Mac-on-Linux is a linux/ppc program which makes it possible to run Mac OS in parallel with Linux.
MOL is primarily intended to be used by those who run linux/ppc as their main operating system but still want to be able to run that occasional Mac OS application.
Oh, and soon it would be possible to run linux on top of Mac Os X too.
The Grugq
The rise in prominence of incident response and digital forensic analysis has prompted a reaction from the underground community. Increasingly, attacks against forensic tools and methodologies are being used in the wild to hamper investigations.
This talk will: familiarize the audience with Unix file system structures; examine the forensic tools commonly used, and explore the theories behind file system anti-forensic attacks. In addition, several implementations of new anti-forensic techniques will be released during the talk.
"ZDNet reports that Microsoft is now willing to replace your pirated version of Linux with Windows XP. As part of the recently started "Windows Genuine advantage" program, Alex Hilton explains that this incentive aims to bring out customers who bought PC's with Linux preinstalled from vendors that should have installed the Microsoft OS. Not only do they offer amnesty to anyone coming forth with a linux version, but also to ship an original version of their product with a valid license to replace the pirated linux one, each customer being able to get up to 5 such replacements. Hilton says: "Our goal is not to prosecute the individual, our goal is to get to the source, the linux vendors.".
buffer overflows are only a small part of the problem!!! Microsoft came up with some lame ass BOF protection in their service pack 2 and their propaganda dept. is trying to convince us they solved something!
Today there are still format strings, integer overflows and the BIGGEST part of the problem is default passwords, false advertising, no liability, poor application security, security product vendors, SQL injections and just plain stupidity!
Just take a look at the abstract of my speech at syscan '04 (it's at the bottom of the program page.)
Information Security in Banking: The illusion of Safety by Anthony Zboralski
This presentation will focus on ways to defeat a banks security byways of deception, taking advantage of specific subtleties in human behavior and the bank's network of trust. This session will include three real-life case studies:
Penetration testing major Asian banks; the speaker will show why most security mechanisms can give a false of safety and demonstrate how an attacker can ensure rapid ownership of the most up to date, patched and secure systems without using a single 0 day exploits.
Auditing the security of core banking systems. The speaker will give real examples of insider hacking and fraud (erasure of loan files, manipulation of interest rate and foreign exchange data, vendor tempering with production environment, ATM backdoors, bypassing AS/400 security, etc.
Finally, the speaker will present the results of his Jakarta/RI Wireless Security Survey 2003 and 2004 including disturbing screenshots of ATM transactions and multi-million dollar wire transfers which broadcasted in clear text over wireless networks without the banks knowledge.
Re:Does hibernation slow or stop aging?
on
Hibernating to Mars
·
· Score: 2, Interesting
An interesting question is, would you be willing to go into a matrix-esque environment for those months, where you could go to movies, read books, interact with people on earth (speed of light limitations would make this really trippy), to pass to the time while your body sleeps?
Read Maze of Death from Philip K. Dick on the subject. My favorite PKD book.
you don't need a modchip to play pirate games on PS2 anymore, you only need a PS1 original game and run an exploit.. search google for ps2 scene, memory card exploit.
"The critical mass has to come from the PC, or a next-generation video device."
iPod users are thieves? yeah right, I can say the same about windows users. All the one I know are thieves, alright the ones who bought a branded computer were forced to buy a windows license but still most of 'em just pirate Office, Photoshop, etc. How many of your friends using expensive software such as 3DS Max, Autocad, Maya paid for it?
I also don't really like we assume copyright violators are all thiefs. In developing countries, it is nearly impossible to buy originals (even by mail order or online as long as local credit cards are rejected due to high risk of fraud). Guess what everyone here use copies, so they are all thieves.
I live in Jakarta and have been married for 3 years already.
Once I was making a joke about Gnome (a french one, Mennen [shaving cream] pour nous les gnomes [original advert says pour nous les hommes {men in french}]) and my wife goes hey Gnome that's the name of my desktop at work.
"You use Linux at work?!?", I was really surprise, my wife was working as a consultant for Indonesia Ministry of Coop and Small Business and for Ministry of Industry and Trade; she was telling me that everyone in government is using Linux.
When I told this story to my expat collegue Marek from Poland, he told me it is the same in Poland.
I wish I wrote an article about this at the time (2001) maybe we would not see major FUD/BS from Gartner and other lame IDC.
Well here in Jakarta I identified 900 + networks and only 30 had wep enabled. In Singapore it was more like 50% and in KL it was around 65%. I still have the data and I bet Mike does too.
I agree, I have more than 500 pirated DVD movies, around 150 pirate xbox games and around 250 ps2 games. Movies in Jakarta cost around 1.5$ for DVD9 and 0.5$ for DVD5, 2$ for xbox games and less than 1$ for PS2 DVD's.
Buying originals is nearly impossible anyway but when I travel to Europe or elsewhere I never hesitate to buy original over-priced games or DVD because when I calculate the average cost of all the DVD I own... it is still around 1.5$... thanks to piracy I end up buying more originals.
Talking about theft/piracy.. I think selling shitty movies, audio or games for 20$ to 60$ is real theft! c'mon 75% of everything I have is complete crap anyway.
also what's really scary is the time I waste watching movies. Hopefully I can fastforwarding porn moving without missing much of the dialogues...
I download the torrent from suprnova.. burned the dmg to DVD-RW and to DVD-R but it won't boot even holding the C key... all the files are readable and the file size is right...
anyone else have similar problems.. after burning 4 dvd-r using different setting... I kindda got tired of it.
We tend to blame poor programming skills but the real cause is often market pressure and bad management (no budget for secure programming training, no quality assurance process, pressure to deliver in time even if the program is buggy (e.g. Oracle 6 and Oracle E-Business Suite 11, Microsoft Windows)
Bugs in software are inevitable... its a fact of life.
I disagree!!! Dan J. Bernstein coded qmail, djbdns, and many other really secure programs. Both qmail and djbdns offers a security garantee, not much money though, but enough incentive for a hacker living in a developing country to find a security hole
Dan J. Bernstein on qmail security: (DJB is my hero!)
Why is qmail secure?
The reason I started the qmail project was that I was sick of the security holes in sendmail and other MTAs. Here's what I wrote in December 1995:
Every few months CERT announces Yet Another Security Hole In Sendmail---something that lets local or even remote users take complete control of the machine. I'm sure there are many more holes waiting to be discovered; sendmail's design means that any minor bug in 41000 lines of code is a major security risk.
Other popular mailers, such as Smail, and even mailing-list managers, such as Majordomo, seem just as bad.
As it turned out, fourteen security holes were discovered in sendmail in 1996 and 1997.
I followed seven fundamental rules in the design and implementation of qmail:
Programs and files are not addresses. Don't treat them as addresses.
sendmail treats programs and files as addresses. Obviously random people can't be allowed to execute arbitrary programs or write to arbitrary files, so sendmail goes through horrendous contortions trying to keep track of whether a local user was ``responsible'' for an address. This has proven to be an unmitigated disaster.
In qmail, programs and files are not addresses. The local delivery agent, qmail-local, can run programs or write to files as directed by ~user/.qmail, but it's always running as that user. (The notion of ``user'' is configurable, but root is never a user. To prevent silly mistakes, qmail-local makes sure that neither ~user nor ~user/.qmail is world-writable.)
Security impact:.qmail, like.cshrc and.exrc and various other files, means that anyone who can write arbitrary files as a user can execute arbitrary programs as that user. That's it.
Do as little as possible in setuid programs.
A setuid program must operate in a very dangerous environment: a user is under complete control of its fds, args, environ, cwd, tty, rlimits, timers, signals, and more. Even worse, the list of controlled items varies from one vendor's UNIX to the next, so it is very difficult to write portable code that cleans up everything.
Of the twenty most recent sendmail security holes, eleven worked only because the entire sendmail system is setuid.
Only one qmail program is setuid: qmail-queue. Its only purpose is to add a new mail message to the outgoing queue.
Do as little as possible as root.
The entire sendmail system runs as root, so there's no way that its mistakes can be caught by the operating system's built-in protections. In contrast, only two qmail programs, qmail-start and qmail-lspawn, run as root.
Even if qmail-smtpd, qmail-send, qmail-rspawn, and qmail-remote are completely compromised, so that an intruder has control over the qmaild, qmails, and qmailr accounts and the mail queue, he still can't take over your system. None of the other programs trust the results from these four.
In fact, these programs don't even trust each other. T
Most of slashdot readers already know that there are a bunch of modified firmwares for the wrt54g such as this one. You should also be aware to realise that they are already backdoored/rootkit version (custom version of teso's adore of the wrt54g which will hide specific clients, processes, mac address and connections. It should also be noted that vulnerable linksys access point are trivial to detect using kismet (runs on linux, *bsd, zaurus, wrt54g) or kismac (runs on Mac OS X).
Slashdot Mirror
I actually live in Jakarta and didn't notice anything.
MOL is primarily intended to be used by those who run linux/ppc as their main operating system but still want to be able to run that occasional Mac OS application.
Oh, and soon it would be possible to run linux on top of Mac Os X too.
Anthony
--
Bellua Cyber Security Asia 2005
Digital Forensics and the Art of Anti-forensics
The Grugq The rise in prominence of incident response and digital forensic analysis has prompted a reaction from the underground community. Increasingly, attacks against forensic tools and methodologies are being used in the wild to hamper investigations.
This talk will: familiarize the audience with Unix file system structures; examine the forensic tools commonly used, and explore the theories behind file system anti-forensic attacks. In addition, several implementations of new anti-forensic techniques will be released during the talk.
"ZDNet reports that Microsoft is now willing to replace your pirated version of Linux with Windows XP. As part of the recently started "Windows Genuine advantage" program, Alex Hilton explains that this incentive aims to bring out customers who bought PC's with Linux preinstalled from vendors that should have installed the Microsoft OS. Not only do they offer amnesty to anyone coming forth with a linux version, but also to ship an original version of their product with a valid license to replace the pirated linux one, each customer being able to get up to 5 such replacements. Hilton says: "Our goal is not to prosecute the individual, our goal is to get to the source, the linux vendors.".
but then they would be profiting from crime if
they used an illegal copy of their software.
If I was the author of this software I would
hire some good law firm and make MS bleed!
In most countries, profiting from crime is illegal.
e.g. reselling stolen good is heavely punished
e.g the press can't use criminal sources (stolen documents, etc.)
buffer overflows are only a small part of the problem!!! Microsoft came up with some lame ass BOF protection in their service pack 2 and their propaganda dept. is trying to convince us they solved something!
Today there are still format strings, integer overflows and the BIGGEST part of the problem is default passwords, false advertising, no liability, poor application security, security product vendors, SQL injections and just plain stupidity!
Just take a look at the abstract of my speech at syscan '04 (it's at the bottom of the program page.)
Information Security in Banking: The illusion of Safety by Anthony Zboralski
This presentation will focus on ways to defeat a banks security byways of deception, taking advantage of specific subtleties in human behavior and the bank's network of trust. This session will include three real-life case studies:
Penetration testing major Asian banks; the speaker will show why most security mechanisms can give a false of safety and demonstrate how an attacker can ensure rapid ownership of the most up to date, patched and secure systems without using a single 0 day exploits.
Auditing the security of core banking systems. The speaker will give real examples of insider hacking and fraud (erasure of loan files, manipulation of interest rate and foreign exchange data, vendor tempering with production environment, ATM backdoors, bypassing AS/400 security, etc.
Finally, the speaker will present the results of his Jakarta/RI Wireless Security Survey 2003 and 2004 including disturbing screenshots of ATM transactions and multi-million dollar wire transfers which broadcasted in clear text over wireless networks without the banks knowledge.
Read Maze of Death from Philip K. Dick on the subject. My favorite PKD book.
The last Iraq war was pure piracy. United Pirates of America.
If we are gonna get RFID tags everywhere including
implants.. we better learn fast how to disable them.
you don't need a modchip to play pirate games on PS2 anymore, you only need a PS1 original game and run an exploit.. search google for ps2 scene, memory card exploit.
The Power Rangers work for Microsoft didn't you know? Well they hired 3 guys from LSD research in Poland.
There are tons of better software than this
"inkulator" (which is pronounced like a really bad insult in french, "enculator" [buttf*cker] ).
I have been using illustrate for a while and it was used by others to create the original windows XP icons, architecture drawings, technical drawings and
many cartoons including animated features such as Corto Maltese...
Take a look at the other galleries, some of the renderings are really impressive.
It is pronounced too much like Enculator 9000...
which litteraly means Buttf*cker in french!
"The critical mass has to come from the PC, or a next-generation video device."
iPod users are thieves? yeah right, I can say
the same about windows users. All the one I know
are thieves, alright the ones who bought a branded computer were forced to buy a windows license but still most of 'em just pirate Office, Photoshop, etc. How many of your friends using expensive software such as 3DS Max, Autocad, Maya paid for it?
I also don't really like we assume copyright violators are all thiefs. In developing countries, it is nearly impossible to buy originals (even by mail order or online as long as local credit cards are rejected due to high risk of fraud). Guess what everyone here use copies, so they are all thieves.
Not everyone in at the top of the Forbes 400 Richest American people like Ballmer.
Piracy's side effect is that you fill the average price you pay for a CD is lower and you feel less ripped off
I think I would probably have spent less on audio CDs if I didn't pirate so much shit.
Once I was making a joke about Gnome (a french one, Mennen [shaving cream] pour nous les gnomes [original advert says pour nous les hommes {men in french}]) and my wife goes hey Gnome that's the name of my desktop at work.
"You use Linux at work?!?", I was really surprise, my wife was working as a consultant for Indonesia Ministry of Coop and Small Business and for Ministry of Industry and Trade; she was telling me that everyone in government is using Linux.
When I told this story to my expat collegue Marek from Poland, he told me it is the same in Poland.
I wish I wrote an article about this at the time (2001) maybe we would not see major FUD/BS from Gartner and other lame IDC.
I think Linux users should sue Gartner for libel!
I have 2 Panasonic and both are Region Free and I
would have never bought em if they didn't.
Well here in Jakarta I identified 900 + networks and only 30 had
wep enabled. In Singapore it was more like 50% and in KL it was
around 65%. I still have the data and I bet Mike does too.
We are not politicians so please.
I saw a documentary from 1971 which is even scarier then all this eye transplant stuff.
Mod the above post up please.
Buying originals is nearly impossible anyway but when I travel to Europe or elsewhere I never hesitate to buy original over-priced games or DVD because when I calculate the average cost of all the DVD I own... it is still around 1.5$... thanks to piracy I end up buying more originals.
Talking about theft/piracy.. I think selling shitty movies, audio or games for 20$ to 60$ is real theft! c'mon 75% of everything I have is complete crap anyway.
also what's really scary is the time I waste watching movies. Hopefully I can fastforwarding porn moving without missing much of the dialogues...
anyone else have similar problems.. after burning 4 dvd-r using different setting... I kindda got tired of it.
We tend to blame poor programming skills but the real cause is often market pressure and bad management (no budget for secure programming training, no quality assurance process, pressure to deliver in time even if the program is buggy (e.g. Oracle 6 and Oracle E-Business Suite 11, Microsoft Windows)
I disagree!!! Dan J. Bernstein coded qmail, djbdns, and many other really secure programs. Both qmail and djbdns offers a security garantee, not much money though, but enough incentive for a hacker living in a developing country to find a security hole
Dan J. Bernstein on qmail security: (DJB is my hero!)
Why is qmail secure?
The reason I started the qmail project was that I was sick of the security holes in sendmail and other MTAs. Here's what I wrote in December 1995:
Every few months CERT announces Yet Another Security Hole In Sendmail---something that lets local or even remote users take complete control of the machine. I'm sure there are many more holes waiting to be discovered; sendmail's design means that any minor bug in 41000 lines of code is a major security risk.
Other popular mailers, such as Smail, and even mailing-list managers, such as Majordomo, seem just as bad.
As it turned out, fourteen security holes were discovered in sendmail in 1996 and 1997.
I followed seven fundamental rules in the design and implementation of qmail:
sendmail treats programs and files as addresses. Obviously random people can't be allowed to execute arbitrary programs or write to arbitrary files, so sendmail goes through horrendous contortions trying to keep track of whether a local user was ``responsible'' for an address. This has proven to be an unmitigated disaster.
In qmail, programs and files are not addresses. The local delivery agent, qmail-local, can run programs or write to files as directed by ~user/.qmail, but it's always running as that user. (The notion of ``user'' is configurable, but root is never a user. To prevent silly mistakes, qmail-local makes sure that neither ~user nor ~user/.qmail is world-writable.)
Security impact: .qmail, like .cshrc and .exrc and various other files, means that anyone who can write arbitrary files as a user can execute arbitrary programs as that user. That's it.
A setuid program must operate in a very dangerous environment: a user is under complete control of its fds, args, environ, cwd, tty, rlimits, timers, signals, and more. Even worse, the list of controlled items varies from one vendor's UNIX to the next, so it is very difficult to write portable code that cleans up everything.
Of the twenty most recent sendmail security holes, eleven worked only because the entire sendmail system is setuid.
Only one qmail program is setuid: qmail-queue. Its only purpose is to add a new mail message to the outgoing queue.
The entire sendmail system runs as root, so there's no way that its mistakes can be caught by the operating system's built-in protections. In contrast, only two qmail programs, qmail-start and qmail-lspawn, run as root.
Even if qmail-smtpd, qmail-send, qmail-rspawn, and qmail-remote are completely compromised, so that an intruder has control over the qmaild, qmails, and qmailr accounts and the mail queue, he still can't take over your system. None of the other programs trust the results from these four.
In fact, these programs don't even trust each other. T
Most of slashdot readers already know that there are a bunch of modified firmwares for the wrt54g such as this one. You should also be aware to realise that they are already backdoored/rootkit version (custom version of teso's adore of the wrt54g which will hide specific clients, processes, mac address and connections. It should also be noted that vulnerable linksys access point are trivial to detect using kismet (runs on linux, *bsd, zaurus, wrt54g) or kismac (runs on Mac OS X).