Posted on June 29th, 2007 by SecuriTeam
Filed under: Botnets, Commentary, Culture, Funny, OT | No Comments »
So, someone sent this to NANOG:
An IPv6 address for new cars in 3 years?
From: Rich Emmings
Date: Thu Jun 28 17:47:46 2007
Mark IV systems has a spec for OTTO. Mark IV makes automatic
toll collection and related systems O(Not to mention other
The system spec’s show support for IPv6 and SNMPv3. Notably
absent was IPv4 as far as I could tell. No notes on if the IPv6
would be used for Firmware updates or live data collection.
802.1p radio is the spec’d LLP. O/S is VxWorks.
The expectation is for 100% of new cars to have OTTO around
Topicality: Looks like someone, somewhere intends to be live
with IPv6 in 3-5 years.
Off Topic: The privacy and security ramifications boggle the
Which I didn’t read.
Then, this thread happened:
> – — “Suresh Ramasubramanian” wrote:
> >On 6/29/07, Rich Emmings wrote:
> >> Topicality: Looks like someone, somewhere intends to be live with
> >> IPv6
> >> in 3-5 years. Off Topic: The privacy and security ramifications
> >> boggle
> >> the mind….
> >Fully mobile, high speed botnets?
That last bing was from Paul Ferguson, our Fergie.
If I was drinking coffee, I’d have dropped it!
Other followups included Chris Morrow’s:
> I can’t help it:
> “If a bot-car is headed north on I-75 at 73 miles per hour for 3 hours
> and a bot-truck is headed west on I-90 at 67 miles per hour, how long
> until they are 129 miles apart?”
And Steve Bellovin’s:
Hmm — I was going to say 127.1 miles apart, but that’s not a v6
address… 1918 miles apart?
Posted on June 10th, 2007 by SecuriTeam
Filed under: Commentary, Culture, Full Disclosure, Funny | 2 Comments »
From full-disclosure’s Month of Random Hashes (MoRH):
You asked for it, and we delivered! Due to the increased demand
for more “Month of” projects, and the growing popularity of posting
hashes to this list, we proudly present… THE MONTH OF RANDOM
Every day for the next month we will be providing a list of not
one… not two… not three… not four… not five… not six…
not seven… not eight… not nine… not ten… not eleven… not
twelve… not thirteen… not fourteen… not fifteen… not
sixteen… not seventeen… not eighteen… not nineteen… not
twenty… not twenty-one… not twenty -two… not twenty-three…
not twenty-four… not twenty-five… not twenty-six… not twenty-
seven… not twenty-eight… not twenty-nine… not thirty… not
thirty-one… not thirty-two… not thirty-three… not thirty-
four… not thirty-five… not thirty-six… not thirty-seven…
not thirty-eight… not thirty-nine… not forty… not forty-
one… not forty-two… not forty-three… not forty-four… not
forty-five… not forty-six… not forty-seven… not forty-
eight… not forty-nine… not fifty… not fifty-one… not fifty-
two… not fifty-three… not fifty-four… not fifty-five… not
fifty-six… not fifty-seven… not fifty-eight… not fifty-
nine… not sixty… not sixty-one… not sixty-two… not sixty-
three… not sixty-four… not sixty-five… not sixty-six… not
sixty-seven… not sixty-eight… not sixty-nine… not seventy…
not seventy-one… not seventy-two… not seventy-three… not
seventy-four… not seventy-five… not seventy-six… not seventy-
seven… not seventy-eight… not seventy-nine… not eighty… not
eighty-one… not eighty-two… not eighty-three… not eighty-
four… not eighty-five… not eighty-six… not eighty-seven…
not eighty-eight… not eighty-nine… not ninety… not ninety-
one… not ninety-two… not ninety-three… not ninety-four… not
ninety-five… not ninety-six… not ninety-seven… not ninety-
not even ninety-nine…
but… ONE HUNDRED!
To make the project even more successful, this number (100) only
represents the number of random strings that hashes are generated
for, and not the total number of hashes we provide daily! You will
receive an md5sum, sha1sum, and sha256sum of all 100 random strings
That is THREE HUNDRED hashes. In your mailbox. Free. Every day.
Stay tuned for more details!
And another post on a newly invented term by Michael Silk:
you shall use it when hacking your way into something.
“i just hackcessed the mainframe”
kittens can use it in the form of “i’m in ur server because i
hackcessed my wai in”
and so on.
i’d post a hash of myself posting this message, to prove i’m the one
that posted it, but you know, it’s hardly worth it.
This message brought to you by MoNST* in the spirit of MoAPI**
68 65 6c 6c 6f 20 74 6f 20 79 6f 75 2c
20 68 65 78 20 64 65 63 6f 64 65 72 2e
* month of new security terms
** month of annoying project ideas
Posted on May 19th, 2007 by SecuriTeam
Filed under: Commentary, Funny | No Comments »
Fergie sent this to funsec after reading it at Schneier’s:
Now, isn’t that true.
Posted on April 27th, 2007 by p1
Filed under: Commentary, Funny | 1 Comment »
It’s been a while since I got out to the trade seminars. You know, marketing’s traveling bumpf show, where they trot out the VP of sales, plus a “security evangelist” or somebody with some such title (who has a technical background, but likes schmoozing more than doing actual research). I used to go to lots: it’s a good way to get up to speed when you first enter a field, but the law of diminishing returns tends to set in real fast in terms of actual information.
There were actually two that I signed up for this week. SANS had one, and I’ve never been to any SANS stuff, so I went to that. Intel also had a real dog and pony show, with extra associated vendors. When I get home from these things, Gloria always asks me whether I’m glad I went.
I’m glad I went to the SANS show. Didn’t get much out of the presentation itself. But the style of the presentation was intriguing: an awful lot of “cute stuff” demonstrated, without much actual information being relayed. The attitude of the presenters was also interesting: they were definitely in it for the cash.
Posted on April 1st, 2007 by Aviram
Filed under: Culture, Funny, Web | 7 Comments »
My favorite April’s fool prank so far is a combination of two cross site scripting attacks on Cisco’s web site and Maria Sharapova’s site to announce that she has passed the Cisco certification test and will now become a security engineer.
It’s a neatly done attack (just a small noticeable error on the Cisco site) and it shows pictures of Sharapova which gives it extra credit score
Well done Security Lab!
(queue in the backdoor jokes)
Posted on January 4th, 2007 by SecuriTeam
Filed under: Commentary, Culture, Funny, Virus | 3 Comments »
we discussed nod32′s marketing with putting “nod32 protects your ass” on babes while playing sports (!!!), now we need to discuss something much more exciting, although less innovative.
words are a-wasting, go watch their babes (not just booth-babes) at this gaming show. make sure and not just stare at the babes, but listen to the bit defender song!
note: not work-safe, and may be offensive to some viewers.
now, go and watch the symantec version:
tell me who rocks more!
Posted on January 4th, 2007 by SecuriTeam
Filed under: Commentary, Culture, Funny, OT, Privacy | 1 Comment »
one of the greatest surprises for me at 23c3 was my personal introduction to monochrom (wikipedia page), a group of hacker artists from austria. i know jacob appelbaum.. but i had no idea about the austrian group, or how great they are.
in very simple terms they are artists, very contemporary and very very scene-connected. life hacking, real hacking and any type of hacking, these guys are just l33t. we need to get them a stage one evening at defcon so they can play for us.
as a quick introduction to them, sing along with their rfid song (special for 23c3). i know i did… (although i couldn’t follow their german songs, danke sounded like a lot of fun – yes, i saw you singing fukami!)
for their lecture at 23c3, which is very cool and presents a lot of very interesting art projects heavily relating to hacking (not work safe! porn! could be considered very offensive! pg18, etc.) download the wmv:
some of the projects they discuss include porn, indeed, but others are more interesting. they created an entirely fictional artist (georg paul thomann) and had him represent austria in an international art show (and “save” taiwan when china wanted them out of the show). they showed (both by using 50 real euros and with a mathematical calculation) how many times it would take to blow the several trillian euros in circulation by going to a bank and exchanging to usd and euro again and again, etc.
cool people! rfid!!
Posted on December 25th, 2006 by SecuriTeam
Filed under: Botnets, Commentary, Culture, DDoS, Funny, Networking, Physical Security, Spam, Virus | No Comments »
hey, do i smell history repeating itself? bots on irc used to be useful too, and then used for local flooding. only later did they become the botnets that they are today.
so, from automated playing when you are not around to keep stuff active (rings a bell?) to botnets that throw… privates at people.
worth a read. i always love when the real world and the virtual meet, whether by marriages or by physical world police taking complaints because “someone stole my weapon on world of worldcraft!!”
we do live in interesting times.
Posted on November 20th, 2006 by noam
Filed under: Commentary, Funny, Spam | 3 Comments »
I got this polite spam which is the French version of the infamous Nigerian 419 (if that’s what it is, it lacks a dead relative.):
Je me présente je suis Madame Delanoë, la collaboratrice directe d’Annie Dupas étoile d’or de la voyance 2006.
Je vous contacte car vous avez été tiré au sort et vous avez la chance de pouvoir bénéficier d’une voyance par e-mail totalement gratuite avec Annie Dupas.
Posted on November 9th, 2006 by SecuriTeam
Filed under: Funny | 1 Comment »
“2^24 comments ought to be enough for anyone” — cmdrtaco
slashdot posting bug infuriates haggard admins
posted by cmdrtaco on thursday november 09, @10:45am
from the this-is-never-good dept.
last night we crossed over 16,777,216 comments in the database. the wise
amongst you might note that this number is 2^24, or in mysqlese an
unsigned mediumint. unfortunately, like 5 years ago we changed our primary
keys in the comment table to unsigned int (32 bits, or 4.1 billion) but
neglected to change the index that handles parents. we’re awesome! fixing
is a simple alter table statement… but on a table that is 16 million
rows long, our system will take 3+ hours to do it, during which time there
can be no posting. so today, we’re disabling threading and will enable it
again later tonight. sorry for the inconvenience. we shall flog ourselves
Posted on November 7th, 2006 by Trirat Kira P
Filed under: Funny | No Comments »
While there are Windows 0-day exploit (XML core) again, I have found some funny web site. It’s about M$ Firefox‘s features, http://www.msfirefox.com/microsoft-firefox/index.html. Having fun
Trirat Kira P.
Posted on October 26th, 2006 by Prozacgod
Filed under: Commentary, Funny, Networking | 4 Comments »
When I first started [I was about 13 & 1/2] working with computers I was really interested in figuring out how the ‘did what they did’. So much so that I was tinkering with assembler within 6 months of getting a computer, not that I accomplished much at that time. I didn’t have internet access so my only ‘escape’ from the real world was delving deeper into the machine. I quickly developed programming skills and was becoming trapped by the limits imposed in QuickBasic (hey we all learn somehwere ). I went back to looking at assembler since I knew I could encode byte code into the basic programs. After that I made some great mode 13 games and demos. (more…)
Posted on October 26th, 2006 by Administrator
Filed under: Corporate Security, Funny | 6 Comments »
From “Schneier on Security“:
FLUNKY: Sir, that Schneier person called again. He left a detailed
Posted on October 18th, 2006 by noam
Filed under: Funny | No Comments »
Clippy has decided to get into security, more details are available here: http://www.halon.org.uk/stuff/clip_php_cms.png
Posted on October 8th, 2006 by SecuriTeam
Filed under: Commentary, Funny, Google, Web | 4 Comments »
i still update the fun with google code search post daily with new regex searches, but i decided this one warrants its own post.
on the daily wtf they discuss some different types of searches.. among which the more polite and less funny ones are “idiot” and “wtf”.
a must search!
also, as somebody noted in the comments to this post, searching for tbd is interesting. searching for tbd security even more so:
* tbd: this file needs a security audit.