Corrected Yara rule for the Wiper malware

Ars Technica has recently published an article about the “wiper” malware. In that article they published a Yara rule provided by FBI. However, the rule does not work due to a syntax error. Following rule corrects the syntax error and can be used with Yara 3.2.0.
Happy hunting!

rule unknown_wiper_error_strings
{    
    meta:
        description = "unique custom error debug strings discovered in the wiper malware"

    strings:
        $IP1 = "203.131.222.102" fullword nocase
        $IP2 = "217.96.33.164" fullword nocase
        $IP3 = "88.53.215.64" fullword nocase
        $MZ = "MZ"

    condition:
        $MZ at 0 and all of them

}

Massive WordPress attacks are in progress

I am seeing a lot brute-force attempts made to my site lately. In fact, the unsuccessful login attempts using the “admin” user id are increased by 300 fold. My preliminary investigation showed that all of the offending systems are running Linux.  Some of these systems belong to online retailers, some of them are academic institutions, and some belong to individuals.

Upon investigating offending hosts, I realized that they ran Parallel’s Plesk, Mysql, nginx or Exim (or combination thereof). Not surprisingly, major security vulnerabilities found on all of these systems in 2014. This goes to show that the security is still not a priority for some hosting providers and organizations. I don’t know how badly these systems are compromised, but for now they are being used to attack WordPress sites.

You can protect yourself from this type of attacks by installing iThemes Security plug-in. This plug-in would guide you how to secure your site from brute-force attacks and among others.

How to “ethically hack” an installation software

I recently bought the Contour Design ShuttlePRO along with ShuttleExpress to use it with Adobe LightRoom. The device itself is a great product, but the driver installation program didn’t work on my computer.

Upon executing the driver installation program on my Win7 x64 system, I received an error message indicating “Insufficient free disk space”. I had over 2TB (2000+ GB) of free space on my drive, so it was obvious that the disk space was not an issue. I have seen this problem in the past on an outdated WISE install system, the installation program wasn’t calculating the free space properly on large drives. So, I assumed that the same thing was happening to this installation program.

Microsoft Ergonomic Keyboard Upgrade

Wireless mouse + Microsoft Keyboars = Better Keyboard

I am a big fan of Microsoft Ergonomic Keyboards. I’ve been using them since Microsoft first released it 15+ years ago. Even though I am currently using a Goldtouch ergonomic keyboard, I like to switch things up so I bought a Microsoft Natural Ergonomic Keyboard 4000.

One feature I didn’t like about this keyboard was the zoom slider in the middle of the keyboard. I really do not get the point of it. I do not know who needs to zoom in and out of things so frequently that they would need a dedicated contraption for it. I would rather have a trackball or trackpoint kind of device in there instead.

Well, if you are a hacker and if you cannot find it, you just make it!

The ‘Microsoft.ACE.OLEDB.12.0′ provider is not registered on the local machine.

Really?

I normally do not use Access Databases, but for a pet project of mine I decided to quickly use Access 2010 Database to store some data. When I tried to add the database connection to my Windows Forms application, Visual Studio 2010 barked at me:

The ‘Microsoft.ACE.OLEDB.12.0′ provider is not registered on the local machine.

Even though it seems not logical, what fixes this problem is installing the Office 2007 System Driver: Data Connectivity Components.

Hope this helps someone…

How to “POLAR Enable” your exercise bike.

I have a Schwinn 213 Recumbent Exercise Bike and it came with a hand-grip style heart rate monitor (HRM). Unfortunately HRM died couple of years ago just after the warranty is ended. I did not like the hand-grip HRM from the beginning as it was inaccurate and required me to hold the hand-grips all the time.

I’ve been playing with Polar heart rate (HR) receiver for a while and it is really easy to use. So, I decided to open up the recumbent bike’s console and replace the hand-grip HRM system with the Polar HRM system.

Let’s start with the Polar RMCM01 HR receiver unit.

Repairing Harmony 670 Remote

I absolutely hate waste. We are wasting a lot of resources in this country from bare necessities to entertainment items. This is even worse in the small electronics area. If a small electronics item gets broken most of us don’t even think of repairing it.  There is a better, newer version out there that we want anyway, and it doesn’t cost that much. So, we dump the broken one and got a brand new one. I struggle with that mentality as I know I can repair them most of the time. Do I have time to tackle every single broken electronics item in my house? Not all the time, and I previously had resource constraints as well. I used to have one table that I did my coding and electronics projects on. Our garage is not a useful place as it is detached and not finished inside so there is no room in there for me to setup my electronics lab. I was clearing out my desk every time I worked on an electronics project, pushing away the monitors, keyboard etc. The problem is that the next morning when I needed to code, my desk was covered with components, soldering iron etc. That meant, cleaning it again. I think you got the drift.

How to find the MAC address of an offline computer?

There are multiple ways of getting the MAC address of a system that is on either locally or remotely. But, what if your system is off, you do not have physical access to the system and you wanted to turn it on remotely using Wake on Lan(WOL)? In order to turn your computer on remotely using WOL you need to know the MAC address of that system. If you are not planned this ahead of time, finding the systems MAC address might not be very easy. What are your options?

Apple and Quality Control

Steve Jobs announced today that the reception problems with iPhone 4 is not limited to iPhone 4, it also affects 3G and 3GS as well. Apple is going to give free bumpers to all iPhone 4 owners. So, here is a question: If the same antenna problem exists in 3G and 3GS, why doesn’t Apple give free bumpers/cases to 3G and 3GS owners as well? He said that He has a theory why more people are noticing the reception problem with iPhone 4: It is because Apple did not produce enough iPhone 4 bumpers, so the iPhone 4 buyers couldn’t get a case/bumper with their iPhone 4 purchase. Isn’t this as same as saying “Our phones don’t function properly without a case”

World's First Opening of the GeoGiftBox™

I would like to report the world’s first ever use of a GeoGiftBox™ for presenting engagement ring/request has happened on 7/8/2010 at 4:20pm PDT.

What is a GeoGiftBox™? It is a locked Antique Wooden box fitted with electronics to detect its current location that opens only if you are standing near the location it’s programmed to open. I will give more information about the box, and how it’s been used in my engagement process, and where can you purchase your own box later.

Subscribe to RSS Feed Follow me on Twitter!