Can't subscribe to "Krebs on security" feed

Support requests, bug reports, etc. go here. Dedicated servers / VDS hosting only
User avatar
HeikoAdams
Bear Rating Master
Bear Rating Master
Posts: 101
Joined: 19 Mar 2013, 00:17

Can't subscribe to "Krebs on security" feed

Postby HeikoAdams » 23 Sep 2015, 13:15

Today I wanted to subscribe to the "Krebs on security" Feed (http://krebsonsecurity.com/feed/) but ttrss seems to have problems with that feed. Manually refreshing the feed seems to go to an infinite loop until a red notification says that there were problems communicating with the server and fD causes an error 500 on my server.

darknite323
Bear Rating Trainee
Bear Rating Trainee
Posts: 40
Joined: 30 Oct 2013, 15:46

Re: Can't subscribe to "Krebs on security" feed

Postby darknite323 » 23 Sep 2015, 13:59

Tested it on my install, that feed is not happy :(

It took multiple tries to get the feed to add, it kept timing out, and I can't get it to actually update.
Feed Debugger shows:

Code: Select all

[10:53:47] start
[10:53:47] local cache will not be used for this feed
[10:53:47] fetching [http://krebsonsecurity.com/feed/]...
[10:53:47] If-Modified-Since: Thu, 01 Jan 1970 00:00:00 GMT
[10:54:02] fetch done.
[10:54:02] unable to fetch: 28 Operation timed out after 15008 milliseconds with 5074 bytes received []


Their site also doesn't load properly, usually loads the text but stalls loading images and videos and never finishes.

Doesn't look like a TTRSS issue IMHO.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Can't subscribe to "Krebs on security" feed

Postby fox » 23 Sep 2015, 14:21

stickied thread

e: works just fine here

rknobbe-other
Bear Rating Trainee
Bear Rating Trainee
Posts: 13
Joined: 11 Jun 2015, 22:37

Re: Can't subscribe to "Krebs on security" feed

Postby rknobbe-other » 23 Sep 2015, 16:13

Works fine here too

martywd
Bear Rating Trainee
Bear Rating Trainee
Posts: 26
Joined: 04 Feb 2013, 20:47
Location: Texas

Re: Can't subscribe to "Krebs on security" feed

Postby martywd » 23 Sep 2015, 16:45

HeikoAdams wrote:Today I wanted to subscribe to the "Krebs on security" Feed (http://krebsonsecurity.com/feed/) but ttrss seems to have problems with that feed. ...

I can subscribe and get content. But when I log in to ttrss in the browser as 'admin' and go to Preferences | System... I'm seeing errors like the following in the log:

Code: Select all

E_USER_ERROR (256)

classes/db/pgsql.php:46

Query INSERT INTO ttrss_entries (title, guid, link, updated, content, content_hash, no_orig_date, date_updated, date_entered, comments, num_comments, plugin_data, lang, author) VALUES ('More ATM “Insert Skimmer” Innovations', 'SHA1:c70a4cbb514a47c45cd8f5722739f49f379a772c', 'http://krebsonsecurity.com/2015/09/more-atm-insert-skimmer-innovations/', '2015/09/03 21:15:25', '<p>Most of us know to keep our guard up when withdrawing cash from an ATM and to look for any signs that the machine may have been tampered with. But ATM fraud experts say they continue to see criminal innovations with “insert skimmers,” wafer-thin data theft devices that fit inside the ATM’s card acceptance slot and do not alter the outward appearance of a compromised cash machine.</p> <p>The insert skimmer pictured below was recently pulled from an ATM in Europe. According to a report by the <strong>European ATM Security Team</strong> (EAST), this type of device is inserted through the card reader throat and then sits inside the card reader capturing the data of cards that are subsequently inserted.</p> <div id="attachment_31697" style="width: 590px" class="wp-caption aligncenter"><a class="lightbox" href="http://krebsonsecurity.com/wp-content/uploads/2015/07/insertskimmer7-15.png"><img class="size-medium wp-image-31697" src="http://krebsonsecurity.com/wp-content/uploads/2015/07/insertskimmer7-15-580x430.png" alt="An insert skimmer." width="580" height="430" /></a><p class="wp-caption-text">An insert skimmer. Image: EAST.</p></div> <p>Of course, an insert skimmer alone isn’t going to capture your PIN. For that, thieves typically rely on cleverly hidden tiny cameras. Often, the spy camera is tucked inside a false panel above or directly beside the PIN pad. But as I’ve noted in stories about skimming attacks that never touch the ATM (such as <a href="https://krebsonsecurity.com/2015/03/door-skimmer-hidden-camera-profit/" target="_blank">vestibule door skimmers</a>), crooks often get very creative, hiding cameras behind things like convex mirrors — or even phony fire alarms.</p> <p>The image below was captured last year by a U.S.-based bank’s own ATM security camera. It shows a skimmer scammer getting ready to install a tiny camera hidden inside of a fake fire alarm.</p> <div id="attachment_32209" style="width: 590px" class="wp-caption aligncenter"><a class="lightbox" href="http://krebsonsecurity.com/wp-content/uploads/2015/09/firealarmcam.png"><img class="size-medium wp-image-32209" src="http://krebsonsecurity.com/wp-content/uploads/2015/09/firealarmcam-580x435.png" alt="Hidden cameras made to work in tandem with skimming devices don''t have to be hidden on the compromised ATM." width="580" height="435" /></a><p class="wp-caption-text">Hidden cameras made to work in tandem with skimming devices need not be hidden on the compromised ATM itself.</p></div> <p><span id="more-31694"></span>Broken record alert: Consumers can foil the vast majority of skimming attacks merely by covering the PIN pad with their hand when entering their PIN: That way, even if the thieves somehow skim your card, there is less chance that they will be able to snag your PIN as well. You’d be amazed at <a title="http://krebsonsecurity.com/2012/09/a-handy-way-to-foil-atm-skimmer-scams/" href="http://krebsonsecurity.com/2012/09/a-handy-way-to-foil-atm-skimmer-scams/" target="_blank">how many people fail to take this basic precaution</a>. Yes, there is still a chance that thieves could use <a href="http://krebsonsecurity.com/wp-content/uploads/2010/08/skimgallery1.jpg" target="_blank">a PIN-pad overlay device</a> to capture your PIN, but in my experience these are far less common than hidden cameras (and quite a bit more costly for thieves who aren’t making their own skimmers).</p> <p>I also wanted to share an update on a relatively new form of skimming that I <a href="http://krebsonsecurity.com/2014/11/skimmer-innovation-wiretapping-atms/" target="_blank">first wrote about in November 2014</a> known as “ATM wiretapping” attacks.  These schemes involve a so-called “wiretapping” device that is inserted through a tiny hole cut in the cash machine’s front. The hole is covered up by a fake decal, and the thieves then use custom-made equipment to attach the device to ATM’s internal card reader.</p> <div id="attachment_31696" style="width: 349px" class="wp-caption aligncenter"><a class="lightbox" href="http://krebsonsecurity.com/wp-content/uploads/2015/07/holecut.png"><img class="size-full wp-image-31696" src="http://krebsonsecurity.com/wp-content/uploads/2015/07/holecut.png" alt="Thieves cut a hole on vertical face of the ATM perpendicular to the cash machine''s screen. Source: EAST." width="339" height="461" /></a><p class="wp-caption-text">ATM wiretapping thieves cut a hole in vertical face of the ATM to the left of the card reader facing the screen. Source: EAST.</p></div> <p>According to EAST, six countries reported ATM wiretapping attacks. “Typically such devices have been installed through holes drilled (or melted) below or to the right of the card reader entry throat,” EAST notes. We can see the hole drilled by the thieves in the attack on the ATM pictured above, which was covered up by the phony decal shown here removed and resting to the right of the PIN pad:</p> <p>Finally, EAST’s report has an update on another type of ATM attack that is alarmingly more common these days: Those in which crooks use gas or solid explosives to blow cash machines to smithereens. Banks in at least 11 countries reported attacks on ATMs involving explosive gas, according to EAST’s latest report in July.</p> <div id="attachment_32210" style="width: 310px" class="wp-caption alignright"><a class="lightbox" href="http://krebsonsecurity.com/wp-content/uploads/2015/09/boomatm.png"><img class=" wp-image-32210" src="http://krebsonsecurity.com/wp-content/uploads/2015/09/boomatm.png" alt="Some ATM makers are blowing up their own cash machines to figure out how to make them more resistant to explosive attacks. " width="300" height="248" /></a><p class="wp-caption-text">Some ATM makers are blowing up their own cash machines to figure out how to make them more resistant to explosive attacks.</p></div> <p>“Two countries reported significant increases in such attacks, and another country reported extensive collateral damage to buildings and nearby ATMs,” EAST’s <strong>Lachlan Gunn</strong> wrote. “Two countries also reported attacks using solid explosives. One of them reported that criminals perpetrating explosive attacks (gas and solid) are getting more violent and are employing para-military type tactics and weapons.”</p> <p>Such attacks are becoming so common that some ATM makers are actually blowing up their own cash machines in test environments to see how they can be hardened with countermeasures. The image to the right shows the aftermath of one such test.</p> <p>Fortunately, I’m not aware of any reports yet of paramilitary hoodlums lobbing grenades or blasting bazookas at U.S.-based ATMs…yet.</p> <p>On that note, as this and <a title="http://krebsonsecurity.com/2014/07/the-rise-of-thin-mini-and-insert-skimmers/" href="http://krebsonsecurity.com/2014/07/the-rise-of-thin-mini-and-insert-skimmers/" target="_blank">other insert skimmer attacks</a> show, it’s getting tougher to spot ATM skimming devices: It’s best to focus instead on protecting your own physical security while at the cash machine. If you visit an ATM that looks strange, tampered with, or out of place, try to find another ATM. Use only machines in public, well-lit areas, and avoid ATMs in secluded spots. Also, if you have the choice between using a free-standing ATM and one that is located inside of or attached to a bank, the latter is usually a safer bet.</p> <p>Further reading:</p> <p><a href="http://krebsonsecurity.com/2014/08/stealthy-razor-thin-atm-insert-skimmers/" target="_blank">Stealthy, Razor Thin ATM Insert Skimmers</a></p> <p><a href="http://krebsonsecurity.com/2014/07/the-rise-of-thin-mini-and-insert-skimmers/" target="_blank">The Rise of Thin, Mini and Insert Skimmers</a></p> <p><a href="http://krebsonsecurity.com/2014/12/more-on-wiretapping-atm-skimmers/" target="_blank">More on Wiretapping ATM Skimmers</a></p> <p><a href=&
quot;http://krebsonsecurity.com/2012/07/atm-skimmers-get-wafer-thin/" target="_blank">ATM Skimmers Get Wafer Thin</a></p> <p><a href="http://krebsonsecurity.com/all-about-skimmers/" target="_blank">Skimmer Story Archive: All About Skimmers</a></p> ', 'cbd32f4b50ec787bec7a5a732f336ffc0366fb9a', false, NOW(), '2015-09-23 13:25', 'http://krebsonsecurity.com/2015/09/more-atm-insert-skimmer-innovations/#comments', '51', 'af_comics,af_unburn,streetviewfun,', '', 'BrianKrebs') failed: ERROR: duplicate key value violates unique constraint "ttrss_entries_guid_key" DETAIL: Key (guid)=(SHA1:c70a4cbb514a47c45cd8f5722739f49f379a772c) already exists.

marty
8:25


Also seeing errors in the postgresql log. idk?
.

J M L
Bear Rating Trainee
Bear Rating Trainee
Posts: 13
Joined: 20 May 2013, 18:23

Re: Can't subscribe to "Krebs on security" feed

Postby J M L » 23 Sep 2015, 17:02

I was having errors, too. I couldn't even subscribe, because it would come back almost immediately with an error. On a whim I replaced http with https in the feed url, and then it started working.

JustAMacUser
Bear Rating Overlord
Bear Rating Overlord
Posts: 373
Joined: 20 Aug 2013, 23:13

Re: Can't subscribe to "Krebs on security" feed

Postby JustAMacUser » 23 Sep 2015, 17:58

e: nm.... Misread the post.

gego
Bear Rating Trainee
Bear Rating Trainee
Posts: 1
Joined: 12 May 2016, 16:51

Re: Can't subscribe to "Krebs on security" feed

Postby gego » 12 May 2016, 16:57

COuld be an issue with protocol version/HTTP 1.0. Try using 1.1 . See here: viewtopic.php?t=3459

User avatar
HeikoAdams
Bear Rating Master
Bear Rating Master
Posts: 101
Joined: 19 Mar 2013, 00:17

Re: Can't subscribe to "Krebs on security" feed

Postby HeikoAdams » 12 May 2016, 22:27

Current versions of tt-rss are using http 1.1


Return to “Support”

Who is online

Users browsing this forum: Google [Bot] and 5 guests