Slashdot Mirror

← Back to Domains

Domain: cultdeadcow.com

Stories and comments across the archive that link to cultdeadcow.com.

Comments · 109

  1. Re:Right by Anonymous Coward · · Score: 0 · on Dyn DNS DDoS Likely The Work of Script Kiddies, Says FlashPoint (techcrunch.com)

    Something like that, yeah...

  2. Incrementalism by Animats · · Score: 1 · on Joel Test Updated

    I have misgivings about the "daily build" mania. Like "extreme programming", it maps well to the class of problem which consists of a large number of loosely coupled features. Most web-based systems fall into that category. It's not a good model for, say, a compiler, a file system, a database, a solid geometric modeling system, or simulation system, or a real-time control system, where there are rigorous overall constraints and "features" don't dominate the problem.

    (Most of the stuff Joel's company does isn't that advanced. Their products are a project management program, a front end to an existing version control system, and a "remote administration tool" which sounds like Back Orifice..)

  3. Vote for 2600, Wikileaks, and cDc as regulators by h00manist · · Score: 1 · on UN Considering Control of the Internet

    I'd vote for Indymedia, 2600, Wikileaks, Pirate Bay, Pirate Parties International, the EFF, FSF, and cDc communications to regulate the Internet. And Open Meshshould be the direction of growth. Ok then, we aren't going to get to coordinate "The Internet", we'll settle for The ParallelNet. There's enough geeks for it.

  4. Obligatory JATO car reference by Alex+Belits · · Score: 3, Informative · on Another Contender For the Land Speed Record

    Apparently the origin of that whole thing.

  5. They speak the truth as always by ShOOf · · Score: 1 · on Microsoft Denies It Built Backdoor Into Windows 7

    "Microsoft has not and will not put "backdoors" into Windows"

    http://www.cultdeadcow.com/tools/bo.html

    Ahh the good old says of popping open cd trays remotely and watching people's ICQ conversations as they reacted.

  6. L0pht history by Animats · · Score: 4, Insightful · on Hacker Group L0pht Making a Comeback

    L0pht Heavy Industries went corporate in 2000, and became "@Stake", which was acquired by Symantec in 2004, and disappeared into the Symantec empire.

    L0pht, founded in 1992, was itself a descendant of the Cult of the Dead Cow, founded in 1984 and still around, more or less.

    There have been various spinoffs and buybacks along the way, but it's been a while since cutting edge work came from that crowd.

  7. hypocrits by scientus · · Score: 1 · on China Makes Arrests To Stop Internet Porn

    LOLOLOL

    the china officials have already been found coult red-handed with porn on government servers:

    http://w3.cultdeadcow.com/cms/2008/03/cult-of-the-dea.html

    any they ironically didnt find any on us offical servers..

  8. Reopening the door for buffer overflows by tjarrett · · Score: 2, Informative · on Vista's Security Rendered Completely Useless

    Address space layout randomization and data execution prevention are meant as a protection against buffer overflow attacks, in which an attacker seeks to overwrite a known address space in memory so that they can execute their own code on your machine.

    These features in Windows were intended to blunt the severity of buffer overflows by making it much more difficult to exploit them consistently. Breaking it returns Vista and Windows Server 2008 systems to the same level of vulnerability to buffer exploits and other attacks that stomp on protected memory.

    In other words, these attacks make Vista as vulnerable as older versions of Windows, but not more so.

  9. Re:Enema Within by nuzak · · Score: 1 · on 2007 Darwin Award Winners

    > The original one was the "guy who strapped a JTOW rocket to his car"

    JATO - stands for Jet Assisted Take-Off. Anyway, the guy who purports to tell the Real Story of The Rocket Car sure spins a good (long!) yarn. Don't know if that one's actually real or not, but it's certainly plausible.

  10. Re:Better still: by Pharmboy · · Score: 1 · on Law Firm Claims Copyright on View of HTML Source

    so could always copy the look of a site, and yet Microsoft still "played along".

    But who the hell would want a site that looks like microsofts?

    Besides, they sell the t00lz to mad hax0rZ so they can steal images and html and make copies of Adobe GoLive pages using FrontPage. They are just as bad as the l0pht and cDc and 2600 d00dz!

    (showing my age now...)

  11. Re:How does this work?? by m50d · · Score: 1 · on Online Videos May Conduct Viruses

    Other people have given some good info, but IMO the best explanation is the Tao of the Windows buffer overflow - it tells you exactly how a buffer overflow works, complete with working code.

  12. Re:Screw nukes by identity0 · · Score: 1 · on Why South Korea Is Shackled To Windows

    You jest, but in fact North Korea has been reported to have a hacker and cyberwarfare unit with several hundred members, possibly many more. Given that NK has very little in the way of computer infrastructure, it's likely mostly designed for attack of their main enemies, SK, US and Japan.

    Now, whether they have any talent is an open question, but the military seems to be about the only thing that works well there...

  13. the bad guys don't need the source by Walter+Carver · · Score: 1 · on Fighting Claims That Open Source Is Insecure?

    from http://www.opensource.org/advocacy/faq.php

    Q: Doesn't closed source help protect against crack attacks?

    A: This is exactly backwards, as any cryptographer will tell you. Security through obscurity just does not work.

    The reason it doesn't work is that security-breakers are a lot more motivated and persistent than good guys (who have lots of other things to worry about). The bad guys will find the holes whether source is open or closed (for a perfect recent example of this see "The Tao of Windows Buffer Overflow" [1]).

    Closed sources do three bad things. One: they create a false sense of security. Two: they mean that the good guys will not find holes and fix them. Three: they make it harder to distribute trustworthy fixes when a hole is revealed.

    In fact, open-source operating systems and applications are generally much more security-safe than their closed-source counterparts. When the "Ping o' Death" exploit was revealed in 1997 (for example) Linux had fix patches within hours. Closed-source OSs didn't plug the hole for months.

    Alan Cox has written an excellent article on "The Risks of Closed Source Computing" [2].

    [1] http://www.cultdeadcow.com/cDc_files/cDc-351/
    [2] http://www.ibiblio.org/oswg/oswg-nightly/oswg/en_U S.ISO_8859-1/articles/alan-cox/risks/risks-closed- source/risks.html

  14. Yah, and beef is the same as cheese. by agent · · Score: -1 · on Florida Judge Upholds Conviction By Defining "Email" To Include IMs

    They both come from a cow.

    Fuck the cDc! Punk bitches.
    http://www.cultdeadcow.com/

  15. Old "news", the cDc ran this a month a go. by agent · · Score: -1 · on Tales from a BBS Junkie

    http://www.cultdeadcow.com/archives/2006/08/commod ork.php3#comments

    I want a law that my "slave" computers are worth 2/5 of a vote for the next election.

  16. Re:First Of All, Congrats by Anonymous Coward · · Score: 0 · on Former MS Security Strategist Joins Mozilla

    There is more history here than meets the eye. Yes, Window used to work for MS but before that she worked for @Stake. . You remember them? The security company founded by a bunch of hackers! Window herself was involved with similar groups before then such as New Hack City and Messiah Village. She has a been a regular attendee at Defcon and other hacker cons such as Pumpcon and Summercon. Even now she has tight relations with group that was formed by old hackers from @Stake and earlier Matasano.com.

    What does all this mean? It means that Mozilla is getting one smart person to work on thier security.

  17. Re:Gig of the 21st Century...Artists vs RIAA by Bushido+Hacks · · Score: 1 · on Weird Al Says 'Don't Download This Song'

    Yes. Only it would be called EFFAid (pronounced "F Aid" like "Chief Aid" from South Park). It would be sponsored by the EFF, RIAA Radar, and Downhill Battle. It would probably be held in Austin Texas and MC'd by the members of Cult of the Dead Cow or Wierd Al.

    RIAA of course whould down play it as insignificant and tell the media to not promote it until the last minite then run it into the ground with bad puns and poorly designed pop-culture references (similar to how the press made Snakes on a Plane look bad).

  18. Reminds me of... by redpop350 · · Score: 2, Interesting · on Best Buy Invaded By Blue Shirt Improv Artists

    "Cement Teddy Bears" http://www.cultdeadcow.com/cDc_files/cDc-0368.php My favorite Christmas story of all time!

  19. CDC? by Zenmonkeycat · · Score: 1 · on Clinton, Lieberman Propose CDC Investigate Games

    I'm kind of surprised that Clinton and Lieberman would work on curtailing computer violence alongside the Cult of the Dead Cow.

  20. Re:Oh, goodie! by TubeSteak · · Score: 1 · on MS Connects Office and Back-Office Apps

    Anyone remember playing with BackOrifice in the highschool computer lab?

    Yea, we got in trouble for that, but it was fun.

    http://www.cultdeadcow.com/tools/bo.html

  21. Re:How/Why does thi skeep happening by m50d · · Score: 1 · on Exploit Released for Unpatched Windows Flaw

    The path to enlightenment

  22. Re:let me explain something about longhorn... by HeliumHigh · · Score: 1 · on Longhorn Beta Begins

    Possibly Dead Cows, or maybe a cult of sorts...
    (http://cultdeadcow.com/ for the two of you who don't know XD)

  23. Re:let me explain something about longhorn... by StormUP · · Score: 1 · on Longhorn Beta Begins

    It is possible. I mean there is already the Cult of the Dead Cow. http://www.cultdeadcow.com/

  24. just wait by cryptoz · · Score: -1, Offtopic · on Kazakhstan's Spaceship Junkyard

    until the United States adopts these practices. Or maybe they already have...look out, terrorists!

    whatever the case, the Cult of the Dead Cow are probably cheering over the wonderful news.

    But seriously, that's kinda freaky. I mean, yeah, I'd love to have spaceship parts in my backyard, but has anyone read The Andromeda Strain by Michael Crichton? Ouch...

  25. Re:Once again, Zonk lowers the bar. by frakir · · Score: 2, Informative · on How To Conduct Your Very Own Buffer Overflow

    There is one old but nicely written buffer overflow tutorial at
    http://www.cultdeadcow.com/cDc_files/cDc-351/essen ce.html

  26. Re:Looks like someone smashed his servers stack by bergeron76 · · Score: 1 · on How To Conduct Your Very Own Buffer Overflow

    Cool, I found the article; here it is:

    http://www.cultdeadcow.com/cDc_files/cDc-351/index .html

  27. The Tao of Windows Buffer Overflow by nweaver · · Score: 4, Insightful · on How To Conduct Your Very Own Buffer Overflow

    Another good reference is the Tao of Windows Buffer Overflow by the Cult of the Dead Cow. A very detailed explanation how to exploit stack overflows on Windows.

  28. The Tao of Windows Buffer Overflow by nweaver · · Score: 4, Insightful · on How To Conduct Your Very Own Buffer Overflow

    Another good reference is the Tao of Windows Buffer Overflow by the Cult of the Dead Cow. A very detailed explanation how to exploit stack overflows on Windows.

  29. is it just me by Prince+Vegeta+SSJ4 · · Score: 1 · on Longhorn Beta is Disappointing

    or does the longhorn logo look like it was modeled after the cDc logo

  30. Forget the brain stimulator by Muhammar · · Score: 1 · on Give Your Brain A Boost

    Geeks have brain. Here's what is lacking:

  31. Funny by shfted! · · Score: 1 · on Open the Debates

    Whenever I see CDC, I think of Cult of the Dead Cow.

  32. Re:In other news... by Pigbot · · Score: 1 · on Peeping Tom Worm That Uses Webcams

    Why is it that everyone assumes that most people use their computers in the Nude?

    What are the odds that most people use their web cam in the nude? That being said, I always cover my web cam when not in use (has been 6 months since I used, and no, not nude) because I am familiar with the fun everyone was having with Back Orifice over 5 years ago. This is not nearly as new as everyone thinks it is, this is just a different way to do the same old thing: spy on someone using their own web cam.

    I think I still have one of the cDc Tshirts around here somewhere...

  33. Re:Makes me think of this pic by O0o0Oblubb!O0o0O · · Score: 1 · on Peeping Tom Worm That Uses Webcams

    Hehe, you probably had these pictures in mind:

    http://www.ntk.net/bo2k/

    alternatively:

    Google 1st picture, Google 2nd picture

    Back Orifice indeed had this functionality back in 1998. We used it on friends a couple of times for fun.

    The program was released by CDC

    The feature list contains the following:

    "Multimedia control
    Play wav files, capture screen shots, and capture video or still frames from any video input device (like a Quickcam)."

    Here's a link to the whole feature list and application.

    Back Orifice was followed by the second version, Back Orifice 2k (BO2k) which still seems to be maintained.

    At the time, Netbus was another alternative.

  34. Re:Makes me think of this pic by O0o0Oblubb!O0o0O · · Score: 1 · on Peeping Tom Worm That Uses Webcams

    Hehe, you probably had these pictures in mind:

    http://www.ntk.net/bo2k/

    alternatively:

    Google 1st picture, Google 2nd picture

    Back Orifice indeed had this functionality back in 1998. We used it on friends a couple of times for fun.

    The program was released by CDC

    The feature list contains the following:

    "Multimedia control
    Play wav files, capture screen shots, and capture video or still frames from any video input device (like a Quickcam)."

    Here's a link to the whole feature list and application.

    Back Orifice was followed by the second version, Back Orifice 2k (BO2k) which still seems to be maintained.

    At the time, Netbus was another alternative.

  35. Welcome to five years ago by Anonymous Coward · · Score: 0 · on Peeping Tom Worm That Uses Webcams

    Back Orifice has has this capability since at least 1999. http://www.cultdeadcow.com/tools/bo.html

  36. Cult of the Dead Cow by Lethyos · · Score: 1 · on Storing Data In Cow Guts?

    I wonder what the cDc's take is on all of this...

  37. Yes, but he had physical access. by oneiros27 · · Score: 1 · on Powered Exoskeleton Legs

    Feathers McGraw read Gromit's copy of "Electronics for Dogs", and then modified the (ex-NASA) trousers, so they were remote controlled, and removed the local control panel.

    So it was a hardware hack, not a software hack. [But it's the hardware equiv of Back Orifice]

    Any time to let someone get physical access, especially if it's unsupervised, especially a jewel thief penguin, you're screwed.

  38. Cult of the Dead Cow?? by InsomniaCity · · Score: 1 · on Superflu Being Brewed in the Lab

    specifically CDC modification

    Am I the only one who read this, and thought that the Cult of the Dead Cow were doing the modifications of the (viruses|virii)??

  39. BO2K, cDc and Spyware? by Asprin · · Score: 3, Interesting · on Spyware Coming Under Scrutiny


    Talk about passe' -- hey, how come nobody in the spyware/drive-by-installer/adware discussion ever talks about cDc or Back-Orifice anymore? Have they been rendered totally irrelevant or are those bastards in the spyware "industry" the only ones who actually paid attention to the lessons they tried to teach about MS security?

  40. Re:Strong passwords? by gpinzone · · Score: 1 · on Inkblot Passwords

    Really? Tell that to the people who make Back Orifice. When trying a brute force attack, you have the option to limit your attack to just letters, letters and numbers, and every allowable character. If your password is twenty characters of letters only, it's only as strong as a shorter password with !@#$%^&*() characters in it.

  41. Re:peek-a-booty? Open source management? by broeman · · Score: -1 · on Open Source Project Management Lessons

    cDc is involved in this. Back orifice has been running on sourceforge for long, I remember seing it as number one development some years ago. Today I have seen BO2k (Backorifice 2000) and it is still in development by cDc (cult DeadCow) ... seems that it is an open source project too (GPL License)

  42. Re:No Darwin Award Here by Anonymous Coward · · Score: 4, Informative · on Water-Rocket-Powered Cars

    Whilst thefted from someone elses post a couple of days ago, this guy claims to be responsible for the origins of the rocket-car-into-cliff story. A really detailed and amusing read.

  43. Re:Darwin award winner did it first? by trikberg · · Score: 5, Informative · on Land Speed Record Broken: 0-6,400 in Six Seconds

    That is an urban legend. This story started it. Or rather, the events portrayed in the story led to the urban legend; the story was written long after the urban legend started flourishing.

  44. Exploit already online! by smallduck · · Score: 1 · on British Telecom Pushes Universal ID Check System

    IBU ;-)

  45. not so (Re:Impressive...) by aphor · · Score: 1 · on ISS Discovers A Remote Hole In Sendmail

    DISCLAIMER:
    This somewhat editorialized post is meant to provide some possible answers for you to ponder. I don't know if any of this is true. I do wonder though... and YOU SHOULD TOO!

    Security firms have nothing better to do most of the time except sit around and think of a way to scare up another emergency. If they think it up (and make the claim publicly), they get headlines. If we don't rush to pay them for their services, then they will release the exploit to the kiddies (aka start breakin' kneecaps). It's totally conflict-of-interest and its totally protection-racket.

    That's why they give us dilligent sysadmins a break. They release a warning that's just good enough for the 5-10% of the market who would never pay them for their dubius services willingly. The rest of the people get "You should be more like them. Pay us to show you how." ... or something BAD might happen...

    That's what they call "white-hat" cracking. You sit around with computers full of the most popular software/versions and hammer the protocols with garbage until you get some kind of scream-in-agony from the victim servers' debugger/log windows. Then you get a cup of coffee. Then you go back to your source-code review, and look for ways to tweak your brute-force buffer-overflow hammer perl script. You drink a lot of coffee in that job.

    When you find something, you ponder heavily whether to brag on IRC #l33t or start a boring vulnerability report. Maybe you can get a payroll wannabe to do your work while you brag on #l33t.

    Go read back-issues of PHRACK or PHRACK or cDc for some introduction to the boring-ass-world of trying to boost your self-esteem at the expense of dumber folks.

  46. If anyone else is interested by Dexx · · Score: 1 · on ECCp-109 Solved

    If anybody else is interested, you can help out with my distrbuted project. Just download the client here or you can pick up an alternate client from one of the many other sources on the net. You can post in reply to this and let me know your ip after you've installed the client and I'll set you up...

  47. Re:Security depends on many things. by Asprin · · Score: 5, Insightful · on Windows vs Linux On Security


    Isn't it the job of a secure OS to prevent applications (however badly written) from royally screwing up things?

    Amen, I wish I had a mod point to give. Along similar lines, didn't CDC claim that BackOrifice uses the same standard API calls as MS's own SMS to provide remote access? On second thought, maybe and maybe not.

    Either way, it seems to me that most of MS's security problems have less to do with the OS not doing it's job and more to do with the fact that MS has designed every one of their products to encapsulate (arbitrary) code inside their data files so their developers have easier ways to hammer out apps.

    The problem is that the same scripting engine that lets Word (usefully) puke out mailmerged documents generated from a VB/Access app also gives virus authors a platform to attack. The fact that it's useful to combine code with data just means the platform is now ubiquitous, and therefore not going away because this is a fundamental design issue, folks. MS did this on purpose to make it easier to get computers to run code, and it can't be fixed by patching holes.

    To really fix this, MS would have to renounce this entire experiment and replace every copy of Win/Office/IE with new software that is less 'capable.' Those of you who are paying attention probably now understand Mr. Valentine's comments of a few weeks ago, as well as Microsoft's interest in shoving Palladium down everyone's throats.

  48. cDc release info by TeknoDragon · · Score: 2 · on H2K2 Wrapup

    What ever happened to ?

    Is there any info on this?

    Hacktivismo is down and I didn't see anything on cDc

  49. Re:Ha ha by MediaBoy77 · · Score: 1 · on The Power of Palladium
    ...if it's just as easy for scrappy developers to sign their code as it is for corporations, the whole system would still be impractical for open-source developers.
    Why is that?

    By definition, the code in an open-source application is not set in stone. The whole point of the General Public License, the license under which Linux-based operating systems are offered, is to allow people to modify code ad infinitum. But under Palladium, an application that has been modified loses its signature. Each new version of an application, therefore, would presumably need a signature before it could run on a system.
    Yes, so? Get it signed! By definition, any piece of code is not set in stone. Those are called upgrades, and they exist in closed-source software too!

    There's no reason the FSF, EFF, or your mom couldn't become a signing authority! When Red Hat releases SkipFlapJack Beta 17, they get it signed. If you recompile your kernel, you can get it signed!

    If you decide the cDc is a signing authority you trust, then allow their code to run.

    Having a Palladium chip on your motherboard will require more work from developers. That's part of the deal here. It will also require more work from virus writers.

    Clearly there will have to be ways for authors to run code compiled on their own machines -- Microsoft has very little interest in locking out developers, because then there'd be no software to run. Contrary to popular opinion (at least on /.), Microsoft does depend on 3rd party software to keep the OS alive. Businesses would never buy an OS that locks them out of their proprietary applications.

    Let's all step off the panic button for a moment and think about it. What's the worst case scenario here? Microsoft does successfully lock out open source software on Intel/AMD chips... and Linux/BSD users start running on PPC!
  50. Interesting Logo by bruthasj · · Score: 1 · on OSI Launches Certification Program With Logo

    Am I the only one who is reminded of a certain Trojan's logo? You decide.