Zoned Out #4 (comic strip)

Zoned Out strip #4!

Beyond Security family wishes you all a happy thanksgiving.
Zoned Out #4
Click on the image for full size.

(Check out our new site: www.securitoons.com ! :) )

Share

Zoned Out #3 (comic strip)

Zoned Out strip #3!

News link: http://games.slashdot.org/games/07/10/15/1817206.shtml
Zoned Out #3
Click on the image for full size.

Share

Zoned Out #2 (comic strip)

Zoned Out strip #2!

We hope you all had a happy and protected Halloween.
Zoned Out #2
Click on the image for full size.

Share

The NULL Terminated Strip #5 (comic strip)

Null Term. strip #5
Null Term. #5
Click on the image for full size.

Share

Insecurity #10 (comic strip)

Insecurity, strip #10 of this new comics.

Insecurity #6

Click on the image for full size.

Share

Team Evil – Incident #2

Earlier this year, Beyond Security’s beSIRT released an incident response forensic analysis of a defacement attack by Team Evil [Team Evil Incident (Cyber-terrorism defacement analysis and response)].

The PDF itself can be found here:

http://www.beyondsecurity.com/besirt/advisories/team-evil-incident.pdf

A follow up is being released today, on a second incident. Following what Team Evil did, their methodology and how it changed since the first document was released.

The aim of this document is more to show how such analysis is done, on an educational note. The PDF can be found here:

http://www.beyondsecurity.com/besirt/advisories/teamevil-incident2.pdf

We hope you find this useful.

Kfir.

Share

Copyright in a packet

Ahoy,
Can you tell who wrote this poem?

“Oracle
Everybody follows
Speedy bits exchange
Stars await to glow”

You’re right!
Oracle JDBC Client programmers.

I was sniffing my network and encountered this poem in the RAW bytes of one of Oracle’s JDBC logon packets.

The RAW bytes of the packet (Data is in Hex; on the right ASCII translation):

22 4f 72 “Or
61 63 6c 65 0a 45 76 65 72 79 62 6f 64 79 20 66 acle.Everybody f
6f 6c 6c 6f 77 73 0a 53 70 65 65 64 79 20 62 69 ollows.Speedy bi
74 73 20 65 78 63 68 61 6e 67 65 0a 53 74 61 72 ts exchange.Star
73 20 61 77 61 69 74 20 74 6f 20 67 6c 40 6f 77 s await to gl@ow
22 0a 54 68 65 20 70 72 65 63 65 64 69 6e 67 20 “.The preceding
6b 65 79 20 69 73 20 63 6f 70 79 72 69 67 68 74 key is copyright
65 64 20 62 79 20 4f 72 61 63 6c 65 20 43 6f 72 ed by Oracle Cor
70 6f 72 61 74 69 6f 6e 2e 0a 44 75 70 6c 40 69 poration..Dupl@i
63 61 74 69 6f 6e 20 6f 66 20 74 68 69 73 20 6b cation of this k
65 79 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 ey is not allowe
64 20 77 69 74 68 6f 75 74 20 70 65 72 6d 69 73 d without permis
73 69 6f 6e 0a 66 72 6f 6d 20 4f 72 61 63 6c 31 sion.from Oracl1
65 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 43 e Corporation. C
6f 70 79 72 69 67 68 74 20 32 30 30 33 20 4f 72 opyright 2003 Or
61 63 6c 65 20 43 6f 72 70 6f 72 61 74 69 6f 6e acle Corporation

As you can see – the packet, belonging to our corporate world, had a Copyright mark, just after the poem.

“The preceding key is copyrighted by Oracle Corporation.
Duplication of this key is not allowed without permission
from Oracle Corporation. Copyright 2003 Oracle Corporation”

Well, what next?.. Harry Potter on P2P packets or maybe Copyrighted MD5s?

Live long and prosper,

Kfir Damari,
kfird@beyondsecurity.com.

Share