Following up on my deployment of WordPress XML-RPC attack countermeasures a few months ago, let’s have a look at how effectively the traps have performed in live operation in the intervening time.
Countering WordPress XML-RPC Attacks with fail2ban
In my last post I began inquiring into the WordPress XML-RPC attacks I’ve been sustaining here on the site. Since then I’ve been further studying the threat and experimenting with responses, and I have now developed working countermeasures and cast them into live operation. These countermeasures involve forwarding telemetry out of WordPress for pickup by the fail2ban facility, allowing for the detection and banning of attackers trying to exploit xmlrpc.php. Where other recommendations call for disabling affected methods or the whole XML-RPC subsystem, my more refined techniques control attacks while maintaining the full service set in operation for valid procedure calls.
Android Device Manager Does Not Work in Internet Explorer
[Edit: As of July 11th it looks like this has been fixed. Android Device Manager is working in Internet Explorer 11 again in my testing. Original discussion follows.]
Last night I flashed my phone up to CyanogenMod 11 M8, and since then I’ve been putting things back the way they were and testing everything out. A few bugs were fixed from the M6 build I was running previously, and a few nice enhancements dropped too, everything was copacetic. But this afternoon I got around to testing Android Device Manager, Google’s integrated “find my phone” application, looking to reconfirm that I could locate my phone if it ever got lost, only to receive an unpleasant surprise. I’d log in to Google’s web application and have it persistently fail to locate my device. The map did not move, the “locate device” and “ring” controls did nothing, basically the tool was useless. This was very frustrating since (a) I knew it worked fine the last time I tested it, and (b) it’s a critical function that I wasn’t about to hazard living without.
TrueCrypt: What Happened, What It Means, and What Happens Now
Based on the sum of the evidence that’s now filtered in, and in the consensus view of experts, the primary cause of the TrueCrypt crisis of the last few days was developer fatigue. After 10 years of thankless work developing the open source disk encryption tool, faced with the need to do major extending and refactoring of the codebase to support new technical requirements and demands from security auditors, the anonymous author or authors decided to throw in the towel. The way they did it tells of more complex motives, and has supplied ample fuel to the conspiracy theorists of the world. But importantly, there is no evidence that these events were motivated by any known security flaw or trust deficiency in TrueCrypt or in its build or distribution process, or by any act of coercion. And in spite of the apparently deliberate reputational damage committed by the developers, unless and until demonstrated otherwise, TrueCrypt is in fact still secure, and this story is far from over.
Something Rotten Has Occurred in TrueCrypt Land
An extremely significant event affecting TrueCrypt has occurred. It is not yet clear whether it is legitimate or a hoax, and if legitimate, what it means. The truecrypt.org web site has been redirected to a sourceforge landing page advising that development has ended and warning, ambiguously, that the program either is not secure or may not be secure in the future. The messaging proceeds to push users onto BitLocker or other native disk encryption programs. A newly built, apparently legitimately signed, but crippled set of installers numbered version 7.2 are offered. No one is sure exactly what has happened, whether this is a defacement or the real deal, and if it is real, how to interpret it. The matter is still unfolding and being debated.
Process Explorer 16.0 Adds VirusTotal Integration
Author Mark Russinovich just dropped version 16.0 of Sysinternals procexp, an indispensable utility that displays a tree view of every process on a Windows system along with its resource consumption. Procexp’s visual representation of the activity on a system is so useful for performance tuning that I not only keep an instance in my toolkit, but also place one right smack on the desktop of pretty much every machine I’m responsible for. Version 16.0 is a big feature update boasting newly added integration with cloud antivirus service VirusTotal.
CyanogenMod Breaks New Ground on Mobile Privacy
While Google, Microsoft, Apple and Facebook are busy bending knee to their government handlers and/or telling marketing departments what color underwear you have on, the incredibly smart and capable developers of the CyanogenMod aftermarket Android distribution are cooking up compelling and even potentially disruptive mobile privacy technologies.
Windows XP End Of Support Life Coming Soon
As a reminder, Windows XP will officially reach EOSL (End Of Support Life) on April 8, 2014, a milestone in the making for over a decade, finally coming up a little over eight months from now. On this date, Microsoft will stop publishing new fixes for security holes and bugs in XP. It will no longer be possible to use XP securely, and the degree of exposure and danger will begin to ramp up thereafter, like a proverbial ticking timebomb.
TrueCrypt Container Sizing for Optical Media
One of the most consistently referenced articles here is my procedure for preparing and burning encrypted CDs with TrueCrypt. It ranks highly on Google for “truecrypt cd” and “truecrypt dvd”, so those referred are often searching for the best TrueCrypt container size to use with optical media. However, while I made a size recommendation for CD-R’s explicit in the original article, I only mentioned DVD-R’s in passing, enough to match the keyword but not to convey the actual answer people are looking for. Allow me to correct that omission now.