Archive for March, 2009

Weechat Security Issues

At the start of the week my Weechat CLI Irc client segfaulted for the first time in the last year of using it. I reconnected to rejoin #weechat on freenode. I pinged FlashCode (The main dev of Weechat) and asked him if he wanted my bug report he replied It is a known issue and he was busy patching Weechat 0.2.6 (The current version in ubuntu[Gutsy,hardy,Itrepid,Januty]) later that day he released 0.2.6.1.

Debian has released a security update patch for this package. I filed this as a bug on launchpad but no response as of yet.

Since then people have been joining channels just to try crash Weechat more and more and my weechat continued to segfault. I had two choices. 1) Download and compile the patch 2) Install the devel version. I chose to go with the devel version! 🙂

The new devel version is pretty much a stable release with minor features missing here and there but the application isn’t buggy at all. The new version is under active development by FlashCode. The new almost complete re-write of weechat boasts a much fuller API for scripts and plugins. Script such as weetris(Inline tetris game) would never have been possible on the older version. I have been using for the last few hours with no issues. The TUI is much smoother and easier to use .

Missing scripts 🙁
1) urlgrap.py Allows user to choose to open the last url in their browser i.e. /url 1
2) weenotify.py Uses libnotify to alert a user of private messages or highlights in any channel.

Screen shots and install instructions are located here hopefully there will be a patch released for 0.2.6 but either way I am staying on the Dev version.

Tags: ,

Thursday, March 19th, 2009 Ubuntu 4 Comments

Latest Cellphone Identity Scam

This link was posted on IRC.

Summary
They phone you with the premise that you have won something but they require you to validate you are owner of the mobile by means of giving them the last dialed number. This is the exact same way that the networks validate you for a sim swap. Once doing they they claim to have lost “their” mobile provide “their” last dialed number and get hold of you a copy of your sim that sends/receives as if it was you.

This loop hole has been in the networks for some time. I wonder why it has taken scammers so long to make use of it….

Although this isn’t limited to banking it could spread over to your subscription services but there is little to no gain from subscribing your number to a R5.00 per week service when they are now fitting the bill.

The same process could be applied to sms electricity purchases the only difference is that the coupon you get back is linked to your pre-paid meter box in your home so the fraudster would not be able to make use of it. Funny that Eskom is more secure then the cellphone networks…

Something to note that this scam only really affects pre-paid users since if you are on a contract they require physical proof you are in fact the owner of the sim card by means of ID or drivers license.

I hope that no one I know is affected by this type of scam and they have the common sense not to believe claims made fraudsters.

Tags:

Monday, March 2nd, 2009 General 1 Comment