Outlook

Just to keep you updated.

I have just finished the work for the next Update of NetworkToolbox.

Besides some bug fixes (sorry for the bugs in the current version) and many other improvements, the new version contains two nice features.

First, I will introduce PKI (Private-Key-Infrastructure) features with the next version. This includes possibilities and explanations on how to generate encrypted Public and Private keys and to use them as a replacement for login username and passwords for a more secure SSH or SFTP access. I have also added a PKI Key manager which can be used to generate, import and store keys which can be used from inside the SSH or SFTP tools.

Second, I added an interesting feature that shows all current connections to and from your device. This is quite useful if you want to identify other Apps on your device which calls home or opens hidden advertisements to make money. Such connections will be displayed in the new tool.

Normally and as already mentioned in other blog posts, I use a network sniffer on my Linux computer to find undesired network connections from Apps that are installed on my device. This was quite time consuming and complicated.

By the new connections tool of NetworkToolbox, I was already able to identify a couple of new bad connections within a few seconds. It was even helpful that I was able to combine this with other built-in tools such as the certificate tool which helped me to quickly identify each connection as either normal (like Apple or mail connections) or undesirable sites like appsflyer.com or pushwoosh.com which ended up quickly on my firewall.

Just two examples of what is coming next.

I can’t wait to release this update to you.

So please stay tuned and … don’t trust the evil!

Regards,

Marcus


You better remove PHP FileManager

If you are running a website and are using PHP FileManager you can be quite certain that your webserver has been compromised. The reason is, PHP FileManager, sold from Revivedwire, has a backdoor since 2010 along with several other critical security vulnerabilities. Revivedwire has been informed long time ago but since recently still sold PHP FileManager along with the Backdoor and vulnerabilities. Can that be right?

I said “quite certain” because PHP FileManager installations can easily be found using Google (you even don’t need Morpheus or Shodan). As already disclosed,the backdoor username is simply ****__DO_NOT_REMOVE_THIS_ENTRY__**** and the md5 hash for this username is da26c70fc120d803e24bff0c5e5f6bdd. A quick Google search for this hash reveals that the equivalent password for this hash is travan44 .

Using these credentials, additional users can be created with full admin rights, files can be uploaded and executed remotely so one can not only download sensitive files but also get full access to a webserver within seconds.

There are ways to remove this backdoor from an existing installation but because PHP FileManager contains so many additional critical and easy to use security vulnerabilities, the only recommendation I can give is to completely get rid of it.

Don’t trust the evil!

Regards,

Marcus

P.S. I am already working on the next version so stay tuned.