Technology Insights

Using an Adobe Exploit in a Email Attack

This attack takes advantage of a vulnerability in Adobe Reader and Acrobat. The official release is here. Adobe has been informed of this vulnerability for well over a month now and has issued a statement that it will release a fix on January 14th. It is a scary thought that this exploit will be live and in the wild for almost 2 months before Adobe decides to fix it.  I am making this post in order to make people aware of how such a attack can take place and how easy it is to implement.

Technology Insights

Getting Started with Meterpreter

I have recently had a lot of questions on how to effectively use the Meterpreter agent contained in the Metasploit framework. I am by no means a expert at it however I have a pretty good working knowledge of it use. I will try to give a little insight into its use. If you have a more advanced or specific question concerning Meterpreter please feel free to post in the question section and I or someone else will be more than happy to try to answer your question.

Technology Insights

Configure Logrotate To Rotate And Flush MySQL Logs Without A Password

If you have the resources (CPU + RAM) available on your server then its can be a great troubleshooting tool if you enable MySQL logging which includes server messages, SQL query logs, and slow query logs. If you do not have the resources I would suggest only enable minimal logging such as only server messages and the slow query log since enabling all queries to be written to a file can become expensive rather quickly. Below I discuss enabling three different types of MySQL logging, adding a MySQL configuration file to logrotate, and configuring root to run mysqladmin commands without having to type the password out each time.

Technology Insights

Backing up Subversion Repositories using hot-backup.py

Since I have started managing the Backtrack Projects new subversion server I have started to learn some interesting lessons in backup which I didn’t do before. As with most things, once I learn my lesson, I like to make a quick post on the solution so others can learn from my errors. So I was backing up the Berkly database it self for my svn projects but it turns out subversion actually includes a python script for hot back ups.