Slashdot Mirror

Check it out.

Posted here as well - ho ho ho Slashdot is late again!.

The subject was outgoing packets, not incoming.

If this guy is doing this internally, why is the remote desktop session showing 192.168.0.1, and the PeerGuardian logs showing a destination of 24.247.148.173? Surely if these two machines are on the same network with internal addresses, there's a NAT box somewhere stripping any evidence of the global outside destination in the original IP header. Even if the XP box is sitting at the end of a SPAN port monitoring traffic, why is he delegating global IP addresses to his equipment behind his router?

If the XP box is in a DMZ, is it really any wonder that it's receiving random traffic from large bot infested networks, and even then, why is the traffic so infrequent, and why are there no regular ISP ranges like you'd normally find in a promiscuous scan of incoming traffic?

I think the guy meant www.whitedust.net/eve/ - he linked to their news site thing.

I think the problem is that people often think because something is new and modern in terms of software that a mouse is the best way to use it. Things like EVE - the visual traffic analysis tool have keyboard options like games, but how many people just potter around the GUI with the mouse when the keyboard is more effective.

Apps should take a leaf out of the gamers handbook imo.

Keyboard ftw!

What's funny is that virus writers fight with each other too.

Sploitcast is one of the better shows out there if you ask me. There is an interview with it's creator Harrison Holland here which is well worth a read too.

Rob Malda Interview. Rob founded Slashdot.

From the original Whitedust article on McKinnon: Free Gary? Please God Don't.

It would seem Gary "Uber Hacker" McKinnon is not so "Uber" after all. After reading his interview on Spy.org.uk it has come to our attention that his technical knowledge and indeed, mental state, is not all that it should be.

I seem to remember that he was afraid they were going to ship him to Guantanamo Bay. But perhaps he'd be better off in a Starfleet detention cell, or maybe aboard the Death Star. The guy is a certifiable kook; the only thing he has to fear is a fair trial where he gets on the stand, rants about the hidden UFO technology (which is doing a wonderful job for us in Iraq among other places) we possess, and the jury figures out that he is a kook and send him away.

Much as I tend to think of hackers as low-lifes for the most part, those that use their abilities indescriminately anyway, I don't think even they should be subjected to this guy's company.

http://www.whitedust.net/article/55/Wal-marts_Wiki pedia_War/

"Unfortunately it is very difficult to prove that any one user is corrupted, let alone paid for this by a particular company, especially with only a few days of research. Sorting through thousands of edits and user contribution pages is not an easy task[7]. A lot of these edits are done by anonymous users, just IPs to me. Some others actually have logins. Usually these accounts have very few edits other than on the Wal-mart page, and they have either blank user pages or simple statements."

He does state that he actively tries to trace down the location and identities of Wiki-users based on their IP in order to determine whether they are "corrupted". I assume a 'corrupted person' is someone who edits a wiki because they are motivated by money to do so, as opposed to someone who edits it because they are motivated by their ideology or worldview to do so.

Should this be worrying?

Would there be an outcry from those same activists if people who contributed anti-WalMart-views were traced, identified and logged in a database? Or is this objectionable only if done "For The Cause Of Evil"?

http://www.whitedust.net/view.php?PageID=27

There seems to be a few comments there... I really love it when Slashdot trolls do their research.

Thisand...
This
and...
This
Some of the best security interviews I have seen in a long time. Not to mention articles like:

This
So I guess they are not perfect but who is?

Thisand...
This
and...
This
Some of the best security interviews I have seen in a long time. Not to mention articles like:

This
So I guess they are not perfect but who is?

Thisand...
This
and...
This
Some of the best security interviews I have seen in a long time. Not to mention articles like:

This
So I guess they are not perfect but who is?

Thisand...
This
and...
This
Some of the best security interviews I have seen in a long time. Not to mention articles like:

This
So I guess they are not perfect but who is?

Whitedust posted an interesting commentary on this this other day. I agree with them.

His "Oh, it's not so bad," attitude is unfounded at best and what you might expect from M$ or the DMA as they promote, "legitimate" spam at worst. Spamhaus tells us that there's still a big problem, despite steps that most ISPs have taken. The problem will get worse again as the spammers learn to get around those mostly trivial steps. It won't take much effort to read configuration information on broken Windoze machines and make them point to the ISP's SMTP to send mail like the end user does. In the mean time, the botnet continues spew network clogging spam, and DDOS and we all get to pay the price in slow networks and broken computers. It's not enough to sit smug behind your spam filters while the average user gets creamed. The nasties are strengthened and encouraged by that kind of attitude and they can get still you with a DDoS or Distributed Mailbomb.

Flaws in Microsoft's operating system are what enables the nasties. They have to be corrected or avoided to fix the problem. Until then, the botnet will be both a weapon and profit center at everyone's expense. No, the answer is not "trusted" computing or mail servers that waste your time with MENSA puzzles and collect a penny for Bill. The answer is fixing what's broken. Email works despite it's great abuse by a few idiots.

His "Oh, it's not so bad," attitude is unfounded at best and what you might expect from M$ or the DMA as they promote, "legitimate" spam at worst. Spamhaus tells us that there's still a big problem, despite steps that most ISPs have taken. The problem will get worse again as the spammers learn to get around those mostly trivial steps. It won't take much effort to read configuration information on broken Windoze machines and make them point to the ISP's SMTP to send mail like the end user does. In the mean time, the botnet continues spew network clogging spam, and DDOS and we all get to pay the price in slow networks and broken computers. It's not enough to sit smug behind your spam filters while the average user gets creamed. The nasties are strengthened and encouraged by that kind of attitude and they can get still you with a DDoS or Distributed Mailbomb.

Flaws in Microsoft's operating system are what enables the nasties. They have to be corrected or avoided to fix the problem. Until then, the botnet will be both a weapon and profit center at everyone's expense. No, the answer is not "trusted" computing or mail servers that waste your time with MENSA puzzles and collect a penny for Bill. The answer is fixing what's broken. Email works despite it's great abuse by a few idiots.

The TEXT Only version on that site, for those who lack the intelligence to find it.

Anotehr case of The 'Darkmail' Attack Vector and people getting away with it. Yes it is a bit lame mail bombing someone but I think it's easy to underestimate the damage a mail bomb attack can do to a business - and on a sliding scale, the smaller the business the more damage it does. I linked to a paper which explains it all - if my company got hit, we would have some serious problems no doubt.

This hardly counts as a DoS attack in its traditional meaning. However it is an annoying bug. I am glad to read that it has been addressed in the latest beta.

What follows is probably an ad hominem attack. Moderate accordingly.

I decided to spend a little time on the Whitedust site. The site is advertised as "The Leading Independent Security News Portal".

The site is run by a group of former crackers. Of course one has to wonder about their cracking, security, and business skills when:

• They advertise their many connections within the underground hacker scene
• They leave the administrative link to their PHP web site in the footer of every page
• Their business writing would fail my mom's 7th grade remedial English class

In short this web site has no redeeming value.

hint [for collecting IP addresses]: At the start of each school year send out a mass email to everyone you know with your address, and ask people to reply with theirs so you can update your rolodex. I should be charging (or perhaps getting charged) for this.

Oh, and the fame and fortune they (purportedly) bring... should help you with women, too.

Too bad by the time you get to use your "amazing discoveries" (made the hard way by using the "insights" from TFA -with anonymous<gasp>submission adding to the "mystery"- rather than going the easy route through Geektools or some such), DHCP may have reassigned your "target address" from Sorority House to Astrophysics Lab...;-)

Wonder who Whitedust is? Read their mission statement:

Within six months of launch, the Whitedust Portal will overtake the existing portals as the leading source of comprehensive, trusted and unbiased security information. This will be achieved through a dedicated approach to reporting security events as they happen. So far in our live period Whitedust have placed an un-mistakable and firm emphasis on fair, unbiased and above all honest news comment on up to the minute security issues - a strategy fundamental to Whitedust's own work ethic.

Sure, it was written in February - a mere 7 months ago - but cut them some slack. They're trying.

Their website lists their numbers as: "Tel: 00353 - (0)87 - "...etc numbers, so they're not in North America.

This: (Mon, 14 Feb 2005 16:57:12 +0000) also suggests a European country (I think). So maybe English isn't their first language.

..that Mozilla is having lots of problems lately..

I noticed this over at whitedust.net eariler today, along with their interesting article on a explited and unpached (on 98 and ME) buffer overflow in Window's Color Managment Module..

It would seem that linux and windows have changed quite a bit in the last few years, but also the attack vectors have gotten more serious and sophisticated.

I noticed this over at whitedust.net eariler today, along with their interesting article on a explited and unpached (on 98 and ME) buffer overflow in Window's Color Managment Module..

It would seem that linux and windows have changed quite a bit in the last few years, but also the attack vectors have gotten more serious and sophisticated.

That is ourragous.. i saw this over at whitedust along with the new IE JVM hole that slashdot doesn't seem to want to report about

That is ourragous.. i saw this over at whitedust along with the new IE JVM hole that slashdot doesn't seem to want to report about

Sounds like Targeted, Mass Distributed Mail Bombing to me.

When I wrote that article I was shocked just how damage such an attack could have; and just easily it bypassed the existing email server security measures.

Will be interesting to see just how far this goes.

I could see most of them being over hyped, but as I said over at http://www.whitedust.net/speaks/675/ how can you not overyhype open wireless hotspots?

Or all the windows users could just switch to Linux where this "exploit" won't do shit.

Obviously "aichpvee" didn't RTFA:

Additionally it has been confirmed that this exploit does not only affect Microsoft Windows users but, if the code is adapted, can also affect both MacOS and *nix operating systems running vulnerable version of Firefox. The basic problem lies within Firefox's pseudo "Active-X" mechanism designed to dynamically download executable programs.

The PSP Hacked: Elf to PBP Wednesday May 04, @07:42PM Rejected

Twas rejected :(

I think it was PSP Hacks who had it first too. And WD reporting on it a few hours later as a headline.

Good start for dev on the PSP - which was only a matter of time even if reported late and without accuracy.

Anyone interested in antispam technology should give the Whitedust article 'Defeating Bayesian Filters'. Registration is required I'm afraid but it's free... so... Enjoy ;]

Anyone interested in antispam technology should give the Whitedust article 'Defeating Bayesian Filters'. Registration is required I'm afraid but it's free... so... Enjoy ;]

You might want to have a read through the article on Whitedust titled 'Absolute Data Deletion'. The article basically covers every possible angle to erasing sensitive data. Well worth a read.

You might want to have a read through the article on Whitedust titled 'Absolute Data Deletion'. The article basically covers every possible angle to erasing sensitive data. Well worth a read.

I recently wrote a paper on this topic http://www.whitedust.net/article/7/ and during the course of the research it became clear to me that the only sure way to absolutely and unrecoverably delete data from a HDD is to slag it in acid. Anything else has a relatively high margin of error. Think about all those old HDD's you chucked out after a PGP diskwipe... and what is most likly still recoverable off them. Be afraid.