Domain: all.net
Stories and comments across the archive that link to all.net.
Comments · 39
-
Read & Learn, And Legalize Marijuana:Sultry Ni
Read & Learn, And Legalize Marijuana
Since the article is often pulled from websites, the first article you should read and burn into your mind is this, Google for the title and archive a copy for yourself:
"A break-in to end all break-ins"
"In 1971, stolen FBI files exposed the government's domestic spying program"It's an amazing story, and in 2008, how much has this expanded into every corner of our lives? The majority of Americans are brainwashed sheep consumers with a limp wet noodle for a brain, thrashing around with their Wii and Paris Hilton media like a fat dinoasaur in a tar pit. Stay informed, we have no privacy, encryption is good but useless with acoustic monitoring, reflections in the eye and objects in your environment, etc.! If it's electronic, there's always a loophole. You shine brighter with each electronic device you use, in many ways. Don't trust Hushmail or any web based mail service to keep anything of yours secure or to provide any reasonable degree of security. Secure your computer room and rig your computer to shut down if you use encryption like Truecrypt or other when your environment is entered by someone other than you or those you permit and trust (you shouldn't trust anyone, everyone has a price)
Compromising Reflections or How to Read LCD Monitors Around the Corner
http://www.infsec.cs.uni-sb.de/~unruh/publications/reflections.pdf [uni-sb.de]And more:
http://www.eff.org/wp/detecting-packet-injection
http://en.wikipedia.org/wiki/Anonymous_remailer
http://cryptome.org/tempest-law.htm
http://seclab.uiuc.edu/pubs/LeMayT06.pdf
http://www-users.cs.umn.edu/~dfrankow/files/lam-etrics2006-security.pdf
http://cryptome.org/nsa-vaneck.htm
http://www.alobbs.com/macchanger
http://lifehacker.com/software/ssh/geek-to-live--encrypt-your-web-browsing-session-with-an-ssh-socks-proxy-237227.php
http://www.nononsenseselfdefense.com/five_stages.html
http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf
http://csrc.nist.gov/itsec/guidance_WinXP_Home.html
http://csrc.nist.gov/publications/nistpubs/800-84/SP800-84.pdf
http://all.net/books/document/harvard.html
http://www-128.ibm.com/developerworks/library/l-keyc.html
http://www-128.ibm.com/developerworks/library/l-keyc2/
http://www-128.ibm.com/developerworks/library/l-keyc3/
http://www.cl.cam.ac.uk/~mgk25/emsec/optical-faq.html
http://www.cs.washington.edu/education/courses/csep590/06wi/
http://www.wiley.com/legacy/compbooks/mcnamara/links.html
http://lifeha -
Read & Learn, And Legalize Marijuana
Since the article is often pulled from websites, the first article you should read and burn into your mind is this, Google for the title and archive a copy for yourself:
"A break-in to end all break-ins"
"In 1971, stolen FBI files exposed the government's domestic spying program"It's an amazing story, and in 2008, how much has this expanded into every corner of our lives? The majority of Americans are brainwashed sheep consumers with a limp wet noodle for a brain, thrashing around with their Wii and Paris Hilton media like a fat dinoasaur in a tar pit. Stay informed, we have no privacy, encryption is good but useless with acoustic monitoring, reflections in the eye and objects in your environment, etc.! If it's electronic, there's always a loophole. You shine brighter with each electronic device you use, in many ways. Don't trust Hushmail or any web based mail service to keep anything of yours secure or to provide any reasonable degree of security. Secure your computer room and rig your computer to shut down if you use encryption like Truecrypt or other when your environment is entered by someone other than you or those you permit and trust (you shouldn't trust anyone, everyone has a price)
Compromising Reflections or How to Read LCD Monitors Around the Corner
http://www.infsec.cs.uni-sb.de/~unruh/publications/reflections.pdfAnd more:
http://www.eff.org/wp/detecting-packet-injection
http://en.wikipedia.org/wiki/Anonymous_remailer
http://cryptome.org/tempest-law.htm
http://seclab.uiuc.edu/pubs/LeMayT06.pdf
http://www-users.cs.umn.edu/~dfrankow/files/lam-etrics2006-security.pdf
http://cryptome.org/nsa-vaneck.htm
http://lifehacker.com/software/ssh/geek-to-live--encrypt-your-web-browsing-session-with-an-ssh-socks-proxy-237227.php
http://www.nononsenseselfdefense.com/five_stages.html
http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf
http://csrc.nist.gov/itsec/guidance_WinXP_Home.html
http://csrc.nist.gov/publications/nistpubs/800-84/SP800-84.pdf
http://all.net/books/document/harvard.html
http://www-128.ibm.com/developerworks/library/l-keyc.html
http://www-128.ibm.com/developerworks/library/l-keyc2/
http://www-128.ibm.com/developerworks/library/l-keyc3/
http://www.cl.cam.ac.uk/~mgk25/emsec/optical-faq.html
http://www.cs.washington.edu/education/courses/csep590/06wi/
http://www.wiley.com/legacy/compbooks/mcnamara/links.html
http://lifehacker.com/software/home-server/geek-to-live--set-up-a-personal-home-ssh-server-205090.php -
Heuristics in "easily defeated" shock
The funny thing is that AV software has been almost totally useless ever since we moved from floppy disks to Net connections - long before they started whitelisting malware from major corporations. As soon as it became possible to distribute malware more quickly than AV updates, AV software was dead in the water. And even before then, the writing was on the wall: the problem of detecting a virus is undecidable and you can't change the laws of math.
Good luck convincing your boss that AV software is snake-oil though. Best carry on paying and taking a performance hit every time you open a file. -
Re:How did he get access and On tools
Deception Toolkit. Learn it, love it.
http://all.net/dtk/download.html -
Answer
Here is Fred Cohen's take on the general subject:
http://all.net/resume/bio.html
http://all.net/journal/newsletter/index.html
http://all.net/Analyst/index.html
Ref.
http://all.net/
Paper:
An Undetectable Computer Virus
http://www.research.ibm.com/antivirus/SciPapers/VB 2000DC.htm
Could this be the end of the Mac - PC flamewar?
Logic:
"... we can't stop here, this is bat country."
Fear and Loathing in Las Vegas, A Savage Journey to the Heart of the American Dream
Hunter S. Thompson -
Answer
Here is Fred Cohen's take on the general subject:
http://all.net/resume/bio.html
http://all.net/journal/newsletter/index.html
http://all.net/Analyst/index.html
Ref.
http://all.net/
Paper:
An Undetectable Computer Virus
http://www.research.ibm.com/antivirus/SciPapers/VB 2000DC.htm
Could this be the end of the Mac - PC flamewar?
Logic:
"... we can't stop here, this is bat country."
Fear and Loathing in Las Vegas, A Savage Journey to the Heart of the American Dream
Hunter S. Thompson -
Answer
Here is Fred Cohen's take on the general subject:
http://all.net/resume/bio.html
http://all.net/journal/newsletter/index.html
http://all.net/Analyst/index.html
Ref.
http://all.net/
Paper:
An Undetectable Computer Virus
http://www.research.ibm.com/antivirus/SciPapers/VB 2000DC.htm
Could this be the end of the Mac - PC flamewar?
Logic:
"... we can't stop here, this is bat country."
Fear and Loathing in Las Vegas, A Savage Journey to the Heart of the American Dream
Hunter S. Thompson -
Answer
Here is Fred Cohen's take on the general subject:
http://all.net/resume/bio.html
http://all.net/journal/newsletter/index.html
http://all.net/Analyst/index.html
Ref.
http://all.net/
Paper:
An Undetectable Computer Virus
http://www.research.ibm.com/antivirus/SciPapers/VB 2000DC.htm
Could this be the end of the Mac - PC flamewar?
Logic:
"... we can't stop here, this is bat country."
Fear and Loathing in Las Vegas, A Savage Journey to the Heart of the American Dream
Hunter S. Thompson -
Mac Forensics
MacForensicsLab
http://www.macforensicslab.com/
http://www.macforensicslab.com/mfl_analysis.html
If you are a super criminal you have state protection, See:
Attorney General Alberto Gonzales:
http://politics.slashdot.org/article.pl?sid=07/05/ 16/0137205
http://tedscolumn.blogspot.com/2007/05/more-from-d epartment-of-injustice.html
http://news.com.com/8301-10784_3-9719339-7.html
But if you've got something [below] this insidious, you're just screwed:
http://www.securityfocus.com/cgi-bin/index.cgi?c=a rticlecomments&op=display_comments&ArticleID=11372 &expand_all=true&mode=threaded
You'd need Fred: [site is run off a locked volume - DVD]
http://all.net/
He also has, White Glove Linux, LE is for law enforcement only. [click "prices" on left]
http://all.net/WG/dist/index.html
Fred's, The Man(TM) -
Mac Forensics
MacForensicsLab
http://www.macforensicslab.com/
http://www.macforensicslab.com/mfl_analysis.html
If you are a super criminal you have state protection, See:
Attorney General Alberto Gonzales:
http://politics.slashdot.org/article.pl?sid=07/05/ 16/0137205
http://tedscolumn.blogspot.com/2007/05/more-from-d epartment-of-injustice.html
http://news.com.com/8301-10784_3-9719339-7.html
But if you've got something [below] this insidious, you're just screwed:
http://www.securityfocus.com/cgi-bin/index.cgi?c=a rticlecomments&op=display_comments&ArticleID=11372 &expand_all=true&mode=threaded
You'd need Fred: [site is run off a locked volume - DVD]
http://all.net/
He also has, White Glove Linux, LE is for law enforcement only. [click "prices" on left]
http://all.net/WG/dist/index.html
Fred's, The Man(TM) -
Teach Yourself Programming in Ten Years
Teach Yourself Programming in Ten Years
http://norvig.com/21-days.html
Fred
http://all.net/books/IP/evolve.html
GNU Source-highlight 2.5
http://www.gnu.org/software/src-highlite/source-hi ghlight.html -
Deception Tool Kit
Another approach is shown in the Deception Tool Kit. DTK is a collection of scripts which connect to unused ports and appear to be various servers. When many servers use it, a forest is created which helps hide individual trees.
-
If you prepare for war, it has already begun
-
Re:The Desktop Is Not Important Right Now
No stupid e-mail viruses. Security is much easier in a proper UNIX environment.
Er, pardon? I'm currently reading A Short Course On Computer Viruses by Cohen (the father of mathematical viral theory), and I'd have to beg to differ. He's proven _mathematically_ that you can't absolutely get away from viruses without _severely_ limiting the system. Period. Unixes are vulnerable, DOS is vulnerable, Windows is vulnerable, even Bell-LaPadula-based systems. So, as you can guess, Linux will be vulnerable to viruses as well.. But regardless of all that, e-mail viruses can infect regardless of the OS (assuming it's still usable.) If less than intelligent people continue to execute attachments, then e-mail viruses will spread. E-mail viruses are an end-user issue, not an OS issue.
P.S.: While this book is almost ten years old, I'd sincerely suggest that anyone interested in viral theory check it out. As an example of his work, you can see one of his 1984 papers on viruses here. -
First virus and first worm
Anyway, there were probably worm/virus prototypes before 1983. Anyone know of them?
In 1981-1982 the first computer virus, Elk Cloner, started spreading in the wild but it was not until 1983 when Fred Cohen finally proved that the concept of a computer virus was viable. To my best knowledge the first worm spreading in the wild was IBM Christmas Worm in 1987 and the first Internet worm was Robert T. Morris' Worm in 1988.
-
Some early viruses ran only on UNIX!
The part I find ironic about this article (most of which I agree with) is that some of the world first viruses were written for, and designed to run on, UNIX.
At least the early work by Dr. Fred Cohen was certainly done on a variety of boxes, and UNIX figured prominently.
The shell viruses were particularly interesting to me.
His book A Short Course in Computer Viruses, ASP Press (1991) is a fantastic read, even for it's age.
-
Re:Boot?
You can't boot from a USB device, can you?
Not quite, but with a boot floppy, you can get close.I tend to carry a small collection of bootable media with me such as tomsrtbt on a floppy, LNX-BBC, White Glove, PLAC and a few others. (yes, even a DOS boot disk) They can be very helpful in cases such as upgrading a mobo for a Win98 machine, where the mobo can't see the CD-ROM until you install a driver... from a CD-ROM.
-
How will Palladium fend off viruses and worms?
I've yet to see an explanation (other than "It's Magic!") of how a Palladium/TCPA/Fritz-chipped computer will end up more secure against viruses and worms. For starters, note that the most prevalent viruses for the last several years have affected *macros*, and assume that the "worms" they talk about are things like Klez, SirCam and etc, basically Outlook viruses.
Certainly in a Fritzed Palladium computer, software like Word and Outlook will have "certification". I mean, MSFT will certify their own software, right? The Word macro virus just gets interpreted by the certified Word executable. Similarly, Klez would just cause the "certified" Outlook executable to do certain things.
Given that any computing system that is Turing-complete can support viruses, how does Palladium make a system resistant to them? Is a Palladium system just not Turing-complete? Will "certified" executables not have features like scripting languages, macros, etc built into them?
-
Re:This is great news!
Read Fred Cohen's paper Computer Viruses - Theory and Experiments published in 1984. The original experiments that demonstrated the threat of viruses were done on Unix.
-
Re:Even Carly couldn't kill VMS...
'cause VMS scared the hell of the hackers.
do you mean hackers like Mitnick? -
White glove Linux
White Glove Linux is another similar distro. Ajay
-
Re:Economies of hype
While your point is well taken, another major advantage of LCD displays (other than the space savings as noted by another poster) is the power and cooling savings. Fred Cohen had his students in the CCD do a power and heat analysis of all their equiptment in the wake of the CA power crisis. They found that a 17" LCD monitor only drew 1/10 the power and generated 1/4 the heat of a 17" CRT monitor meaning that the higher cost for the LCD monitor would pay for itself after just a couple years of use.
-"Zow"
-
Re:High Level Security Does Note Equal Stacked Dec
Thank you, Mo, finally a voice of reason. (And to answer your question, it was probably around 250,000.) Notable example: Dr. Fred Cohen, who works at the Sandia National Laboratories, is very likely in possession of classification levels whose very names are classified, and is also one of the most outspoken critics of Carnivore and the FBI in general.
Once again, Slashdot showing the fact that just because you have a forum doesn't make you an expert in, well... anything. (I don't claim to be one either for that matter, just an informed amateur.)
-
International Hackerism
Does this mean massive international man-hunts for the infamous "Carlos the Hacker"?
Best encrypt with ScramDisk (Windows 95/98 version here) locally, and with GnuPG for transmission, all your CueCat code and use anonymous remailers for version releases to Freenet, or be prepared to live out your life in a shadowy realm of underground coders dwelling in the hidden spaces between the giants of the United Corporations of the World.
-
here are some links
- First, here are lecture notes from a college course on operating system design.
- Second, some more meterial from another university (it's not clear to me that this is from a course).
- Third, a terse document detailing broad set of features common to operating systems of different periods (also part of an operating sytems course).
- Fourth, another page, which seems to be part of college course, with a section on the history of operating systems.
- Fifth, a web-slideshow on the topic.
- And Finally, a smattering of other links to the same topic by even more authors: another lecture from a college course, chapter 3, section 1 from the book Introductory Information Protection by Fred Cohen & Associates, Operating Systems - Yesterday, Today, Tomorrow, and Evolution of Operating Systems User Interface Design
-
"Shoot Back" is recipe for disaster - builtin DDOSIt's one thing to let experts shoot back. It's another thing to make it a widely distributed capability, especially an automated one. Currently a bad guy who wants to run a DDOS needs to crack a few hundred poorly-run machines and then fire up his scripts to abuse them. But if "shoot-back" tools are widely distributed, all he needs to do is find how to forge an attack in a way that will convince a particular shootback tool to attack some victim, and then spam out as many attacks as necessary to get the shootbacks to overwhelm the victim. (Obviously it's still worth doing this from a cracked machine, but you don't have to own a lot of cracked machines to obfuscate yourself.)
This is different from mostly-passive traps like teergrube (FAQ; jargon) or Deception Toolkit or spider traps which sit around waiting for Bad Guys to attack them and react unexpectedly when attacked (e.g. ...res.p...o...n...d....v...e...r...y....s..l..o.. o...ooo...w...l...y.... while logging stuff or sending back odd replies). ("mostly passive" doesn't exclude leaving lots of inviting copies of your address around for harvesters or script kiddies to find.) -
Re:Wild Weasel FactsI wasn't really going to post on this thread, but your message reminded me of The Deception Toolkit available at http://all.net/dtk/.
The Deception Toolkit is a tool for building honeypots, but with a twist. It listens at port 365 and just says something like "Smile, you're on candid camera". The idea being, that if enough DTK boxes are out there, if someone sees a port open at 365 they will aim their scripts elsewhere.
Ain't decoy's grand?
-
Deception Toolkit: check it outA flexible toolkit already exists for putting together honeypots and distributing honeypot-ish services through a cluster of servers. I use it and have had some success with it, and not just script kiddies wind up on the other side of the Fickle Finger of Fate. The bottom line is that a honeypot is part of an overall security strategy, not a replacement for good firewall policies and other access controls. Like any tool, they must be wielded competantly to avoid doing harm. That being said, I won't often recommend them to clients unless they have a pretty savvy staff.
One other point is that honeypots are not 'lightening rods,' but are part of your last line of defense. Like Tripwire and other intrusion detection systems, they exist to let you know the game is going badly after your other countermeasures have failed. Certainly the majority of a security effort should be spend on making sure no one gets past security controls in the first place, but if they did you'd like to know abut it, wouldn't you?
Hit http://all.net/dtk for the goodies.
-- Jonnie
-
don't waste your time on honeypots
99.9% of the people who consider putting honeypots on their networks should instead spend that time securing their vunlerable networks, checking for and applying the latest patches, and reading up on security trends and issues.
that said, honeypots are a really cool concept, nevertheless. but a network or security admin needs to focus on more fundamental security issues though. those NT network admins, for instance, should be deploying a second, or third, or fourth firewall on BSDi or Linux, instead of wasting time and compromising their security with a misconfigured NT honeypot. honeypots are best left for IT security research environments, or for people who have too much time to waste.
a notable exception is NAI's Cybercop Sting. Sting emulates Cisco IOS 11.2, Solaris 2.6, and WinNT 4, running common services. with Sting, you can pipe all of your legitimate traffic thrugh Sting, and utilize the excellent logging capabilities of Sting for an added layer of security. additionally, Sting can be, should be, and often is utilized to monitor employees (i.e. internal hacking/cracking attempts). since most of the security incidents will be from internal sources, honeypots are an excellent way to monitor for suspicious LAN activity.
there was an excellent discussion recently of the honeypot concept, with a wide range of opinions and views from all sectors of the Net population, on the Security Focus Incidents mailing list. the thread was entitled "Cracked; rootkit - entrapment question?", and was back in late February and early March.
for those who have more interest in honeypots, check out the following:
To Build a Honeypot - article by Lanace Spitzner
CyberCop Sting - product by NAI
dtk - Fred Cohen's Deception Toolkit
NFR's BackOffice Friendly - product by Marcus Ranum and L0pht
and finally, a cool new product that i saw at RSA2000
ManTrap - product by Recourse Technologies that is based on Solaris 7
-
Honeypot
The best thing to do with a honeypot is to have it set up behind your firewall. If someone breaks through your firewall and scans your internal network, they will be attracted to your honeypot first. This will probably give you enough time to see the intrusion taking place and take appropriate measures. Check out the Deception Toolkit for a decent program to handle the honeypot.
Before you even begin to work on setting up a honeypot, you should first secure your network as well as you can. The honeypot should only be used as a second(or third) line of defense. -
Check out the Deception Tookit
The Deception Toolkit might be something you'll find useful for your honeypot.
-
Deception ToolkitAs mentioned in the article, put the Deception Toolkit on an old machine in the DMZ. The DTK is a bunch of scripts which let crackers waste time without giving them real programs with real bugs to attack. And make all your machines label themselves as running the DTK, whether they are or not.
The DTK is for poisoning the well. If you really have the time to watch what a cracker is doing, by all means put in a honeypot. But then you have to monitor it, figure out what is happening, and apply similar fixes to your production machines.
No matter what you do, you should have a firewall or two anyway. The main firewall should block everything that you don't need to let through. There can also be a DMZ firewall between your Internet server machines and the Internet which has weaker limitations, if needed by your services. (The standard configuration is a separate DMZ net for your Internet servers and a net for your internal company LAN, with a very strict firewall/proxy between the LAN and the Internet).
-
An Evening with Berferd
Sounds a lot like An Evening with Berferd.
Sorry for the hyperlinked version, there's a PS file out there that makes for better reading IMHO. -
Trinoo Deception Tool Kit?
Is there a Deception Tool Kit script for Trinoo? May as well waste the time of Trinoo monkeys...
-
Reverse Turing Test
Let's not forget the machine Turing Test: The Deception Toolkit lets machines try to convince machines (and script kiddies) that they're a machine with weak security.
-
Deception ToolKit
One the more interesting Intrusion Detection concepts I've seen in recent times is the Deception ToolKit. What this program does is "fakes" a bunch of commonly exploited security holes on your system - even though those holes aren't actually there. This is could prove to be very good at catchin script kiddies who run sendmail break-in scripts, etc. A very interesting concept, indeed - I don't know how well it works, though. Anybody out there with any opinions on this piece of software?
Dear IRS,
I am writing to you to cancel my subscription. -
Alarmed Honeypot
Remember that you can wire your unused services to a network honeypot, a collection of things which are attractive to an intruder. This could be as simple as running The Deception ToolKit on all servers, configured to give DTK the services which that server is not using. Or your network may be configured to redirect all requests for improper server/service combinations to honeypot machines. You can alarm the honeypots to alert you to what is happening. At the same time you're wasting the time of the attackers.
-
Listen and Tease
- If you really want to monitor safely, put a hub on your Internet link outside the firewall and have a separate box doing the monitoring. That box does not need to send anything, so if you want you can use an AUI adapter and don't connect the Transmit part of the cable. You can have its reports sent through a serial cable to one of your other boxes (avoid networking for this).
- Install the Deception ToolKit on your unused IPs. These are scripts that make scanners think there is something open, and let humans waste their time attempting to find data which is interesting. Give the script kiddies something interesting to waste their time on while your alarms are sounding.
-
Block all at Firewall and use ProxyIPUse Linux IP Port Forwarding on your HTTP ports from the firewall to the servers. The servers will have different IP addresses and attacks will have trouble getting out of the server, particularly if they are non-Internet IP addresses.
Also put the Deception Tool Kit on an old machine, preferably in a DMZ, and let the script kiddies think you're running a single machine and that it behaves differently than it really does. They have time to waste, so let them waste more time.