Domain: virus.org
Stories and comments across the archive that link to virus.org.
Comments · 8
-
$ans?
First of all, SANS is considered the "entry level" security group. They overhype security issues on a regular basis. They remind me of Steve Gibson of GRC, another self proclaimed "security expert". They rehash old issues all the time. My favorite quote about them is actually from Dave Aitel though.
"I think it's funny they call themselves handlers instead of "people without computer science degrees or any knowledge of computer security trying desperately to learn how to read shellcode and informing a legion of other people about vulnerabilities, worms, and exploits a. la. the blind and deaf leading the blind".
Reference http://lists.virus.org/dailydave-0405/msg00075.htm l
It appears SANS is trying to throw into question the legality of port scanning. Did they get wrong too? Maybe they should make another class on this, charge $2500 for 5 days of powerpoint sessions instead of showing their ignorance.
A professor not adhering to a best practice is a minor issue, at best. However, one round of namecalling deserves another!
I expect to be modded flame/trolling for this, but it is the truth. -
Re:USB - gpg key?
Linux:
http://www.pamusb.org/
I tested it with CDROM using an encrypted key file + regular password. Using a USB stick allows one to log in and out (basically, allowing any script to be run after a hotplug+authentication event) by inserting or removing the USB stick.
You could even use it to mount an encrypted home directoy. (You could edit a script to mount the partition using keys on the same [or a different] USB stick, or you could use pam_mount[1])
[1] A caveat with dm-crypt: http://lists.virus.org/debian-security-0411/msg000 62.html
(Debian packages for these are: libpam-usb and libpam-mount.)
---
pam_usb is a PAM module that enables authentication using an USB-Storage
device (such as an USB Pen) through DSA private/public keys.
It can also work with other devices, such as floppy disks or cdroms. It
can be setup to work with any application using PAM such as your system
login (login), your X login (XDM/KDM/GDM/...), your screensaver
(xscreensaver/...), and many others. It supports multiple users for the
same device, multiple hostnames for the same user, serial numbers access
list and private key encryption. -
Not only hackers!Its not only hackers taking advantage of DRM vulnerabilities. This article at virus.org reports that the RIAA is also exploiting DRM!
"The contractor Overpeer who works solely for the MPAA and RIAA to polute Peer-to-Peer networks with corrupt and useless files has moved to a new low by using a loop hole within Windows Media DRM to launch popup adds and infect users PCs with Spyware, Viruses and Adware.
Acording to the above article's date (December 31, 2004) Is it possible the RIAA inspired the hacker comunity?In what could be considered a quite blatent breach of computer crime laws the world over, Overpeer a company owned by Loudeye is making a lot of money seeding Peer-to-Peer networks with thousands of fake files. It's one of the entertainment industry's favourite, and most obnoxious, anti-p2p contractors.
The loophole in the Windows Media DRM process allows companies to create media files and link them to adware. When you normally download a protected Windows Media file, you also receive a license that lets you play it. If however Windows Media Player cannot find a valid license on your PC, it checks in with a remote system running Microsoft's Windows Media DRM Server.
You should rarely see that happen. Some files, however are set up to ask you for information before playing. They do this by displaying a URL in a dialog box labeled License Acquisition. Normally that dialog box is used to check for a user name or offer a chance to purchase the file that's being played. In a legitimate DRM-encrypted file the author may let you play it a few times, then bring up a window asking if you want to buy it.
Since the license dialog box is in essense an Internet Explorer window, it will display whatever is on the page it points to, in the cases that have been seen of this these trojaned Windows Media files, they all point to servers that load up unwanted ads, including windows that attempt install adware onto your PC surreptitiously, including adding items to your browser's Favorites list, attempting to change your home page and installing viral adware such as the 180search Assistant. "
-
Re:Fun Facts Time!
Code signing provides some assurance that you are getting what you think you are getting, but it is not a panacea. Recall the Verisign certificate debacle Microsoft itself suffered a few years ago. By accepting Verisign-signed code as legitimate, you are simply transfering your trust from the download site to Verisign. If Verisign doesn't do their job, you're still screwed.
-
Re:Sniff, our little browser's all grown up...
Firefox has already had several vulnerabilities, like the fake chrome site problem that let a misbehaved person fake an entire browser window (including all the security controls) using XUL. In that particular case, the reporter grew frustrated that his bug reports went unheeded for years in Bugzilla; he only got his way by making front-page news.
Mozilla, being an organization that develops an application collectively, falls prey to committee thinking. If enough people can shout you down on Bugzilla, your opinions don't matter and you get disillusioned.
The only worse part is that IE eliminates the middle man: bug reports to Microsoft are almost always met with silence instead of Mozilla's "Marked as DUPLICATE of a WONTFIX bug" responses. -
A Good Thread About Quantum Crypto
There was a good discussion about quantum crypto on The Cryptography Mailing List last month.
-
Meinel ProjectIt appears that this is another project by the somewhat infamous Carolyn Meinel:
Registrant:
Those who have followed her career or been in direct conflict with her might offer some warning. I would suggest one do some research and decide for oneself. But I personally wouldn't bother with the site now that I understand it's source.
M B Research (UBERHACKER3-DOM)
P.O. Box 1520
Cedar Crest, NM 87008
US
Domain Name: UBERHACKER.COM
Administrative Contact:
Meinel, Carolyn (CM1773) cmeinel@TECHBROKER.COM
M/B Research
PO Box 1520
Cedar Crest, NM 87008
US
(505) 281-9675 fax: (505) 281-9675
Technical Contact:
Marchand, Bill (BMS103) bill@UnixHQ.org
Digital Information Solutions
P.O. Box 5612
Glendale, AZ 85312
US
Unlisted fax: Unlisted
Record expires on 03-Dec-2004.
Record created on 03-Dec-1999.
Database last updated on 30-Aug-2004 01:59:31 EDT. -
liar. (other Full-Disclosure archive links)Can't see anything at the full disclosure mailing list poiting anything serious. Only a priv mail from theo stating the bug doesn't look exploitable for now.
Do you trust anybody posting something they've heard? The guy that started the "new ssh exploit?" thread stated first he knew of an ISP *blocking* sshd traffic (this is far from an exploit). And afterwards he says "The systems in question are FreeBSD, RedHat, Gentoo, and Debian all running the latest versions of OpenSSH.". Note he is loosing it, the exploit FUD without base... and all ppl there start to talk about the bug as a fix against an exploit, though *nobody*, not even Theo's nemesis Darren Reed, mentions there is an exploit on the loose.
So FU** YOU. You scare ppl, you hide that and to d o so spread more fud by making wrong paraphrasing of the mailing list, hiding behind the slashdotted main archive.