Slashdot Mirror

← Back to Domains

Domain: infiltrated.net

Stories and comments across the archive that link to infiltrated.net.

Comments · 46

  1. Improvised Cyber Exploitation Device by Anonymous Coward · · Score: 0 · on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux

    This is really nothing new. I wrote an article called "Improvised Cyber Exploitation Devices" (http://infiltrated.net/index.php?option=com_content&view=article&id=33&Itemid=39) that followed similar rules. In fact, anyone using mod_security or mod_rewrite can do the same. Redirect based on operating system/browser/etc. to a loaded page

  2. Redactions by Anonymous Coward · · Score: 0 · on Richard Feynman's FBI Files Released

    Wonder if it looked like this: http://infiltrated.net/redacted.jpg

  3. Re:Common knowledge...firefox? by packetmon · · Score: 1 · on Chinese Security Site Under New Kind of Attack
    Depends... I did a proof of concept for Linux:

    http://www.infiltrated.net/scripts/dsphunxion.sh

    http://www.infiltrated.net/scripts/dsphunxion.output

    The concept was a pseudo heuristic worm to be download via vuln on a Linux box. Caveats... Surfer would have to be root... Could be re-written to exploit something else to gain root though. Someone with modsecurity skills could do a re-write based on header information and redirect Linux boxes to their appropriate pages to download and exploit it though. Again, its theory and concept based

  4. Re:Common knowledge...firefox? by packetmon · · Score: 1 · on Chinese Security Site Under New Kind of Attack
    Depends... I did a proof of concept for Linux:

    http://www.infiltrated.net/scripts/dsphunxion.sh

    http://www.infiltrated.net/scripts/dsphunxion.output

    The concept was a pseudo heuristic worm to be download via vuln on a Linux box. Caveats... Surfer would have to be root... Could be re-written to exploit something else to gain root though. Someone with modsecurity skills could do a re-write based on header information and redirect Linux boxes to their appropriate pages to download and exploit it though. Again, its theory and concept based

  5. Re:CompuTrace by packetmon · · Score: 5, Interesting · on Which Lost/Stolen Laptop Trackers Do You Like?

    I suggest you read about Computrace and how they offered me money to hush and go away with their false claims. http://www.infiltrated.net/lojack.pdf

  6. Tracking by packetmon · · Score: 0, Redundant · on Which Lost/Stolen Laptop Trackers Do You Like?

    Well for Windows I can tell you LoJack for laptop sucks. You should try creating your own script. See the thing with Windows crapaganda based "trackers" is they mainly track to src IP of wherever their little daemons call from. Means nothing since most ISP's won't provide you with an IOTA of information without a court order. In most cases in bigger cities, your machine will be wiped by the pawn shop owner.

    If you want something truly truly effective, talk to a vet about something similar to Verichip. Find out whether you can perhaps open up the machine and place it somewhere. Anything else would have to be IP based. For that matter a shell script will tell you what network your machine is coming from, nothing more. Unless you get creative but chances are if its stolen 1) it will be sanitized from all software 2) HIGHLY likely anything NIX based will automatically be wiped unless its swiped at say Linuxworld Op or something

  7. Re:While you were sleeping by packetmon · · Score: 2, Informative · on CastleCops.com Hit With Reputation-Based Attacks

    No doesn't take as much as you think. http://www.arbornetworks.com/index.php?option=com_content&task=view&id=56&Itemid=33 If NAP's and NSP's created a policy to their downstreams vis-a-vis this would almost be a thing of the past. http://www.infiltrated.net/?p=23 (warning if you're a network engineer, this will likely piss you off love it or hate it)

  8. Who cares by packetmon · · Score: 2, Insightful · on FBI's Unknown Eavesdropping Network

    Really who cares. Americans have been too busy watching America's Next Top SomethingOrOther to give a rats ass about their civil liberties. Started off small and now its escalating. While I doubt the FBI is using this for the nightmare scenarios depicted by those who can't see a need for it (not I said CAN'T see a need for it) I dislike the thought, but I do see where there would be a need for it. The potential for abuse from a system like this is what's scary to me, not the fact that its in use. So while everyone cries foul AFTER the fact, remember there have been many rambling on about this for years. I did it in 2000 when Carnivore was released, I rambled on about CIPAV and always take the time to support the efforts of groups like EFF and EPIC. One person like a little privacy maniac some would say. For me means little, I'm aware of what can be done to my privacy, but I'm also aware of how to truly retain a portion of my privacy. Its when this becomes outlawed as it has been done in Germany will I truly get fed up and move out the US. While the rest of normal America focuses on the important things in life like Bratney Spears, Americas Next Stupid Reality Show, Whats Oprah Doing Now crap.

  9. Re:Pithy Aphorism: "If you cannot beat them ..." by packetmon · · Score: 1, Interesting · on Sun Says Project Indiana is Not a Linux Copy

    Out of curiousity have you ever even used Solaris (http://www.infiltrated.net/sunDesk.jpg) I have do and have for the past 8+ years. Did it occur that maybe Sun is trying to woo Linux users over. One can get into the whole "Linux/BSD/Solaris" penis envy arguments about the pros and cons of each so here goes:

    http://www.infiltrated.net/openpimp.jpg (my openbsd screen)
    http://www.infiltrated.net/currentPentestDesktop.j pg (linux (Backtrack screen))
    http://www.infiltrated.net/sunDesk.jpg (Solaris Nevada)


    I could go on with Scientific Linux, FreeBSD and NetBSD screens if you'd like, I use most on a daily basis. Linux for a lot of Asterisk use (professionally), OpenBSD for firewalls and security (professionally), Solaris for DB stuff (professionally), and so on. Anyhow, perhaps Sun is trying to simply trying woo Linux users over to using Sun nothing more nothing less.. Highly doubtful Sun is aiming to be Linux. Sorry to inform the zealots before you come along posting a "but my Linux penis does x recursive foo bar zip zilch sequencing faster that..." ... Look there are certain things that should not be left to Linux at least in my shops and that's what counts to me not what you think or someone's distorted benchmarkings, and no I will not get into zealotry here. Stating facts.

  10. Re:Pithy Aphorism: "If you cannot beat them ..." by packetmon · · Score: 1, Interesting · on Sun Says Project Indiana is Not a Linux Copy

    Out of curiousity have you ever even used Solaris (http://www.infiltrated.net/sunDesk.jpg) I have do and have for the past 8+ years. Did it occur that maybe Sun is trying to woo Linux users over. One can get into the whole "Linux/BSD/Solaris" penis envy arguments about the pros and cons of each so here goes:

    http://www.infiltrated.net/openpimp.jpg (my openbsd screen)
    http://www.infiltrated.net/currentPentestDesktop.j pg (linux (Backtrack screen))
    http://www.infiltrated.net/sunDesk.jpg (Solaris Nevada)


    I could go on with Scientific Linux, FreeBSD and NetBSD screens if you'd like, I use most on a daily basis. Linux for a lot of Asterisk use (professionally), OpenBSD for firewalls and security (professionally), Solaris for DB stuff (professionally), and so on. Anyhow, perhaps Sun is trying to simply trying woo Linux users over to using Sun nothing more nothing less.. Highly doubtful Sun is aiming to be Linux. Sorry to inform the zealots before you come along posting a "but my Linux penis does x recursive foo bar zip zilch sequencing faster that..." ... Look there are certain things that should not be left to Linux at least in my shops and that's what counts to me not what you think or someone's distorted benchmarkings, and no I will not get into zealotry here. Stating facts.

  11. Re:Pithy Aphorism: "If you cannot beat them ..." by packetmon · · Score: 1, Interesting · on Sun Says Project Indiana is Not a Linux Copy

    Out of curiousity have you ever even used Solaris (http://www.infiltrated.net/sunDesk.jpg) I have do and have for the past 8+ years. Did it occur that maybe Sun is trying to woo Linux users over. One can get into the whole "Linux/BSD/Solaris" penis envy arguments about the pros and cons of each so here goes:

    http://www.infiltrated.net/openpimp.jpg (my openbsd screen)
    http://www.infiltrated.net/currentPentestDesktop.j pg (linux (Backtrack screen))
    http://www.infiltrated.net/sunDesk.jpg (Solaris Nevada)


    I could go on with Scientific Linux, FreeBSD and NetBSD screens if you'd like, I use most on a daily basis. Linux for a lot of Asterisk use (professionally), OpenBSD for firewalls and security (professionally), Solaris for DB stuff (professionally), and so on. Anyhow, perhaps Sun is trying to simply trying woo Linux users over to using Sun nothing more nothing less.. Highly doubtful Sun is aiming to be Linux. Sorry to inform the zealots before you come along posting a "but my Linux penis does x recursive foo bar zip zilch sequencing faster that..." ... Look there are certain things that should not be left to Linux at least in my shops and that's what counts to me not what you think or someone's distorted benchmarkings, and no I will not get into zealotry here. Stating facts.

  12. Re:In reality by packetmon · · Score: 4, Informative · on Laws Threaten Web Security Researchers

    Funny you should mention, when I wrote a document on breaking Computrace's so called "LoJack for Laptops, I and my then corporate attorney faced all kinds of legal threats, etc.. At the end of the road, they were offering me a substantial return if I signed an NDA and kept my mouth shut. I didn't sign squat, instead I decided since they weren't going to fix their issues and misrepresent their service, I was going public with it, so I posted their emails alongside a written document of what LoJack was/is, what it did, etc., and cc'd them on it. The way I saw it was, If they're selling this to governments under the guise of security as their site states, those purchasing their product should know its snake oil. I received a few more emails of threat here and there and shrugged it off. Let them spend a kabillion dollars in legal fees debunking me and taking me to court. It would only draw attention in a court of law that I'm correct to post the insecurity of their program 2) they misrepresented it, 3) the media surrounding what's going on would hurt them more then help them.

  13. Re:FUD by packetmon · · Score: 1 · on Dell Thinks Ubuntu Makes Hardware More Fragile?

    The Worthlessness of the CISSP certification. It depends what cert you're after. Right now I'm studying for the CCIE Security certification. Does it matter? Yes I do believe this is one of the ones that do. Why? You're not just reading to pass a test. If it were that easy, there would be more than 906 CCIE Security engineers worldwide. GIAC vs. CISSP? I'd take a GIAC over a CISSP any time. I've met CISSP's who understood the concept of an attack, an attacker, but couldn't perform an attack to save their lives. I believe in the security industry, one should know everything from the ground up. So what you understand the core of it all... My opinion. As for MS certs', sure if you want to live in an MS world. Same goes for Sun, etc.,

  14. FUD by packetmon · · Score: 2, Interesting · on Dell Thinks Ubuntu Makes Hardware More Fragile?

    This reminds me of an issue I recently had with my ISP... Packet loss @ 12% so I call the provider...

    Cust svce. Can you reboot, etc., etc., etc.
    Me... Sure why not... yadda yadda
    Cust svce. Can you click on the start menu
    Me No. I don't use Windows
    Cust svce. Please hold...
    Cust svce. Are you using OSX?
    Me No. I use Solaris (Sun Desktop on a Dull unInspiron 6000)
    Cust svce. Please hold...
    Cust svce. (supervisor gets on now) Can you please click on the start menu...
    Me No. I told the other person I use Solaris...
    Cust svce. Well we don't support Solaris!

    Solaris nor OSX nor Windows nor BSD had anything to do with their cruddy connectivity. The actual conversation took a little longer than that with more e-stupidity from their customer service and I had to pretty much deal with it to a degree... My options? 1) Find a provider who would support/understand basic networking, etc. 2) Deal with it...

    This is what happened summarily, so I can see why dull would become filled with uber non Windows FUD. Imagine having to explain to Alibaba ... Sorry I meant Charlie in India that his MCSE studies are worthless and they now need to retrain him in Linux... Man that would earn developers a whopping .10 (US) more thus offsetting dull's stock prices a whopping .001 per share. Not in Dull's best interest.

  15. Behind the scenes by packetmon · · Score: 4, Funny · on Jobs and Gates Chat Amicably

    As captured by planted Microphones...

    Jobs dressing room:
    Jobs in the background squeezing the head off a Bill Gates bobblehead doll... "As a kid I broke more windows than an urban problemed child on ritalin in an abandoned factory full of windows and an endless supply of rocks. I hate you"

    Gates dressing room:
    "Who thought it would be funny to send me Apple pie? I want him DEAD! I want his family DEAD! I want his house burned to the GROUND! I wanna go there in the middle of the night and I wanna PISS ON HIS ASHES!     (Untouchables movie quote)

  16. Multicast theories by packetmon · · Score: 4, Interesting · on The Real Impact of the Estonian Cyberattack

    You know... I thought about the possibility of a Multicast worm/attack ... Just haven't had time to document it... Would work similar to the following... For those who use IM clients that have annoying streaming advertisements... If you didn't know, those are multicasted to your machine... My theory was to re-inject packets at the router level (avoiding Reverse Path Forwarding when possible) to make your machine believe my spoofed host is a valid source to get your images from... Only thing is, the image would be corrupted forcing an infection on your machine... This would in turn replicate via broadcast from the infected hosts... It was a theory of mine while studying DoS attacks for the CCIE security exam and a lot of variables would have to be met... Anyhow, the reason for this post is, I believe those committing DoS attacks are halfclued as to what a real attack could potentially do... For instance Border Router Attack Tool is another theoretical tool to break BGP neighboring. You of course have to know enough about a topology to even get it to work but under a unified stream, you could cause massive route flaps which lead to neighbors disconnecting. Its only a matter of time before someone takes it to the extreme and breaks connectivity between huge AS'

  17. Multicast theories by packetmon · · Score: 4, Interesting · on The Real Impact of the Estonian Cyberattack

    You know... I thought about the possibility of a Multicast worm/attack ... Just haven't had time to document it... Would work similar to the following... For those who use IM clients that have annoying streaming advertisements... If you didn't know, those are multicasted to your machine... My theory was to re-inject packets at the router level (avoiding Reverse Path Forwarding when possible) to make your machine believe my spoofed host is a valid source to get your images from... Only thing is, the image would be corrupted forcing an infection on your machine... This would in turn replicate via broadcast from the infected hosts... It was a theory of mine while studying DoS attacks for the CCIE security exam and a lot of variables would have to be met... Anyhow, the reason for this post is, I believe those committing DoS attacks are halfclued as to what a real attack could potentially do... For instance Border Router Attack Tool is another theoretical tool to break BGP neighboring. You of course have to know enough about a topology to even get it to work but under a unified stream, you could cause massive route flaps which lead to neighbors disconnecting. Its only a matter of time before someone takes it to the extreme and breaks connectivity between huge AS'

  18. Let the government be parents by packetmon · · Score: 3, Insightful · on MySpace Age Verification - for Parents

    Ban on name changes by sex offenders.

    Funny how politicians will throw anything into the political arena during crunch time (races...). Just how do they propose to keep track of "name changes" from a sex offender. For starters they can't even maintain their own equipment, can't secure the FBI infrastructure, a company for MySpace is already reporting false positives.... Should we wait for the FBI's new and improved Carnivore? ... Or maybe Hack our Kids' brains'... I got it... How about government sponsored Parenting Classes that teach parents how to get involved with their kids' lives...

  19. Let the government be parents by packetmon · · Score: 3, Insightful · on MySpace Age Verification - for Parents

    Ban on name changes by sex offenders.

    Funny how politicians will throw anything into the political arena during crunch time (races...). Just how do they propose to keep track of "name changes" from a sex offender. For starters they can't even maintain their own equipment, can't secure the FBI infrastructure, a company for MySpace is already reporting false positives.... Should we wait for the FBI's new and improved Carnivore? ... Or maybe Hack our Kids' brains'... I got it... How about government sponsored Parenting Classes that teach parents how to get involved with their kids' lives...

  20. Let the government be parents by packetmon · · Score: 3, Insightful · on MySpace Age Verification - for Parents

    Ban on name changes by sex offenders.

    Funny how politicians will throw anything into the political arena during crunch time (races...). Just how do they propose to keep track of "name changes" from a sex offender. For starters they can't even maintain their own equipment, can't secure the FBI infrastructure, a company for MySpace is already reporting false positives.... Should we wait for the FBI's new and improved Carnivore? ... Or maybe Hack our Kids' brains'... I got it... How about government sponsored Parenting Classes that teach parents how to get involved with their kids' lives...

  21. Re:How do you fix it? by packetmon · · Score: 4, Informative · on Survey Finds Most WordPress Blogs Vulnerable

    http://www.infiltrated.net/docs/modsecips.html step by step... If its your own server... If not have the admin slap on mod_security for you and add the same rules in my previous post on this page... www.infiltrated.net/admin.php go for it... That's how I add content. There are a lot of variables to prevent against injections, etc.

    Block Spam injections

    Directory traversal attacks SecFilter "\.\./"

    XSS attacks
    SecFilter "<(.|\n)+>"
    SecFilter "<[[:space:]]*script"

    SQL injection attacks
    SecFilter "delete[[:space:]]+from"
    SecFilter "insert[[:space:]]+into"
    SecFilter "select.+from"

    Too many times there are clueless admins (not you per se). But this also tends to be one of the grips on the Ubuntu Document people flame me for. If *semi* even experienced admins can't lock a machine down... Imagine when Ubuntu on Dell becomes the next hot thing. Flame as much as you'd like facts are facts

  22. Re:How do you fix it? by packetmon · · Score: 4, Informative · on Survey Finds Most WordPress Blogs Vulnerable

    http://www.infiltrated.net/docs/modsecips.html step by step... If its your own server... If not have the admin slap on mod_security for you and add the same rules in my previous post on this page... www.infiltrated.net/admin.php go for it... That's how I add content. There are a lot of variables to prevent against injections, etc.

    Block Spam injections

    Directory traversal attacks SecFilter "\.\./"

    XSS attacks
    SecFilter "<(.|\n)+>"
    SecFilter "<[[:space:]]*script"

    SQL injection attacks
    SecFilter "delete[[:space:]]+from"
    SecFilter "insert[[:space:]]+into"
    SecFilter "select.+from"

    Too many times there are clueless admins (not you per se). But this also tends to be one of the grips on the Ubuntu Document people flame me for. If *semi* even experienced admins can't lock a machine down... Imagine when Ubuntu on Dell becomes the next hot thing. Flame as much as you'd like facts are facts

  23. Securing LAMP by packetmon · · Score: 4, Informative · on Survey Finds Most WordPress Blogs Vulnerable

    Securing LAMP Mod Security Its so simple a fix with mod_security...

    SecFilterSelective REQUEST_URI /admin.php chain
    SecFilterSelective REMOTE_ADDR "!^YOUR.IP.ADDRESS$" redirect:http://www.infiltrated.net/sorry.jpg
    SecFilterSelective ARG_username YOURUSERNAME chain
    SecFilterSelective REMOTE_ADDR "!^YOUR.IP.ADDRESS$" redirect:http://www.infiltrated.net/sorry.jpg

     Where your IP address and your username are the only ones to allow anything to the admin page. Anything else gets redirected elsewhere.

  24. Desktop Linux for Newbies by packetmon · · Score: -1, Troll · on Ubuntu Founder Says Microsoft Not A Big Threat

    Is not the move...

  25. The backdoor from hell by packetmon · · Score: 4, Interesting · on First OpenOffice Virus, Not In the Wild

    So how long should we count down to until someone embeds the backdoor from hell in not only Linux, but Solaris, then the BSD's... As an FYI... I've got a functional backdoor-worm for Free and Open ... Just makes no sense to even post it. Many don't even get what I mean when I state "there is a world of pain coming your way if you do that" ... Mark the calendars, I give it about 9 months before something ala SOBig/Blaster hits the *nix scene...

  26. The backdoor from hell by packetmon · · Score: 4, Interesting · on First OpenOffice Virus, Not In the Wild

    So how long should we count down to until someone embeds the backdoor from hell in not only Linux, but Solaris, then the BSD's... As an FYI... I've got a functional backdoor-worm for Free and Open ... Just makes no sense to even post it. Many don't even get what I mean when I state "there is a world of pain coming your way if you do that" ... Mark the calendars, I give it about 9 months before something ala SOBig/Blaster hits the *nix scene...

  27. Insecure routing why not... by packetmon · · Score: 0, Troll · on Rerouting the Networks

    Firstly, this might work for P2P, DHCP, home based (l)users, but it would never be functional in a real world business network. For one, lets take into consideration security. How would this network carry IPSec tunnel information. Those packet headers need to stay in tact not come from ranDumb address. Not only that, they're introducing n+r number of failures where n = number of nodes and r = number of receivers. Secondly sequencing... Would be a nightmare. How would each node know sequencing. What happens if one fails, the sender would have to resend to ALL routers since there is no mention of a mechanism to detect which sequence went where in this topology. Finally... Anything that has to do with governments and routers leads me to remember AT&T and the NSA's taps... First of all, I don't want/need anyone managing my traffic nor would I want to configure this nightmare. It reeks worse than IS-IS + OSPF + MOSPF + MCAST combined on steroids... (My CCIE R&S/Security lab)

  28. Re:And? by packetmon · · Score: -1, Troll · on The Clueless Newbie Rides Again

    Infested with viruses foo foo foo... Ubuntu is not for grannies damnit

  29. I'm to s3cks1 f0r my3 by packetmon · · Score: 2, Funny · on Web 2.0 Distracts from Good Design

    You mean I could no longer get a job with my pimped geocities/xoom/fortunecity skills?

  30. Cash Rules Everything Around Me by packetmon · · Score: 3, Interesting · on Botnet Mafia in Online Turf War

    Browsing through some of the posts here, I'm seeing how people tend to forget the financial aspect of botnets. Spam, malware is big business (obviously) so its no surprise that can become the online equivalent to a Columbian drug war without the murders and guns. There is huge business in bots and whats sad is, the low man on the totem pole is often some American company who's advertisements are being spammed (for the spammers). Vint Cerf stated there are millions of infected machines, I don't know about those numbers, but I can tell you that if I was involved in (dis)organized crime, why should I re-invent the wheel when I could re-program my own bots to take over others' cruddily created bots. This falls in line with a document I wrong (Ubuntu and the Destruction of the Internet) where my logic is, "are you sure you want grandma using Linux"?... With e-Criminals getting savvier, how long will it be before the Internet truly becomes the Wild West... Some may think its not a big deal, but when there are finances involved, that can escalate to physical crimes (shootings, murder, etc.) and its happened a few times where (dis)organized idjits stealing e-money from games were caught up in real life incidents for stepping over "turf".

  31. Ubuntu for grannies by packetmon · · Score: 1 · on Ubuntu Mobile Announced

    How Ubuntu and Linux for luser will erode the Internet

  32. Depends on your view by packetmon · · Score: 1 · on Is Virtual Rape a Crime?

    In the US "Rape is probably the most underreported crime in the United States" with that being said... If the person who was "e-raped" was a victim of a physical rape, the psychological effects of the rape can likely cause all sorts of mental issues. Its one thing to role play, and another to impose a view. My stance on it (as everyone's stance could ONLY be an opinion) is, if the victim was willing and playing along with a conversation, then no crime (if one could call it that) occurred. On the flip side, if I was sending unwanted images, audio, video, or anything else describing sexual actions against someone else's will, then I could side with maybe sexual harassment, or even aggravated sexual harassment. The definition of rape legally is defined as intercourse, which could never occur unless of course you've already discovered SoIP

  33. Millions of infections by packetmon · · Score: 1 · on 2012 Olympics Security to be Chosen by Sponsorship

    Oh the drones of people who will get infected via XSS attacks. Nice to see there will be money to be made via this stupid mechanism for choosing IT security... It wasn't too long ago (April fools this year) where Cisco via an XSS attack posted something funny... Can you imagine the wet dreams malware authors, virus creators, and XSS injectors are having right now.

  34. All about the benjamins by packetmon · · Score: 1 · on Dell to Sell Machines with Ubuntu Pre-Loaded

    If others like Dell had better business sense, they'd look to stray away from MS or at least offer an alternative to it. They'd save from having to purchase (even via partnership sweetheart deals) MS' product line. What I could end envisioning though, is a slew of botnets and bruteforcing ssh hosts because of things like this though.

  35. w0t j00 s4y by Anonymous Coward · · Score: 0, Offtopic · on DARPA Starts Ultimate Language Translation Project

    w0nT b3 phUn 1ph th3y d0nT d3w l337sp3ak

    owned

  36. Cyberframing... by packetmon · · Score: 1 · on Cyber Bullying Destroys Anonymity

    I wrote a document on the possibilities of someone having their lives shattered via e-Framing a while back Breaking Point. I saw it then as a method someone could screw someone else's life up in hopes to revise the document on how to protect one's self. I can see a black market economy in the shadows revolving around this same thing.

  37. Asteroid by Anonymous Coward · · Score: -1, Troll · on Replacing Orange's Wildfire with Asterisk?

    Blah @ Asterisk. Wait until Asteroid comes out

  38. True but old -- see "Spooky Little Orkut" by retrosteve · · Score: 1 · on NSA To Datamine Social Networking Sites

    This rather paranoid-looking but, in my opinion, believeable web page has been documenting the NSA's relationship to Orkut for 2 years now. http://www.infiltrated.net/orkut.php

    It lives only in Google's Cache:

    http://66.249.93.104/search?q=cache:JMyVq6wjWSYJ:w ww.infiltrated.net/orkut.php+orkut+sil+nsa&hl=en&c t=clnk&cd=10

    And yes people lie on web pages, but they also use social networking pages to socially network. Therefore the core data (who talks to whom) is fairly reliable and rather scary to give to the NSA.

  39. Next best thing will be... by segment · · Score: 1 · on Driving Away Teens With High Frequency Noise

    "military's intent to use every possible thought-influencing technology. This technology is largely classified but there are leaks, like this article. We involuntary test subjects can tell you from first hand experience that far more invasive devices now exist." Welcome to ... Silent Sound...

  40. Chances are Orkut IS already being monitored by Reverend528 · · Score: 1 · on Orkut Linked To Drug Ring Bust

    Well, communicating about illegal activity on a public forum is a pretty stupid idea. Especially considering evidence that Orkut may be involved with the CIA and NSA. Chances are those organizations were involved in this drug bust.

  41. taxes, phooey by segment · · Score: 1, Insightful · on States Link Databases to Find Tax Cheats


    I don't see what the bitching is about. Is it "that" wrong to brand the homeless like cattle, use orphans for lab rats, during these times? During these times when al Qaeda... WHOA! THERE IS A TERRORIST ALERT. Sorry false post. Again, is there anything wrong with Big Brother coming for their fair share? Sheesh there is no conspiracy here, big brother only wants your share of the pie. Run along now, go play with Orkut. Everything is fine, there is nothing to fear.

  42. dumb ass by segment · · Score: 1 · on Banryu, Robot Or Dragon?

    damn I'm dumb

  43. one more thing on mod_security by segment · · Score: 1 · on Security Warrior


    for those using apache, if you haven't had the chance to play with it you should, and you should also check out the snort2modsec perl script if you're too lazy to make your own SetFilter rules. Sorry for the multiple postings

  44. I know I am ready by segment · · Score: 1 · on NASA Mars Press Briefing & "Significant Findings"

    ground control to Major Tom

  45. Re:Love in Iran!! by segment · · Score: 3, Funny · on Rapid Internet Growth In Iran
    " Meeting girls is easy this way," said Amir

    "Hi Amir my name is hot4u, and I am so hot. Please get back to me.

  46. Re:Sparc-Intel differences? by segment · · Score: 2, Informative · on Solaris 9 x86 Review

    Sun Alert ID: 50104

    Category: Security

    Product: Solaris

    BugIDs: 4774256

    Avoidance: Workaround

    Date Modified: 08-Aug-2003 1. Impact: A local or remote unprivileged user may be able to view root privileged files due to a security vulnerability involving the Solaris kcms_server(1) daemon

    Now before you say but thats only viewing files blah blah blah like some troll, ask yourself how easy it would be to leverage this into something more? Wait I know... View unprivileged files? You mean like say... /etc/shadow? No that's thinking too far ahead. No codes available? Sure ...ok there are no codes you are so correct.

    More of me being a prick? Why not...

    Vulnerable systems:

    SunOS 5.3 thru 5.9 (Solaris 2.x, 7, 8, 9) (x86)

    By sending a sequence of specially crafted Remote Procedure Call (RPC) requests to the sadmind daemon, an attacker can exploit this vulnerability to gain unauthorized root access to a vulnerable system. The sadmind daemon defaults to weak authentication (AUTH_SYS), making it possible for a remote attacker to send a sequence of specially crafted RPC packets to forge the client identity.

    After the identity has been successfully forged, the attacker can invoke a feature within the daemon itself to execute a shell as root or, depending on the forged credential, any other valid user of the system. The daemon will execute the program of the attacker's choice; for example, spawning a reverse-network shell back to the attacker for input/output control. Under certain circumstances, a reverse-network shell could allow for the attacker to bypass firewalls and/or filters .

    Analysis:
    Because the nature of the weakness exists on the application level, successful exploitation does not require the use of machine-specific code, nor does it require any previous knowledge of the target's architecture. Therefore, any local or remote attacker could execute commands as root on a vulnerable system running the sadmind service. By default, sadmind is installed and started at system boot time on most default and fully patched installations of Solaris. While many other vendors rely on SUNRPC related routines from Sun, this design issue is confined to Sun's sadmind authentication implementation in Solaris. The most inherent threat is if this exploit becomes packaged into a cross-platform worm were it to become publicly available. http://www.securiteam.com/unixfocus/5HP0G1PB6K.htm l

    Sorry I took some time I was too busy being a Redhat GNU nazi...

    # uname -a
    SunOS kungfunix.net 5.9 Pitbull sun4u sparc SUNW,Sun-Fire-480R

    bash-2.05a$ uname -a
    FreeBSD bubonic.infiltrated.net 4.8-RELEASE-p13 FreeBSD 4.8-RELEASE-p13 #0: Tue Oct 7 01:44:44 EDT 2003 root@fscker.infiltrated.net:/usr/obj/usr/src/sys/B UBONIC i386

    -bash-2.05b$ uname -a
    FreeBSD daemonically.perfidious.org 4.9-STABLE FreeBSD 4.9-STABLE #1: Thu Nov 6 01:13:52 EST 2003 sil@daemonically.perfidious.org:/usr/obj/usr/src/s ys/DAEMONICALLY alpha

    Yea sure... Why not... Sorry but I use WindowsXP (that's right) on my laptop and Sol for my servers, and FreeBSD to fuck around with. This is going to be the last comment I make on this thread, because it literally is boring. And you're right I know nothing of security whatsoever. In fact I don't even know my name there buddy