Domain: packetstormsecurity.com
Stories and comments across the archive that link to packetstormsecurity.com.
Comments · 10
-
Re:Mozilla...getting it wrong so you don't have to
Yeah...you obviously don't understand malware authors. At all.
Malware authors will use any and every attack vector available to them in order to get their payload installed on your system, period. The fact that they're "not as popular" doesn't enter into the equation.
But hey, I'm willing to prove you wrong using the garbage you spouted out of your own mouth. The other addons are "similarly insecure," are they? Please cite your sources. Go ahead, mention one plugin with as many vulnerabilities as Flash and post links to those vulnerabilities. I'll do what you won't, here's a fairly comprehensive list:
https://packetstormsecurity.co...
Over 400 results, on one website that tracks vulnerabilities, for Adobe Flash. Over 400 security advisories for Flash itself, distributions and software that make use of it.
Your turn. Or are you just talking out of your ass like the rest of the low ID lusers that the moderation system is bumping to the top these days?
-
Re:I hope the virus was open source at least
"Kaiten has been open source since about 2001, so the code isn't something new or unique. Early reports on the hack said the IRC bot was Tsunami, which is technically correct, as that's one of the names used to identify the bot's core code (AV companies use this name too), but the code itself is Kaiten.c."
-
Re:OK
Oh, they've had a few (Secunia's down for me at the moment, but there's a reasonably up-to-date list here), so they're not perfect - but yes, they seem on the whole to have their act together.
Sure, they're not as configurable as a cheap Linksys (although they can be pushed to do anything you'd reasonably* expect a home/SOHO router to do), you can't shoehorn Linux onto them, and the lack of a CLI or web interface (a OSX / Win only config utility) is shitty - but they're solid, robust, & pretty secure devices which are almost perfect for the average home or SOHO user.
Oh, and the AC who said "Cannot configure them via a wired port, only wireless (wtf?)" is either a troll or an idiot...
(* running a server, packet inspection, or doing heavily customised routing is not a reasonable expectation for a home/SOHO router - that sort of thing belongs on a separate machine that doesn't have one testicle dangling out on the WAN...)
-
tunnel TCP/IP in mails
Use some livecCD or Alpine Linux to create your own CD, and tunnel IP in mails for the fun
:D If the latency is less than the TCP time-out you might even get a decent ssh connection. -
Re: Windows users are chumps.
-
Re:Don't worry
How was the rootkit installed? Can you please elaborate on what security failures were involved?
Not sure if you are looking for how he did it, or indirectly doubting the story, but in case this is in doubt - there are plenty of Linux rootkits.
http://blog.sucuri.net/2013/02/linux-based-sshd-rootkit-floating-the-interwebs.html
http://www.securelist.com/en/blog/208193935/New_64_bit_Linux_Rootkit_Doing_iFrame_Injections
http://arstechnica.com/security/2012/11/new-linux-rootkit-exploits-web-servers-to-attack-visitors/
http://packetstormsecurity.com/UNIX/penetration/rootkits/
http://www.slideshare.net/AndrewCase/omfw-2012-analyzing-linux-kernel-rootkits-with-volatlitylist could go on for quite a while..
-
Re:Uh
After reading the review of Dan Farmer and Wietse's Forensic Discovery, you should hear about The Grugq who got fired from @stake after writing a Phrack Article in which he exposed numerous flaws in The Coroner's Toolkit by Dan & Wietse. Before you read this book, check out the video (bittorrent) of The Grugq on The Art of Defiling and see how to defeat "industry grade" forensic tools and techniques . You can also meet him at a hacker convention near you (in March at BCS2005 in Jakarta, in April at Black Hat in S'pore and Amsterdam and at HITB2005 Bahrain.
-
The Art of Anti-forensics by The Grugq
After reading the review of Dan Farmer and Wietse's Forensic Discovery, you should hear about The Grugq who got fired from @stake after writing a Phrack Article in which he exposed numerous flaws in The Coroner's Toolkit by Dan & Wietse. Before you read this book, check out the video (bittorrent) of The Grugq on The Art of Defiling and see how to defeat "industry grade" forensic tools and techniques . You can also meet him at a hacker convention near you (in March at BCS2005 in Jakarta, in April at Black Hat in S'pore and Amsterdam and at HITB2005 Bahrain.
-
in case this hasn't been posted:
-
Re:Ha!
Uh, no, it's not completely false. There have been lots of IE exploits that allow somebody you don't trust (i.e. outside of your "Local intranet" or "Trusted sites" zones) to execute arbitrary code on your machine. Ergo, you're 0wn3d.
Even a cursory search (e.g. at www.packetstormsecurity.com) would have turned up examples, like: http://packetstormsecurity.nl/mag/winsd/winsd.0308 00.txt
Posters: check facts before you bitch at moderators.
-r0