I have been in a hole for the last few days so I missed this one,
Looks pretty strait forward, I did a quick read I have most of it figured out.
If you have not noticed inj3ct0r.com is down, they are having problems with the registrar, also the backup domains and mirrors are also down. You can see their twitter feed for more information.
Also exploit-db has hacked over Christmas, looks like they did not get root, but they did publish it in their own papers section 🙂
If you read the paper the ettercap project was also hit.
Got to love the Christmas haxors!
This is pretty cool also, found this reading my news feeds yesterday.
Makes you wonder what the technology on these is?
This is darn awesome!
Stick it in a socket and walk away, it has;
1.2 Ghz CPU
512 MB of Ram
Runs Linux and draws just 3 watts of power. Not that it would be impossible to detect, but with out the right equipment in your environment you would be searching for days or never even know it was there.
In case you are wondering I am pretty sure Watch Guard has something that might be able to detect this, I know their AP’s can go into a mode to search for rouge AP’s, so you might have a chance.
This is worth posting, looks a little complicated but very worth having on your system.
I find this hard to figure out why MS and other vendors do things like this.
Ok so you are warning your users to be on the look out for a remote code exploit, thats great because they all know what they are looking for…
What can they do about it? well not go on the internet, but then how are they going to get updates and read your warnings?
Ok use another browser, that has same issues.
Why not release a fix for the issue? I know the once a month patch thing is nice for a lot of sysadmins. but it’s even better for someone that wants to release attack code, just wait until the first Tuesday of the month, release your code and you have 30-31 days of free rides!
If the issues are really that bad, I would think that it would be patched or why bother releasing it?
So what do you call one or more unorganized groups engaging in a conflict?
Thing is Cyberwar is used to describe something, and I like what it’s used to describe.
“actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.”
So what do we have going on mostly right now on the Internet between groups like anon and other hacking groups or persons?
I think the best term to describe what is going on is Guerilla warfare, I think adding the term cyber to these actions is a waste of time. The combatants and targets all exist in the cyber arena so adding the term to is is redundant.
Guerilla warfare is a perfect term,
“a form of irregular warfare and refers to conflicts in which a small group of combatants including, but not limited to, armed civilians (or “irregulars”) use military tactics, like ambushes, sabotage, raids, the element of surprise, and extraordinary mobility to harass a larger and less-mobile traditional army, or strike a vulnerable target, and withdraw almost immediately.”
There is a lot of terms that really poor choices, but I think my personal top is Cyberwar.
Everything is cyberwar, a DOS attack, a DDOS attack, or skype goes down for a day CYBERWAR!
Is it really?
Forget the ‘Cyber’ part, does this look like war to you? a DDOS? Thats like everyone jumping queue in front of you for coffee. Is it annoying? yea, war? not so much. Really the term war is referring to two or more organized groups participating in organized conflict. In the terms of the cyber acts people are talking about there is hardly more then one organized group (the target), if you are lucky, most targets are hardly considered organized. Also the groups doing the attacking a either a single bot net controlled by one party or something like anon does.
So I think it’s time for another phrase to describe what is going on.
This is more then entertaining, but the number of times that it was copied / stolen is staggering. Also I like a few of the places it mentions that it was installed. Its also funny that the firm the lost the key to start with was given a new key and reminded to key it ‘secure’.