Today I set up a GPG installation on a Windows 7 machine and I ran in to a problem. My problem was that Thunderbirds extension Enigmail, didn’t recognize the Cryptophane frontend. Cryptophane is a Windows frontend which makes the handling of keys, en- and decryption of files very easy for everybody. When I tried to make mail encryption work in Thunderbird, I got the following error message:

Unable to locate GnuPG executable in the PATH.
Make sure you have set the GnuPG executable path correctly in the OpenPGPG Preferences.

Failed to initialise Enigmail.
Send unencrypted message?

How to fix?

First I thought, I had to use another GPG frontend which would work with Enigmail, but in the preferences of Enigmail, there was a lot easier solution.

1. open Thunderbird
2. open OpenPGP -> Preferences
3. mark “override with”
4. click “Browse” and find your Cryptophane installation directory (for example: C:\Program Files\Cryptophane\GnuPG\gpg.exe)

Done!

Recently I’ve experienced, that it is really relevant to delete your installation directories of phpmyadmin and similar tools. Just a couple of days ago the following files were tested on my webspace. Sadly for the attacker, none of the scripts below was available, so my webspace could not be used for spam distribution.

See the list of potentially risky scripts below:

/phpmyadmin/scripts/setup.php
/phpmyadmin/scripts/setup.phpindex.php
/myadmin/scripts/setup.php
/myadmin/scripts/setup.phpindex.php
/pma/scripts/setup.php
/pma/scripts/setup.phpindex.php
/admin/scripts/setup.php
/Admin/scripts/setup.php
/db/scripts/setup.php
/dbadmin/scripts/setup.php
/myadmin/scripts/setup.php
/mysql/scripts/setup.php
/mysqladmin/scripts/setup.php
/mysqlmanager/scripts/setup.php
/phpMyAdmin/scripts/setup.php
/phpMyAdmin1/scripts/setup.php
/phpMyAdmin-2/scripts/setup.php
/phpadmin/scripts/setup.php
/phpmyadmin/scripts/setup.php
/phpmyadmin.old/scripts/setup.php
/old.phpmyadmin/scripts/setup.php
/phpmyadmin1/scripts/setup.php
/phpmyadmin-2/scripts/setup.php
/phpmyadmin1/scripts/setup.php
/phpmyadmin2/scripts/setup.php
/pma/scripts/setup.php
/PMA/scripts/setup.php
/scripts/scripts/setup.php
/webdb/scripts/setup.php
/websql/scripts/setup.php
/sql/scripts/setup.php
/scripts/setup.php
/mysql-admin/scripts/setup.php
/mysqladmin/scripts/setup.php
/mysql-admin/scripts/setup.phpindex.php
/mysqladmin/scripts/setup.phpindex.php

So einfach kann es sein. Ich möchte hier einmal meine Erfahrungen zu einem kleinen Social Engineering Versuch Preis geben.

Umstände:

Es ging um eine Bekannte, mit der ich so etwas wie eine kleine Wette hatte, ich wusste ihren Vornamen, wo sie was studiert, dass sie gerade an Zeitknappheit litt, da sie ihre Bachelorarbeit schrieb.

Ziel:

Das Ziel war es, die Adresse der Zielperson in Erfahrung zu bringen.

Prozess:

1. Installation von Proxysoftware: FoxyProxy für Firefox
2. Namensfindung für falsche Accounts: Name der gewöhnlich und deutsch klingt, wenig spektakulär. So ein Name erzeugt wenig Argwohn, z.B.: Martin Schließ
3. Profil bei studiVZ.de angelegt, mit gleichem Namen
4. Beitritt diverser Gruppen, Immatrikulation an der gleichen Hochschule, Foto eingesetzt
5. In Kurs, bzw. Fachgruppe der Uni Zielperson ausfindig gemacht
6. Profil war öffentlich, alle Freunde einzusehen

An dieser Stelle habe ich den Versuch abgebrochen, hätte im weiteren Schritt folgenden Text an alle Freunde gleichzeitig versandt:

Hi, hab gesehen, dass du mit Marie befreundet bist. Könntest du mir kurz verraten, wo sie wohnt? Ich finde da nicht mehr hin und muss ihr dringend ein Buch zurück geben, dass sie für ihre Bachelorarbeit wieder haben wollte. Habe irgendwie da nicht so ganz auf Straße und Hausnummer geachtet. Erreiche sie nicht mehr und bin die nächsten Wochen weg.

Der Text impliziert, dass ich schon einmal in ihrer Wohnung war und hebt die Dringlichkeit hervor, da die Arbeit ja unter den Kommolitonen bekannt sein dürfte.

Die interessanteste Frage wäre natürlich noch gewesen, ob ich die betreffenden Informationen tatsächlich erlangt hätte, aber um unnötige Aufklärungen zu vermeiden beließ ich es an diesem Punkt.

Links:

• Wikipedia zu Social Engineering

Important notice: the following conversation is between me and an automated script that answers randomly and tries to push me onto a paid porn site, so I did not insult a real person.

(18:36:33) veroniquemenjivarypjis@hotmail.com: hey, are you around?
(18:36:37) Jonathan: for you?
(18:36:48) veroniquemenjivarypjis@hotmail.com: >Yay someone to talk to !! how are u? I found your name in the msn online members search
(18:36:57) Jonathan: yeah sure
(18:36:58) Jonathan:
(18:37:08) veroniquemenjivarypjis@hotmail.com: my roomates just stepped out I only have a little while alone… are u alone too? we should cam2cam
(18:37:26) Jonathan: and soon you give me a link to a website where I can download all your pictures for 5 bugs each
(18:37:36) veroniquemenjivarypjis@hotmail.com: Its http://www.webcaminvitation.com/6s3 just accept my cam invite,
(18:37:41) Jonathan: HAHAHA
(18:37:45) Jonathan: you are sooo poor
(18:37:52) veroniquemenjivarypjis@hotmail.com: K here’s the link to my cam it’s http://www.webcaminvitation.com/6qs go there and you should see me, just click the join free tab on top of the page, I use this site cause you can’t record it like on here — my dad would kill me if he found out I was doing this kinky stuff on his computer lol
(18:37:57) Jonathan: you insert your own vomit into your vagina
(18:38:08) veroniquemenjivarypjis@hotmail.com: LOL aw you’re cute.. well can u see my cam it was giving me trouble earlier but it looks ok now? oh I hope u dont mind chatting with a kinky girl!
(18:38:27) Jonathan: Oh no, I don’t, but you’re a buttugly fat guy Oo
(18:38:37) veroniquemenjivarypjis@hotmail.com: yeah i’m horny lolz! u? Wait you’re not a stalker are u?? LOL
(18:39:01) Jonathan: Oh yeah, I’ll probably slit your throat with the huge knive I always carry around when we meet
(18:39:11) veroniquemenjivarypjis@hotmail.com: Mhhm u never know lol I have to make sure! babe u sound confident I like that .. maybe we can trade phone numbers after we chat on cam ? I’d love to…
(18:41:12) Jonathan: Yeah, I know a way to trace you and then I will hunt you down, how does that sound?
(18:49:03) veroniquemenjivarypjis@hotmail.com: hello…??
(18:49:35) Jonathan: Sorry, I just died, please respect that.
(18:49:45) veroniquemenjivarypjis@hotmail.com: ….nice well u can also just watch me if u want….it’s up to u oh babe what’s your favorite color?
(18:49:57) Jonathan: pink
(18:50:07) veroniquemenjivarypjis@hotmail.com: ok, great I got the perfect pink panties for ya …ur gunna love these!!
(18:50:30) Jonathan: But, I’m gay!
(18:50:41) veroniquemenjivarypjis@hotmail.com: make sure u fill out your correct b-day k? cause they won’t let u in if you can’t verify age I had to use my debit card to verify age but they don’t charge, it’s just to make sure you’re not a kid
(18:51:02) Jonathan: Sounds very reasonable to me
(18:51:12) veroniquemenjivarypjis@hotmail.com: I’m gonna turn off Messenger so my cam doesn’t run slow….plus I really want u to watch me, I’m getting so turned on it’s driving me crazy
(18:51:45) Jonathan: Yeah, so bad for you, that I know that your messenger wouldn’t slow down anything ;D <3 IT nerds, huh?
(18:51:56) veroniquemenjivarypjis@hotmail.com: are u in babe?? Let me know when you see me, I’ll be in my cam chat, we’ll keep talking in there I just put on those panties for u ! hurry up ! if u need the link again it’s http://www.webcaminvitation.com/6wn , I’m in my private chat so if u see another cam just login and let me know when you’re in, I’ll guide you to my cam room

After I quit the conversation and had a look at the website which lead me to http://camfly.com which holds about no information about the company that runs it, which is illegal if they offer paid services. I wrote an email and told them to add that information. I wrote the mail in German, because the website appeared in German. Probably recognized my browser or IP as German. Here is what I wrote:

From: “Jonathan M. Hethey”
To: supportteam@camsfly.com
Subject: Impressum
Date: Thu, 27 May 2010 18:57:44 +0200
X-Mailer: Sylpheed 3.0.2 (GTK+ 2.20.0; x86_64-pc-linux-gnu)

Wenn sie in Deutschland Dienstleistungen anbieten, setzen sie doch bitte ein Impressum auf ihre Seite. Ansonsten könnte sich noch jemand genötigt fühlen sie anzuzeigen, der von einem ihrer Spambots belästigt wurde.

The answer was quite funny, because it looks like someone wrote it in English and pushed it through some translation software which did a really bad job:

From: “CamsFly Support” <support@camsfly.com>
To: “Jonathan M. Hethey”
Reply-To: support@camsfly.com
Subject: [Support #1150492] Impressum
Date: Thu, 27 May 2010 13:25:51 -0700 (PDT)
Sender: “CamsFly Support” <support@camsfly.com>
X-Mailer: Perl5 Mail::Internet v1.74

Hallo,

Es erscheint nicht auf ein Konto mit dieser E-Mail-Adresse zugeordnet
werden. Bitte schreibe wieder mit Ihrem Mitglieds-ID oder die
E-Mail-Adresse, die Sie unterschrieben mit, damit wir Ihren Account zu
finden und helfen Ihnen dabei.

I know, I have too much time, but I should really take this to the cops

Let’s face it, most people don’t know what a browser is. They just click some icon and call this the internet. The problem about these people is, they are potential users of old browsers, which puts web developers in a difficult situation. They have to do twice the work or choose old technologies over new ones, even if the new technology or way of doing things would be based on standards, more time and bandwidth, CPU-workload efficient or just give the user better ways of interaction.

So it seems like a good idea to notice visitors, if they are using old software that might interfere with correct use of your website. A nice script, which automatically detects browser and language for that can be found at http://browser-update.org/. It’s java-script based and shows a little notification bar on top of your website, that will notify visitors that use outdated software.

With upgrading your browser to the current version you:

• help standards to move on faster (like HTML5 for native playing of videos, without flash)
• have probably higher functionality (Tabs, faster browsing)
• lower risk of phishing or malware intrusions through your browser