There had never been an attack on Ben Gurion Airport in Israel, ever!
It's one of the safest air ports in the world.
It's sounds like you're inventing those stuff up. sorry.
Also, Israel is one of the nicest place to visit on earth, including "the dead sea" which is 90% salt, so you can float on the water, it's awesome. Tel-aviv is great place for parties, and the north of Israel is just beautiful.
Please don't lie about stuff like that, people might believe you.
written by an Israeli citizen.
Hello, This advisory had been published at the 9th of September http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html, about a Kernel Crush made by specially crafted SMB packet to port 445. This advisory were published in the begining as Denial-Of-Service but soon people found that it was exploitable! Soon lots of people tried to be the first to create working exploit for the MS09-050 (SMB2). Till then, Microsoft told that un-till an update will be available you can disable SMB2 and not ports 445/139.
Also, CoreImpact had first published an remote exploit PoC to their members at the 17th of Septemeber. Which means that an exploit had been found to subscribers at 17/9!!. So this article is basically wrong. Anyways, more researchers still tried to create public exploit for it such as http://blog.metasploit.com/2009/10/smb2-351-packets-from-trampoline.html which describes what his way of exploiting this using 351 packets to achieve jump to his code (remote code execution).
So... This article has more than a few points which are not accurate including the "The first windows 7 zero day exploit" title.
Cheers.
Zuk
Interesting use of ClearView in hacker point of view, the program can be patched to not change the binaries, but just to write which places seem vulnerable, and try to attack those vectors of input to gain a zero-day attack on a program which other fuzzers didn't seem to detect those input errors, etc.
In-order to hack WEP it's quite simple today, you need to do the following:
1) Listen to packets going through (monitor mode)
2) Force people to send more packets using arp-replay packets or specially crafted packets
3) Capture about 25000 packets and make an crypto analysis [the more packets you capture, more chance you'll be able to decrypt the password] about this packets to get password
In WPA1/2 it's quite different: 1) Listen to packets going through in monitor mode 2) Wait un-till you capture a connection-login handshake (it's 2 packets both ways = 4 packets) 3) After you capture packets in 2, you need to do Dictionary attack on the captured session login. If that word isn't in your dictionary, you're screwed.
That's why a current wireless hacking methods against a strong not-in-dictionary WPA(PSK) password will be quite hard (if possible) to hack these days.
I've yet to see a good Linux/Unix distribution that offers centralized patch management in an easily administered manner to compare with WSUS.
Kernel issues still require a reboot.
Kernel issues do not always require a reboot. Most of the time you can have a run-time patching within a separate LKM (Loadable Kernel Module).
I'd like to see the contest's questions, just to check how it was (and also perhaps there's something new to learn, right?:)), if anyone can give the test for self checking?
It would be quite an accomplishment to introduce a remote exploit directly in the kernel.
Here you go : that's not that hard to achieve (well, it is, but that's not impossible) : http://dvlabs.tippingpoint.com/advisory/TPTI-06-02 (Driver BO will run on kernel-mode obviously), so remote BO's on kernel side are not that never heard of.
"Two researchers, Dan Kaminsky and Moxie Marlinspike, came up with exact same way to fake being a popular website with authentication from a certificate authority."
Here's what happened : Moxie Marlinspike found this and sent his boss a message through his website, but the problem was, Mr. Kaminsky had tried his DNS poisoning on that website and all the traffic went through Kaminsky. Kaminsky afterward declared that he had found a way to do it:)
Of-course I'm j/k but Dan is a genius and can do it:)
I'm one of the guys like you who actually makes fun of MS in every possible way, but I still believe in my heart that there's lots of code in their system which is written quite good. and I also think they've contributed much to today's world/technology. I still use linux though, but [sarcasem ]"the enemy"[/sarcasem] is actually not that evil, I guess (without thinking about ie/or any other monopoly behavior).
Definitely Python, as it can both teach regular programming pretty easy and also can teach OOP concepts easily as-well
So, learning python can be a start to learn C++/C#/JAVA and help understand it much more. Also, It's quite easy language, you can do pretty much whatever you want, it will help you understand sockets, file parsing, oop, variables a bit less though (it will make a new programmer a bit confuse) but overall it's a great language and I couldn't be thinking how my life would be without python:)
Because of requiring such age for entering bars in the states, the young guys there just want to drink (and do drink) much more than he would have drank if it was legal. They fly abroad all over the world and see that they can drink over 18 and only in their home they can't. That's truly ridicules, and I think that's one of the reasons that lots of people in the states do drugs (like much more comparing to the rest of the world).
most of the people think that python GUI ends up with import tk and that's not correct at all, if you're among these people, you should read this book... good luck!
Eclipse is very nice IDE and very useful, though competitor to Visual Studio (which isn't free and very CPU/memory consuming)
Vim is great if you get to know most shortcuts and download (/create/modify) a nice.vimrc file (http://dotfiles.org/.vimrc).
Check them out and configure whatever you want:) Goodluck.
hey there,
I think the best solution for this issue is using linux as a os, with 2 desktop sessions, one per each monitor.
afterwards, you should map each controller to each virtual desktop you're using. if you need Windows in-order to run these games (I'm not familiar with them), just install VirtualBox with windows on it, and run 2 different sessions of it, each in every virtual desktop. now, you need to run initial run to each game (in each VirtualBox) and just play using the 2 controllers. Another thing you need to do, is SetFocus, for each controller in each VirtualDesktop, so in-case someone of you click on the controller, it will be focused in his session while if a 0.10 seconds later the other player will click in his own controller, the focus should be automatically set on the other's player VirtualBox within his own Virtual Desktop session.
[quote]Well, unlike what virgins living in their mom's basement may imagine, sex is only a small part of the time spent together in a relationship.[/quote]
And by that you mean, like, 30 seconds a week, right?:)
I also wonder, how come a windows pro, needs a ubuntu installation tutorial (Ubuntu?! tutorial perhaps for other distribution, but Ubuntu's installation is easier than windows. just [while (next); finish;] installation).
You can use ipchains instead since iptables is deprecated. Also, slackware package manager is not the best, and I'm a slackware big fan, if you're intrested in packages for slack, you should check http://slackbuilds.org/ and http://packages.slackware.it/ and http://www.linuxpackages.net/.
in the first one you compile the stuff yourself and only download a configuration to create the package, in the other 2 you just download pre-made packages (like rpm) - it's okay once you get used to it (with packagetools, upgradepkg, installpkg,removepkg) but it's still not as good as debian based package manager (apt-get) or gentoo repository.
I find myself compile lots of stuff that other Linux users don't even use (or know how to compile if he/she is Ubuntu users).
But the OS do exactly what I want it to do! nothing more, nothing less! and that's what Slackware is all about.
If you want to compile your own kernel, easy, exactly the same kind of easiness from other distros, but I don't know, I just felt inlove with Slackware!.
About your iptables problem, do this:
Looks like you didn't enable iptables in the kernel. I think you need to have the ipchains module enabled.
Try enabling these, and the other boxes listed below them.
Networking>Network Packet Filtering>Core Netfilter>Netfilter Xtable support
Networking>Network Packet Filtering>IP Netfilter>IP Tables Support
"The following was written in the spirit of April Fool's Day. Brian is following the story and if there are real reports of outbreak, he'll report them in a separate post."
It's actually written in title, and still get's too much focus like those event's are real (although, they could occur, but there's a need to tell the people who read this that the whole post is a April fools joke.
I thought I was not reading correctly, but... 468 pages on a single book about nmap?
I'd prefer [code]# nmap -h (or --help)[/code] it would give me the same results. JESUS! people became crazy... 468 pages?!!?!?! Nmap?!?!?!
Devertebrated
Link to the original article next time!
I'm quoting why it's not really the longest (using past tense would get other words as-well into the list):
Technically, the word "reverberated" is just as long, and so is "desegregated" - but they're sometimes disqualified because they require using the past tense.
Slashdot Mirror
You don't know what's in Linux Kernel. http://www.theregister.co.uk/2003/11/07/linux_kernel_backdoor_blocked/ Things like that can happen. I hope the community is doing a good job. and they are :)
p.s, I use linux myself, and trust no one.
There had never been an attack on Ben Gurion Airport in Israel, ever! It's one of the safest air ports in the world. It's sounds like you're inventing those stuff up. sorry. Also, Israel is one of the nicest place to visit on earth, including "the dead sea" which is 90% salt, so you can float on the water, it's awesome. Tel-aviv is great place for parties, and the north of Israel is just beautiful. Please don't lie about stuff like that, people might believe you. written by an Israeli citizen.
Hello, This advisory had been published at the 9th of September http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html, about a Kernel Crush made by specially crafted SMB packet to port 445. This advisory were published in the begining as Denial-Of-Service but soon people found that it was exploitable! Soon lots of people tried to be the first to create working exploit for the MS09-050 (SMB2). Till then, Microsoft told that un-till an update will be available you can disable SMB2 and not ports 445/139.
Also, CoreImpact had first published an remote exploit PoC to their members at the 17th of Septemeber. Which means that an exploit had been found to subscribers at 17/9!!.
So this article is basically wrong. Anyways, more researchers still tried to create public exploit for it such as http://blog.metasploit.com/2009/10/smb2-351-packets-from-trampoline.html which describes what his way of exploiting this using 351 packets to achieve jump to his code (remote code execution).
So... This article has more than a few points which are not accurate including the "The first windows 7 zero day exploit" title.
Cheers.
Zuk
Interesting use of ClearView in hacker point of view, the program can be patched to not change the binaries, but just to write which places seem vulnerable, and try to attack those vectors of input to gain a zero-day attack on a program which other fuzzers didn't seem to detect those input errors, etc.
In-order to hack WEP it's quite simple today, you need to do the following :
:
1) Listen to packets going through (monitor mode)
2) Force people to send more packets using arp-replay packets or specially crafted packets
3) Capture about 25000 packets and make an crypto analysis [the more packets you capture, more chance you'll be able to decrypt the password] about this packets to get password
In WPA1/2 it's quite different
1) Listen to packets going through in monitor mode
2) Wait un-till you capture a connection-login handshake (it's 2 packets both ways = 4 packets)
3) After you capture packets in 2, you need to do Dictionary attack on the captured session login. If that word isn't in your dictionary, you're screwed.
That's why a current wireless hacking methods against a strong not-in-dictionary WPA(PSK) password will be quite hard (if possible) to hack these days.
Just so we all be cleared.
I've yet to see a good Linux/Unix distribution that offers centralized patch management in an easily administered manner to compare with WSUS.
Kernel issues still require a reboot.
Kernel issues do not always require a reboot.
Most of the time you can have a run-time patching within a separate LKM (Loadable Kernel Module).
Check this out for some more info about run-time patching
is there anything that you can name that can do more than Linux?
Easy, Chuck Norris!
I'd like to see the contest's questions, just to check how it was (and also perhaps there's something new to learn, right? :)), if anyone can give the test for self checking?
Thanks!
It would be quite an accomplishment to introduce a remote exploit directly in the kernel.
Here you go : that's not that hard to achieve (well, it is, but that's not impossible) : http://dvlabs.tippingpoint.com/advisory/TPTI-06-02 (Driver BO will run on kernel-mode obviously), so remote BO's on kernel side are not that never heard of.
"Two researchers, Dan Kaminsky and Moxie Marlinspike, came up with exact same way to fake being a popular website with authentication from a certificate authority."
Here's what happened : Moxie Marlinspike found this and sent his boss a message through his website, but the problem was, Mr. Kaminsky had tried his DNS poisoning on that website and all the traffic went through Kaminsky. Kaminsky afterward declared that he had found a way to do it :)
:)
Of-course I'm j/k but Dan is a genius and can do it
Roee Hay's blog and a movie to demonstrate it : Movie on youtube showing successful attack
GG WP!!
I'm one of the guys like you who actually makes fun of MS in every possible way, but I still believe in my heart that there's lots of code in their system which is written quite good. and I also think they've contributed much to today's world/technology.
I still use linux though, but [sarcasem ]"the enemy"[/sarcasem] is actually not that evil, I guess (without thinking about ie/or any other monopoly behavior).
Definitely Python, as it can both teach regular programming pretty easy and also can teach OOP concepts easily as-well :)
So, learning python can be a start to learn C++/C#/JAVA and help understand it much more. Also, It's quite easy language, you can do pretty much whatever you want, it will help you understand sockets, file parsing, oop, variables a bit less though (it will make a new programmer a bit confuse) but overall it's a great language and I couldn't be thinking how my life would be without python
Because of requiring such age for entering bars in the states, the young guys there just want to drink (and do drink) much more than he would have drank if it was legal. They fly abroad all over the world and see that they can drink over 18 and only in their home they can't. That's truly ridicules, and I think that's one of the reasons that lots of people in the states do drugs (like much more comparing to the rest of the world).
CmdrTaco always says that : "With great power comes great responsibility", he even told this sentence to Spiderman.
That's why he's not using his power to get all the bitches out there.
most of the people think that python GUI ends up with
import tk
and that's not correct at all, if you're among these people, you should read this book... good luck!
Eclipse is very nice IDE and very useful, though competitor to Visual Studio (which isn't free and very CPU/memory consuming) .vimrc file (http://dotfiles.org/.vimrc).
:) Goodluck.
Vim is great if you get to know most shortcuts and download (/create/modify) a nice
Check them out and configure whatever you want
hey there,
I think the best solution for this issue is using linux as a os, with 2 desktop sessions, one per each monitor.
afterwards, you should map each controller to each virtual desktop you're using. if you need Windows in-order to run these games (I'm not familiar with them), just install VirtualBox with windows on it, and run 2 different sessions of it, each in every virtual desktop. now, you need to run initial run to each game (in each VirtualBox) and just play using the 2 controllers. Another thing you need to do, is SetFocus, for each controller in each VirtualDesktop, so in-case someone of you click on the controller, it will be focused in his session while if a 0.10 seconds later the other player will click in his own controller, the focus should be automatically set on the other's player VirtualBox within his own Virtual Desktop session.
Good LUCK!
[quote]Well, unlike what virgins living in their mom's basement may imagine, sex is only a small part of the time spent together in a relationship.[/quote]
:)
And by that you mean, like, 30 seconds a week, right?
I also wonder, how come a windows pro, needs a ubuntu installation tutorial (Ubuntu?! tutorial perhaps for other distribution, but Ubuntu's installation is easier than windows. just [while (next); finish;] installation).
Cheers!
You can use ipchains instead since iptables is deprecated. Also, slackware package manager is not the best, and I'm a slackware big fan, if you're intrested in packages for slack, you should check http://slackbuilds.org/ and http://packages.slackware.it/ and http://www.linuxpackages.net/.
:
in the first one you compile the stuff yourself and only download a configuration to create the package, in the other 2 you just download pre-made packages (like rpm) - it's okay once you get used to it (with packagetools, upgradepkg, installpkg,removepkg) but it's still not as good as debian based package manager (apt-get) or gentoo repository.
I find myself compile lots of stuff that other Linux users don't even use (or know how to compile if he/she is Ubuntu users).
But the OS do exactly what I want it to do! nothing more, nothing less! and that's what Slackware is all about.
If you want to compile your own kernel, easy, exactly the same kind of easiness from other distros, but I don't know, I just felt inlove with Slackware!.
About your iptables problem, do this
Looks like you didn't enable iptables in the kernel. I think you need to have the ipchains module enabled.
Try enabling these, and the other boxes listed below them.
Networking>Network Packet Filtering>Core Netfilter>Netfilter Xtable support
Networking>Network Packet Filtering>IP Netfilter>IP Tables Support
(from http://ubuntuforums.org/showthread.php?t=278456)
Goodluck,
Zuk.
"The following was written in the spirit of April Fool's Day. Brian is following the story and if there are real reports of outbreak, he'll report them in a separate post."
It's actually written in title, and still get's too much focus like those event's are real (although, they could occur, but there's a need to tell the people who read this that the whole post is a April fools joke.
I thought I was not reading correctly, but... 468 pages on a single book about nmap?
I'd prefer [code]# nmap -h (or --help)[/code] it would give me the same results. JESUS! people became crazy... 468 pages?!!?!?! Nmap?!?!?!
Devertebrated Link to the original article next time!
I'm quoting why it's not really the longest (using past tense would get other words as-well into the list) :
Technically, the word "reverberated" is just as long, and so is "desegregated" - but they're sometimes disqualified because they require using the past tense.
since, if you got any mojo, you can get some girls (ask Austin Powers if you don't believe me). if you got some dojo, you cannot get anything?!