Where's The Beef?
news /

This sites is DEAD!

Hello new RSS subscribers!
I know we got dugg the other day but I just thought I'd let you all know that (apart from this post) this site is never going to be updated again. It's very nice of you all to suddenly start visiting and stuff but nothing new is going to be here. So you can stop subscribing and stuff. Thanks!

PS: If you really must have a website of mine to check regularly then you can try o.thisdomainwasfree.com or for you RSS hungry people you can try blog.thisdomainwasfree.com
arse - March 14, 2006, 2:56 pm GMT - link

Wheresthebeef.co.uk => Old.Wheresthebeef.co.uk

Goodbye Internet!
Well, I'm tired of this domain name and I don't like the site all that much so I'm off. I've moved the site and all the sites hosted here to my DREAMHOST ACCOUNT (Yes, Use Dreamhost, they're .. great). old.wheresthebeef.co.uk will be have all the content that wheresthebeef.co.uk had.

Bye!
I will probably making another site, maybe here. But you don't really care.
arse - September 30, 2005, 5:51 pm GMT - link

Freecast makes a return

Scarface has demanded I update this thing, so I am doing.
Well, that's my excuse for the shameless pimping that I'm about to do..

So, Hello Internet, I want to tell you about a project called Freecast that The_Defiance and I have started up again. Freecast is essentially a Free Shoutcasting Service, but because giving everyone a Free Shoutcast Server would be incredibly costly and probably end up in a lot of unused Shoutcast goodness, we have one server. We carve up each day in to one hour slots that anyone can book if they have enough credits, credits are given out freely and we're happy for pretty much anything to be broadcast.
If you used Freecast a year ago you'll be pleased to know it has been completely rewritten, we've thought it through and taken our time instead of firing out a load of code in under a week. It looks like it's going to be quite a bit better (or at least more stable) than the original.
At the moment we're looking for beta testers, we have had quite a few applicants which we're going to begin letting in soon, but the more we get the better the finished product is going to be.
So if you want to help, please visit Freecast.co.uk and apply!
Also, if you're feeling sociable feel free to register on the Freecast Forums or come talk to us on IRC.
arse - September 15, 2005, 4:05 pm GMT - link

Google, IRC, What the..

I visit a small IRC channel on a private server. We have a copy of CGI:IRC running on a website so members without IRC clients can easily connect through their browser. This runs on a public website. Today the strangest thing happened, Google started using it.
[14:24] * Nall913540823663619 (42f94207@flap-3B7FF0E0.omj.us) has joined #******
[14:24] * Nall565917657602212 (42f94207@flap-3B7FF0E0.omj.us) has joined #******
This is the default username that CGI:IRC users get, interested I used the command 'USERINFO' to find out who they were:
[14:29] [Nall565917657602212 USERINFO reply]: IP: 66.249.66.7 - Proxy: - Forward IP: none - User Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) - Host: www.wheresthebeef.co.uk
What the hell! Googlebot appears to be connecting to our IRC channel through CGI:IRC. O.K. a bit odd, but that would just be the result of Google submitting the CGI:IRC form. Then it got weirder. Google kept joining the channel but with member's names!
[14:30] * Bizznatch (42f94207@flap-3B7FF0E0.omj.us) has joined #******
[14:30] * Kookee_stillhatenomirc (42f94207@flap-3B7FF0E0.omj.us) has joined #******
[14:43] * ryan (42f94207@flap-3B7FF0E0.omj.us) has joined #******
And then to top it off, a user who's never visited before:
[14:46] * shygrrrl16 (42f94207@flap-3B7FF0E0.omj.us) has joined #******

What the hell.
arse - August 21, 2005, 2:38 pm GMT - link

Citibank reply!

A while ago I posted here about an XSS vulnerability on an SSL website at citibank.co.uk, detailed here. I had e-mailed citibank but received no response, normally I just forget about it but as this was a bank I decided to post about the vulnerability on Full-Disclosure, a few days later I receive a response from a Citibank employee apologizing and explaining that appropriate action will be taken soon, etc. etc.
Hurrah! Still, why an online banking website doesn't have an urgent (easy to locate) e-mail address for matters relating to security is beyond me..
arse - August 20, 2005, 11:18 am GMT - link

0 Dear an 0 day!

hur hur hur
K-otik (or FrSIRT as they're calling themselves) have just published someone's exploit to a serious and UNPATCHED Internet Explorer vulnerability: http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php
arse - August 17, 2005, 11:58 am GMT - link

Phishing possibilities at Barclays.co.uk

http://www.personal.barclays.co.uk/BRC1/jsp/brcucontrol?site=pfs&task=internal&value=http://www.antiphishing.org/
If you click that link you will be directed to "antiphishing.org", if you hover your mouse over that link you will see clearly the domain "www.persoanl.barclays.co.uk". Looks legit? That's because it is. Barclays decided it would be a good idea to have a script that can redirect to any website you want. This is bad. Why? Because of Phishing. Phishers could use this to redirect to their phishing site, a quick hover over the url to check for legitimacy would show the Barclay's URL. Barclays have been informed and probably won't give a damn until one of their customers looses thousands of pounds as a result of this stupidity.
arse - August 13, 2005, 3:44 pm GMT - link

It Begins!

A long time ago I put this on the internet and had it published in 2600 magazine. Well, looks like those e-mail harvesting spammers are slowly getting their act together. Reading my AWStats Stats I noticed this refferal from Google: http://www.google.com/search?q=document.write+href%3amailto. Oh my. Whilst this guy was actually using Internet Explorer its probable that he was testing or looking for it. And look at all those results! Unfortunately (for them) that links to alot of sites like this one, that only explain this spam harvester thwarting technique. Perhaps this would be a better query..
arse - August 11, 2005, 7:51 pm GMT - link

DON'T YOU UNDERSTAND MICROSOFT?

YOU'RE LETTING THE TERRORISTS WIN
arse - August 6, 2005, 12:55 pm GMT - link

Vista (Monad) Viruses

Everyone is getting very excited about these "Vista Viruses". First, they're actually Monad Viruses. Second, what?
With help of some friendly chap who will probably want to rename nameless I found the "viruses" and put them here: vista-monad-virus-scripts.txt.
To elaborate on my "what" comment, these "viruses" are just scripts. Click the above link, they're not dangerous, they're just bits of code that use the Monad shell to do-bad-things. As a result of this text file, Microsoft have removed Monad from their new operating system Longhorn/Vista/etc. This is stupid for many reasons, here are two.
  • First off, these example scripts don't exploit a vulnerability in Monad or anything like that. They don't allow access to the admin shell or get past any of the operating systems restrictions. They simply use Monad. No, not for good things, but it's a shell. If it's vaguely powerful people are going to do bad things with it. You can't stop this. What you can do is make sure no-one gets the chance to run these nasty scripts. How do you do this? Secure the operating system! Educate your users! These scripts or only going to be executed through one of two ways, either the system is going to be compromised and some nasty cracker/worm/etc. is going to use these scripts to do something evil or the user of the operating system is going to be stupid enough to run one of the things. So do your best to stop the system from being compromised and make sure your users don't go executing every .msh file that comes there way.
  • Second, this doesn't add anything extra to the virus writers repertoire. There's nothing evil he or she can do with Monad that he or she can't do with C or VBScript or whatever they're using these days. Removing Monad isn't going to make less bad things happen, it just means bad things are going to happen through different means and languages.
Basically Monad does not present a serious vulnerability in Windows. Nor does it allow Virus authors to do anything they wouldn't normally be able to do.
arse - August 6, 2005, 9:21 am GMT - link


 Contents Hosted Sites Links Contact News Buttons
  • America is not the world

Creative Commons License
This work is licensed under a Creative Commons License.