Slashdot Mirror
MyDoom Seeks to Destroy Antivirus Firms
Khoo writes "Worm writers are threatening to attack antivirus companies F-Secure, Symantec, Trend Micro and McAfee.
In the latest version of MyDoom--MyDoom.AE--the authors embedded a message ridiculing rival worm Netsky and promising to attack the antivirus companies."
Isn't this like the virus companies threating to shoot themselves....? Oh, hang on, they don't really write all the virii... :)
"If A equals success, then the formua is A=X+Y+Z. X is work. Y is play. Z is keep your mouth shut" - A Einstein.
Maybe they can destory Live Update so that Symantec can finally create a copy that isn't a resource hog.... wait....
*sighs*
nevermind
UID 1000000 is just around the corner.
... if all of these viruses were something more then a rip-off of a rip-off of a rip-off of someone elses code.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Hey Netsky! Nice code, did your mommmy write it for you?!
Do you want to use the antivirus product of a company whose network goes down due to a virus?
Evolution or ID?
Really was just a matter of time before an assault. It's a war. Virii vs. the White ('blood cell') Knights. The worst disease in the world is AIDS, not because it kills directly, but because it inhibits immunity entirely. After your anti-virus software is nuked, the most basic of hacks could nail your pc.
The only way to destroy Anti-virus firm is to stop writing viri. The more the viri, the more $$$ for AV companies.
I have OS X and us users need to quit trash talking. To many of us don't use antivirus software. And, yes, despite it being an amazingly secure setup there are holes as in any system. So, lets not provoke the smart virus writers who can write one for OS X if they put enough time and effort in. Lets stay low key as long as possible
Evolution or ID?
You turned every legit hacker out there into a potential terrorist. You're handing the net over to authoritarian politicians who are not interested in real security or the free flow of information. Fucking idiots. Why don't you burn down libraries for chump change? Same thing...
We don't really want to boost the ego of those jacks, do we?
And hopefully, Taco won't repost the same story in a few days...
<sarcasm/>
I seriously doubt Virus company write their own virus and release into the wild. There are enough virus already. They could hardly keep up. What I worry most is not about the attack toward the anti-virus company, all the anti-virus provider have to do is to set up temporary ip to dodge any Live update DoS. Similar to what Microsoft have done in the past. However, What sort of signal is this sort of news giving to the rest of the coder? Making virus make you more powerful? I have heard somewhere that if you control 10,000 machince on the internet, you are unstopable. That only lead me to wonder how many people out there actually control that amount of machince, and worst yet. What if they join together as an alliances and destory anything in their path for immature reason? Dalnet came to mind.. don't know anything else that have been heavily damaged by DoS. Can anyone else point out?
I think it's time to panic. We know virus writers always tell the truth and would never engage in deception or hyperbole. Therefore this must be true.
I reccomend we immediately declare western civilization over to beat them to the punch.
There, got my sarcasm out for the day. Now to go to work and refuel it.
"The Sage treasures Unity and measures all things by it" - Lao Tzu
How can people write such amazing worms and viruses and yet still have such POOR language in their little manifesto messages?
I just don't get these virus writers and their little comments. It seems like everytime you see a message, it was written by a kid (which is likely I suppose),someone really drunk, or someone really without command of the English language.
"we wanna stop our activity"
kind of reminds me of the tone of everyone's favorite...
"someone set us up the bomb"
I considered modding you down to help keep your message "low key"...
I'm not sure those bigger AV companies will be able to protect themselves. They are slow in responding to threats much less threats against themselves.
3 316511)
I put together this report for our project team recently. The sources are MCI, Verisign, et al (mostly, esecurityplanet.com article -- yes, google makes reports easy/fun).
Wait time for AV fix
(source: http://www.esecurityplanet.com/views/article.php/
Below marks the average wait time from release of virus to each company providing definitions to find/clean
H:M Anti-Virus Program
06:51 Kaspersky
08:21 Bitdefender
08:45 Virusbuster
09:08 F-Secure
09:16 F-Prot
09:16 RAV
09:24 AntiVir
10:31 Quickheal
10:52 InoculateIT-CA
11:30 Ikarus
12:00 AVG
12:17 Avast
12:22 Sophos
12:31 Dr. Web
13:06 Trend Micro
13:10 Norman
13:59 Command
14:04 Panda
17:16 Esafe
24:12 A2
26:11 McAfee
27:10 Symantec
29:45 InoculateIT-VET
The averages vary from about 7 hours per virus to more than one full day (almost 30 hours). It's important to note two things about the figures in the table above:
Some of the programs were able to detect some of the viruses in the testing period heuristically -- without needing an update. Ikarus, Quickheal, and Virusbuster were able to do this with the Dumaru.Y virus, whereas Norman and RAV were able to do it with Bagle.B. In those cases, the anti-virus program was assigned a response time of zero for that one virus. This reduced those vendors' average response times.
On the other hand, A2 had not posted a signature for the Bagle.B virus within three days, when the test period ended. This program, therefore, was assigned a response time of 35 hours in this instance. If this virus had not been considered in the statistics, A2's average response time would have been reduced to 15:26 rather than 24:12.
Hours to saturation/Dollar damage done by:
Klez 2.5 hours $9B
Sobig 10 hours $14B
2003 overall virus damage $89B
Average cost to patch and protect one workstation (includes AV, PM & FW): $234.
Global spam decreased in August 2004 due to hurricanes (FL is the largest producer of global spam).
"All great things are simple & expressed in a single word: freedom, justice, honor, duty, mercy, hope." --Churchill
Why hadn't this happened sooner (if it really does happen)? I know companies like Microsoft and SCO are understandable targets fir these cretin, but wouldn't you think that their natural enemy would be the anti-viri firms? If this does come off, am anxious to see what the reaction is.
My
"i thought we settled this a long time ago, the term varies depending on the number... viri for one, virii for two, viriii for three, viriv for four, virv for five, and so on..."
I read somewhere that MyDoom was named because the virus when viewed in an ASCII viewer contains an amount of freetext that was meant to say 'mydomain' but instead it was mis-spelt in the virus to say 'mydoomain' - hence MyDoom.
Think about it the last few years have seen some rather sloppy coded worms and virus. None of them have been intentionally malicious. I am worried about the guy sitting at home pissed off at the world and actually knowing what he is doing with a compiler. Virus scanners are a false sense of security, somebody that knows what he is doing can devastate most of the worlds networks in seconds. By the time the virus definitions are updated everything has gone black.
Let's see here, if you go for the old tin-foil belief that the virus companies write the virii to create a need for their software, and the attacks are real... Hmmm.
F-Secure: Check
Symantec: Check
Trend Micro: Check
McAfee: Check
So that leaves... grisoft, Avast, and a couple dozen smaller companies. It's a conspiracy! THE BASTARDS!
~D
This sig has been enciphered with a one-time pad. It could say almost anything.
The threat of a DOS attack is quite mild to actually writing truly malicious code. Something along the lines of repartitioning the harddrive and reformat the drives upon reboot. The viruses that we have seen have been mainly to slow or disconnect the victim from the network. I feel there could be worse scenarios that could happen besides what we have seen thus far.
Maybe if we gave the virus writers what they want they will leave us alone. I tired of the senseless mass killing of computers... you'd think they were doing this for fun.
I think you'll find the plural is 'viruses'
yeah sure, next time you gonna tell us that the plural of box is boxes and not boxen...
The silly thing about HIV (AIDS) isn't that it's killing off your immune system.. AFAIUnderstand, healthy CD4+ T-helper cells (the type of immune cells you're losing when you're HIV+) that come in contact with an infected CD4+ T-helper cell tend to self-destruct.
:)
If we're going to try and translate that to computerviruses and a computers' immune system.. Oh well, let's try.
---
Virus enters computer. Establishes infection. It shuts down a few processes, including some of the popular virus scanners, and alters a host file to mess with updates. New tools to remove the virus are developed on the web, and the virus gets update from a server on sealand which processes now to kill. - arms race. Whoever gets the update first, wins.
---
An HIV analogy would assume a host of virus scanners slowly being deminished on your computer, and mainly because virus scanners infected with the virus cause other virus scanners to crash. We're not there yet
I have a few friends that have 2-3 virus scanners on their pc, but that never seemed a very good solution to me.
How to install antivirus software on Mac OS X:
fink install clamav
Of course, then you'll have to add a cron job or something to run it periodically, or you can just run it by hand over things you've downloaded.
- chrish
Just so they can use their produts to protect themselfs from viruses. I would trust an Anti-Virus Company more if they were runinning OpenBSD or some other Secure OS. Yea sure they make anti-virus for windows but that is because they know that windows is insecure. Becideds if someone wants a virus to spread they just kill the updates for the anti-virus.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
So much for the traditional arguments made by virus writers that they're trying to force better security practices. Either that, or running anti-virus software isn't considered a security practice by virus writers.
Nah, ... maybe I am too paranoid, this time...
If programs would be read like poetry, most programmers would be Vogons.
Ah, Fond memories of the old HCF ( Halt and catch fire) op code. ;-)
- F1 NEWS
He should include his full résumé, address and phone number in the next one.
One line blog. I hear that they're called Twitters now.
If the MyDoom writers want to mess up antivirus companies, why don't they just do it and be totally quiet about it? The only thing worse than an attack is one that you don't see coming. To top that off, they could have made a different virus to attack antivirus firms and make the antivirus firms think it was the netsky writers that did it. And then someone could make a movie about it and play it on TNT because they know drama.
This is the very reason why depending upon anti-virus software is dangerous. Anti-virus software causes people to become less careful about computer security. Becoming less careful about computer security because you have anti-virus software is something like driving less carefully because you believe that airbags will keep you safe in the event of a car accident.
virii dates back almost 20 years and was coined as psuedo-latin in order to easily distinguish between computer virii and biological viruses, in the plural. It isn't an attempt at sophistication merely clarity. Some use it, some don't, some mock. Had it caught on, it would have simplified the language we use.
Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
Sometimes I wonder if it wouldn't be cheaper to just revamp the whole IT infrastructure.
...) and up-to-date legislation to procecute virus writer and so on.
....) and move to something decent (PowerPC? Heck, even MS goes to PowerPC for the future XBOX, so why not for PC's...)
Let's say all companies in all countries, the governements and the IT suppliers join hands and pay into one large "IT fund" or donate research time and development for a joint new technology.
At the same time governements all over the world passes legislation to increase the reponsibility of IT vendors like e.g. Microsoft (faster bug fixes required by law, free bug fixes, longer free support, better en safer Windows code,
We use these measures to:
1) Get rid of x86/WinTel and all its legacy technology and software (no more ISA, no more IRQ, no more Win/DOS compatibility,
2) Get rid of Windows altogether and create a decent replacemnt for it without legacy and backwards compatability
3) All governements by Apple Machines and Mac OS X at huge discounts: already a huge step forward in security of our personal information and files.
I think this would enhance competition, drive the economy forward, foster future new developments and maybe get rid of monopolies and get decent competition in the IT market... and be a lot cheaper than the combined cost of all anti-virus licenses, and hidden costs of lost productivity and fall-out of current attacks...
I know... I know... I'm dreaming eh... Some forces would be against this... Damn....
this monkey has nothing on Witchiepoo
I am just the average Joe, who is brainwashed by such renowned companies as Microsoft into believing that it is not the software companies that make the mistakes, but the people who make the things that cause the mistakes to trigger!
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
Sorry to say, but there's absolutely nothing in your post that makes sense. Not trusting a company because of the OS they run?
And: 'because they know that windows is insecure' ?? Windows isn't any more insecure than your favorite BSD or Linux distro. It's how it's configured that makes it secure or not.
'if someone wants a virus to spread they just kill the updates for the anti-virus' : oh yeah, why didn't they think of that before? I have no idea how you plan to 'kill' the update though, since that's different for every AV and you'll need to find a way to build that into your virus.
*shrug*
Really was just a matter of time before an assault. It's a war. Virii vs. the White ('blood cell') Knights. The worst disease in the world is AIDS, not because it kills directly, but because it inhibits immunity entirely. After your anti-virus software is nuked, the most basic of hacks could nail your pc.
:-)
I got one of those full body condoms and put my computer in it.
It's easy to stand out when the general level of competence is so low.
Don't ever mention again internet and secure in one sentence. it isn't secure and never will be. Just as commuting to work will never be secure. There are only different levels of security: if you go by car (Windows), bike (Amiga ;)), bus (Linux) or train (OS X).
Sounds like the virus was written to help the antivirus companies justify their existence.
Hackers are stalking your children online...
Booga booga!
Hahaha
Make OS's more secure? hahahahahahhahahahaah
First off, both companies that build OS's and antivirus companies have quareterly earnings to meet, can we risk that not happening?
Also, on a serious note, individuals need to be more reponsible for the security of their own machine. We are in an age where more people have fast computers on fast internet connections, and people are going to exploit their ignorance.
This is a problem that is not going to go away quickly, because those individual users are not going to change quickly, and there is no financial reason for OS companies to make better software.
[I can picture a world without war, without hate. I can picture us attacking that world, because they'd never expect it]
modded interesting? ROFL
A virus that performs a Denial of Service attack against the "automatic update" servers used to keep the client av software up to date?
You then have a virus that is attacking the 1 thing that can "defeat" it, thus the virus "wins" as it has effectivly knocked out the source of the antidote (providing the virus is able to spread at a very fast rate for the initial 12 or so hours).
There is quite a lot of research on the web regarding the speed at which viruses spread and the # of hosts infected in the first X hours, which makes for interesting reading.
To do it properly the virus shouldnt have any hardcoded IP addresses or domain names but instead seek the server name(s) from the (registry|av-binary|where ever it is stored). Other virus have failed in the past because l33t master coders were stupid enough to hard code a list of IP addresses.
A fast spreading virus that could do as described IMO would be a truely "successful" ground breaking virus, and it would certainly be interesting to see how the AV companies react to that.
(Im NOT suggesting, nor encouraging it to be done, just looking at an idea from a problem solving / technical implementation POV).
Jason
I'm no bugologist or anything, but isn't that thing an inch worm? Caterpillars walk with their little legs, not scoot along like that.
But as I said, IANAB.
I wish I still had the e-mails handy, but I once communicated with a reformed Mac virus writer in the mid-90's. (The Mac platform had a minor virus epidemic in the late-80's to early-90's before the Windows platform overshadowed it.)
His explanation at the time was that both the Mac and Windows APIs felt very "constrained" at the time, and he wanted to experiment with what parts of the OS functionality were usable in certain contexts. IIRC, he was one of the first to exploit an old "UI drawing resource" security flaw that was patched during the System 7 era.
Prior to the 'Net, most virus writers wrote the things out of curiosity or accident, since a computer's primary function is to simply copy and move numerical data. That's essential what a virus or worm is: a mere data replicator. Now that most PC are connected to a worldwide network, unvetted data copying is considered dangerous by many. This is partly why some in the business and media worlds regard P2P sharing and open source as part of the same "underground" as virus writing and software piracy. Most end users nowadays have completely forgotten that computers are simply Xerox copiers at a fundamental level.
Those who complain about affect & effect on
One virus. Two or more viruses. No other plural is acceptable.
i ru s.html
"Virii" is wrong.
"Viri" is wrong.
"Viriii" is wrong.
"Virodes" is wrong.
"Virusen" is wrong.
"Viruss" is wrong.
"Virus" as the plural is wrong unless you're speaking Latin, and even then it's not really a plural so much as a collective singular noun.
ANYTHING THAT IS NOT "VIRUSES" IS WRONG.
http://www.linuxmafia.com/~rick/faq/plural-of-v
I am fully in support of a keyboard that, whenever the letters "v" "i" "r" "i" "i" are typed sequentially, then administers a fatal electric shock to the typist.
Quidquid latine dictum sit, altum sonatur.
My Doom3 is better than your MyDoom! Nyeah!
Um, this isn't "Slashdot, news for english majors..."
These viruses/worms don't do a damn thing.
You know what would be a great virus/worm? One that totally fucks up the partitions on your hard drive forcing you to reformat and lose all your data.
Now THAT would be a funny virus. Imagine that getting spread across corporate america... you think it cost a lot to take 3 minutes out of the day to update virus defs and do a scan? Wait till you need to take hours out to reformat and reinstall.
These are what worms/viruses should be. Not this "Hacked by chinese" bullshit.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
Of course, the reason Linux and OS X are virus-free isn't obscurity, it's because they are fundamentally better-designed and more-secure systems. User permissions, lack of access to low-level ports, and few services running by default all contribute to a fundamentally more secure platform.
I don't know what kind of crack I was on, but I suspect it was decaf.
If a handful of major governments would just post some big bounties for these idiiots, the problem would oson solve itself.
In my experience, it should be at the top of the list.
And: 'because they know that windows is insecure' ?? Windows isn't any more insecure than your favorite BSD or Linux distro. It's how it's configured that makes it secure or not.
Right, if Windows is configured to not run any services and not be on the network it's C2 secure.
If you do any of those things it contains many network-exploitable 'root-level' vulnerabilities. Even if you follow the 65-page NSA documents on how to secure Windows.
As shipped, OpenBSD has had only a couple of these in the past several years. Windows has had more than a hundred.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
This is actually a big problem... worms have successfully managed to DDoS some *major* sites.
:o
Now what if the target of a DDoS was AV companies live update servers?
Anti-virus programs would not be able to download virus signatures against the new worms, making them ineffective unless manually updated.
So, lets not provoke the smart virus writers who can write one for OS X if they put enough time and effort in. Lets stay low key as long as possible
We need a good Mac OS X virus to get us out of the '0' column.
As it is people can claim there simply isn't anybody interested in writing Mac OS X viruses. At least if we got one they'd have to admit it's just damn hard.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
He needs to be held accountable for this mess!
Let's hope the folks McAfee are smart enough not to open an email attachment from freehotchicks@VxIxAxGxRxA.com
Thoughts and musings on how to release malicious code onto the internet while being physically present in a state hostile to the United States of America and targetting assets of that hostile state, causing a maximum of damage while making it nearly impossible to be traced or identified.
First of all, access to the internet has to be completely anonymous. Many people have used their personal internet access or the one at work. Malicious code _will_ be traced back to the orginating internet access by security agencies of states hostile against the United States of America.
Anonymous access to the internet is easily possible from:
a) unsecured wireless access points
b) internet cafes
Since many public and private places in states that are hostile to the United States are nowadays under 24h covert video surveillance, unsecured wireless access points are safest. The safest way to use an unsecured access point would be from a car travelling at the maximum speed possible for a notebook on board to find a path through an unsecured access point to the internet. The malicious code package however should not be released directly to the internet but onto the first vulnerable system after the AP that has access to the internet. When using the AP the physical MAC-address of the wireless adaptor must not be used for obvious reasons, the card should be programmed with a new MAC-address. After releasing the malicious code package the notebook should immediately securely erase all traces of the malicious code package, the delivery system and the secure eraser. The secure erasure of the mentioned components should also be triggerable by a single keypress. The notebook should be kept under sufficient power and in a state where secure erasure can be triggered at all times (disable screensaver, power low standby etc.). The secure erasure should also be triggered when the notebook is about to enter a state where the secure erasure can not be triggered and completed (low power, etc.). The notebook should not be hooked up to the car's battery nor should any antennas or fixtures be evident that reveal the notebook is being actively used in the car. The warmth of the notebook in operation is not explainable therefore appropiate navigational software and a GPS mouse should be present. It is important to avoid areas where the car could leave identifiable tire tracks. If possible avoid entering zones of known video surveillance or zones where searches by hostile forces can be expected. I know this sounds paranoid but shit happens.
The malicious code should be wrapped into an installer that hides the malicious code onto the first vulnerable target after the access point for a period of at least six days and release the malicious code to the internet preferably on the evening of the friday following the minimum six days.
All code, excluding the delivery system and secure erasure code, should hide on the system using state of the art techniques (filesystem filters, hooking registry access, manipulation of NT kernel data areas).
If the malicious code happens to be a worm, a very slow rate of infection is advised as well as a novel vulnerability being exploited. This is in the hope that the worm will over months penetrate into sensitive intranets without being discovered. As the clock of a given node can not be depended on for accurate time/date information the worm instance should not rely on it to measure time. Instead time should be measured by cpu cycles, poweron/poweroff cycles etc. Systems belonging to a state hostile to the United States of America can be recognized through characteristics discovered through prior intelligence.
All development and testing that takes place while located in a state hostile against the United States of America should be confined to one system. Backups must use state of the art encryption must be accounted for and be destroyed after being superseded. If you (unwisely) choose to keep the final version of the code after the attack, encrypt it with a xor of r
viri for one, virii for two, viriii for three, viriv for four, virv for five, and so on..."
That would be one hell of a long word in any practical medical usage.
Maybe not too smart either.
There are plenty of new viruses out there all the time. There is plenty of attention to the nastiness out there, which is good for the market. So some company would tweak their tool so it adds a tiny bit to the general insecure situation.
They'd have to arrange for internal secrecy so few people get to know the issue.
They're ready to take a hit when the next guy does a comparative batch test for viruses and declares their product unsafe.
They can't leave a paper/email trail so you can find out about the bad intent. Or a trail in the sourcetree.
They have to watch out extra for disgruntled ex-employees who want to get even.
It would complicate jobs unnecessarily. And the shareholders would not agree. No good intentions implied.
It could pay more to hype the existing security issues. If it's possible to add to the existing hype.
Yes, NT 3.5.1 and NT 4 both received C2, given a specific configuration and specific hardware. IIRC NT 3.5.1 was "off-the-network, no floppy". The services allowed on a C2 NT4 box:
- Computer Browser
- Microsoft DNS Server
- Netlogon
- NTLM SSP
- RPC Locator
- RPC Service
- TCP/IP NetBIOS Helper
- Spooler
- Server
- WINS
- Workstation
- Event Log
Note that many of these have had remote buffer overflow attacks since they were C2 certified, so you might ask what value C2 really has.To be fair, I looked all over and couldn't find any reference to Win2k, XP or 2003 being C2 certified - if anyone has a link to the contrary, please post.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Yeah, well, you are talking about regimes where the consequences of being discovered are a certain and painful death, I think being paranoid is probably pretty good advice...
But XORing against a random byte stream is not very good advice, because it is much more difficult than you might expect to generate such a random byte stream. Hint: The random number generator that comes with your compiler is not good enough.
Although what you say is true you must acknowledge that a larger percentage of the user population uses Windows based systems. If you were writing something that by nature needs more hosts to survive longer what platform would you target?
I honestly think that if the majority of people used linux then the virus writers would target the system more heavily.
Software is written by humans. Humans make mistakes. The OS is not gonna save you when one of your systems has a buffer overflow hack, etc. ALL systems can be exploited simply because they are written by humans. Part of life, IMO. Constant defense from attack makes a system stronger.
So does that mean the virus creators are doing a service to the community? I think that might be stretching it. (Does HIV do a service to the human genome?) But who knows.
switch from "scan on access" to "scan on create"
I wish I could find this setting, I have NAV 2004
Sam
blog.sam.liddicott.com
you're right. I've stopped trying to encourage people to convert to a Mac because they deserve Windows.
The reason girls and Windows users don't understand UNIX is because all the documentation is in Man files.
No no, it's viriiii for four...:)
----- Question authority, but not ours. Hate the man, but we're not him.
for a swarm of viru has been leashed upon your household. For thus spoke the internet - "Thou shalt no longer hold my people captive to your worldly laws and regulations". And so it was.
just be thankful we dont have to dead with virc or virm or virMCMXCIX or else we'd have to listen to bad prince songs...
tonight we'll be dancing like it's MCMXCIX....
https://www.gnu.org/philosophy/free-sw.html
How unimaginative of AV companies not to forsee this.
Really, being perplexed makes them look stupid, sack the PR people.
Hey Spydr! Nice English, did a Martian write it for you?!
V I R U S E S !
"Virii" is not a word in any language on this planet.
Thou hast a good point made for thee knowest English was ne'er meant to change.
Time is what keeps everything from happening all at once.
Last time I checked if you got HIV, you die. If computers are infected by a new exploit, etc... then the programmers and OS authors can patch or improve the system (in theory anyway). Much like a flu vaccine that isn't lethal, but does in fact make you stronger and more resistant to future attacks. This isn't a new idea.
Last week I was stupid enough to let rice bake to the bottom of my gf's favorite pan. She was upset and told me if I could mess it up then I could clean it up too. Anyway, I set to work on that pan until my elbows began to hurt and then took a rest drooling over the pan filled with little bubbles. I fascinated by the randomness of how the little bubbles of foam popped and dissolved. All of the sudden I wanted to mount a camera over the pan and "harvest" the randomness. This I could probably do by dividing the camera image into squares which are assigned a number and that number gets logged whenever a bubble in that square dissolves.
I wouldn't really trust a hardware random generator but if you have a GSM SIM card you can use it to generate a stream of random values of unknown quality. The GSM standard describing the "Subscriber Identitiy Module", GSM 11.11 defines a card command / "APDU" (Application Protocol Data Unit) called "ASK RANDOM" that will return a random value generated by the card's random number generator. I guess if I needed to create a stream of random bytes I would take the random bytes I obtained from the pan full of bubbles and xor them with random values obtained from a new and unused SIM card which I would for example have obtained as a prepaid GSM card at a vending place that does not demand photo id and paid in cash. I would also send the "ASK RANDOM" command to the card a couple thousand times first and then start logging the values, randomly skipping about a third of them, the randomness of the skipping derived from another pan of foamy bubbles.
Come to think of it, I would also later encrypt the random stream itself as well as the resulting ciphertext with 3DES-OFB.
Ooh, a traditionalist!