Actually, the log files refer to the logs sent by infected machines. These logs contain keylogged data that correspond to forms posted through IE and Firefox, as well as "datastore" information (credentials cached by IE, Outlook, and FFox).
This means that the 1.4Gb of data, while containing some less useful information, is much more valuable than you have indicated above...
Having said that, and realizing that this data is not just a mail/http log file, one can really start to grasp the true meaning of such a criminally operated server.
I see a lot of clever posts on how to monitor the house, the temp, water leakage etc... this is all nice and dandy but:
(There will still be broadband at the house.) What if the first power outage takes out your broadband... probably need to address that as well, or combine the solution with some kind of communication backup (cell SMS, phone, postal pigeons, whatever).
May be a little OT, but you might need the "dual rendering" in order to properly view the netscape.com site (or is it just me that it's rendering _sucks_ in Firefox 1.0.1...)
One comment - the criminals would not be too likely to buy a bunch of $5 cards if they are going to swipe (and probably "swipe") a few cards at/from the store. No one from Walmart cares if you walk out with a card that has not been really purchased since they are supposedly worthless... You need the physical cards just so you can write the numbers of the ones left at the store on them. This makes the scam profitable from the first use of a number you swiped with value on it (instead of waiting to be in the black for a bunch of $5 cards...)
Don't overrule smart "consumers". As you pointed out they simply direct the manufacturer to produce a million cards in this number sequence The numbers ARE sequential (to some degree - they do need to pass some mod10 check or alike - not too different than credit cards), which means - you only ned one card number, and then a way to check the status of other numbers (available online). To redeem at store - get hold of a mag stripe writer and just use the same card (nicely branded) with your new numbers.
Also - many retailers have the cards just lying around the store - flip them over and if you are lucky (B&N, Borders, CVS, etc...) the card number is just there. Write it down, and wait for someone to activate it (buy it). the rest is up to you.
Again - all you have to do is be an observant shoper - what do the cards look like, are they sequential, is the card numbered covered with a scratch-off (better security), etc... Because most of these gift cards ride on the Visa/MC/AMEX networks, they have to conform to these rules, thus have easily guessable numbers, stupid PIN numbers etc...
Parent is probably going to get offtopic or flamebait, but I just had to:
You know what - days like this just make me a little bit more proud to be running debian on my system. I have tried them all (well - the most popular ones and the ones that were supposed to fit me and weren't so popular), and oh boy - debian always comes back the winner.
So we might be a small elitist group with our funky little packaging systems (don't SuSe and RH/FC come out with an APT compatible system - still based on RPM but they are getting there...), and the lack of fancy GUI admin utilities (webmin anyone?). Bu it is the cleanest simplest fastest Linux I have worked with thus far.
Because I have just noticed it (and have been playing GTA:VC for quite a while now...) and it really rocks!
Why can't we say kudos to something that is not completely OS and shareable and hackable etc... These guys did a great job, the game is rock solid, and the gameplay really rocks.
Exactly the point. I'd love to see that the spam I get is tagged with SPF - will make scripting and filtering the spam even easier with a way to actually track down precisely where the spam is coming from.
I still have hope. Even created an SPF entry on my DNS for my mail servers.
My hope is that logic will eventually win (which does not see to be the popular outcome unfortunately). The MS stuff will vanish as support for it will dwindle. Also - remember what mail servers run most of the net - sendmails...
Actually... only 3 left (gmail was down for a short while, second invite just been sent).
And if you would have bothered to actually read - you would see that I have already seen a friend get an iPod from that - why do you think I am here so late in the game.
No need for profanities, and your logic seems a little flawd - If I would have gotten one already, why would I need to put this as my sig. bitch. (you know what - you are right - this is fun calling you bitch...)
Just hope that HP and Sun follow lead and will make things a little easier.
Thus far you could somehow mix'n'match components for standard servers (rack mountable or not), but blades were like hacking a SOHO router...
Wonder how fast will the component manufacturers respond to this and start making parts available (i.e. - we will stop paying exuberant prices for replacement parts from the big guys...)
Interesting times for a competition like that
on
Google Code Jam 2004
·
· Score: 0, Troll
Now that M$ is all over the place with trying to find a "Google remedy", the dropping of the WinFS from the upcoming Longhorn (as if it was really "upcoming"...), Google seems like it is twisting the knife when highly skilled (I hope) hackers will come up with new ways to expand the capabilities/uses of the "G"...
Watch out M$ - here we come...
OTOH - It might just end up with a neater way to Googlehack more funny data out of the web (http://johnny.ihackstuff.com/)
Finally another voice of sense. I'm with you brother!
All the "security community" got all rattled up ebcause of SHA. My clients came over to me all shaken saying how does this affect us. Sheesh. Had to explain that almost nobody uses SHA anymore, so this is mostly legacy code and implementations.
I hate it how all the paranoids jump up and down when they see something they can't even attest to...
get a free ipod! This really works. (Free gmail invite to the ones using this referal and completing the offer!)
This has been fairly known and Johnny had great presentations in the last Blackhat and DefCon that really shook you up if you were not aware of the "Power of G"...
Very cool, a lot of very stupid people (from the myPHPAdmin, to the WebDAV-Frontpage passwords, all the way to nessus and ISS scan results...).
get a free ipod! This really works. (Free gmail invite to the ones using this referal and completing the offer!)
Until they come up with a real law and real measures to enfore it - I call bullshit.
I can't see a way in hell that this could pass muster in court, or even get properly arrested for this. "Sir - you are being charged of stealing bandwith, place your hands away from the laptop"...
A more complex situation would be in airports with multiple WiFi access points, including the airports own network. I have seen multiple airports where there is a pretty strong signalled network with SSID of "airport" or "mobileunits" that is wep protected. Can't think of the number of times I fired up kismet and started to save WEP packets for cracking (hey - curiosity killed the cat right?). Can't think of a way I would get busted for doing so (quickly switch over to another SSID, change MAC address...)
Just my 2c
get a free ipod! This really works. (Free gmail invite to the ones using this referal and completing the offer!)
Smart move Nintendo. Use a proven technology, and enable better GAMING experience.
Did anyone really think that this will be done just so we can make free calls in hotspots?
1. Nintendo, gaming, voice chat... rings a bell? The main application will probably be to connect to other unites so people can talk to each other while they play. 2. VOIP to any number will require a gateway to the POTS which costs $$$ (where Vonage makes their money on...).
1. Get a new technology that has not matured yet. 2. Apply it to a maturing retail area (see iTunes and the music market). 3. Packaging and usability is king if you want to get the mass audience (and no - slashdot readers are NOT the mass audience!) 4. Profit!
(5. Putting the little apple logo on it usually helps jump a few steps in the process...)
Get your free iPod![it really works! - my buddy got his after I signed up, I have just 2 more referrals to go...]
Clearly there is a performance benefit in both bandwidth and latency respects in multithreading/multioperating in this manner, but it's not difficult to see that the footprint limits the factor to which this technique can be exploited
Actually - if you have two cores on the same die you can minimize the needed bus transport path and use processor scale path => less heat... you still need the same components to provide the bus external to the two processors, but the speed gains from having a dual core should not have an impact on the heat dissipation other than just having two cores to cool down (and with modern HSF technology that is not a problem - If I can cool down a P4 3Ghz with a quiet HSF combo - AMD can do it too...)
Get your free iPod![it really works! - my buddy got his after I signed up, I have just 2 more referrals to go...]
Just like adding a nail file and a small retractable blade to an iPod (which would make juast as much sense - only more useful as it plays music and has bigger storage...)
get your free iPod![This really works! - I have only 2 more referrals to go, my buddy already got his iPod (I should have gotten into this earlier:-(]
What's your point? that Apple is more price worthy than the dell?
All I see is crappier graphics on the dell side, and half the storage on the dell side as well.
Add to that the comparison (if there is any) between WinXP home edition and Mac OS-X and you clearly have a winner (and the dell has a REALLY crappy video card - don't even get me started on that).
Point in case - (no pun intended), the apple wins hands down (and the style, ohhh the style [drewl]).
Get your free iPod![This really works! - I have only 3 more referrals to go, my buddy already got his iPod (I should have gotten into this earlier:-(]
Which goes back to the initial and most overlooked aspect of the story - where's the code?
Give me this in an open source format (since he is a PowerBook user, I would assume [hope] it's perl or python), some basic instructions on how to hook up whatever device to whatever port (serial? USB?) and I'll rig this thing to my car now.
Very cool, and kudos for the technical implementation. Screw the politics behind it...
Get a free iPod![This really works! - I have only 3 more referrals to go, my buddy already got his iPod (I should have gotten into this earlier:-(]
And for the "it works in Firefox also" comments - well, it doesn't. Not exactly... Firefox will allow you to save the file, but when you open it, it will open using winamp, which uses IE for the XML handling - thus opening itself for the exploit.
Nullsoft's patch will probably address the appropriate zone permissions it's XML files are executed" in within IE, or just not use IE's engine for the XML stuff.
get a free iPod! [This really works! - I have only 3 more referrals to go, my buddy already got his iPod (I should have gotten into this earlier:-(]
Slashdot Mirror
Actually, the log files refer to the logs sent by infected machines. These logs contain keylogged data that correspond to forms posted through IE and Firefox, as well as "datastore" information (credentials cached by IE, Outlook, and FFox).
This means that the 1.4Gb of data, while containing some less useful information, is much more valuable than you have indicated above...
Having said that, and realizing that this data is not just a mail/http log file, one can really start to grasp the true meaning of such a criminally operated server.
Ouch.
That must have hurt. Having a real journalist post actual facts that contradict your product pitch article.
Shame on you guys. BTW - anyone heard of these Beskerming before?
May be a little OT, but you might need the "dual rendering" in order to properly view the netscape.com site (or is it just me that it's rendering _sucks_ in Firefox 1.0.1 ...)
Good point,
One comment - the criminals would not be too likely to buy a bunch of $5 cards if they are going to swipe (and probably "swipe") a few cards at/from the store.
No one from Walmart cares if you walk out with a card that has not been really purchased since they are supposedly worthless...
You need the physical cards just so you can write the numbers of the ones left at the store on them. This makes the scam profitable from the first use of a number you swiped with value on it (instead of waiting to be in the black for a bunch of $5 cards...)
get a free ipod! This really works... Last Gmail invite left!...
Don't overrule smart "consumers". As you pointed out they simply direct the manufacturer to produce a million cards in this number sequence The numbers ARE sequential (to some degree - they do need to pass some mod10 check or alike - not too different than credit cards), which means - you only ned one card number, and then a way to check the status of other numbers (available online). To redeem at store - get hold of a mag stripe writer and just use the same card (nicely branded) with your new numbers.
Also - many retailers have the cards just lying around the store - flip them over and if you are lucky (B&N, Borders, CVS, etc...) the card number is just there. Write it down, and wait for someone to activate it (buy it). the rest is up to you.
Again - all you have to do is be an observant shoper - what do the cards look like, are they sequential, is the card numbered covered with a scratch-off (better security), etc... Because most of these gift cards ride on the Visa/MC/AMEX networks, they have to conform to these rules, thus have easily guessable numbers, stupid PIN numbers etc...
Just my $0.02
get a free ipod! This really works... Only one GMAil invite left!...
Parent is probably going to get offtopic or flamebait, but I just had to:
You know what - days like this just make me a little bit more proud to be running debian on my system. I have tried them all (well - the most popular ones and the ones that were supposed to fit me and weren't so popular), and oh boy - debian always comes back the winner.
So we might be a small elitist group with our funky little packaging systems (don't SuSe and RH/FC come out with an APT compatible system - still based on RPM but they are getting there...), and the lack of fancy GUI admin utilities (webmin anyone?). Bu it is the cleanest simplest fastest Linux I have worked with thus far.
get a free ipod! This really works... Only one more GMail invite left!...
Because I have just noticed it (and have been playing GTA:VC for quite a while now...) and it really rocks!
Why can't we say kudos to something that is not completely OS and shareable and hackable etc... These guys did a great job, the game is rock solid, and the gameplay really rocks.
Kudos.
get a free ipod! This really works... Only 2 more GMail invites left!...
Exactly the point. I'd love to see that the spam I get is tagged with SPF - will make scripting and filtering the spam even easier with a way to actually track down precisely where the spam is coming from.
get a free ipod! This really works... 2 more gmail invites left!
And on the same matter - a nice one on user interface desing, which the scribus people can actually attest to complying to...
From my minimal experience with DTP - this rocks!
get a free ipod! This really works... 2 more gmail invites left!
I still have hope. Even created an SPF entry on my DNS for my mail servers.
My hope is that logic will eventually win (which does not see to be the popular outcome unfortunately). The MS stuff will vanish as support for it will dwindle. Also - remember what mail servers run most of the net - sendmails...
get a free ipod! This really works... 3 more invites left!
Actually... only 3 left (gmail was down for a short while, second invite just been sent).
And if you would have bothered to actually read - you would see that I have already seen a friend get an iPod from that - why do you think I am here so late in the game.
No need for profanities, and your logic seems a little flawd - If I would have gotten one already, why would I need to put this as my sig. bitch. (you know what - you are right - this is fun calling you bitch...)
Take it easy man.
get a free ipod! This really works... 3 more GMail invites left...
Just hope that HP and Sun follow lead and will make things a little easier.
Thus far you could somehow mix'n'match components for standard servers (rack mountable or not), but blades were like hacking a SOHO router...
Wonder how fast will the component manufacturers respond to this and start making parts available (i.e. - we will stop paying exuberant prices for replacement parts from the big guys...)
get a free ipod! This really works... 4 more GMail invites still available for signing up...
You can also download the Mozilla source code and add backdoors of your own...
get a free ipod! This really works... GMail invites to the next 4 who complete this...
Now that M$ is all over the place with trying to find a "Google remedy", the dropping of the WinFS from the upcoming Longhorn (as if it was really "upcoming"...), Google seems like it is twisting the knife when highly skilled (I hope) hackers will come up with new ways to expand the capabilities/uses of the "G"...
Watch out M$ - here we come...
OTOH - It might just end up with a neater way to Googlehack more funny data out of the web (http://johnny.ihackstuff.com/)
get a free ipod! This really works... And... GMail invites to the next 4 to hop in... (1 invite already sent...)
Finally another voice of sense. I'm with you brother!
All the "security community" got all rattled up ebcause of SHA. My clients came over to me all shaken saying how does this affect us. Sheesh. Had to explain that almost nobody uses SHA anymore, so this is mostly legacy code and implementations.
I hate it how all the paranoids jump up and down when they see something they can't even attest to...
get a free ipod! This really works. (Free gmail invite to the ones using this referal and completing the offer!)
This has been fairly known and Johnny had great presentations in the last Blackhat and DefCon that really shook you up if you were not aware of the "Power of G"...
Very cool, a lot of very stupid people (from the myPHPAdmin, to the WebDAV-Frontpage passwords, all the way to nessus and ISS scan results...).
get a free ipod! This really works. (Free gmail invite to the ones using this referal and completing the offer!)
Until they come up with a real law and real measures to enfore it - I call bullshit.
I can't see a way in hell that this could pass muster in court, or even get properly arrested for this. "Sir - you are being charged of stealing bandwith, place your hands away from the laptop"...
A more complex situation would be in airports with multiple WiFi access points, including the airports own network. I have seen multiple airports where there is a pretty strong signalled network with SSID of "airport" or "mobileunits" that is wep protected. Can't think of the number of times I fired up kismet and started to save WEP packets for cracking (hey - curiosity killed the cat right?). Can't think of a way I would get busted for doing so (quickly switch over to another SSID, change MAC address...)
Just my 2c
get a free ipod! This really works. (Free gmail invite to the ones using this referal and completing the offer!)
Smart move Nintendo. Use a proven technology, and enable better GAMING experience.
Did anyone really think that this will be done just so we can make free calls in hotspots?
1. Nintendo, gaming, voice chat... rings a bell? The main application will probably be to connect to other unites so people can talk to each other while they play.
2. VOIP to any number will require a gateway to the POTS which costs $$$ (where Vonage makes their money on...).
Nevertheless - pretty slick!
get a free ipod! This really works...
1. Get a new technology that has not matured yet.
2. Apply it to a maturing retail area (see iTunes and the music market).
3. Packaging and usability is king if you want to get the mass audience (and no - slashdot readers are NOT the mass audience!)
4. Profit!
(5. Putting the little apple logo on it usually helps jump a few steps in the process...)
Get your free iPod![it really works! - my buddy got his after I signed up, I have just 2 more referrals to go...]
Clearly there is a performance benefit in both bandwidth and latency respects in multithreading/multioperating in this manner, but it's not difficult to see that the footprint limits the factor to which this technique can be exploited
Actually - if you have two cores on the same die you can minimize the needed bus transport path and use processor scale path => less heat... you still need the same components to provide the bus external to the two processors, but the speed gains from having a dual core should not have an impact on the heat dissipation other than just having two cores to cool down (and with modern HSF technology that is not a problem - If I can cool down a P4 3Ghz with a quiet HSF combo - AMD can do it too...)
Get your free iPod![it really works! - my buddy got his after I signed up, I have just 2 more referrals to go...]
Just like adding a nail file and a small retractable blade to an iPod (which would make juast as much sense - only more useful as it plays music and has bigger storage...)
:-(]
get your free iPod![This really works! - I have only 2 more referrals to go, my buddy already got his iPod (I should have gotten into this earlier
What's your point? that Apple is more price worthy than the dell?
:-(]
All I see is crappier graphics on the dell side, and half the storage on the dell side as well.
Add to that the comparison (if there is any) between WinXP home edition and Mac OS-X and you clearly have a winner (and the dell has a REALLY crappy video card - don't even get me started on that).
Point in case - (no pun intended), the apple wins hands down (and the style, ohhh the style [drewl]).
Get your free iPod![This really works! - I have only 3 more referrals to go, my buddy already got his iPod (I should have gotten into this earlier
Which goes back to the initial and most overlooked aspect of the story - where's the code?
:-(]
Give me this in an open source format (since he is a PowerBook user, I would assume [hope] it's perl or python), some basic instructions on how to hook up whatever device to whatever port (serial? USB?) and I'll rig this thing to my car now.
Very cool, and kudos for the technical implementation. Screw the politics behind it...
Get a free iPod![This really works! - I have only 3 more referrals to go, my buddy already got his iPod (I should have gotten into this earlier
Not exactly.
:-(]
And for the "it works in Firefox also" comments - well, it doesn't. Not exactly... Firefox will allow you to save the file, but when you open it, it will open using winamp, which uses IE for the XML handling - thus opening itself for the exploit.
Nullsoft's patch will probably address the appropriate zone permissions it's XML files are
executed" in within IE, or just not use IE's engine for the XML stuff.
get a free iPod! [This really works! - I have only 3 more referrals to go, my buddy already got his iPod (I should have gotten into this earlier