so in your mind a "professional" runs and hides from technology that isn't "secure"... nice...
being a professional isn't about saying something sucks... anyone can do that...
being a profresional means working with clients to solve security problems...
the going industry "solution" is to treat your wireless network as a dirty network and VPN/IPSEC over it... with a client side host based firewall its just the same as VPN'ing over then internet...
i live at waldenweb as well... its not 45Mbs... my understanding is that its rate limited to 3Mbs from fiber.net... i've never gotten over 300K/s - 400K/s agragate...
because the city is so spread out, DSL or cable modem wasn't an option until recently
people are relativly friendly... not a bad get up...
Re:Looks like a pretty standard case to me.
on
Security Hole In TCP
·
· Score: 1
I think you're confusing two different security concepts.
Inital Sequence Number guessing is only useful for spoofing "new" connections or blind spoofing. Thus the "Inital" part of the term. Basically you are blind spoofing communication between A and B (while your are C), to take advantage of some trust relationship between A and B.
As pointed out in many posts this attack was done by Kevin Mitnick. Basically one of Shimomura's unix boxes had root level.rhost that trusted another one. Kevin spoofed packets from the trusted computer to execute a "echo '+ +' >>/.rhosts" then just rlogin. To help the attack Kevin also SYN flooded the the trusted computer so that it would not respond with RST packets. This type of attack is called blind spoofing and is usually difficult to do. There are programs out there that will do this. ie: ADM-rsh
Session Hijacking is what you are reffering to. This is taking over an already established connection. In this attack you use the fact that you can sniff or obtain the sequence numbers already in existance by an extablished TCP connection and inject spoofed packets to interupt or tack of that session. Tools suchs as hunt do this type of attack.
Re:Not that Theoretical - Mitnick did just this
on
Security Hole In TCP
·
· Score: 3
Basically one of Shimomura's unix boxes had root level.rhost that trusted another one. Kevin spoofed packets from the trusted computer to execute a "echo '+ +' >>/.rhosts" then just rlogin. To help the attack Kevin also SYN flooded the the trusted computer so that it would not respond with RST packets. This type of attack is called blind spoofing and is usually difficult to do. There are programs out there that will do this. ie: ADM-rsh
This is a very well known "vulnerability". The most famous use of this vulnerability was by Kevin Mitnick to attack Tsutomu Shimomura's computers.
Basically one of Shimomura's unix boxes had root level.rhost that trusted another one. Kevin spoofed packets from the trusted computer to execute a "echo '+ +' >>/.rhosts" then just rlogin. To help the attack Kevin also SYN flooded the the trusted computer so that it would not respond with RST packets. This type of attack is called blind spoofing and is usually difficult to do. There are programs out there that will do this. ie: ADM-rsh
Tools like nmap test for ISN randomness. Just about all unixen are atleast pseudo-random, which makes the attack almost impossible to do to two computers that you can't sniff traffic to or from.
If you can sniff traffic from either box then the problem of hijacking connections becomes much simpler. At this point it doesn't even matter what the ISNs are because you can just sniff them. Tools like: hunt are the preferred tools for session hijacking. hunt even has ARP spoofing so that you can sniff over switched enviornments.
... in casinos or it maybe just a happy coincidence. Whenever I've been to Las Vegas, magically my cell phone doesn't work. It isn't the lack of signal. Not only does my phone read 4 signal bars, but I've also put it into field test mode and the signal is fine.
Much like anything else in Las Vegas anything that takes you away from feeding money into the slot machines is a bad thing. The lack of watches, direct sunlight, or communication via cell phone is good for the casino.
More on topic, I personally would love to see jammers in use in things like churches, restaurants, movies, and hospitals. I think we as a society have become very rude when it comes to cell phone usage. Call waiting, caller ID and caller ID waiting are bad enough when you have to choose who's more important, the person you're talking to or the person calling. Cell phones take that to the next rudeness level.
I stopped taking phone calls while I'm out to dinner because I think it is disrespectful towards the person I'm having dinner with.
It would be nice though if there were signs alerting you to jammer use so that you'd know if you've walked into a cellular free zone or not.
So are you saying the science has *only* made things better, faster, more effecient, and more functional?
Speech existed in nature and science *only* allowed you to speak to someone instantly anywhere in the world, record and archive speech for anyone to listen anytime in the future.
Other than the fact that you understate the effect of science on modern society, you're right if you oversimplify enough everything already existed. Modern brain surgery existed already existed as a obsidian flakes.
After "flipping through the book" and reading a few pages, I'm filled with hopeless optimism and the ability for science to continue to contribute to the health and well being of mankind.
Is it just me or does anyone else stop every once in a while and marvel at what science has been able to accomplish for mankind?
who gets to be the lucky department that gets to administer this? the collective drivers license departments of each state? who gets to pay for such administrative burden? a pr0n tax... thats all we need...;P
Why do we insist on attempting to regulate morality? If parents are worried about their kids viewing internet porn then they need to stop blaming the media/tv/internet and teach their kids about sex and drugs etc. You can intruduce regulation that makes it harder for people to provide content, but that doesn't replace the need for parents to raise their children.
wavefront is very expensive. we used to have to license that stuff while I was a sys admin at a multimedia development department at a university. i can't imagine what the costs are for a commercial license.
well i assume they just want to expire all the passwords of the current users. and if they are smart they are going to implement somthing like passfilt.dll to increase the password strenght. This will cause alot of helpdesk calls regarding people who forgot their password etc... 15 minutes for each luser to call the helpdesk and get their password changed etc... all the luser time can add up.
$12,500 is a fairly low number if you ask me. These people could be doing somthing productive, ie making money instead of monkeying around with new passwords and such.
sure you're right... my naivete allows me to hold slashdot to a higher standard. usually the stories are worth reading on their own merit and the discussions are fairly decent. this one is clearly twisted and misleading... oh well...
maybe the m$ stories don't have the same flamebait power anymore...
after reading the article, these people were not just busted for possesion of l0phtcrack. they were busted for illegal activities and for the possesion of the tools that they used to commit those illegal activities.
this is not only irresponsible, but sensationalistic on the part of cmdrtaco.
I think you have to have some perspective here. Possession of L0phtcrack along with *.lc files from companies that you don't have authorization from is a "bad thing" ie crime.
Intruders caught with lock pick sets are caught in connection to using the tools in a malicous way. Lock smiths who use lock pick sets to resuce fluffy from a locked bathroom are arrested. Similary until I see a systems/security administrator arrested for using l0phtcrack/crack/john for auditing their own password files I don't see a problem.
Tools do not become criminal weapons until you use them that way. A rock can become a weapon if used so. L0phtcrack was not a weapon until Bell or Brelje decided to the tool in that manner.
Is it just me or is that sort of internet wide scan a bit bold. I wouldn't jiggle the door knobes of businesses to see if they are open and then approach corportate security to tell them that they've got a vulnerability.
I wouldn't appreciate people scanning me without my consent. Its also a very script kiddie approach showing the lack of depth of knowledge that I would look for in a security consulting firm.
The point of a robust transport protocol is that it shouldn't have to depend on the router to do things for it. TCP guarnetees packet sequence for example, dispite what the routers do with it. Its IP's job to provide source and destination information.
Say you squash spoofed packets with non localnet sources. What about spoofing all the other IP's in your localnet? Granted thats a much smaller problem, but IP is still broken. localnet to localnet traffic is still broken.
the motto is somthing like: "robust in what you accept and strict in what you output"
Maybe altruistic is a bit too generous, but following jwz for a while it seems like he is very true to himself. Much like Linus he seems somewhat unchanged by his fame and money. Ok so he's got more money. His arrogance today seems to be no more than his arrogance several years back.
Perhaps it's the malleability of code that makes some programmers, especially free software programmers, so optimistic that they can fix things, that problems are solvable, that a solution is always waiting to be found. Software can be fixed. Programmers live in a world where reality can be shaped according to their will -- all they have to do is write another line of code.
A fairly interesting insite into why hackers are so powerful. Now only do they think they can fix things... in many instances they actually do. All the hub-bub about the freedom on information, ie the state of "the net" is all about hackers knowing they can change things. Shows like Triumph of the Nerds attempts to document this phenomenon. It also seems to celebrate the power and influence of nerddom as if nerds have something to prove.
A major flaw in your argument is that you rule out an entire group of people with a general assumption.
Not *all* hackers or academics are into fame.
You also rule out the future. The parties responsible could come forward when they are done. Maybe they just aren't finished with their business. Its just that you're a bit hasty narrorwing the possibilites.
What rules out the possibility of foreign governments?
Slashdot Mirror
so in your mind a "professional" runs and hides from technology that isn't "secure"... nice...
being a professional isn't about saying something sucks... anyone can do that...
being a profresional means working with clients to solve security problems...
the going industry "solution" is to treat your wireless network as a dirty network and VPN/IPSEC over it... with a client side host based firewall its just the same as VPN'ing over then internet...
because the city is so spread out, DSL or cable modem wasn't an option until recently
people are relativly friendly... not a bad get up...
http://www.fiber.net/business/fract_atm_ds3.htm
Inspired by Phil's effort, a prime number encoding of the source of efdtt.c has been contributed by Charles M. Hannum.
Using the much shorter efdtt.c, there's another illegal prime number.
I think you're confusing two different security concepts.
.rhost that trusted another one. Kevin spoofed packets from the trusted computer to execute a "echo '+ +' >> /.rhosts" then just rlogin. To help the attack Kevin also SYN flooded the the trusted computer so that it would not respond with RST packets. This type of attack is called blind spoofing and is usually difficult to do. There are programs out there that will do this. ie: ADM-rsh
Inital Sequence Number guessing is only useful for spoofing "new" connections or blind spoofing. Thus the "Inital" part of the term. Basically you are blind spoofing communication between A and B (while your are C), to take advantage of some trust relationship between A and B.
As pointed out in many posts this attack was done by Kevin Mitnick. Basically one of Shimomura's unix boxes had root level
Session Hijacking is what you are reffering to. This is taking over an already established connection. In this attack you use the fact that you can sniff or obtain the sequence numbers already in existance by an extablished TCP connection and inject spoofed packets to interupt or tack of that session. Tools suchs as hunt do this type of attack.
Tsutomu Shimomura's book's webiste, Takedown has some transcripts of the attack.
.rhost that trusted another one. Kevin spoofed packets from the trusted computer to execute a "echo '+ +' >> /.rhosts" then just rlogin. To help the attack Kevin also SYN flooded the the trusted computer so that it would not respond with RST packets. This type of attack is called blind spoofing and is usually difficult to do. There are programs out there that will do this. ie: ADM-rsh
Interesting read... in 1995...
Basically one of Shimomura's unix boxes had root level
As a computer security consultant, this story seems silly to me.
.rhost that trusted another one. Kevin spoofed packets from the trusted computer to execute a "echo '+ +' >> /.rhosts" then just rlogin. To help the attack Kevin also SYN flooded the the trusted computer so that it would not respond with RST packets. This type of attack is called blind spoofing and is usually difficult to do. There are programs out there that will do this. ie: ADM-rsh
see CERT advisories dating back to 1995... as well as bugraq discussions about it...
This is a very well known "vulnerability". The most famous use of this vulnerability was by Kevin Mitnick to attack Tsutomu Shimomura's computers.
Basically one of Shimomura's unix boxes had root level
Tools like nmap test for ISN randomness. Just about all unixen are atleast pseudo-random, which makes the attack almost impossible to do to two computers that you can't sniff traffic to or from.
If you can sniff traffic from either box then the problem of hijacking connections becomes much simpler. At this point it doesn't even matter what the ISNs are because you can just sniff them. Tools like: hunt are the preferred tools for session hijacking. hunt even has ARP spoofing so that you can sniff over switched enviornments.
http://www.wave-shield.com/ or http://bizbb.com/DPLSurveillanceEquipmentcom/offer /22/
I've seen other models but I think it would be cool to walk around with one of these...
... in casinos or it maybe just a happy coincidence. Whenever I've been to Las Vegas, magically my cell phone doesn't work. It isn't the lack of signal. Not only does my phone read 4 signal bars, but I've also put it into field test mode and the signal is fine.
Much like anything else in Las Vegas anything that takes you away from feeding money into the slot machines is a bad thing. The lack of watches, direct sunlight, or communication via cell phone is good for the casino.
More on topic, I personally would love to see jammers in use in things like churches, restaurants, movies, and hospitals. I think we as a society have become very rude when it comes to cell phone usage. Call waiting, caller ID and caller ID waiting are bad enough when you have to choose who's more important, the person you're talking to or the person calling. Cell phones take that to the next rudeness level.
I stopped taking phone calls while I'm out to dinner because I think it is disrespectful towards the person I'm having dinner with.
It would be nice though if there were signs alerting you to jammer use so that you'd know if you've walked into a cellular free zone or not.
So are you saying the science has *only* made things better, faster, more effecient, and more functional?
Speech existed in nature and science *only* allowed you to speak to someone instantly anywhere in the world, record and archive speech for anyone to listen anytime in the future.
Other than the fact that you understate the effect of science on modern society, you're right if you oversimplify enough everything already existed. Modern brain surgery existed already existed as a obsidian flakes.
After "flipping through the book" and reading a few pages, I'm filled with hopeless optimism and the ability for science to continue to contribute to the health and well being of mankind.
Is it just me or does anyone else stop every once in a while and marvel at what science has been able to accomplish for mankind?
This is slightly off topic, but when you search for mp3.com (http://www.networksolutions.com/cgi-bin/whois/wh
It stops at 50 entries. Is it possible to search for the remaining entries?
who gets to be the lucky department that gets to administer this? the collective drivers license departments of each state? who gets to pay for such administrative burden? a pr0n tax... thats all we need...
Why do we insist on attempting to regulate morality? If parents are worried about their kids viewing internet porn then they need to stop blaming the media/tv/internet and teach their kids about sex and drugs etc. You can intruduce regulation that makes it harder for people to provide content, but that doesn't replace the need for parents to raise their children.
wavefront is very expensive. we used to have to license that stuff while I was a sys admin at a multimedia development department at a university. i can't imagine what the costs are for a commercial license.
slight symantic games now...
in this case they did do a bad thing... because the method by which they obtained their *.lc files was clearly unauthorized.
do you go around taking documents off your bosses desk because he didn't lock the door?
do you go around video taping people typing in their username and passwords because they didn't have an office with a door they can close?
well i assume they just want to expire all the passwords of the current users. and if they are smart they are going to implement somthing like passfilt.dll to increase the password strenght. This will cause alot of helpdesk calls regarding people who forgot their password etc... 15 minutes for each luser to call the helpdesk and get their password changed etc... all the luser time can add up.
$12,500 is a fairly low number if you ask me. These people could be doing somthing productive, ie making money instead of monkeying around with new passwords and such.
sure you're right... my naivete allows me to hold slashdot to a higher standard. usually the stories are worth reading on their own merit and the discussions are fairly decent. this one is clearly twisted and misleading... oh well...
maybe the m$ stories don't have the same flamebait power anymore...
stuff like this makes me wish there was a ranking system for the articles or summaries themselves similar to how seqfault has a story rating system.
you listening to me cmdrtaco??... we can make articles that are redundant or flamebait or whatever...
after reading the article, these people were not just busted for possesion of l0phtcrack. they were busted for illegal activities and for the possesion of the tools that they used to commit those illegal activities.
this is not only irresponsible, but sensationalistic on the part of cmdrtaco.
I think you have to have some perspective here. Possession of L0phtcrack along with *.lc files from companies that you don't have authorization from is a "bad thing" ie crime.
Intruders caught with lock pick sets are caught in connection to using the tools in a malicous way. Lock smiths who use lock pick sets to resuce fluffy from a locked bathroom are arrested. Similary until I see a systems/security administrator arrested for using l0phtcrack/crack/john for auditing their own password files I don't see a problem.
Tools do not become criminal weapons until you use them that way. A rock can become a weapon if used so. L0phtcrack was not a weapon until Bell or Brelje decided to the tool in that manner.
Is it just me or is that sort of internet wide scan a bit bold. I wouldn't jiggle the door knobes of businesses to see if they are open and then approach corportate security to tell them that they've got a vulnerability.
I wouldn't appreciate people scanning me without my consent. Its also a very script kiddie approach showing the lack of depth of knowledge that I would look for in a security consulting firm.
The point of a robust transport protocol is that it shouldn't have to depend on the router to do things for it. TCP guarnetees packet sequence for example, dispite what the routers do with it. Its IP's job to provide source and destination information.
Say you squash spoofed packets with non localnet sources. What about spoofing all the other IP's in your localnet? Granted thats a much smaller problem, but IP is still broken. localnet to localnet traffic is still broken.
the motto is somthing like: "robust in what you accept and strict in what you output"
Perhaps it's the malleability of code that makes some programmers, especially free software programmers, so optimistic that they can fix things, that problems are solvable, that a solution is always waiting to be found. Software can be fixed. Programmers live in a world where reality can be shaped according to their will -- all they have to do is write another line of code.
A fairly interesting insite into why hackers are so powerful. Now only do they think they can fix things... in many instances they actually do. All the hub-bub about the freedom on information, ie the state of "the net" is all about hackers knowing they can change things. Shows like Triumph of the Nerds attempts to document this phenomenon. It also seems to celebrate the power and influence of nerddom as if nerds have something to prove.
A major flaw in your argument is that you rule out an entire group of people with a general assumption.
Not *all* hackers or academics are into fame.
You also rule out the future. The parties responsible could come forward when they are done. Maybe they just aren't finished with their business. Its just that you're a bit hasty narrorwing the possibilites.
What rules out the possibility of foreign governments?