Analyze HTTP headers (part 2)

This is the second part in the analysis of the content of HTTP headers returned from Belgian websites. The first part describes what HTTP headers are and analyses the results of the network requests.

Disclosing HTTP headers is not going to make your site more vulnerable nor is not disclosing them going to make your site more secure. But by leaking version information you basically give away your level of patch management, making it easierRead more.

Analyze HTTP headers (part 1)

This analysis on HTTP headers is separated into two different blog posts :

describing what HTTP headers are and analyzing the results of the network requests analyzing the content of HTTP headers

The separation in two parts follows the logical sequence of events that I had to do to complete the investigation. First I had to map the network and interpret these results and then dive deeper in the returned HTTP header results.

Note thatRead more.

Use privoxy and Tor for increased anonymity

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location (from https://www.torproject.org/).

There are Tor Bundles that you can install but you can also chain Tor through a proxy.

I’ll use an Ubuntu 1214 vmware machine to proxy my traffic.Read more.

Install DionaeaFR web frontend to Dionaea honeypot on Ubuntu

Dionaea is a low-interaction honeypot. It is one of the honeypots that can be deployed through the Modern Honey Network. Next to the MHN dashboard I also wanted some specific data on the Dionaea honeypot. That is where DionaeaFR kicks in.

The installation is described in detail on the github page and on http://bruteforce.gr/visualizing-dionaeas-results-with-dionaeafr.html.

I had to add some extra packages and settings on a Ubuntu 12.04.4 LTS system. Below is the fullRead more.

Automatic Check of Expiration Date of GPG keys

After Heartbleed I wrote a small python script to have an automatic check of certification expiration date. The script is hosted on Github.

Next to SSL certificates there are also GPG keys that can (but do not have to) have an expiration date. If you manage a lot of (personal or shared) keys it can become difficult to keep track of expired or soon to be expired keys.

So I wrote a similar python scriptRead more.

Graphing Terena CRL stats

The OpenSSL heartbleed vulnerability CVE-2014-0160 has been all over the news this month. I posted an overview on what to do and how to detect exploit attempts.

Generating new certificates is one of the advices to cope with this vulnerability. A new certificate means that you have to revoke the old one. Revoked certificates are ‘announced’ in a CRL, or a certificate revocation list.

SANS ISC has a graph on certificates revokedRead more.

Analyze the network traffic of a TV

I recently bought a new Philips television 32PFL5008H/12. Most new televisions are ‘smart’ and this device is nothing different. It can connect to the Internet via a wired or wireless connection. I used the wired connection and disabled wireless. I also disabled most of the ‘smart’ features because they are not useful for my usage.

According to the included licenses this device is build on a Linux Kernel 3.0.13 and includes a number of openRead more.

CT Scan

I had a CT scan of my head. I don’t know what exactly there is to see on the different images (the whole sequence is about 250 images) but they do look pretty amazing …

The images were available to me via a web interface on the Picture Archive and Communication Systems (PACS) platform of the hospital. The web server (JBossWeb/2.0.1.GA) was hosted on a Belgacom-IP that, according to the whois-database, belongs to ‘Tyco ThermalRead more.

Run postfix as a blackhole mail server (open relay)

If you want to run Postfix as a blackhole mail server (accepting connection for every user on every domain) then all you have to do is add these settings to /etc/postfix/main.cf :

Note: Postfix is not acting as an open relay in this configuration because it discards mails and is not relaying them to the final destination.

Mapping my neighbourhood SSIDs

A recent post by @xme revealed a tool that allows for passive mapping of SSIDs. I gave it a go for 48 hours and below are the results.

bbox2-1888 2126 bbox2-4344 1580 dlink 84 Veronique 123 31 bbox2-0530 28 telenet-4F11F 28 ZapFi 14 FON_BELGACOM 12 linford1986 4 Wifi 45 4 ZapFi-Gusto 4 coffee House 3 homewlan 3 queenshotel 3 WifiCharles 3 Axip-Home 2 Axip-NW 2 bbox2-22b5 2 SKY24721 2 WLAN_38 2 bbox2-c230 1 BENCHIJIGUA 1Read more.