Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Security: On A Path As Clear As It Is Reliable

Posted by ryuzaki0 on from the snap-crack-crack-crack-pop dept.

bobthemonkey13 writes: "It appears that Microsoft's 'secure' E-Book system has been cracked. MIT Technology Review is reporting that an anonymous programmer has figured out how to bypass the 'advanced antipiracy features' in Microsoft Reader. This sounds a lot like what Dmitry did except for two things: The MS E-Book hacker has (wisely) decided to remain anonymous, and he's not publishing his program. God bless the U.S., where moving a book from your home to your office is a federal offence." Along similar lines, an Anonymous Coward indicates this story at USA Today titled "Expert Hacks Hotmail in 1 Line of Code." "I'm in awe! Unless someone can figure out how to execute pseudocode or half a line this isn't beatable. I hope this get's fixed or the whole future of pay-per-view web services could be impacted. :-q" Good thing Microsoft isn't quite sure what to do with all this universal-password stuff. (Thanks to Sacha Prins.)

Jamie adds:

In other news about poor security where you least expect it, Kitetoa informed Veridian a little while ago that: "Any script kiddy can root your web site. And... By the way... Someone already did it (as you should have seen at www.veridian.com/upload/ if you knew anything about internet security)."

I don't know what that URL gives you now, but as of this writing, and for the last several hours, it's read:

fuck USA Government
fuck PoizonBOx
contact:sysadmcn@yahoo.com.cn

This is the same Veridian that the Defense Department picked to track computer network attacks on DoD systems, specifically attacks coming from China.

3 of 360 comments (clear)

  1. I believe you mean "offense" by Anonymous Coward · · Score: 0, Offtopic

    This is the US, after all. Get it right.

  2. old veridian hack? by 4n0nym0u53+C0w4rd · · Score: 1, Offtopic

    Among the headers from the veridian server when I retrieved the hacked page was

    Last-Modified: Wed, 09 May 2001 12:53:30 GMT

    I'm sure they'll get to it in due time...

    --

    Buy Hex-Rated Stuff, fight the DMCA!

  3. idea for data distribution via srch engine spiders by Dr.+Awktagon · · Score: 1, Offtopic

    I was just reading a fascinating article in the latest phrack about using web spiders (like search engines, etc) to deploy exploits, by putting URLs on a page which are actually exploits (like the code red explot) and waiting for the spider to follow them. Many spiders pick up the URL, port, query string, and all.

    This could be used to distribute data..here's how:

    This guy could take his program, compress it, and encode into ascii and divide into N chunks.

    Pick P web sites that might like to see the code (peacefire, slashdot, 2600, CNN, whatever). Then code up N*P links all over your web site, that look like this:

    http://<SITE>/<DATA>
    where <DATA> is one of the N chunks (plus some data saying which chunk it is, etc) and <SITE> is one of the P sites. Then wait for search engine spiders to index your site (most sites have them coming regularly).

    After a few months, the target sites will all have the data in their logs as the spiders follow your links!

    This could be improved many ways, for instance the URL links could be spread over many hosts so that it is harder to track down the original source, the chunks could be encrypted, the receiving sites could automatically re-create the links so the data is kept circulating, different spiders could be fed different chunks, etc.

    Sort of like a Freenet using search engine spiders as the transport. Has this been done? Time to get coding!!