Slashdot Mirror

Now you've got me wondering, if http://127.0.0.1/ was given a PageRank score, what would it be?

You are right!

I clicked on the link and it redirected me to http://127.0.0.1/apache2-default/ and the page confirms that it works!

Is your Windows Update not infected yet? Click here to infect it!

And see what their reaction is.

>> then add frontends to it (CLI, GNOME/GTK, KDE/Qt).

> You missed the obvious one tho, HTTP. We already
> know that Google can write HTML and webservers,
> so why not write a daemon that can serve up
> searches via http://127.0.0.1/google/ ?

Yeah of course they could do that - write a daemon that indexes stuff and allows do queries via web or XMLRPC. I bet Google would have no problem with writing server application for Linux - they have it done already (their appliances are running something like that).

Then just document the query language used to query via XMLRPC. Build GNOME and KDE clients (that would be very simple apps I bet it could be done in a week by decent team) and release them under GPL (they are just clients) and wait for other clients to show up.

I don't see any problem with that - all they need to package is the server and the client (but the client could be packaged by community since it is GPLed). And the parent post said something that Linux is good server OS? :) See my reasoning?

> then add frontends to it (CLI, GNOME/GTK, KDE/Qt).

You missed the obvious one tho, HTTP. We already
know that Google can write HTML and webservers,
so why not write a daemon that can serve up
searches via http://127.0.0.1/google/ ?

>> ...and we see why Linux is a great server
>> platform, but a lousy desktop platform
>> because it's not standardized in the same way.

> Same ol' trolling...

ditto.

http://127.0.0.1/downloads/trojans/src/

Alternately if that site is down, just type "sudo rm -rf /" and enter your root password. That starts the obfuscated "do smurf" program (which should be obvious from the letters in that command) that installs the trojan repository on your machine.

http://en.wikipedia.org/wiki/Semantic_Quibbling_Ab out_Debate_Terms_to_Avoid_Having_to_Justify_Basele ss_Claims

Sorry, but this ain't some kind of highschool debate contest where you can "win" on argument technicalities while making objectively false points.

You are wrong
____
Check out my site for free ring tones!

If you look more closely on all the contents of http://127.0.0.1/ you will notice that all the stuff there can be somehow linked to you.

The Phishers actually use a hacked webserver page which may even actually processes data using servers resources and the ordinary consumer education or alerting systems can't function right.

For example Yahoo webmail will alert you if you click http://127.0.0.1/updatecc.htm or everyone learned not to click such "numeric" addresses.

There are some phish mails I reported to Spamcop.net with "hacked server actually collects data!" in CAPS (hoping to get attention of admin) which were hosted on legit websites. I shouldn't provide example for obvious reasons but I can say there are 3-4 ones I reported so far.

Checking one of my reports from Spamcop history, one belongs to some scientific organisation of some little country (not USA). I don't think any security solution would have that site in their database as "hostile site".

> There are several reasons why by itself won't work...

Of course, IANAEDDM, and a slashbox is not enough space to fully explain good development practices.

> ...Q's regarding configuration options...

Or run debian in "no questions, defaults only" mode, or FAI or debconf answers, etc.

> ... configuration files for all the packages is perfect for the appliance.

Hrm... Appliance... Toaster... All the same... Toaster configurations... Probably not an insurmountable problem.

> an appliance like this needs to last a long time in the field. One of the problems with Debian is that policy demands they only support the OS until a new stable is declared. This may mean a need to do full upgrades on live or semi-live boxes...

One- have you *seen* Debian's release cycle? :^)

Two- have you ever *run* apt-get update ; apt-get upgrade? Even if the "remote repository" is http://127.0.0.1/debs-copied-locally-for-updates/* .deb and the "firmware update command" is: scp newfirmware.deb device.my.net:/var/local-archive/debs-copied-local ly-for-updates/

'nuff said, no harm intended. Fun discussion and fun to think about.

--Robert

Considering how little the average internet user even pays attention to SSL, one could very easily imitate a bank, ebay, paypal, etc...

And since you can be at the mercy of the open WAP users own DNS server, instead of being tricked by a bogus:

http://127.0.0.1/www.ebay.com/

or:

http://www.ebay.com.bogusserver.com.ru/

You'll see:

http://www.ebay.com/

and possibly be even less likely to notice it as being bogus.

Well that's the last time I do all my plaintext internet banking through some strangers open WAP!

Where's the link for the porn streamed from Europe?

http://127.0.0.1/

Well it is for me at home. Doesn't work in the office for some reason.

Extract from the Vista manual on security:

"Please grant all your website visitors access to the server room.
Point Internet Explorer to the following address: http://127.0.0.1/ .
Microsoft can not be held responsible for security breaches by physical access to the server."

Hi Bret, could you pass this to the Google Desktop team please?

I recently received a Dell laptop, WinXP SP2. It came pre-loaded with Google desktop. I did NOT enable Google desktop. I also patched WinXP from the MS update site.

I do a lot of Java/JSP development, using Java 1.5, Eclipse, MyEclipse, and Tomcat. All this resides on the laptop and browser access is via the 127.0.0.1 loopback. I am on an Intranet which had no access to the Internet.

1.
I was getting random "Page not found" errors. I could not find a pattern to the errors. The same page would work 10 times, would fail twice, then would work again. When it failed I saw that a Google search was being performed on the http://127.0.0.1/ address.

I went through every browser option I could find to turn off ALL automated searches for web links. Still had the problems. I d/l and installed a special patch which was supposed to fix a loop-back problem in the WinXP firewall. Still had the problems.

2. When I am doing testing I do a lot of back and forthing between pages. This is usually between the LIST page and the EDIT page. The LIST page displays a bunch of rows. You click on the Edit button, and that row is loaded into the EDIT page. Clicking on Save saves the info to the database, and takes you back to the LIST page.

I noticed that after the EDIT page was loaded, a phantom call to the LIST servlet was being made. This was not in any part of the code and was not an action I initiated. Trying out the LIST/EDIT cycle from another machine (Win2K) did not cause this to happen.

Note that I try REALLY hard to turn off all browser caching through every header directive I could locate.

The Fix.

After a frustrating week, and since the loopback failure was using Google, I tried to remove Google Desktop. I used the Uninstall file. The un-install stated that it completed successfully, BUT what i really did was to turn it on. I now had an extra box in IE for Google Desktop!

Ok, I rooted through the registry and removed anything to do with Google. I deleted all the Google EXEs/ DLLs I could find.

Once this was done, the loopback error disappeared AND the phantom call to the LIST servlet went away. This was over three months ago.

I can only surmise that Google was intercepting page calls and:
- every so often it would "fail" the loopback and try to find it on the Internet
- in spite of all the no-cache directives, it noticed the pattern of LIST/ EDIT/ LIST/ EDIT, and "helpfully" tried to pre-fetch the LIST page

Just some thoughts.....

Two things:

1. Holy nuts man... that website makes me wish my eyes were on fire... yowsers

2. It's tough to pull up a page at http://127.0.0.1/Alex/Web/primer/content/resume.ht ml (linked from http://www.mcdiarmid.net/primer/index.html )

Functionality may be limited.

Um, I hate to be obvious, but did you sign in????

According to This article, using bogus URL's to trick people is still the most effective social engineering trick in the book. Of course, that may not apply to those in the Slashdot community :p

ok, here it is 127.0.0.1, have at it!

Add the following four lines to your http.conf file then stop and restart the web server

RewriteEngine on
RewriteCond %{QUERY_STRING} ^.*\).*|.*%29.*$
RewriteRule ^.*$ http://127.0.0.1/denied.htm?attempted-attack
RewriteRule ^.*\).*|.*%29.*$ http://127.0.0.1/denied.htm?attempted-attack

Add the following four lines to your http.conf file then stop and restart the web server

RewriteEngine on
RewriteCond %{QUERY_STRING} ^.*\).*|.*%29.*$
RewriteRule ^.*$ http://127.0.0.1/denied.htm?attempted-attack
RewriteRule ^.*\).*|.*%29.*$ http://127.0.0.1/denied.htm?attempted-attack

There's a critical flaw in the Oracle PLSQL Gateway, a component of iAS, OAS
and the Oracle HTTP Server, that allows attackers to bypass the
PLSQLExclusion list and gain access to "excluded" packages and procedures.
This can be exploited by an attacker to gain full DBA control of the backend
database server through the web server.

This flaw was reported to Oracle on the 26th of October 2005. On November
the 7th NGS alerted NISCC (http://www.niscc.gov.uk/ to the problem. It was
hoped that due to the severity of the problem that Oracle would release a
fix or a workaround for this in the January 2006 Critical Patch Update. They
failed to do so.

The workaround is trivial; using mod_rewrite, which is compiled into
Oracle's Apache distribution it is possible to stop the attack. The
workaround checks a user's web request for the presence of a right facing
bracket, ')'.

Add the following four lines to your http.conf file then stop and restart
the web server

RewriteEngine on
RewriteCond %{QUERY_STRING} ^.*\).*|.*%29.*$
RewriteRule ^.*$ http://127.0.0.1/denied.htm?attempted-attack
RewriteRule ^.*\).*|.*%29.*$ http://127.0.0.1/denied.htm?attempted-attack

I don't think leaving their customers vulnerable for another 3 months (or
perhaps even longer) until the next CPU is reasonable especially when this
bug is so easy to fix and easy to workaround. Again, I urge all Oracle
customers to get on the 'phone to Oracle and demand the respect you paid
for.

Cheers,
David Litchfield

There's a critical flaw in the Oracle PLSQL Gateway, a component of iAS, OAS
and the Oracle HTTP Server, that allows attackers to bypass the
PLSQLExclusion list and gain access to "excluded" packages and procedures.
This can be exploited by an attacker to gain full DBA control of the backend
database server through the web server.

This flaw was reported to Oracle on the 26th of October 2005. On November
the 7th NGS alerted NISCC (http://www.niscc.gov.uk/ to the problem. It was
hoped that due to the severity of the problem that Oracle would release a
fix or a workaround for this in the January 2006 Critical Patch Update. They
failed to do so.

The workaround is trivial; using mod_rewrite, which is compiled into
Oracle's Apache distribution it is possible to stop the attack. The
workaround checks a user's web request for the presence of a right facing
bracket, ')'.

Add the following four lines to your http.conf file then stop and restart
the web server

RewriteEngine on
RewriteCond %{QUERY_STRING} ^.*\).*|.*%29.*$
RewriteRule ^.*$ http://127.0.0.1/denied.htm?attempted-attack
RewriteRule ^.*\).*|.*%29.*$ http://127.0.0.1/denied.htm?attempted-attack

I don't think leaving their customers vulnerable for another 3 months (or
perhaps even longer) until the next CPU is reasonable especially when this
bug is so easy to fix and easy to workaround. Again, I urge all Oracle
customers to get on the 'phone to Oracle and demand the respect you paid
for.

Cheers,
David Litchfield

I didn't see a detail of the exploit, but I did see a detail workaround:

The workaround is trivial; using mod_rewrite, which is compiled into
Oracle's Apache distribution it is possible to stop the attack. The
workaround checks a user's web request for the presence of a right facing
bracket, ')'.

Add the following four lines to your http.conf file then stop and restart
the web server

RewriteEngine on
RewriteCond %{QUERY_STRING} ^.*\).*|.*%29.*$
RewriteRule ^.*$ http://127.0.0.1/denied.htm?attempted-attack
RewriteRule ^.*\).*|.*%29.*$ http://127.0.0.1/denied.htm?attempted-attack

I didn't see a detail of the exploit, but I did see a detail workaround:

The workaround is trivial; using mod_rewrite, which is compiled into
Oracle's Apache distribution it is possible to stop the attack. The
workaround checks a user's web request for the presence of a right facing
bracket, ')'.

Add the following four lines to your http.conf file then stop and restart
the web server

RewriteEngine on
RewriteCond %{QUERY_STRING} ^.*\).*|.*%29.*$
RewriteRule ^.*$ http://127.0.0.1/denied.htm?attempted-attack
RewriteRule ^.*\).*|.*%29.*$ http://127.0.0.1/denied.htm?attempted-attack

The workaround is trivial; using mod_rewrite, which is compiled into
Oracle's Apache distribution it is possible to stop the attack. The
workaround checks a user's web request for the presence of a right facing
bracket, ')'.

Add the following four lines to your http.conf file then stop and restart
the web server

RewriteEngine on
RewriteCond %{QUERY_STRING} ^.*\).*|.*%29.*$
RewriteRule ^.*$ http://127.0.0.1/denied.htm?attempted-attack
RewriteRule ^.*\).*|.*%29.*$ http://127.0.0.1/denied.htm?attempted-attack

The workaround is trivial; using mod_rewrite, which is compiled into
Oracle's Apache distribution it is possible to stop the attack. The
workaround checks a user's web request for the presence of a right facing
bracket, ')'.

Add the following four lines to your http.conf file then stop and restart
the web server

RewriteEngine on
RewriteCond %{QUERY_STRING} ^.*\).*|.*%29.*$
RewriteRule ^.*$ http://127.0.0.1/denied.htm?attempted-attack
RewriteRule ^.*\).*|.*%29.*$ http://127.0.0.1/denied.htm?attempted-attack

The workaround is trivial; using mod_rewrite, which is compiled into
Oracle's Apache distribution it is possible to stop the attack. The
workaround checks a user's web request for the presence of a right facing
bracket, ')'.

Add the following four lines to your http.conf file then stop and restart
the web server

RewriteEngine on
RewriteCond %{QUERY_STRING} ^.*\).*|.*%29.*$
RewriteRule ^.*$ http://127.0.0.1/denied.htm?attempted-attack
RewriteRule ^.*\).*|.*%29.*$ http://127.0.0.1/denied.htm?attempted-attack

The workaround is trivial; using mod_rewrite, which is compiled into
Oracle's Apache distribution it is possible to stop the attack. The
workaround checks a user's web request for the presence of a right facing
bracket, ')'.

Add the following four lines to your http.conf file then stop and restart
the web server

RewriteEngine on
RewriteCond %{QUERY_STRING} ^.*\).*|.*%29.*$
RewriteRule ^.*$ http://127.0.0.1/denied.htm?attempted-attack
RewriteRule ^.*\).*|.*%29.*$ http://127.0.0.1/denied.htm?attempted-attack

Opps, use this link: http://127.0.0.1/heeeraldo-is-a-leech--mod-him-dow n

like the FBI has never killed anyone whom they were snooping on?

Do you really want your teenagers first impression of sex to be some woman with six inch long nails taking it up two orifices while screaming "CUM INSIDE OF ME!!!"?

Lnk plz

http://127.0.0.1/

Here's a mirror: http://127.0.0.1/

Ok, how is this?
My site

I'll tell you what, anyone wants some practice exploiting the hole, here's the IP address of a vulnerable machine to practice on: http://127.0.0.1/

I'll tell you what, anyone wants some practice exploiting the hole, here's the IP address of a vulnerable machine to practice on: http://127.0.0.1/

Knock yourselves out :-)

>>If there will be nothing interesting there, http://127.0.0.1/ will do the job...
>
> go there but all I find is a webcam of some ugly guy jacking off to his computer screen.

That's even scarier when you consider what it is he's jacking off to...

I set up a 386 to mirror the 22 gigs of data with my 56k modem connection right here. Not too many at once, please

>>If there will be nothing interesting there, http://127.0.0.1/ will do the job...

  go there but all I find is a webcam of some ugly guy jacking off to his computer screen.

Who cares about DNS and ICANN? Real men use IP address directly.
Now I am going to try http://69.69.69.69/. If there will be nothing interesting there, http://127.0.0.1/ will do the job...

Yeah, but it's not that good. If you're interested in trying it out, you can download it here.

I personally find pro sports to be completely retarded.

A sport can't be retarded. Only the people who play.

I say this as a former jock.

Oops!

Oh well, bet you think you're a smart former-jock because you know how to use the Interweb as well, huh?

Well, I bet you can't hack my computer; it's at this address. Break into that, erase the hard drive, then we'll discuss how clever you are.

Not many people awake yet to read this?

Maybe their locked workstations have been compromised!

Uh wait a second, why am I getting popups for warez at http://127.0.0.1/?

Please don't download any of the MP3 files you find there.

Note to Newbies, On the whole don't trust any mirror you find on slashdot that's not somebody like Mirrordot, Google, or the like. You may find yourself at goatse . cx

>What about IP-based URLs?
>(http://127.0.0.1/ is FULL of pornography!)

Dude, the site must be slashdotted! I keep clicking the link and all I get is ``connection refused". Anyone post a cache?

What a poor site:
http://127.0.0.1/

I have see it all before.

Lots of material though.

What about IP-based URLs?

(http://127.0.0.1/ is FULL of pornography!)

OMG! You're right... NICE FIND!!!

Personally, I'd like to see a law that makes it illegal for adult context to appear on a URL unless is has a special extension, something like ".xxx". Then it'd be easy for concerned parents (and wives!) to configure the browser to block anything from that extension.

What about IP-based URLs?

(http://127.0.0.1/ is FULL of pornography!)