As you probably know, many virus release ("political") statements in their code. (Notice, I put it in quotes...I use that term lightly in the following examples)
The iNDian sNakes, authors of Yaha, retaliated against Pakistani hackers who are alledgedly defacing websites based in India
The Lion worm author chastised Japanese textbooks' treatment of Japanese occupation of China and Korea
The Adore worm was in retaliation for a U.S. Navy surveillance plane colliding with a Chinese fighter pilot
OnTheFly, creator of the Anna K. virus, wanted to call attention to the danger of viruses (as well as get Kournikova's attention), and
VBSWG.X, was created to boost pageviews at four pornography websites.
My question is:
Could you justify a virus/worm given the quality of the political statement that the writer(s) make?
Let's say that someone releases a worm that rips apart the very heart of the Internet, effectively bringing the world to a screeching halt. If comments in the code are serious enough to make us reconsider something horrible (say attacking some innocent country for the sake of argument), it seems entirely reasonable that this could (theoretically) be a legit form of protest.
What does a newbie do? Having been put in a position where I'm partly responsible for server security, and having been put in that position without the proper background (and the responsiblity is here to stay), how do I get my head straight on the core issues and make sure I'm not leaving the doors open for anyone to do whatever they want? Reading books/articles doesn't seem to be enough, but if that's the best place to begin, any recommendations?
Post all your public IP addresses on/.:)
We'll tell you what doors you've inadvertently left open....
"He gazed up at the enormous face. Forty years it had taken him to learn what kind of smile was hidden beneath the dark moustache. O cruel, needless misunderstanding! O stubborn, self-willed exile from the loving breast! Two gin-scented tears trickled down the sides of his nose. But it was all right, everything was all right, the struggle was finished. He had won the victory over himself. He loved Big Brother."
The question is not the shit grass that they're eating (and we're not), but rather what that acre of land *could* be growing.
Agreed...if you wanted to grow, say, soy beans, then the land has the potential to be "destroyed" just as much as cows....you put in cheap worthless grass and get out good milk, very good leather and very rich food.
And if you inject them w/hormones, you get even BETTER food!
Re:No need to run Windows as an Administrator
on
Windows Rootkits
·
· Score: 1
Here at/. , we use the master's tools to dismantle the master's house.
Re:No need to run Windows as an Administrator
on
Windows Rootkits
·
· Score: 1
Windows is a GUI OS. They have purposely crippled most non-GUI tools that one can use to administer the box. If there isn't a GUI way to do something, you can bet MS is assuming that most people won't want to do it.
And there's actually a kinda cool Tripwire-like program I was fooling around with the other day called GFI System Integrity Monitor.
From their website:
GFI LANguard System Integrity Monitor is a utility that provides intrusion detection by checking whether files have been changed, added or deleted on a Windows 2000/NT system. If this happens it will alert the administrator by email. Since hackers need to change certain system files to gain access, this FREEWARE utility provides a great means to further secure any servers that can be attacked.
Re:Tips of using Windows rootkits
on
Windows Rootkits
·
· Score: 1
Two modes of operation: you can take hash of file or text string
Files up to 4,294,967,295 bytes length can be processed
Drag'n'Drop support
Calculation is performed by separate thread and can be stopped at any time by user. The thread runs at low priority, so you're able to work with other programs while hashing big files
Re:Tips of using Windows rootkits
on
Windows Rootkits
·
· Score: 1
2: Sometimes, we put utilites on the machine (like grep, ps, kill) that normally arent on Windows machines, however the Internix package makes a garbage DOS shell verrry usable;-)
PsExec is a nice program for those who want to execute programs on remote sytems and don't want to have to bother with programs like telnet or PC Anywhere.
Install PsExec and you can easily execute processes on other systems w/o having to install client software.
The following command would launch an interactive command prompt on \\server:
psexec \\server cmd
This command executes IpConfig on the remote system with the/all switch, and displays the resulting output locally:
psexec \\server ipconfig/all
This command copies the program test.exe to the remote system and executes it interactively:
psexec \\server -c test.exe
Specify the full path to a program that is already installed on a remote system if its not on the system's path:
psexec \\server c:\bin\test.exe
Re:Tips of using Windows rootkits
on
Windows Rootkits
·
· Score: 1
You can tell by having a snort'ed network which the snort box has the TX pulled out.
One useful program is a program called DumpSec, a security auditing program for Windows NT/2000. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in an easy-to-read format. (Not that this is guaranteed to find anything, but holes in a system security are a bit easier to find this way.)
DumpSec also quickly dumps user, group, and replication information. If you're an NT administrator, you gotta at least download this tool and play around with it.
One really nice feature is that it makes you a nice list of all kernel and win32 services running (and *not* running).
Slashdot Mirror
I saw someone do this, and lo and behold...IT WORKED.
He tried it again and again after that...but never could get it to work.
I dunno...go figure. After that, he just went back to a taped dollar bill that he'd pull out of the machine once it "registered".
delete [] bigAssArray;
line from my code...
(There are some things you just never forget from your high school physics lab)
Unfortunately, a lot of sites even go so far as to BAN the IPs of the Way Back Machine.
As you probably know, many virus release ("political") statements in their code. (Notice, I put it in quotes...I use that term lightly in the following examples)
My question is:
Could you justify a virus/worm given the quality of the political statement that the writer(s) make?
Let's say that someone releases a worm that rips apart the very heart of the Internet, effectively bringing the world to a screeching halt. If comments in the code are serious enough to make us reconsider something horrible (say attacking some innocent country for the sake of argument), it seems entirely reasonable that this could (theoretically) be a legit form of protest.
What do other slashdotters think?
(I started thinking about this after I posted a Wired article on Grep Law)
mQGiBDzjU/wRBAD4Mj829gRDO3OVzG7AKB0tQsjYouFz9Nl
M0FdLg3IZQDh8e14+JDNLsPzZYcY6qXdT
Hacs1LDKUM1caEdWaLDJNdWamfTkix4ivH1dZ/70aPKAw1q
bQiYjSMiUAm12MNrU97wZ98D+gIm6Z0FN
UnVzdGFkLCBKci4gPHNjdWJhY3VkYUBpbmFtZS5jb20+iQB
CAsDCQgHAgEKAhkBBRsDAAAAAAoJEOo/7
i8RFaDb2AKCP9lVz9c7rXDOhj9mp+ivDW
orrWqULzBej5UxE5T7bxbrlLOCDaAadWo
ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSW
sxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040
EY18hKcKctaGxAMZyAcpesqVDNmWn6vQC
XsNV6TILOwACAgf/XygKvCbN9s7NqClio
75Zw1jSESFW68ZyWWk64WETYLXIRk59CM
yhVkRcNGjEVs2xj4zEyxfUkpv+qoG/0Ou
JD1OjKC02NmT0HwAO/JEbzwErB3Q8AY61
gB3xt91flDgKLuSD99WCVLAdzU0vtKi03
6s6/287HnedMqYqEYlfGfVgCUTksRT2CA
AAAKCRDqP+7M5ESyhyILAJ92Bz5rr+/7h
UnxssPXUzG36NTI=
=o4A1
ZyAcpesqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuqui
XsNV6TILOwACAgf/XygKvCbN9s7NqClio2ROtTN98u2RCTL4
75Zw1jSESFW68ZyWWk64WET
Yeah, the inability to ask your co-workers what s/he's working on would definitely get old after a while...
Places like the NSA are always looking for scientists and mathematicians. (Look at their crypto section)
Post all your public IP addresses on
We'll tell you what doors you've inadvertently left open....
10 print "Oh no, Homer was right!"
20 print "Mmm... Universe."
30 goto 10
or, better yet....
for (i=0; i < 1; i--)
cout << "Oh now, Homer was right!\"\n"Hmm... Universe\"\n
"He gazed up at the enormous face. Forty years it had taken him to learn what kind of smile was hidden beneath the dark moustache. O cruel, needless misunderstanding! O stubborn, self-willed exile from the loving breast! Two gin-scented tears trickled down the sides of his nose. But it was all right, everything was all right, the struggle was finished. He had won the victory over himself. He loved Big Brother."
As any fan of In N Out will tell you...
The question is not the shit grass that they're eating (and we're not), but rather what that acre of land *could* be growing.
...you put in cheap worthless grass and get out good milk, very good leather and very rich food.
Agreed...if you wanted to grow, say, soy beans, then the land has the potential to be "destroyed" just as much as cows.
And if you inject them w/hormones, you get even BETTER food!
True...it's pretty limited.
However, there are some cool tools on the Windows 2000 Resource Kit CD.
Exactly...
And there's actually a kinda cool Tripwire-like program I was fooling around with the other day called GFI System Integrity Monitor.
From their website:
Of course, there are always CLI versions...
PsExec is a nice program for those who want to execute programs on remote sytems and don't want to have to bother with programs like telnet or PC Anywhere.
Install PsExec and you can easily execute processes on other systems w/o having to install client software.
The following command would launch an interactive command prompt on \\server:
psexec \\server cmd
This command executes IpConfig on the remote system with the
psexec \\server ipconfig
This command copies the program test.exe to the remote system and executes it interactively:
psexec \\server -c test.exe
Specify the full path to a program that is already installed on a remote system if its not on the system's path:
psexec \\server c:\bin\test.exe
You can tell by having a snort'ed network which the snort box has the TX pulled out.
You mean by using a sniffing cable?
DumpSec also quickly dumps user, group, and replication information. If you're an NT administrator, you gotta at least download this tool and play around with it.
One really nice feature is that it makes you a nice list of all kernel and win32 services running (and *not* running).
(System Tools has all sorts of cool free tools.)