Irregular Expressions


December 28, 2010  11:52 AM

Where sudo failures go



Posted by: Dan O'Connor
links

http://xkcd.com/838/

December 28, 2010  11:28 AM

Christmas challange



Posted by: Dan O'Connor
links

I have been in a hole for the last few days so I missed this one,

http://www.ethicalhacker.net/content/view/344/2/

Looks pretty strait forward, I did a quick read I have most of it figured out.

Enjoy.


December 28, 2010  11:24 AM

Hacks and shutdowns



Posted by: Dan O'Connor
links, News

If you have not noticed inj3ct0r.com is down, they are having problems with the registrar, also the backup domains and mirrors are also down.  You can see their twitter feed for more information.

http://twitter.com/inj3ct0r

Also exploit-db has hacked over Christmas, looks like they did not get root, but they did publish it in their own papers section :)

http://www.exploit-db.com/papers/15823/

If you read the paper the ettercap project was also hit.

Got to love the Christmas haxors!


December 26, 2010  11:49 PM

Dedicated Internet Sat



Posted by: Dan O'Connor
links, News

This is pretty cool also, found this reading my news feeds yesterday.

http://www.bbc.co.uk/news/science-environment-12065466

Makes you wonder what the technology on these is?


December 26, 2010  11:47 PM

Thing of the month



Posted by: Dan O'Connor
pen testing, watchguard, wifi

http://theplugbot.com/

This is darn awesome!

Stick it in a socket and walk away, it has;

802.11b

1.2 Ghz CPU

512 MB of Ram

SD card

Runs Linux and draws just 3 watts of power.  Not that it would be impossible to detect, but with out the right equipment in your environment you would be searching for days or never even know it was there.

In case you are wondering I am pretty sure Watch Guard has something that might be able to detect this, I know their AP’s can go into a mode to search for rouge AP’s, so you might have a chance.


December 25, 2010  10:18 PM

The Enhanced Mitigation Experience Toolkit 2.0



Posted by: Dan O'Connor
microsoft tools

http://blogs.technet.com/b/srd/archive/2010/09/02/enhanced-mitigation-experience-toolkit-emet-v2-0-0.aspx

This is worth posting, looks a little complicated but very worth having on your system.

Enjoy.


December 25, 2010  10:15 PM

Useless warnings



Posted by: Dan O'Connor
patching, remote code exploit

I find this hard to figure out why MS and other vendors do things like this.

http://www.bbc.co.uk/news/technology-12067295

Ok so you are warning your users to be on the look out for a remote code exploit, thats great because they all know what they are looking for…

What can they do about it? well not go on the internet, but then how are they going to get updates and read your warnings?

Ok use another browser, that has same issues.

Why not release a fix for the issue? I know the once a month patch thing is nice for a lot of sysadmins. but it’s even better for someone that wants to release attack code, just wait until the first Tuesday of the month, release your code and you have 30-31 days of free rides!

If the issues are really that bad, I would think that it would be patched or why bother releasing it?


December 25, 2010  10:10 PM

Cyberwar – Part 2



Posted by: Dan O'Connor
anon, cyberwar, Guerrilla war, Guerrilla warfare, hackers, hacking

So what do you call one or more unorganized groups engaging in a conflict?

Thing is Cyberwar is used to describe something, and I like what it’s used to describe.

http://en.wikipedia.org/wiki/Cyberwarfare

“actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.”

So what do we  have going on mostly right now on the Internet between groups like anon and other hacking groups or persons?

I think the best term to describe what is going on is Guerilla warfare, I think adding the term cyber to these actions is a waste of time.  The combatants and targets all exist in the cyber arena so adding the term to is is redundant.

Guerilla warfare is a perfect term,

http://en.wikipedia.org/wiki/Guerrilla_warfare

“a form of irregular warfare and refers to conflicts in which a small group of combatants including, but not limited to, armed civilians (or “irregulars”) use military tactics, like ambushessabotage, raids, the element of surprise, and extraordinary mobility to harass a larger and less-mobile traditional army, or strike a vulnerable target, and withdraw almost immediately.”


December 25, 2010  10:02 PM

Cyberwar – Part 1



Posted by: Dan O'Connor
anon, cyberwar, wikileaks

There is a lot of terms that really poor choices, but I think my personal top is Cyberwar.

Everything is cyberwar, a DOS attack, a DDOS attack, or skype goes down for a day CYBERWAR!

Is it really?

Forget the ‘Cyber’ part, does this look like war to you? a DDOS? Thats like everyone jumping queue in front of you for coffee.  Is it annoying? yea, war? not so much.  Really the term war is referring to two or more organized groups participating in organized conflict.  In the terms of the cyber acts people are talking about there is hardly more then one organized group (the target), if you are lucky, most targets are hardly considered organized.  Also the groups doing the attacking a either a single bot net controlled by one party or something like anon does.

So I think it’s time for another phrase to describe what is going on.


December 20, 2010  8:22 PM

Tracked warez key usage



Posted by: Dan O'Connor
piracy, software

http://www.pcpro.co.uk/news/security/363379/single-software-licence-shared-774-651-times

This is more then entertaining, but the number of times that it was copied / stolen is staggering.  Also I like a few of the places it mentions that it was installed.  Its also funny that the firm the lost the key to start with was given a new key and reminded to key it ‘secure’.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: