Posted on April 1st, 2007 by Aviram
Filed under: Culture, Funny, Web | 7 Comments »
My favorite April’s fool prank so far is a combination of two cross site scripting attacks on Cisco’s web site and Maria Sharapova’s site to announce that she has passed the Cisco certification test and will now become a security engineer.
It’s a neatly done attack (just a small noticeable error on the Cisco site) and it shows pictures of Sharapova which gives it extra credit score 
Well done Security Lab!
(queue in the backdoor jokes)
Posted on January 4th, 2007 by SecuriTeam
Filed under: Commentary, Culture, Funny, Virus | 3 Comments »
we discussed nod32′s marketing with putting “nod32 protects your ass” on babes while playing sports (!!!), now we need to discuss something much more exciting, although less innovative.
bit defender!
words are a-wasting, go watch their babes (not just booth-babes) at this gaming show. make sure and not just stare at the babes, but listen to the bit defender song!
note: not work-safe, and may be offensive to some viewers.
http://www.youtube.com/results?search_query=bitdefender
and specifically:
http://www.youtube.com/watch?v=xlfneykgjpi
http://www.youtube.com/watch?v=nlhqknop90c
http://www.youtube.com/watch?v=g-0iqmhilrw
http://www.youtube.com/watch?v=-dhgzwinlry
etc.
now, go and watch the symantec version:
http://www.youtube.com/watch?v=x-unym6qfy8
tell me who rocks more!
gadi evron,
ge@beyondsecurity.com.
Posted on January 4th, 2007 by SecuriTeam
Filed under: Commentary, Culture, Funny, OT, Privacy | 1 Comment »
one of the greatest surprises for me at 23c3 was my personal introduction to monochrom (wikipedia page), a group of hacker artists from austria. i know jacob appelbaum.. but i had no idea about the austrian group, or how great they are.
in very simple terms they are artists, very contemporary and very very scene-connected. life hacking, real hacking and any type of hacking, these guys are just l33t. we need to get them a stage one evening at defcon so they can play for us.
as a quick introduction to them, sing along with their rfid song (special for 23c3). i know i did… (although i couldn’t follow their german songs, danke sounded like a lot of fun – yes, i saw you singing fukami!)
http://youtube.com/watch?v=ywg53d8_ivw
for their lecture at 23c3, which is very cool and presents a lot of very interesting art projects heavily relating to hacking (not work safe! porn! could be considered very offensive! pg18, etc.) download the wmv:
ftp://ftp.c3d2.de/congress/23c3/monochrom-t4s3.wmv
some of the projects they discuss include porn, indeed, but others are more interesting. they created an entirely fictional artist (georg paul thomann) and had him represent austria in an international art show (and “save” taiwan when china wanted them out of the show). they showed (both by using 50 real euros and with a mathematical calculation) how many times it would take to blow the several trillian euros in circulation by going to a bank and exchanging to usd and euro again and again, etc.
cool people! rfid!!
gadi evron,
ge@beyondsecurity.com.
Posted on December 25th, 2006 by SecuriTeam
Filed under: Botnets, Commentary, Culture, DDoS, Funny, Networking, Physical Security, Spam, Virus | No Comments »
hey, do i smell history repeating itself? bots on irc used to be useful too, and then used for local flooding. only later did they become the botnets that they are today.
so, from automated playing when you are not around to keep stuff active (rings a bell?) to botnets that throw… privates at people.
http://www.boingboing.net/2006/12/21/second_life_griefers.html
worth a read. i always love when the real world and the virtual meet, whether by marriages or by physical world police taking complaints because “someone stole my weapon on world of worldcraft!!”
we do live in interesting times.
gadi evron,
ge@beyondsecurity.com.
Posted on November 20th, 2006 by noam
Filed under: Commentary, Funny, Spam | 3 Comments »
I got this polite spam which is the French version of the infamous Nigerian 419 (if that’s what it is, it lacks a dead relative.):
Bonjour,
Je me présente je suis Madame Delanoë, la collaboratrice directe d’Annie Dupas étoile d’or de la voyance 2006.
Je vous contacte car vous avez été tiré au sort et vous avez la chance de pouvoir bénéficier d’une voyance par e-mail totalement gratuite avec Annie Dupas.
(more…)
Posted on November 9th, 2006 by SecuriTeam
Filed under: Funny | 1 Comment »
http://slashdot.org/articles/06/11/09/1534204.shtml
“2^24 comments ought to be enough for anyone” — cmdrtaco
slashdot posting bug infuriates haggard admins
posted by cmdrtaco on thursday november 09, @10:45am
from the this-is-never-good dept.
slashdot.org
last night we crossed over 16,777,216 comments in the database. the wise
amongst you might note that this number is 2^24, or in mysqlese an
unsigned mediumint. unfortunately, like 5 years ago we changed our primary
keys in the comment table to unsigned int (32 bits, or 4.1 billion) but
neglected to change the index that handles parents. we’re awesome! fixing
is a simple alter table statement… but on a table that is 16 million
rows long, our system will take 3+ hours to do it, during which time there
can be no posting. so today, we’re disabling threading and will enable it
again later tonight. sorry for the inconvenience. we shall flog ourselves
appropriately.
gadi evron,
ge@beyondsecurity.com.
Posted on November 7th, 2006 by Trirat Kira P
Filed under: Funny | No Comments »
While there are Windows 0-day exploit (XML core) again, I have found some funny web site. It’s about M$ Firefox‘s features, http://www.msfirefox.com/microsoft-firefox/index.html. Having fun
Trirat Kira P.
Posted on October 26th, 2006 by Prozacgod
Filed under: Commentary, Funny, Networking | 4 Comments »
When I first started [I was about 13 & 1/2] working with computers I was really interested in figuring out how the ‘did what they did’. So much so that I was tinkering with assembler within 6 months of getting a computer, not that I accomplished much at that time. I didn’t have internet access so my only ‘escape’ from the real world was delving deeper into the machine. I quickly developed programming skills and was becoming trapped by the limits imposed in QuickBasic (hey we all learn somehwere 
). I went back to looking at assembler since I knew I could encode byte code into the basic programs. After that I made some great mode 13 games and demos. (more…)
Posted on October 26th, 2006 by Administrator
Filed under: Corporate Security, Funny | 6 Comments »
From “Schneier on Security“:
FLUNKY: Sir, that Schneier person called again. He left a detailed
message.
(more…)
Posted on October 18th, 2006 by noam
Filed under: Funny | No Comments »
Clippy has decided to get into security, more details are available here: http://www.halon.org.uk/stuff/clip_php_cms.png
Posted on October 8th, 2006 by SecuriTeam
Filed under: Commentary, Funny, Google, Web | 4 Comments »
i still update the fun with google code search post daily with new regex searches, but i decided this one warrants its own post.
on the daily wtf they discuss some different types of searches.. among which the more polite and less funny ones are “idiot” and “wtf”.
http://thedailywtf.com/forums/thread/94630.aspx
a must search!
also, as somebody noted in the comments to this post, searching for tbd is interesting. searching for tbd security even more so:
38: *
* tbd: this file needs a security audit.
*/
gadi evron,
ge@beyondsecurity.com.
Posted on October 5th, 2006 by SecuriTeam
Filed under: Commentary, Culture, Funny, Phishing, Spam, Web | 4 Comments »
apparently, this guy spammed himself and referred to a wikipedia article he created to give himself credibility.
cute!
phishing by wikipedia? the admins will probably notice this soon and remove it, but if this becomes as common-place as comment spam has, i am not sure they can handle the over-head. this is about money, and the bad guys make a lot.
it’s also possible this is a joe job on someone real.
update:
the entry in wikipedia appears to be about a real person related to organized crime. i wonder why he of all people was chosen to be used in this scam?
hello dear friend!!!
from:
vladimir ivanov (vladimir ivanov)
to:
alexdu4@bellsouth.net
date:
today 18:11:52
(more…)
Posted on September 2nd, 2006 by noam
Filed under: Commentary, Full Disclosure, Funny, Insider Threat | 1 Comment »
I arrived at Ataturk Airport (for those who don’t know its located in Turkey), and found out their Wireless network is worth … wait it … shit … You can hardly get a signal, I stood near the Free Wireless Access(tm) sign and got less than 15% signal, frustrated, I decided to go the extra mile.
The Turks are really nice, they provide Internet access points to people sitting in the travelers lounge, these Internet access points are connected via Ethernet. I decided to give it a shot and plugged my laptop to the socket… damn, nothing … most have a sophisticated IDS/IPS/ACL/NOC/[Insert buzzword] device blocking me. Not yet ready to lose the war… was I at war? … I decided to issue this command:
ifconfig eth0 hw ether XX:XX:XX:XX:XX:XX
Where I replaced the XX:XX:XX:XX:XX:XX with the MAC address of the Internet access point which I sniffed using Wireshark ™ – known in the past as Ethereal – and voula, “free” Ethernet based access to the network… though wired 
I am sure the guys at the security department were telling jokes, think of the poor bastard that will plug his laptop and see that it won’t work … mohahaa…, but hey, I guess you need to get smarter, MAC address are no means of detecting the remote computer’s identity
That is it for now. C’ya
Posted on August 16th, 2006 by Kfir
Filed under: Commentary, Culture, Digest, Funny | 4 Comments »
Ahoy,
Can you tell who wrote this poem?
“Oracle
Everybody follows
Speedy bits exchange
Stars await to glow”
You’re right!
Oracle JDBC Client programmers.
I was sniffing my network and encountered this poem in the RAW bytes of one of Oracle’s JDBC logon packets.
The RAW bytes of the packet (Data is in Hex; on the right ASCII translation):
22 4f 72 “Or
61 63 6c 65 0a 45 76 65 72 79 62 6f 64 79 20 66 acle.Everybody f
6f 6c 6c 6f 77 73 0a 53 70 65 65 64 79 20 62 69 ollows.Speedy bi
74 73 20 65 78 63 68 61 6e 67 65 0a 53 74 61 72 ts exchange.Star
73 20 61 77 61 69 74 20 74 6f 20 67 6c 40 6f 77 s await to gl@ow
22 0a 54 68 65 20 70 72 65 63 65 64 69 6e 67 20 “.The preceding
6b 65 79 20 69 73 20 63 6f 70 79 72 69 67 68 74 key is copyright
65 64 20 62 79 20 4f 72 61 63 6c 65 20 43 6f 72 ed by Oracle Cor
70 6f 72 61 74 69 6f 6e 2e 0a 44 75 70 6c 40 69 poration..Dupl@i
63 61 74 69 6f 6e 20 6f 66 20 74 68 69 73 20 6b cation of this k
65 79 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 ey is not allowe
64 20 77 69 74 68 6f 75 74 20 70 65 72 6d 69 73 d without permis
73 69 6f 6e 0a 66 72 6f 6d 20 4f 72 61 63 6c 31 sion.from Oracl1
65 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 43 e Corporation. C
6f 70 79 72 69 67 68 74 20 32 30 30 33 20 4f 72 opyright 2003 Or
61 63 6c 65 20 43 6f 72 70 6f 72 61 74 69 6f 6e acle Corporation
As you can see – the packet, belonging to our corporate world, had a Copyright mark, just after the poem.
“The preceding key is copyrighted by Oracle Corporation.
Duplication of this key is not allowed without permission
from Oracle Corporation. Copyright 2003 Oracle Corporation”
Well, what next?.. Harry Potter on P2P packets or maybe Copyrighted MD5s?
Live long and prosper,
Kfir Damari,
kfird@beyondsecurity.com.
Posted on August 16th, 2006 by SecuriTeam
Filed under: Cisco, Funny | No Comments »
it is not often we get to have some fun while dealing with the realm of bgp. that said, you can get a good rotfl and learn from this surprisingly informative post:
http://www.routergod.com/?p=40
if you like, look for other posts there, such as “don king on ip access lists” or “gary coleman on priority queuing”. whatever you do, read this.
have fun.
thank to twi for this link.
gadi evron,
ge@beyondsecurity.com.
Subscribe
