Slashdot Mirror
Turning Attackers' Tools Against Them
Tasha26 writes "The BBC has an interesting Web security snippet from the SyScan 2010 security conference in Singapore. In a presentation, security researcher Laurent Oudot released details of bugs found in commonly used attack kits such as Neon, Eleonore, and Sniper. These loopholes could be exploited to get more information about the attackers, perhaps identifying them, stealing their tools and methods, or even following the trail back to their own computer."
There should be bounties put on these folks spreading this shit.
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
Humans are frog-like mammals with puny intelligences compared to me, the galactic overlord from Fggrtgtettggttgtstttttstststs. I saw a registered car car car car car car car to the ass-wind. Commander TACO is a small amphibian with a faulty earrrrrrrrrrrrrrrrrrrrrr..;.;;.;.;.;.;.;.;.
UNITE with the Campaign for a Free Internet because today, our future begins with tomorrow!
..or to the person they are setting up to go to jail...
---- Booth was a patriot ----
...or did he behave irresponsibly and publish the bugs without giving the vendors time to issue patches?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
All that cleverness wasted...
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
Meh... Thae fact that there are errors and vulnerabilities in web based tools just means that they were written by programmers who largely don't have peer code review, which is why so many computer viruses never get to trigger or release paylod, the only working part of them is the infection mechanism. Perhaps these vulnerabilities would aid n catching a script kiddie who had downloaded a poorly programmed tool and was dumb enough to launch from his own computer. Nobody with brains would launch from "home", they would use bots, which means the police will be storming an old age home with grandparents still using windows 95. I do applaud looking at hacking tools though, I workd for a company that used a stripped down, harmless version of the sub7 trojan to deploy software and it was far superior to commercial deployment solutions at the time.
sig loading.......
Do you really think that the creators of these "tools" aren't going to leave SOME way of getting back into them? To prevent them from being used against their own systems?
"Did you really think you could use my own spell against me , Potter?" -Severus Snape "HP: THBP"
[End Of Line]
In other news, researchers learn that script kiddies tend not to be very good software developers.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
I propose that MS create a walled-garden version of Windows that will work for 85% (my estimate) of users. Only approved apps can be installed. Could it work?
That so8ded,
This is great intel, no doubt. There's a bit of irony in reporting vulnerabilities in malware - can I get a CVE for that? Counter-attack has a bunch of potential issues, though. The primary one is attack attribution, and the other primary one is that it's not legal in many places (including the United States) to counter-attack your attacker. If you execute code or access a system without the permission of the system-owner, you're in the same crime category as the original miscreant.
against us. it's not like we haven't been given many opportunities to make it right/defend ourselves. butt, as we (not so) slowly fade into bad history, it's good to know that there's still some genuine assistance available in spite of our lackadaisical attitude towards our gifts. see you there?
meanwhile (meaning possibly quite a while); the corepirate nazi illuminati is always hunting that patch of red on almost everyones' neck. if they cannot find yours (greed, fear ego etc...) then you can go starve. that's their 'platform' now.
never a better time to consult with/trust in our creators. the lights are coming up rapidly all over now. see you there?
greed, fear & ego (in any order) are unprecedented evile's primary weapons. those, along with deception & coercion, helps most of us remain (unwittingly?) dependent on its' life0cidal hired goons' agenda. most of our dwindling resources are being squandered on the 'wars', & continuation of the billionerrors stock markup FraUD/pyramid schemes. nobody ever mentions the real long term costs of those debacles in both life & any notion of prosperity for us, or our children. not to mention the abuse of the consciences of those of us who still have one, & the terminal damage to our atmosphere (see also: manufactured 'weather', hot etc...). see you on the other side of it? the lights are coming up all over now. the fairytail is winding down now. let your conscience be your guide. you can be more helpful than you might have imagined. we now have some choices. meanwhile; don't forget to get a little more oxygen on your brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.
"The current rate of extinction is around 10 to 100 times the usual background level, and has been elevated above the background level since the Pleistocene. The current extinction rate is more rapid than in any other extinction event in earth history, and 50% of species could be extinct by the end of this century. While the role of humans is unclear in the longer-term extinction pattern, it is clear that factors such as deforestation, habitat destruction, hunting, the introduction of non-native species, pollution and climate change have reduced biodiversity profoundly.' (wiki)
"I think the bottom line is, what kind of a world do you want to leave for your children," Andrew Smith, a professor in the Arizona State University School of Life Sciences, said in a telephone interview. "How impoverished we would be if we lost 25 percent of the world's mammals," said Smith, one of more than 100 co-authors of the report. "Within our lifetime hundreds of species could be lost as a result of our own actions, a frightening sign of what is happening to the ecosystems where they live," added Julia Marton-Lefevre, IUCN director general. "We must now set clear targets for the future to reverse this trend to ensure that our enduring legacy is not to wipe out many of our closest relatives."--
"The wealth of the universe is for me. Every thing is explicable and practical for me .... I am defeated all the time; yet to victory I am born." --emerson
no need to confuse 'religion' with being a spiritual being. our soul purpose here is to care for one another. failing that, we're simply passing through (excess baggage) being distracted/consumed by the guaranteed to fail illusionary trappings of man'kind'. & recently (about 10,000 years ago) it was determined that hoarding & excess by a few, resulted in negative consequences for all.
consult with/trust in your creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?
"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land." )one does not need to agree whois in charge to grasp the notion that there may be some assistance available to us(
boeing, boeing, gone.
likewise, what hacker is going to report that someone reverse engineered his hack?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Connecting to someone's computer with the intent to cause damage could still get you in legal trouble; the law doesn't care who the victim is. What's more, the cracker you are trying to crack may just have a whole botnet to turn on your IP space, so you may want to think about that before unleashing your m4d l33t sk11z on their intertubes.
boycott slashdot February 10th - 17th check out: altSlashdot.org
big deal. Death marke7 share. Red
in the OS or have an option of and OS update that includes tools to detect attacks and then counter them.
I remember having a Fedora 9 Web Server and all kinds of foreign IP addresses tried to crack passwords and guess user names. I read the logs as root showing me failed attempts using some dictionary attack of English/American first names and passwords from a dictionary list. Now I don't use first names but handles and pen names that are hard to guess and run as a user account and only use root when I need to do something.
A friend of mine told me they will keep trying and cannot be stopped because my Linux server has no defense system to counter attack their hacking attempts and when they send a DoS attack my system does not send one back.
But I was never able to find such programs for Linux that would counter-attack such things and stopped hosting my web site at home and moved it to a web hosting services and let their admins monitor it 24/7. I recall they used an exploit in Apache 2.X and PHP during Halloween when I was taking my wife and son out for collecting candy. I come back home and found that trolls from Kuro5hin hacked my web server and took control and added insulting and untrue stuff about me. Later on they did the same thing to Net Money Chat that used Scoop like Kuro5hin but the admin fixed it to work with Apache 2.X and mod_perl for Apache 2.0, he submitted the code changes to Rusty, but Rusty never did anything about them. Then the Kuro5hin trolls hacked Net Money Chat and make it so it never served web pages and sabotaged the system so no part of it would work.
I would like to see such things available or built into Linux and other operating systems or be part of a security update or some free or open source software that can be gotten by people or small businesses that run web sites and need some way to force hackers and attackers to stay away from their web servers or at least collect enough evidence to submit to the FBI or some other group to hunt down the hackers and crackers by generating an ODF or PDF or whatever file that contains copies of the logs and a list of IP addresses doing the hacking and cracking attempts and attacks and then lists what they did. If needed a court can examine the Linux logs to see the whole history if they want to as well.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
This is to save the energies of the various suckers, who, like me, wanted to read either the presentation (will do even Powerpoint, if really really desperate) or the notes or whatever he had.
These conferences, unlike BlackHat® conferences, seem to publish zilch, and on his company web site there is nothing, in any language, except for a news item in Inspector Clouseau's English (Pink Panther, remember?) on this same matter, hardly more informative that the OP comment.
To shake him, please e-mail him in any language, asking him to publish his presentation.
I am confident that by the 3.000.000th e-mail, he might get it...
Am going to mail him in idiomatic, begging, French to begin with.
The Force actually is with me.
Alfred Nobel 'Price' was killed while using his own invention (dynamite). So you would be the first. Harry Potter is a fiction, remember?
www.cypherdyne.org
The new right fascists are bilingual. They speak English and Bullshit.
i think you are trying to say that going after hackers is unethical. you are of course right. but that doesn't mean you can't go after them, just that you can't wrap yourself in the cloak of ethics when you enter their shadowland
in other words, to catch a criminal, you should abide by good conduct, but you may have to get a little dirty yourself
it is not possible to fight crime completely straightjacketed by the highest standards of good behavior. as long as you yourself don't become a criminal in your pursuit of them, its ok to bend the rules
please don't read this as an acceptance of murder to fight shoplifting. my words are more an acceptance of jaywalking to fight drug dealing. i am proposing its ok to bend the rules slightly, not excuse vile crimes in the punishment of smaller ones. for example: its perfectly legal to lie to suspects when interrogating them. do you consider this unethical? maybe a goody two shoes does. but then a goody two shoes will never catch a criminal. you need to understand exactly what you are dealing with, and be prepared to bend the rules a bit
its a tough game. who ever said catching criminals was easy and trouble free? your notion of ethics should not preclude the vigorous pursuit of criminals. then its not ethics at all, for without the vigorous pursuit of crime, you only reward those who don't follow ethics at all, and therefore undermine the reason for anyone in society to act ethical. the reward for good ethics should be greater than the reward for being unethical. make sure of that
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it