New project, BayFiles

The guys that created PirateBay are in the midst of creating a new site called BayFiles.  It appears the site will operate like Megaupload and Rapidshare allowing users to upload content from the browser.  It has a cost model that limits the free users to 250 MB, the also controls the amount of files you can download per hour.

It also does not have a search feature, so you need the link created when the file is uploaded to have access.

http://www.bbc.co.uk/news/technology-14719261

It also appears that they are going to “respect copyrights” now.  Many analysts don’t seem to share that opinion.

The Red Cyber Army

There is a lot of speculation on that China has been a hot bed for cyber attacks against various targets around the world.

Apparently there is a “smoking gun” floating around that proves this program.

http://www.theepochtimes.com/n2/china-news/slip-up-in-chinese-military-tv-show-reveals-more-than-intended-60619.html

There story is being updated, currently I am on the fence.  It’s been a week and the fallout is less then what I would expect if this was true, rather then a misinterpretation of the screen.  It does seem pretty strait forward, a US IP and a button that says “Attack” ( not that I can read that part ).

RDP Worm

I was toying with something like this a while ago, I was playing with the idea of being able to do this from a *nix box for VA purposes (With out the gui part, I just wanted a yes or no back).

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FMorto.A

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32%2fMorto.gen!A

It’s current state should not get many hosts, the list of passwords is limited.

*1234
0
111
123
369
1111
12345
111111
123123
123321
123456
168168
520520
654321
666666
888888
1234567
12345678
123456789
1234567890
!@#$%^
%u%
%u%12
1234qwer
1q2w3e
1qaz2wsx
aaa
abc123
abcd1234
admin
admin123
letmein
pass
password
server
test
user

Here is a list of hosts it will attempt to contact for updates.

210.3.38.82 
jifr.info 
jifr.co.cc 
jifr.co.be 
qfsl.net 
qfsl.co.cc 
qfsl.co.be 

Always check your firewall logs just to be safe.

A few more lulz

Wikipedia as a good section on the current suspected members of LulzSec that have been picked up.

http://en.wikipedia.org/wiki/LulzSec#Law_enforcement_response

There is a few in there that I have not posted about, it’s worth catching up on.

Software Vulnerability Management at Microsoft

http://go.microsoft.com/?linkid=9760867

Nice read.

Steal of a deal

http://gizmodo.com/5831837/stealing-atm-pin-numbers-using-a-thermal-camera-is-dead-easy

For as little as 1,600 USD you too can do this.

http://www.transcat.com/Catalog/productdetail.aspx?itemnum=IRC40&TRAPCD=WBGI5&gclid=CLCJ5fzr66oCFQfBKgodrg_rNw

Heck while you are at it order one for the car, cottage and RV!

I can think of a few ways for this to get someone in to trouble, I am suprised that no one else had thought of using it on an ATM pin pad.

Using the camera you can infer in what order the digits are also supposed to go in, based on the strength of the signal.

EXT4

The latest version of the EXT file system is 4.  The other previous version are 2 and 3, some of the improvements of 3 are improved indexing for larger directories and journaling.

EXT4 add more features;

• Volumes up to 1 exbibyte (EiB).
• Files up to 16 tebibytes (TiB).
• Extents, improvement of large file performance and reduction of fragmentation.
• Journal checksumming.

SANS Mentoring

This is exciting, I will be leading a SANS mentor session in Winnipeg.

http://www.sans.org/mentor/details.php?nid=26334

The sessions will run from January 26th, 2012 until March 29th, 2012.

This is Security 504, Hacker Techniques and Incident Handling.  This material is excellent and is something even non-security people should take.  It knowledge is valuable to anyone who needs to defend a network.

The hunt for lulzsec

Lulzsec Exposed is still on the hunt for Sabu.

http://lulzsecexposed.blogspot.com/2011/08/who-is-sabu.html

We now have to competing ideas on who he is.
One is a guy from New York, the other is from Portugal. Not that I am downing any of the theories but I am still on the fence on who is right if any of them.

I really don’t trust any of the evidence presented, but I also to agree with the conclusions they have made with the rebuttals. I wish they would tests them.

When I talk of evidence I mean any of it from anyone.

The EXT file system – Part 3

We also have to deal with the block pointers in the inodes.  Each inode can store the address of 12 blocks to store the data.  So what happens when you need more then 12 blocks to store the data?

You use indirect block pointers, instead of pointing at blocks of data.  You point at blocks that point to the blocks.  Basically lists of lists.

The first layer of this is called single indirect block pointers, the lists of lists.  Then we go to double indirect block pointers.  Lists of lists of lists.  Then down to triple indirect block pointers, lists of lists of lists of lists.