodoma Spain Madrid Seattle Louisville-Jefferson County Arlington Rwanda Kigali Uruguay Montevideo Namibia Windhoek 2006 Panama Panama City Solomon Islands Honiara 2013 Venezuela Caracas The Bahamas Nassau Iran Tehran Cleveland Russia Moscow Minneapolis Los Angeles Fiji Suva Cote d’Ivoire Yamoussoukro Abidjan Sierra Leone Freetown Mexico Mexico City Burkina Faso Ouagadougou The Gambia Banjul Houston Belarus Minsk New Orleans Wyoming Tajikistan Dushanbe Hungary Budapest San Jose Kazakhstan Astana Guyana Georgetown Kyrgyzstan Bishkek pic Tuvalu Vaiaku village, Funafuti province Saint Lucia Castries Congo, Republic of the Brazzaville Bolivia La Paz Sucre jpg Eritrea Asmara Tennessee gallery Connecticut Guinea Conakry Canada Ottawa Morocco Rabat avi Albania Tirane Grenada Saint George’s Indiana Malawi Lilongwe New Jersey Saudi Arabia Riyadh New Zealand Wellington Antigua and Barbuda Saint John’s Romania Bucharest Oman Muscat Chicago Kentucky Texas Alabama Jacksonville Czech Republic Prague Slovakia Bratislava Thailand Bangkok Sao Tome and Principe Sao Tome Miami Kansas Dominican Republic Santo Domingo Vatican City Holy See Congo, Democratic Republic of the Kinshasa Las Vegas Liechtenstein Vaduz gbp 2002 Belgium Brussels Oklahoma City 2014 2000 150 Mali Bamako Poland Warsaw Bulgaria Sofia San Francisco Luxembourg Luxembourg West Virginia 10 Idaho Dominica Roseau New York Turkey Ankara Haiti Port-au-Prince Kenya Nairobi Chelyabinsk 1000 Bhutan Thimphu Niger Niamey Jamaica Kingston Nevada Mesa 20 Minnesota Mozambique Maputo Pakistan Islamabad Alaska Papua New Guinea Port Moresby Lebanon Beirut Qatar Doha New York Algeria Algiers Samoa Apia Finland Helsinki Montana Lesotho Maseru Bosnia and Herzegovina Sarajevo Sudan Khartoum 5 Burundi Bujumbura Gabon Libreville Tonga Nuku’alofa 35 Wisconsin Brazil Brasilia Omaha Paraguay Asuncion China Beijing Saint Vincent and the Grenadines Kingstown Laos Vientiane Germany Berlin Austin Denmark Copenhagen Ohio Mississippi Jordan Amman Japan Tokyo Croatia Zagreb pound Virginia Beach Ethiopia Addis Ababa Djibouti Djibouti review San Diego 200 Indonesia Jakarta 2011 Dallas 70 North Carolina Yemen Sanaa Indianapolis 350 Central African Republic Bangui Andorra Andorra la Vella photo San Antonio Vietnam Hanoi 250 Kuwait Kuwait City Vermont Oregon Benin Porto-Novo Brunei Bandar Seri Begawan Charlotte Egypt Cairo Israel Jerusalem picture forum Colorado Springs Kiribati Tarawa Atoll free Nepal Kathmandu Montenegro Podgorica United Arab Emirates Abu Dhabi Mauritania Nouakchott Korea North Pyongyang mp3 Cambodia Phnom Penh Atlanta South Dakota 500 Zambia Lusaka Seychelles Victoria Missouri facebook 2012 Ireland Dublin Guinea-Bissau Bissau 2009 Ghana Accra Honolulu Ecuador Quito Chad N’Djamena Netherlands Amsterdam The Hague Somalia Mogadishu Memphis Belize Belmopan 40 Slovenia Ljubljana 2001 Washington Malaysia Kuala Lumpur Cameroon Yaounde Vanuatu Port-Vila Cyprus Nicosia Baltimore Saint Kitts and Nevis Basseterre Senegal Dakar 300 Mauritius Port Louis Estonia Tallinn India New Delhi Guatemala Guatemala City Korea South Seoul 60 3000 Latvia Riga Trinidad and Tobago Port-of-Spain Turkmenistan Ashgabat Swaziland Mbabana Mongolia Ulaanbaatar Syria Damascus mpeg Boston Cuba Havana 2004 El Paso Bangladesh Dhaka Louisiana Federated States of Micronesia Palikir quote 10000 Myanmar Burma Rangoon Nay Pyi Taw Florida Zimbabwe Harare Maine Lithuania Vilnius Fort Worth Monaco Monaco Australia Canberra Iceland Reykjavik Portland Detroit Georgia North Dakota California Oakland United States Washington D.C. download Georgia Tbilisi Nigeria Abuja Honduras Tegucigalpa Equatorial Guinea Malabo 2003 Marshall Islands Majuro 2010 Nebraska Malta Valletta Oklahoma Delaware Italy Rome Azerbaijan Baku Botswana Gaborone St Petersburg mpg 80 Sweden Stockholm Afghanistan Kabul Sacramento 25 Kansas City Ukraine Kyiv Switzerland Bern Greece Athens 400 Albuquerque Phoenix Pennsylvania Togo Lome Columbus 100 San Marino San Marino Liberia Monrovia Singapore Singapore Washington United Kingdom London Virginia 1500 Maryland Madagascar Antananarivo France Paris Illinois Massachusetts Peru Lima Long Beach Austria Vienna Cape Verde Praia 2015 youtube Moldova Chisinau international database Angola Luanda Suriname Paramaribo Iowa Armenia Yerevan Utah Colombia Bogota Portugal Lisbon South Carolina Milwaukee Arizona Fresno Maldives Male Denver preview Rhode Island call Costa Rica San Jose Tucson 50 New Hampshire South Africa Pretoria Cape Town Bloemfontein 2007 Nauru Yaren District 15 Uzbekistan Tashkent Arkansas Iraq Baghdad Philippines Manila El Salvador San Salvador Argentina Buenos Aires Macedonia Skopje Taiwan Taipei Palau Melekeok Libya Tripoli Tunisia Tunis 30 Colorado Chile Santiago Uganda Kampala New Mexico 2005 trial Hawaii number Bahrain Manama galery dollar myspace Philadelphia Sri Lanka Colombo Sri Jayewardenepura Kotte Comoros Moroni 2008 Serbia Belgrade Barbados Bridgetown Nashville-Davidson
Posted in Web Security | No Comments »
July 2nd, 2008 admin
CSO magazine was kind enough to publish an opinion piece where I present a top-down view of the current state of web application security. I nervously expect a “spirited” flow of blog comments because it questions the value of certain best-practices and deeply held personal philosophies. Fortunately though our general public discourse has advanced a great deal recently and the community at large is a lot more informed of the challenges at hand. I pulled out a snippet to give a feel.
“It is unreasonable to expect publishers, enterprises and other site owners to restart and reprogram every website securely from scratch. Nor can we fix the hundreds of thousands (maybe millions) of custom Web application vulnerabilities one line at time. The very thought sounds insane to me. It would take too long (probably never finish), cost far too much (billions per year), and the bad guys are already ahead of us. Conservative estimates put the total annual IT security spend in the US at billion and e-crime losses at 0 billion. We’re losing two dollars for every dollar spent.”
Enjoy!
Tags: Greece Athens 30 Netherlands Amsterdam The Hague Djibouti Djibouti Papua New Guinea Port Moresby Rwanda Kigali Moldova Chisinau Israel Jerusalem Saint Kitts and Nevis Basseterre Tanzania Dar es Salaam; Dodoma Iceland Reykjavik Venezuela Caracas Pakistan Islamabad Kansas Sweden Stockholm Norway Oslo Illinois forum Zambia Lusaka Guinea-Bissau Bissau Palau Melekeok Malaysia Kuala Lumpur St Petersburg 25 Los Angeles Brazil Brasilia Panama Panama City Minnesota Omaha Ethiopia Addis Ababa trial Ecuador Quito Kenya Nairobi Niger Niamey China Beijing Antigua and Barbuda Saint John’s Egypt Cairo Nepal Kathmandu Minneapolis facebook Chelyabinsk 500 Kuwait Kuwait City Houston Congo, Democratic Republic of the Kinshasa Boston Nicaragua Managua Mexico Mexico City usd Mongolia Ulaanbaatar 80 Cuba Havana 2011 Iraq Baghdad Vietnam Hanoi Indiana Singapore Singapore Swaziland Mbabana Switzerland Bern pic Colorado Japan Tokyo Oregon Miami Marshall Islands Majuro Ghana Accra 2007 Azerbaijan Baku New Zealand Wellington Tunisia Tunis Algeria Algiers Jacksonville Cambodia Phnom Penh Botswana Gaborone Germany Berlin Montenegro Podgorica Colombia Bogota 10 Atlanta Louisiana Portland Cleveland Delaware Namibia Windhoek photo Albuquerque Benin Porto-Novo Central African Republic Bangui Belize Belmopan Albania Tirane Wisconsin Myanmar Burma Rangoon Nay Pyi Taw Oakland Dominican Republic Santo Domingo Texas Fort Worth Bolivia La Paz Sucre Mississippi Austria Vienna tutorial Burundi Bujumbura Denver Lesotho Maseru picture 2009 Tennessee Maldives Male Cameroon Yaounde 2015 2004 number avi Georgia Fresno Nashville-Davidson 35 Sierra Leone Freetown Michigan 3000 Russia Moscow Senegal Dakar San Antonio Austin Florida Dallas Ohio Alaska Brunei Bandar Seri Begawan South Dakota Cyprus Nicosia Honolulu Arlington Congo, Republic of the Brazzaville 2001 Ukraine Kyiv Jamaica Kingston Canada Ottawa 90 Portugal Lisbon Afghanistan Kabul review Comoros Moroni Charlotte Hungary Budapest Kiribati Tarawa Atoll 100 California Georgia Tbilisi 2003 Samoa Apia Uruguay Montevideo Saint Lucia Castries San Marino San Marino Somalia Mogadishu Mauritius Port Louis Mozambique Maputo download Nevada Qatar Doha India New Delhi Sao Tome and Principe Sao Tome Mesa Kansas City Equatorial Guinea Malabo Gabon Libreville Luxembourg Luxembourg Tuvalu Vaiaku village, Funafuti province 2010 Bulgaria Sofia Morocco Rabat Korea North Pyongyang Saudi Arabia Riyadh gbp Seattle Eritrea Asmara Argentina Buenos Aires Pennsylvania mp3 Virginia Colorado Springs Iran Tehran Lebanon Beirut Memphis Ireland Dublin 1000 1500 Indonesia Jakarta San Diego Louisville-Jefferson County Vermont Madagascar Antananarivo Tajikistan Dushanbe Mauritania Nouakchott Tucson 15 Kyrgyzstan Bishkek Zimbabwe Harare dollar Korea South Seoul Malta Valletta Fiji Suva Monaco Monaco West Virginia Spain Madrid Vanuatu Port-Vila Liechtenstein Vaduz Phoenix quote Paraguay Asuncion San Jose 2013 Oklahoma El Paso Philadelphia 2016 New Jersey Suriname Paramaribo East Timor Dili Poland Warsaw Togo Lome galery Latvia Riga Trinidad and Tobago Port-of-Spain North Dakota El Salvador San Salvador Kazakhstan Astana Costa Rica San Jose Missouri Denmark Copenhagen Libya Tripoli 200 international database South Africa Pretoria Cape Town Bloemfontein jpg Massachusetts Laos Vientiane Chad N’Djamena The Gambia Banjul Solomon Islands Honiara Guatemala Guatemala City Finland Helsinki Cape Verde Praia Hawaii Tonga Nuku’alofa Thailand Bangkok Oman Muscat Iowa Bahrain Manama Tulsa Oklahoma City Lithuania Vilnius Yemen Sanaa Belgium Brussels Croatia Zagreb Sudan Khartoum Milwaukee Czech Republic Prague Armenia Yerevan Nebraska Washington pound Dominica Roseau Bangladesh Dhaka Andorra Andorra la Vella Washington Utah Las Vegas France Paris Saint Vincent and the Grenadines Kingstown mpg Arizona free Nauru Yaren District 2002 preview 5 Liberia Monrovia 2012 Maryland Haiti Port-au-Prince Belarus Minsk Virginia Beach Taiwan Taipei New Orleans Turkey Ankara 350 Estonia Tallinn mpeg New York Cote d’Ivoire Yamoussoukro Abidjan Macedonia Skopje Philippines Manila Kentucky 5000 Columbus New Hampshire Angola Luanda call Alabama Guyana Georgetown 2008 Sacramento Sri Lanka Colombo Sri Jayewardenepura Kotte United Kingdom London Serbia Belgrade 150 North Carolina Uganda Kampala Montana Seychelles Victoria Uzbekistan Tashkent Baltimore Arkansas Honduras Tegucigalpa Barbados Bridgetown United Arab Emirates Abu Dhabi Wyoming 400 Detroit 40 Syria Damascus Malawi Lilongwe youtube Romania Bucharest South Carolina 2014 2006 Slovenia Ljubljana United States Washington D.C. 300 Jordan Amman 60 Chicago Slovakia Bratislava Burkina Faso Ouagadougou 70 Bosnia and Herzegovina Sarajevo Idaho 10000 gallery Guinea Conakry San Francisco Grenada Saint George’s Chile Santiago Indianapolis The Bahamas Nassau Bhutan Thimphu Australia Canberra Mali Bamako Maine Vatican City Holy See Long Beach Connecticut 2005 Peru Lima Italy Rome 2000 250 20 50 Nigeria Abuja Federated States of Micronesia Palikir Rhode Island myspace New Mexico New York Turkmenistan Ashgabat
Posted in Web Security | No Comments »
July 2nd, 2008 admin
“Web Application Firewalls (WAF) are a total waste of time/money because they can’t protect against business logic flaws!,” a common theme among the few, but vocal, seriously anti-WAF zealots out there. While there is some truth it’s also like saying car door locks are useless because criminals can break in by smashing the windows. Or car alarms are a waste because they don’t protect against carjacking. And steering wheel locks are lousy because the car is at risk to thieves with tow trucks. You see where I’m going with this. Every security measure has a particular purpose, limitation, and overall value to the owner considering what it is they’re protecting.
Sure, WAFs don’t defend against every logic flaw, or even every crazy form of SQLi or XSS. Just as white/black box scanners can’t identify every vulnerability and neither can expert pen-testers or source code auditors. A/V products don’t red flag every piece of malware. Anti-spam misses some junk mail. Yet we still utilize these solutions anyway because their value outweighs their limitations. And of course WAFs don’t replace vulnerability assessment (VA) or secure coding practices just as Nessus doesn’t compete with network firewalls or good segmentation practices. Therefore I recommend we ignore rash criticisms and keep an open mind into what WAFs can/can’t do, the value they may provide today, and consider how they made be improved – including being aided by VA intelligence (VA+WAF).
I’m going to keep my comments vendor agnostic. Perhaps some of the features described below are already included in some of the available WAF products. In fact I know they are and claim no novelty of any of these ideas (probably printed elsewhere), but I’ll leave it to the vendors to comment on their specific products capabilities. I think the readers here might be pleasantly surprised. My intent here is to explore a few of the more common business logic flaw examples we’ve all seen, assume we know where their location (VA), and attempt to hypothesize defense measures.
Business Logic Flaw examples
1) Rotating numbers in URLs, the classic case of Insufficient Authentication, Insufficient Authorization and Insufficient Process Validation where an attacker can gain access to data or functionality their user-level should not have. We’ve seen these issues countless times in order tracking systems, bank account screens, and even in online vote registration. I see at least two possible ways to prevent these types of business logic flaws with a WAF.
URL encryption
The WAF inspects outbound Web page content, dynamically encrypts and replaces every URL directed to the website, and by extension decrypts them on the way back in – completely transparent to the web server or application. For example:
<* a href=”http://website/app.cgi?foo=bar”>action<* /a>
becomes…
<* a href=”http://website/06ad47d8e64bd28de537…”>action<* /a>
or
<* a href=”http://website/app.cgi?foo=bar&t=1fad47d…”>action<* /a>
URL encryption is powerful as it prevents URL parameter tampering and by extension protects against a wide range of attacks (XSS, SQLi, CSRF, etc.). No parameter tampering, no number rotation, no business logic flaw. Implementation is really tricky though because the HTML parser has to be perfect otherwise requests will be blocked when links are missed. Bookmarks and search engine indexing is also potentially disrupted. However, websites where most functionality is behind a login screen, such as banking sites, might not mind. Its also possible these side effects could be reduced by only focusing on the URLs known to be vulnerable (VA) instead of pursuing global enforcement. There is no need to encrypt URLs that aren’t vulnerable.
Session-State tracking
Users can be tracked from one page to the next so it’s technically possible for a WAF to know where they are in a particular flow and where they should be able to get to, or not. If an attacker were to rotate a number in a URL the WAF could be capable of determining if they should have been able to get it (UI-wise) from where they are. If they shouldn’t be able to, deny! Or perhaps a more forgiving threshold is in order so the may try 1, 2, or even 10 illegal URLs, but not more because that would surely be abnormal behavior. Scalability is biggest drawback here as increasingly large state tables are required for tracking. However, if you know a particular URL or parameter name has a problem with number rotation, WAFs can again be configured to focus and enforce controls only there.
2) Session hijacking by way of cookie tampering is another old school hack that has implications for Credential/Session Prediction, Insufficient Session Expiration, and Session Fixation. This issue doesn’t show up as much as it once did because most developers are using the native session handling APIs in their development frameworks as opposed to rolling their own. A very good thing.
Just like the previous example we can utilize some good ol’ on-the-fly cookie encryption/decryption that can be easily performed with a WAF. If an attacker is unable to modify their cookie to a valid value, and the WAF would know cryptographically, then session handling issues go away. You could even add some httpOnly, secure, and non-persistent flags if you want. You’d still probably have issues with Insufficient Session Expiration or Session Fixation, but we’re getting somewhere. The only drawback I can think of is if JavaScript or some other client-side language needed to read/write the original cookies values.
3) WAFs could also potentially be used to stop login brute force attacks or Insufficient Anti-Automation by including CAPTCHAs on-the-fly at various choke points. Again, thresholds would be neat. We could explore other examples, but I think you get the idea and this post is long enough. Well at least I don’t want to write anymore.
Its important to understand that we’re at the very beginning of WAFs (or website VA for that matter), their deployments, which is also why there is so little field experience posted anywhere. We need an open community dialog so we can see where this technology can go and how it can be improved. - independent of the PCI 6.6 mandate. My point is I don’t think WAFs will be able to solve all of our web application security problems, or even all business logic flaws, and I don’t know of anyone who does. It certainly would be nice though to see what WAFs can do or be made to do. We won’t know unless we keep and open mind and try.
“Any fool can criticize, condemn, and complain, and most fools do.”
Benjamin Franklin
Tags: 90 Oklahoma Laos Vientiane Myanmar Burma Rangoon Nay Pyi Taw Kansas Kenya Nairobi 2000 Cambodia Phnom Penh Venezuela Caracas United Kingdom London Georgia 1000 Mesa Montana Syria Damascus Honduras Tegucigalpa 40 Tanzania Dar es Salaam; Dodoma Yemen Sanaa preview Indianapolis Sweden Stockholm Macedonia Skopje Portland Namibia Windhoek Federated States of Micronesia Palikir Saudi Arabia Riyadh Switzerland Bern The Gambia Banjul Bahrain Manama 200 Morocco Rabat New Mexico Trinidad and Tobago Port-of-Spain Colombia Bogota facebook Fort Worth Jacksonville Maldives Male Jamaica Kingston New Hampshire Guinea Conakry Connecticut San Antonio East Timor Dili South Carolina Niger Niamey Iran Tehran Romania Bucharest Fresno Oman Muscat South Africa Pretoria Cape Town Bloemfontein Mali Bamako Congo, Democratic Republic of the Kinshasa Kiribati Tarawa Atoll Belarus Minsk Cuba Havana Sao Tome and Principe Sao Tome pound Haiti Port-au-Prince Colorado Iraq Baghdad Afghanistan Kabul Nevada Bulgaria Sofia Liberia Monrovia free Russia Moscow Spain Madrid Qatar Doha Sierra Leone Freetown Ireland Dublin 80 Austin Louisiana 2009 Jordan Amman Oakland Nicaragua Managua Malta Valletta Mauritius Port Louis Mexico Mexico City Congo, Republic of the Brazzaville 70 North Dakota Samoa Apia Djibouti Djibouti New Orleans Uzbekistan Tashkent Peru Lima New York Italy Rome United Arab Emirates Abu Dhabi Wisconsin Croatia Zagreb Illinois 10000 Kentucky Uganda Kampala Georgia Tbilisi North Carolina Wyoming Nauru Yaren District Uruguay Montevideo Dominican Republic Santo Domingo Kyrgyzstan Bishkek Panama Panama City Nebraska Sri Lanka Colombo Sri Jayewardenepura Kotte Sacramento Pennsylvania Equatorial Guinea Malabo Washington China Beijing Brazil Brasilia Suriname Paramaribo 2011 Louisville-Jefferson County picture Czech Republic Prague Latvia Riga Burkina Faso Ouagadougou Somalia Mogadishu 50 gallery Vermont Arizona Mauritania Nouakchott Swaziland Mbabana Iceland Reykjavik Thailand Bangkok Antigua and Barbuda Saint John’s Cyprus Nicosia Solomon Islands Honiara 2006 2015 Malawi Lilongwe review 500 Arkansas Belgium Brussels Argentina Buenos Aires Alaska 5 Chile Santiago Oklahoma City call Cameroon Yaounde forum India New Delhi Long Beach Chelyabinsk Ohio Senegal Dakar Taiwan Taipei Houston Grenada Saint George’s Chad N’Djamena Saint Lucia Castries Bosnia and Herzegovina Sarajevo Baltimore 2008 350 Philadelphia Palau Melekeok California Algeria Algiers galery pic Chicago Costa Rica San Jose Belize Belmopan Oregon 2001 El Salvador San Salvador Ghana Accra Ethiopia Addis Ababa Missouri Dominica Roseau Poland Warsaw 35 Egypt Cairo 2014 10 Albuquerque Lesotho Maseru Sudan Khartoum Bolivia La Paz Sucre 400 Togo Lome Liechtenstein Vaduz 250 dollar Burundi Bujumbura Portugal Lisbon Minneapolis Phoenix Minnesota myspace Korea South Seoul Atlanta Guyana Georgetown El Paso Moldova Chisinau Finland Helsinki Andorra Andorra la Vella Paraguay Asuncion Guinea-Bissau Bissau Slovakia Bratislava Madagascar Antananarivo San Marino San Marino Vatican City Holy See usd Washington 3000 Tucson Los Angeles Tonga Nuku’alofa Nepal Kathmandu 20 2004 Armenia Yerevan Angola Luanda Lebanon Beirut Denmark Copenhagen Florida tutorial Libya Tripoli gbp Saint Kitts and Nevis Basseterre Bangladesh Dhaka South Dakota Ukraine Kyiv Nigeria Abuja Germany Berlin Australia Canberra 150 Botswana Gaborone mpeg Azerbaijan Baku 60 2002 Ecuador Quito Austria Vienna Kansas City Massachusetts Iowa Marshall Islands Majuro Nashville-Davidson 2003 download Delaware Japan Tokyo jpg Boston Cote d’Ivoire Yamoussoukro Abidjan Denver Canada Ottawa Memphis Korea North Pyongyang Hawaii Tuvalu Vaiaku village, Funafuti province Tunisia Tunis mpg Mississippi Seychelles Victoria Monaco Monaco Lithuania Vilnius Comoros Moroni Turkmenistan Ashgabat Vanuatu Port-Vila Detroit The Bahamas Nassau Seattle New Zealand Wellington 2010 number Arlington 5000 United States Washington D.C. San Diego 25 2013 15 Guatemala Guatemala City West Virginia Maryland Indonesia Jakarta Dallas 2016 Virginia Columbus Zambia Lusaka Montenegro Podgorica Cape Verde Praia international database mp3 Slovenia Ljubljana Maine Michigan Indiana New Jersey 2007 Tennessee photo France Paris 100 Serbia Belgrade quote 1500 Gabon Libreville San Francisco avi Vietnam Hanoi Texas Philippines Manila Las Vegas Cleveland Milwaukee St Petersburg Rhode Island Bhutan Thimphu Brunei Bandar Seri Begawan Turkey Ankara Kuwait Kuwait City Charlotte Israel Jerusalem Fiji Suva Rwanda Kigali Saint Vincent and the Grenadines Kingstown Alabama Pakistan Islamabad Virginia Beach Honolulu Utah Mozambique Maputo Central African Republic Bangui Singapore Singapore Barbados Bridgetown Norway Oslo Papua New Guinea Port Moresby Tajikistan Dushanbe Kazakhstan Astana youtube San Jose trial Greece Athens Miami Netherlands Amsterdam The Hague Hungary Budapest Idaho 2005 Malaysia Kuala Lumpur Zimbabwe Harare Eritrea Asmara 2012 Omaha Mongolia Ulaanbaatar Colorado Springs 300 Estonia Tallinn 30 New York Albania Tirane Luxembourg Luxembourg Benin Porto-Novo Tulsa
Posted in Web Security | No Comments »
July 2nd, 2008 admin
Apparently the mass SQL Injection attacks have really woken people up and they’re probably flooding the MS blogs and inboxes with pleas for assistance. No doubt a lot of them use Twitter. Site owners are desperate to protect their old legacy ASP classic code. To help the situation Microsoft has just announced 3 free new toys specifically targeted at SQLi.
1) The Microsoft Source Code Analyzer for SQL Injection (MSCASI) is a static code analysis tool that identifies SQL Injection vulnerabilities in ASP code. In order to run MSCASI you will need source code access and MSCASI will output areas vulnerable to SQL injection (i.e. the root cause and vulnerable path is identified).
Cool. If anyone wants to provide feedback on effectiveness, I’d really like to know!
2) Microsoft worked with the HP Web Security Research group to release the Scrawlr tool. The tool will crawl a website, simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.
This is nice of HP to offer, but the product limitations seem somewhat onerous to me…
* Will only crawls up to 1500 pages
* Does not support sites requiring authentication
* Does not perform Blind SQL injection
* Cannot retrieve database contents
* Does not support JavaScript or flash parsing
Will not test forms for SQL Injection (POST Parameters)
Hmm, if used MSCASI and Scrawlr are used at the same time, can we call this Hybrid Analysis?
3) In order to block and mitigate SQL injection attacks (while the root cause is being fixed), you can also deploy SQL filters using a new release of URLScan 3.0. This tool restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, UrlScan helps prevent potentially harmful requests from being executed on the server. It uses a set of keywords to block certain requests. If a bad request is detected, the filter will drop the request and it will not be processed by SQL.
IIS’s equivalent to ModSecurity on Apache. Cool stuff, first used it a LOONG time ago and no doubt solid improvements have been made. From the description it appears to still be using a black list negative security model approach to protection. How about that!? Looks like the only thing they left out is some kind of DB or system clean up for those who have already suffered an incident. I’m hearing that the hacked count is up to 2 million sites now. Ouch.
Tags: call download Colorado Nepal Kathmandu Cyprus Nicosia international database Fort Worth Milwaukee Korea South Seoul Venezuela Caracas East Timor Dili Guinea Conakry Saint Vincent and the Grenadines Kingstown Qatar Doha Tuvalu Vaiaku village, Funafuti province Guyana Georgetown New York Mauritius Port Louis Columbus Uzbekistan Tashkent Netherlands Amsterdam The Hague 30 Cameroon Yaounde Atlanta 200 Portugal Lisbon South Carolina Seattle Tennessee Nauru Yaren District Lesotho Maseru United States Washington D.C. Fresno Houston Macedonia Skopje Liberia Monrovia Zimbabwe Harare Portland 60 San Marino San Marino 2012 Albania Tirane Sao Tome and Principe Sao Tome Botswana Gaborone California Slovakia Bratislava San Francisco 2003 facebook Yemen Sanaa Tanzania Dar es Salaam; Dodoma Marshall Islands Majuro Kenya Nairobi Tulsa Seychelles Victoria Madagascar Antananarivo Indonesia Jakarta 150 Estonia Tallinn 80 Jordan Amman Mississippi Niger Niamey New Jersey 90 Greece Athens Louisville-Jefferson County Honduras Tegucigalpa Liechtenstein Vaduz Montenegro Podgorica Libya Tripoli Swaziland Mbabana Nashville-Davidson Cote d’Ivoire Yamoussoukro Abidjan Honolulu Sudan Khartoum West Virginia Montana Georgia 2009 50 jpg Mexico Mexico City Laos Vientiane Ethiopia Addis Ababa Boston Tunisia Tunis Nebraska Federated States of Micronesia Palikir El Paso Chad N’Djamena Turkey Ankara San Jose Mozambique Maputo Omaha Long Beach Indiana Minnesota Tajikistan Dushanbe Nicaragua Managua Pennsylvania Vermont Australia Canberra Oklahoma Switzerland Bern Denmark Copenhagen Iowa Washington Hungary Budapest Thailand Bangkok Panama Panama City Senegal Dakar New York myspace Ireland Dublin 3000 Eritrea Asmara Cambodia Phnom Penh 10000 Nevada Belize Belmopan Brazil Brasilia Japan Tokyo Jamaica Kingston Germany Berlin 100 The Bahamas Nassau Guinea-Bissau Bissau 2000 Chicago Oakland Italy Rome Argentina Buenos Aires Indianapolis Taiwan Taipei Dallas preview Vietnam Hanoi Alabama Angola Luanda Singapore Singapore Slovenia Ljubljana Colombia Bogota Uganda Kampala Oman Muscat Miami Congo, Republic of the Brazzaville Pakistan Islamabad Djibouti Djibouti Iran Tehran Austria Vienna Turkmenistan Ashgabat 2015 Austin New Mexico Michigan Nigeria Abuja Bangladesh Dhaka Finland Helsinki mpeg Saint Lucia Castries France Paris 25 Moldova Chisinau 2014 gallery Grenada Saint George’s pic Algeria Algiers San Antonio Saint Kitts and Nevis Basseterre 2016 Maryland Delaware Chelyabinsk Benin Porto-Novo Jacksonville 350 North Dakota 400 Gabon Libreville China Beijing Papua New Guinea Port Moresby review Alaska 2011 Arlington Togo Lome forum 10 Mongolia Ulaanbaatar Washington 20 Arizona Cape Verde Praia Afghanistan Kabul Malaysia Kuala Lumpur Mali Bamako Palau Melekeok Somalia Mogadishu Florida Kyrgyzstan Bishkek Sweden Stockholm Texas avi youtube 2004 Philadelphia Malta Valletta Missouri Bahrain Manama Latvia Riga Sacramento 40 Ohio 5000 Barbados Bridgetown Kentucky Rwanda Kigali Albuquerque Iceland Reykjavik Georgia Tbilisi 35 Poland Warsaw Mauritania Nouakchott Serbia Belgrade El Salvador San Salvador 2001 Maine Tonga Nuku’alofa South Dakota Brunei Bandar Seri Begawan Iraq Baghdad St Petersburg North Carolina Croatia Zagreb Kiribati Tarawa Atoll New Orleans Ukraine Kyiv trial usd Canada Ottawa Connecticut India New Delhi dollar 1000 New Zealand Wellington Vanuatu Port-Vila Suriname Paramaribo Idaho Kansas City Cuba Havana Andorra Andorra la Vella Virginia Beach 2013 Equatorial Guinea Malabo Israel Jerusalem Lithuania Vilnius Lebanon Beirut Samoa Apia Antigua and Barbuda Saint John’s Morocco Rabat Solomon Islands Honiara Sierra Leone Freetown Romania Bucharest mp3 Sri Lanka Colombo Sri Jayewardenepura Kotte Oregon Los Angeles Luxembourg Luxembourg Bulgaria Sofia United Arab Emirates Abu Dhabi Armenia Yerevan Russia Moscow Louisiana Dominica Roseau Arkansas Uruguay Montevideo Paraguay Asuncion Dominican Republic Santo Domingo Ghana Accra Spain Madrid Burkina Faso Ouagadougou Fiji Suva Monaco Monaco Charlotte Hawaii picture quote tutorial Virginia Zambia Lusaka Saudi Arabia Riyadh Namibia Windhoek gbp 250 Malawi Lilongwe Trinidad and Tobago Port-of-Spain Kazakhstan Astana Massachusetts 15 Memphis Baltimore Korea North Pyongyang Norway Oslo pound Kuwait Kuwait City Central African Republic Bangui Rhode Island Myanmar Burma Rangoon Nay Pyi Taw 2002 Vatican City Holy See Wisconsin Colorado Springs Mesa Phoenix photo Detroit Chile Santiago 300 Burundi Bujumbura Belarus Minsk Peru Lima Wyoming 500 Illinois galery New Hampshire Syria Damascus Belgium Brussels free South Africa Pretoria Cape Town Bloemfontein Oklahoma City number 5 Cleveland Costa Rica San Jose Philippines Manila Bosnia and Herzegovina Sarajevo Utah Kansas Haiti Port-au-Prince The Gambia Banjul Tucson San Diego 2007 Comoros Moroni 2008 Ecuador Quito 1500 2010 2006 Azerbaijan Baku Bolivia La Paz Sucre Minneapolis Czech Republic Prague Guatemala Guatemala City Egypt Cairo Las Vegas Congo, Democratic Republic of the Kinshasa Denver 70 mpg United Kingdom London Bhutan Thimphu 2005 Maldives Male
Posted in Web Security | No Comments »