Domain: packetstormsecurity.nl
Stories and comments across the archive that link to packetstormsecurity.nl.
Comments · 24
-
What, me read?
http://uniset.ca/terr/news/lat_fbibreakin.html
http://en.wikipedia.org/wiki/Weatherman_(organization)
http://en.wikipedia.org/wiki/United_States_v._Microsoft
http://en.wikipedia.org/wiki/Sedition_Act_of_1918
http://en.wikipedia.org/wiki/Alien_and_Sedition_Acts
http://en.wikipedia.org/wiki/SLAPP
http://www.amazon.com/Bowling-Alone-Collapse-American-Community/dp/0743203046/sr=8-1/qid=1172469926/ref=pd_bbs_sr_1/105-3962904-3664448?ie=UTF8&s=books
http://code.google.com/p/torchat/
http://en.wikipedia.org/wiki/All_the_Shah's_Men
http://en.wikipedia.org/wiki/CIA_and_Contras_cocaine_trafficking_in_the_US
http://en.wikipedia.org/wiki/CIA_drug_trafficking
http://en.wikipedia.org/wiki/Operation_Paperclip
http://en.wikipedia.org/wiki/Project_MKULTRA
http://en.wikipedia.org/wiki/Reichstag_Fire_Decree
http://web.mit.edu/gtmarx/www/iron.html
http://en.wikipedia.org/wiki/Jury_nullification
http://en.wikipedia.org/wiki/Citizens_Rule_Book
http://en.wikipedia.org/wiki/Repeal_of_prohibition
http://en.wikipedia.org/wiki/Writeprint
http://en.wikipedia.org/wiki/Van_Eck_phreaking
http://en.wikipedia.org/wiki/Sousveillance
http://www.cgsecurity.org/wiki/PhotoRec
http://www.eff.org/testyourisp/pcapdiff/
http://en.wikipedia.org/wiki/Panopticon
http://ai.bpa.arizona.edu/COPLINK/
http://ai.bpa.arizona.edu/research/coplink/authorship.htm
http://www.coplink.com/
http://en.wikipedia.org/wiki/COINTELPRO
http://www.zurich.ibm.com/security/idemix/
http://packetstormsecurity.nl/filedesc/Practical_Onion_Hacking.pdf.html
http://www.williamson-labs.com/laser-mic.htm
http://www-users.cs.umn.edu/~dfrankow/files/privacy-sigir2006.pdf
http://freehaven.net/anonbib/topic.html#Anonymous_20communication
http://www.wiley.com/legacy/compbooks/mcnamara/links.html -
Re:Misuse of the term
well it's obvious you've never actually been hit with one other wise you would know what you were talking about. *EXPLOITS* get you root. rootkits allow you to KEEP root. The average rootkit disables forensics programs like lsof, ps, find, locate, w, who, (sometimes) syslogd. They also modify shit like rc.sysinit or inittab.
Don't let the name fool you because thats all it is is a name. Exploits and rootkits are 2 entirely different things. You can get all the exploits you want from packetstormsecurity but I dare you to find a single rootkit there.
You don't have to take my word for it but jfyi, I worked as a security admin at a rather large dedicated hosting company and have seen just about every damn rootkit that actually works. -
Re:Deparment of Homepage Security
This is bullshit.
Oracle does _not_ take vulnerabilites seriously. I agree that the oracle database is extremely complex, and the implications of bugs is enormous, but it's not inherently complex. Because of this, claiming that they don't release patches because it's complex is bullshit. Oracle does not need to be as complex as it is.
First, the complexity:
I've been running Oracle just as long as I've been running both Mysql and Postgres (I know what you're saying - oh, he's one of those guys:)), and I know that the features oracle offers can exist without all of the useless bloat oracle tacks on. Mysql can replicate, instantly, to who knows how many databases. Oracle Dataguard is limited to 9. I can restore databases in seconds using postgres, oracle takes all damn day. Mainly because you have to have your ducks in a row with: Arch files, redo files, tnsnames, listener files, spfiles, pfiles, oratab, oracle home, etc. Oracle databases are extemely difficult to get running on a different system. Even exports (exp/imp - what _should be similiar to an sql dump) don't work across OSs. Oracle offers no native sql dump command, instead you have to figure out how to get TORA working. Oracle offers sqlplus, an old, broken command line client that requires unsightly scripting to even start the database.
Oracles documentation is very similiar to their product: Disconnected. Nothing fits. Everything (kind of) works, but noone knows how to put it together, save the people who killed what must be hundreds of thousands of brain cells by doing it by trial and error. Oracle requires java, and lots of it. Oracle requires an oracle database to monitor other oracle databases. It's wise to put this on a seperate installation/box. Doesn't seem to make a lot of sense. Now I have twice as many exploitable boxes, not to mention more to backup, administer, etc. Oracle requires an insane amount of diskspace compared to other databases.
I'm not arguing for mysql/postgres vs. oracle - I'm just trying to say that Oracle does NOT need all of the bloat it currently has. The company could stand to do a complete rewrite of it.
Now, the security:
Here's a perfect example of what I mean:
http://www.red-database-security.com/advisory/publ ished_alerts.html
The first 6 vulnerabilites are 600(!!!) days old!
Here's a perfect example of their lack of motivation.
http://packetstormsecurity.nl/0507-advisories/Orac le9R2-unpatched.txt
Basically, a vulnerability was disclosed months ago, and oracle fixed 10.x in July's update, but completed ignored 9.x. To quote TFA:
'We contacted Oracle about this issue and Oracle
confirmed it, when we asked why there is no fix
for 9iR2, Oracle said:
"Our development teams neglected to do the backports.
We are working on creating those backports now."'
Leaving production systems unpatched until October! (Assuming oracle doesn't 'neglect' to do it again.
In short, quit reading the marketing bullshit and wake up. -
Re:how about public key authentication?
Passphrases are just long passwords with (usually) low entropy.
In fact, the entropy of passphrases might be so low (perhaps even 1 bit per character) that they can be inferred from keystroke timing analysis. -
yes, as easy as it gets.DIE/DOE6 is a free upgrade, as you said. And can be installed on even Win98 (maybe 95, too).
I own one copy of Windoze 98. To move the rest of my computers would cost big bucks and leave me with considerably less reliability, function and value.
I don't know why you keep getting and extra point added to your post score.
I'm an old fart with excellent karma, gained by wasting many hours and submitting many stories. You could say it's earned, mostly by sharing useful information, like what follows.
Is setting up a firewall on Linux as easy as checking a single checkbox?
Guarddog. OK, you have to click more than one button, but a firewall with one button might not work so well. Smoothwall is as easy to configure as any WAP. If you don't like that, you can copy an ipchains script like Ian Hall-Beyer wrote.
-
Exploit available on packetstorm
The mentioned code, which is used in Dabber, can be found at http://packetstormsecurity.nl/0405-exploits/sasse
r ftpd.c -
What kind of moronic BS is this?"It's a myth that hackers find the holes," said Nigel Beighton
Of course they don't, security researchers find the wholes. They believe in full disclosure, and tell the hackers. Who create exploits, way before there is a patch, and often before the vendor (especially in the case of Microsoft) has responded to the notice.
Now that's good, but c'mon "We have never had vulnerabilities exploited before the patch was known" is just criminal ignorance. Let's all go visit Packet Storm and click on last 20 exploits, or Bugtraq and see if there's any talk of exploits without patches. Or, wait, we could go straight for Vuln-dev and see exploits as they are developed.. which is [sarcasm]OBVIOUSLY by reverse engineering patches[/sarcasm].
If this guy wasn't fed this FUD by marketing droids, and he's really supposed to be in charge of "security", he should be fired.
-
Prevents some exploits; raises bar on othersSome exploits will be prevented, and the bar will be raised for most exploits. Worms that rely on classic stack smashing attacks will fail on the new processors even if they succeed in their attacks on older machines.
It's not always possible to execute a return-into-libc attack. What if the function you want to jump to has a NULL byte in its address? In that case, you can't pass that address as part of a C-string. Patches exist to ensure that all functions in libc end in 00 to protect against return-into-libc attacks. For those interested in more details, Horizon's paper on bypassing no-exec stacks on Solaris explains the return-into-libc attack.
There are also cases where you don't need to insert code into an application. Instead, you can change the return value of a function or the outcome of a conditional security test to exploit the overflow. In such situations, you can achieve your goal by overwriting a variable without injecting code.
If the stack is protected and the heap is not, you can use a heap overflow to inject code into the heap, then use a stack overflow to corrupt the return address to point to the exploit code located in the heap. However, if the heap is non-executable too, this class of attack won't work.
-
Re:Overated ---- Rebellion ?There has been violence?
Yuh. Did you miss it?
-
You can test your system with this...
This code tests for the vulnerability, rebooting your system if it is found. Requires nasm greater than v0.98.36, tested with nasm 0.98.38.
-
Re:That's a goal?
Right now I just browse through packet storm and SecurityFocus. You'll see all sorts of expolits, some are patched and others not. Be creative with some of them and you'll see how a cracker/hacker can easily use them to break a system.
As a side note, I used to keep a track of just IE exploits at the Unpatched IE Vulnerabilities place but they closed for business. -
On the topic of jammers...On the topic of jammers, you could just build your own infrared jammer.
Don't forget to copy the file into notepad or similar and look at it using the Terminal font if you are a Windows user (and don't mind the rant at the end.
:)It's a bit of a simplistic circuit, I thought a IR detector acting as a timed trigger would be a nice mod...
Q.
-
Re:SMTP
Which has incidently caused a DoS security hole in Postfix versions up to and including 1.1.12! Read this advisory from packet storm. Apparently you can mangle the adress enough to cause Postfix to shutdown and simply restarting won't solve the problem. You have to remove the offending e-mail from the que.
-
Re:This is exactly why
Using Tiny actually puts you more at risk: PFExploit.c due to a buffer overflow bug. Tiny is no longer issuing updates, but they gave/sold the source code to Kerio who is now offering the same product (same source code) with patches with Kerio Personal Firewall
Also remember that the strength of your personal firewall is only as good as the rules you set. You can easily open your computer by accidentally allowing too much traffic through. -
Fixes
If I understand right, 4444 is the port the exploit for the DCOM bug connects to.
I updated all my systems,and firewalled 135/139/445(UDP and TCP) and 4444(TCP).
I know I am gonna get modded down for this,but if you dont have already, I suggest you fix this ASAP.
You can get the fix from here for windows 2000, and here for windows xp.
The exploit has it in the code:
target_ip.sin_port = htons(4444);
Also, notice the comment about the shell code: /* port 4444 bindshell */
Dan
Security consultant
ClickNews -
Re:How big a threat is this?
expoit here
why not, i got karma to burn... -
hmm
shadowchode.tar.gz
la la la la laaaaaaaaaaaaaaa -
"We're behind schedule"
I can't believe nobody's yet mentioned this classic 1984 reference from 8-10 years ago.
-
Re:Ha!
Uh, no, it's not completely false. There have been lots of IE exploits that allow somebody you don't trust (i.e. outside of your "Local intranet" or "Trusted sites" zones) to execute arbitrary code on your machine. Ergo, you're 0wn3d.
Even a cursory search (e.g. at www.packetstormsecurity.com) would have turned up examples, like: http://packetstormsecurity.nl/mag/winsd/winsd.0308 00.txt
Posters: check facts before you bitch at moderators.
-r0 -
Nonexecutable stacks
A nonexecutable stack is no guarantee of safety. Solaris 2.6 demonstrated this here.
-
Fear any machine with direct internet access.
You can pick up a Pentium 133 for dirt (usually free at any big company without a hard drive). Simply make it a firewall and voila! It may require some work on your part but you'll be better off for it in the long run!
PMFirewall makes configuring a Linux firewall very easy! -
Reminds Me
of an earlier announcement of a vulnerability here found by some folks at Bell Labs.
So is this new (albeit social engineering) vulnerability just "asking the million questions" in one shot?
-
Re:This may be an indication
It has happend before
-
Re:hrm, more bandwidth for the consumer?
I agree with you to a certain extent that not a whole lot can be done about the DoS problem. But that's not to say that nothing is being done.
Here's a few links to 'recent' publications on the issue.
MULTOPS: a data-structure for bandwidth attack detection
CenterTrack: An IP Overlay Network for Tracking DoS Floods
The Packetstorm DOS paper contest
(You may need to be a USENIX member for the first two. I didn't check. Sorry)