Over the past few years, when approached with the question of which OS one should run on their corporate network, I unwaveringly respond, “Windows XP” [of course]. The principle argument being that most small businesses cannot afford a full-time system administrator to administer a non-Windows network. It is nice to now have some numbers to support my argument. Keep in mind, I do not state one way or the other which OS is more secure, reliable, or robust. I only mention this for the simple fact that running a Windows based network, over the long run, will almost always be more affordable.

Compete solely on price, no thanks

First off, sniff the TCP/UDP traffic

After launching TCP Viewer and letting it do its thing for a few seconds, I noticed that there was a group of three or so applications connecting and disconnecting in sequence, port scanning out my machine to my router on destination port 5678. Lo and behold, it ended up being the svchost.exe application. Not just one or two ports, but scanning tens if not hundreds if left to do its thing.

Next, Find the Application and Kill It

I launched Process Explorer to try to figure out if svchost.exe was truly the offending thread. I then isolated the application with the same PID as the one reported in TCP Viewer (in my case 1324). Yep, svchost.exe. Right-click | Kill Application. Bye-bye. No more solid blinking lights across my gigabit Ethernet connection!

Conclusion

Now you ask, what service or application would be sending and receiving such a high rate of packets (ultimately crashing my router due to the amount of hits it was getting)? Well, it turns out that the UPnP services (which I had assumed I had disabled) were for some reason hanging on the requests to my router. All requests were headed to the router’s internal interface (10.0.0.1) on port 5678. From what I can tell, the router was either dropping the packets or not responding properly so the SSDP Discover Service was scanning out ports to try to “do its thing”.

Solution

Launch the local service manager, stop, and then finally DISABLE the following services:

• Universal Plug and Play Device Host
• SSDP Discovery Service

I do not plan on going in to detail on what these services do, but suffice it to say, they are unnecessary and in this case, a pain in the behind. There are a bunch of other article on this topic, but there did not appear to be one detailing this exact scenario, so hopefully this helps someone else from having to spend hours troubleshooting.

Happy computing

My reason for writing at this juncture is the fact that tonight, my single instance of Firefox was boasting an amazing 802MB RAM utilization. Yes folks, that’s 802,000,000 bytes of memory being used by a single browser instance. No, I did not not have a thousand tabs open, and no, I was not loading hundreds of megabytes of images and resources. Simply put, there is an amazingly huge memory leak within Firefox at this time. Granted I have my own fair share of add-ons/plug-ins installed. However, you would think the Firefox core application would know how to manage and restrict such add-ons (if that in deed is the case) from consuming every last resource on my machine. Thank goodness for my 4 gigabytes of DDR RAM.

Anyway, here is what an almost GIG utilization from a browser looks like. Enjoy.

• rel = 0/1 -> value for showing related videos
• color1 = hexadecimal color code -> value for the base color
• color2 = hexadecimal color code -> value for the over color
• border = 0…x -> value for the border width
• autoplay 0/1 -> value for automatically starting the video to play
• eurl = http://www.yourwebsite.com -> I believe this is the referring URL. Please correct me if I’m wrong.
• iurl = Path to the thumbnail image (I believe)

Custom URL parameters for YouTube embedded players

• http://streaming.live.com/
• https://silverlight.live.com/

I have been using WordPress as my blogging platform for a few years now. Before that was a hybrid of PHPBB and custom PHP application I wrote. WordPress works great and has robust features that make blogging a snap for the more technical (such as myself, ehem) and also for the less technical netizens out there. Now, one of these great features is the ability to upload pictures and files (content) through a web interface. What a great concept (this is where the epiphany came in) except if you weren’t planning on listing up the contents of your entire uploads folder to the world. which happens to be the case with some (okay a lot of) default installations of WordPress.

Lets say you “Google” the “Index of” any WordPress uploads folders (/wp-content/uploads). You don’t have to be a rock scientist (yes, that was a joke) to realize the possible implications. Let me give you an idea of the figure as of tonight: 4,143,000 indexes. That’s 4,143,000 WordPress installations that have directory indexes enabled and are completely wide open to crawlers and spiders that can pilfer (argh) their content.

Try it yourself: http://www.google.com/search?q=Index+of+%2Fwp-content

There are plenty of other “Index of” combinations out there:

1. “Index of /admin”
2. “Index of /password”
3. “Index of /mail”
4. “Index of /” +passwd
5. “Index of /” password.txt

Now obviously if someone is using WordPress and uploading content, it’s more than likely related to their blog, and perfectly okay for the world to sneak a peak. However, for those sites that are using WordPress as a corporate platform, with confidential information (don’t ask me why you would want to do this with WordPress…), this is a huge security issue.

Moral of the story, unplug your computer, no one is safe.

Here are a bunch I found in a forum while actually doing a search on _vti (Front Page extensions).

filetype:htpasswd htpasswd
intitle:"Index of" “.htpasswd" -intitle:"dist"
           -apache -htpasswd.c
index.of.private (algo privado)
intitle:index.of master.passwd
inurl:passlist.txt (para encontrar listas de passwords)
intitle:"Index of..etc" passwd
intitle:admin intitle:login
“Incorrect syntax near" (SQL script error)
intitle:"the page cannot be found" inetmgr
intitle:index.of ws_ftp.ini
“Supplied arguments is not a valid PostgreSQL result"
_vti_pvt password intitle:index.of
inurl:backup intitle:index.of inurl:admin
“Index of /backup"
index.of.password
index.of.winnt
inurl:"auth_user_file.txt"
“Index of /admin"
“Index of /password"
“Index of /mail"
“Index of /" +passwd
Index of /" +.htaccess
Index of ftp +.mdb allinurl:/cgi-bin/ +mailto
allintitle: “index of/admin"
allintitle: “index of/root"
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
administrator.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index
inurl:passwd filetype:txt
inurl:admin filetype:db
inurl:iisadmin
inurl:"auth_user_file.txt"
inurl:"wwwroot/*."
allinurl: winnt/system32/ (get cmd.exe)
allinurl:/bash_history
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"Index of" passwd
intitle:"Index of" people.1st
intitle:"Index of" pwd.db
intitle:"Index of" etc/shadow
intitle:"Index of" spwd
intitle:"Index of" master.passwd
intitle:"Index of" htpasswd
intitle:"Index of" members OR accounts
intitle:"Index of" user_carts OR user _cart

1. Create a blank Flash movie (somewhere near the dimensions of the source video)
2. File | Import | Import to library…
3. Select Windows | Library OR CTRL + L for those key-jockeys out there
4. Select the imported movie from the library
5. Right-click | Properties
6. In the Embedded Video Properties dialog box, click Export.
7. Save the movie for later use

Now, what if we want to be able to download an FLV movie from somewhere on the web. Lately I have been researching ways to leverage various online social media provider’s technologies (and uhm, assets.) In doing so, I rely heavily on Fiddler, an HTTP debugging proxy which logs all HTTP traffic between your computer and the Internet (that is all IE traffic.) By listening to the HTTP requests being sent from any embedded Flash application from your local computer, FLV assets from YouTube, Brightcove and others are easily retrievable. Although there are freely available plug-ins for Firefox and Internet Explorer that occasionally work, oftentimes it becomes necessary to dig in and get your hands dirty. Let’s dirty up…

1. Download, install and run Fiddler 2 (you’ll need the latest version of .NET 2.0)
2. Disable capture (F12)
3. Launch IE (any recent flavor will due)
4. Open up YouTube.com, Brightcove.tv or any media outlet that offers streaming video via Flash
5. Return to Fiddler and click F12 to begin capture (this is important or you will miss the capture part of this mini-tutorial)
6. Now, browse to a page that has the video you wish to “archive” and allow it to load and begin playing (I have found that sometimes Fiddler or the site will hang, you may need to start capture a few times to get the page to load up.)
7. Return to Fiddler and click F12 again (we have captured all we need)

You should have a list of links that Fiddler has so graciously tracked for us. Now time to locate the actual session that contains the source movie.

1. Click CTRL + F (find) and type video/flv in the text box
2. Search | Requests and Headers
3. Examine | Headers and Body
4. Click Find Sessions

Here is the original article on hacking the iPhone on FastCompany.com.