The Daily WTF has a good story that may sound a little too familiar to some:

How the aptly-named Super Hacker had managed to shut down the system remotely and provide a fix so quickly intrigued Kiefer. After poking around the network, he finally found the Python file that contained the Super Hacker’s fix:
#!usr/bin/python
# Paying someone $10 to pull a power cord for $3500
print “(C) [Name Removed] 2008.”

The moral of the story: when all else fails, use social engineering.

SANS ISC has collected a very coverage list of April Fool’s Day stories.

It can be found here:

isc.sans.org/diary.html?storyid=4225

My own favorite is Gmail’s new Custom Time feature

I’d love to hear the background story behind this one:

[CiscoWorks IPM] version 2.6 for Solaris and Windows contains a process that causes a command shell to automatically be bound to a randomly selected TCP port.

Why on earth? And why a random port?

And if you’re still wondering, yes - it’s a remote root shell with no authentication

Remote, unauthenticated users are able to connect to the open port and execute arbitrary commands with casuser privileges on Solaris systems and with SYSTEM privileges on Windows systems.

Cisco is being cruel and only disclosing the technical info. Common Cisco, share the juicy parts! We want Full Disclosure!

I just wrote an OT post to my personal blog about the CCC Camp, but I figured it was a security camp after all, so I will link to myself here:

http://gevron.livejournal.com/8859.html

Foxnews.com has taken an unsuspected turn and become an open wiki site. For more info see http://linuxinit.net/site/?id=664. Summary:

While browsing around the Fox News website, I found that directory indexes are turned on. So, I started following the tree up, until I got to /admin. Eventually, I found my way into /admin/xml_parser/zdnet/, in which, there is a shell script. Seeing as it’s a shell script, and I use Linux, I took a peek. Inside, is a username and password to an FTP. So, of course, I tried to login. The result? Epic fail on Fox’s part. And seriously, what kind of password is T1me Out. This is just pathetic.

http://www.foxnews.com/admin/xml_parser/zdnet/grab_zd_files.sh

And here’s something just too funny, something I hope will turn up on xkcd.com

(originally located at http://www.foxnews.com/images/root_images/071907_velociraptor1.jpg, this is a mirrored copy)

1. Phish an hotmail acount.
2. Send email from the stolen acount to all the friends listed for the person, saying you are stuck in Nigeria and are in an emergency, asking your friends for money to be wired.

http://www.rediff.com///news/2007/jul/16tps.htm

Hillarious!
(thanks Suresh)

Gadi Evron,
ge@linuxbox.org.

Just last week we were throwing jokes on funsec@, of calling botnets terrorism to get some action going. Of course, we decided that’s an extremely bad idea as people are already starting to discount issues when “terrorism” or “2.0″ are attached.

No, I am not going to say it, you are going to put these two together on your own!

Today, Fergie (Paul Ferguson) sent this to funsec:

Brian Krebs writes in The Washington Post:

[snip]

The global jihad landed in Linda Spence’s e-mail inbox during the summer of 2003, in the form of a message urging her to verify her eBay account information. The 35-year-old New Jersey resident clicked on the link included in the message, which took her to a counterfeit eBay site where she unwittingly entered in personal financial information.

Ultimately, Spence’s information wound up in the hands of a young man in the United Kingdom who investigators said was the brains behind a terrorist cell that sought to facilitate deadly bombing attacks against targets in the United States, Europe and the Middle East.

Investigators say Spence’s stolen data made its way via the Internet black market for stolen identities to 21-year-old biochemistry student Tariq al-Daour, one of three U.K. residents who pleaded guilty

http://www.washingtonpost.com/wp-dyn/content/article/2007/07/05/AR2007070501153.html

Enjoy. Funny, I just had fun with online forums and terrorism with this a few days ago.

Buzzwords for FUD are generally a bad idea. Botnets are not terrorism. But of course, like most malicious activity, they are used.

Gadi.

So, someone sent this to NANOG:
An IPv6 address for new cars in 3 years?

From: Rich Emmings
Date: Thu Jun 28 17:47:46 2007

Mark IV systems has a spec for OTTO. Mark IV makes automatic
toll collection and related systems O(Not to mention other
automotive products)

The system spec’s show support for IPv6 and SNMPv3. Notably
absent was IPv4 as far as I could tell. No notes on if the IPv6
would be used for Firmware updates or live data collection.
802.1p radio is the spec’d LLP. O/S is VxWorks.

The expectation is for 100% of new cars to have OTTO around
2010.

http://www.ivhs.com/pdf/FactSheet_OTTO_FactSheet1_101105.pdf

Topicality: Looks like someone, somewhere intends to be live
with IPv6 in 3-5 years.
Off Topic: The privacy and security ramifications boggle the
mind….

Which I didn’t read.

Then, this thread happened:

> - — “Suresh Ramasubramanian” wrote:
>
> >On 6/29/07, Rich Emmings wrote:
> >>
> >> Topicality: Looks like someone, somewhere intends to be live with
> >> IPv6
> >> in 3-5 years. Off Topic: The privacy and security ramifications
> >> boggle
> >> the mind….
> >>
> >
> >Fully mobile, high speed botnets?
>
> *bing*

That last bing was from Paul Ferguson, our Fergie.
If I was drinking coffee, I’d have dropped it!

Other followups included Chris Morrow’s:
> I can’t help it:
>
> “If a bot-car is headed north on I-75 at 73 miles per hour for 3 hours
> and a bot-truck is headed west on I-90 at 67 miles per hour, how long
> until they are 129 miles apart?”

And Steve Bellovin’s:
Hmm — I was going to say 127.1 miles apart, but that’s not a v6
address… 1918 miles apart?

From full-disclosure’s Month of Random Hashes (MoRH):

Dear list,

You asked for it, and we delivered! Due to the increased demand
for more “Month of” projects, and the growing popularity of posting
hashes to this list, we proudly present… THE MONTH OF RANDOM
HASHES.

Every day for the next month we will be providing a list of not
one… not two… not three… not four… not five… not six…
not seven… not eight… not nine… not ten… not eleven… not
twelve… not thirteen… not fourteen… not fifteen… not
sixteen… not seventeen… not eighteen… not nineteen… not
twenty… not twenty-one… not twenty -two… not twenty-three…
not twenty-four… not twenty-five… not twenty-six… not twenty-
seven… not twenty-eight… not twenty-nine… not thirty… not
thirty-one… not thirty-two… not thirty-three… not thirty-
four… not thirty-five… not thirty-six… not thirty-seven…
not thirty-eight… not thirty-nine… not forty… not forty-
one… not forty-two… not forty-three… not forty-four… not
forty-five… not forty-six… not forty-seven… not forty-
eight… not forty-nine… not fifty… not fifty-one… not fifty-
two… not fifty-three… not fifty-four… not fifty-five… not
fifty-six… not fifty-seven… not fifty-eight… not fifty-
nine… not sixty… not sixty-one… not sixty-two… not sixty-
three… not sixty-four… not sixty-five… not sixty-six… not
sixty-seven… not sixty-eight… not sixty-nine… not seventy…
not seventy-one… not seventy-two… not seventy-three… not
seventy-four… not seventy-five… not seventy-six… not seventy-
seven… not seventy-eight… not seventy-nine… not eighty… not
eighty-one… not eighty-two… not eighty-three… not eighty-
four… not eighty-five… not eighty-six… not eighty-seven…
not eighty-eight… not eighty-nine… not ninety… not ninety-
one… not ninety-two… not ninety-three… not ninety-four… not
ninety-five… not ninety-six… not ninety-seven… not ninety-
eight…

not even ninety-nine…

but… ONE HUNDRED!

To make the project even more successful, this number (100) only
represents the number of random strings that hashes are generated
for, and not the total number of hashes we provide daily! You will
receive an md5sum, sha1sum, and sha256sum of all 100 random strings
every day.

That is THREE HUNDRED hashes. In your mailbox. Free. Every day.

Stay tuned for more details!

And another post on a newly invented term by Michael Silk:

“hackcessing”

you shall use it when hacking your way into something.

“i just hackcessed the mainframe”

kittens can use it in the form of “i’m in ur server because i
hackcessed my wai in”

and so on.

i’d post a hash of myself posting this message, to prove i’m the one
that posted it, but you know, it’s hardly worth it.

–
This message brought to you by MoNST* in the spirit of MoAPI**

–
mike
68 65 6c 6c 6f 20 74 6f 20 79 6f 75 2c
20 68 65 78 20 64 65 63 6f 64 65 72 2e

* month of new security terms
** month of annoying project ideas

Fergie sent this to funsec after reading it at Schneier’s:
http://www.youtube.com/watch?v=ykzqFz_nHZE

Now, isn’t that true.

It’s been a while since I got out to the trade seminars. You know, marketing’s traveling bumpf show, where they trot out the VP of sales, plus a “security evangelist” or somebody with some such title (who has a technical background, but likes schmoozing more than doing actual research). I used to go to lots: it’s a good way to get up to speed when you first enter a field, but the law of diminishing returns tends to set in real fast in terms of actual information.

There were actually two that I signed up for this week. SANS had one, and I’ve never been to any SANS stuff, so I went to that. Intel also had a real dog and pony show, with extra associated vendors. When I get home from these things, Gloria always asks me whether I’m glad I went.

I’m glad I went to the SANS show. Didn’t get much out of the presentation itself. But the style of the presentation was intriguing: an awful lot of “cute stuff” demonstrated, without much actual information being relayed. The attitude of the presenters was also interesting: they were definitely in it for the cash.
(more…)

My favorite April’s fool prank so far is a combination of two cross site scripting attacks on Cisco’s web site and Maria Sharapova’s site to announce that she has passed the Cisco certification test and will now become a security engineer.
It’s a neatly done attack (just a small noticeable error on the Cisco site) and it shows pictures of Sharapova which gives it extra credit score

Well done Security Lab!

(queue in the backdoor jokes)

We discussed NOD32’s marketing with putting “NOD32 protects your ass” on babes while playing sports (!!!), now we need to discuss something much more exciting, although less innovative.

Bit Defender!

Words are a-wasting, go watch their babes (not just booth-babes) at this gaming show. Make sure and not just stare at the babes, but listen to the Bit Defender song!

Note: not work-safe, and may be offensive to some viewers.

http://www.youtube.com/results?search_query=bitdefender

And specifically:
http://www.youtube.com/watch?v=XLfNeYkgjpI
http://www.youtube.com/watch?v=NLHQknOP90c
http://www.youtube.com/watch?v=g-0IqmHiLRw
http://www.youtube.com/watch?v=-dhGZwinLrY
etc.

Now, go and watch the Symantec version:
http://www.youtube.com/watch?v=x-UnYm6qfy8

Tell me who rocks more!

:)

Gadi Evron,
ge@linuxbox.org.

One of the greatest surprises for me at 23C3 was my personal introduction to Monochrom (Wikipedia page), a group of hacker artists from Austria. I know Jacob Appelbaum.. but I had no idea about the Austrian group, or how great they are.

In very simple terms they are artists, very contemporary and very very scene-connected. Life hacking, real hacking and any type of hacking, these guys are just l33t. We need to get them a stage one evening at defcon so they can play for us.
As a quick introduction to them, sing along with their RFID song (special for 23C3). I know I did… (although I couldn’t follow their German songs, Danke sounded like a lot of fun - yes, I saw you singing Fukami!)
http://youtube.com/watch?v=Ywg53D8_iVw

For their lecture at 23C3, which is very cool and presents a lot of very interesting art projects heavily relating to hacking (not work safe! Porn! Could be considered very offensive! PG18, etc.) download the wmv:

ftp://ftp.c3d2.de/congress/23c3/monochrom-t4s3.wmv

Some of the projects they discuss include porn, indeed, but others are more interesting. They created an entirely fictional artist (Georg Paul Thomann) and had him represent Austria in an International art show (and “save” Taiwan when China wanted them out of the show). They showed (both by using 50 real Euros and with a mathematical calculation) how many times it would take to blow the several Trillian Euros in circulation by going to a bank and exchanging to USD and Euro again and again, etc.

Cool people! RFID!!
Gadi Evron,
ge@linuxbox.org.

What do they have in common?

Hey, do I smell history repeating itself? Bots on IRC used to be useful too, and then used for local flooding. Only later did they become the botnets that they are today.

So, from automated playing when you are not around to keep stuff active (rings a bell?) to botnets that throw… privates at people.

http://www.boingboing.net/2006/12/21/second_life_griefers.html

Worth a read. I always love when the real world and the virtual meet, whether by marriages or by physical world Police taking complaints because “someone stole my weapon on World of Worldcraft!!”

We do live in interesting times.

Gadi Evron,
ge@linuxbox.org.