I'm a consultant for an internet security company. The job is challenging, varied, fun and well paid. I get involved in pen tests, source code audits, hardware audits, etc etc. I wouldn't have got this job were it not for the fact that in a former life I used to 'play' with things I shouldn't. Don't get me wrong, I've never been arrested or charged with any crime relating to computer misuse, I've never done anything that serious. Something as simple as writings 'POKEs' for computer games was considered hacking/cracking in the old days. I'm not the only one in the company like this. There are other senior members of staff that some good past experience. Between us all it means that we have a vast wealth of knowledge and experience that enables us to offer a good service to the customer. So, the point of my post is, that being an ex hacker/cracker isn't a problem to my employers. If a criminal is a criminal, does that not mean the whole point of prisons doesn't work? They aren't just there for punishment, they're there for the convict the reflect on his/her past and become a reformed person.
I'm going to do something nobody has done for a long time. I'm going to go out and buy an ATX motherboard along with all the ancillaries (spelling?) and stick them in a metal box with holes in the front for my CD-ROM drive and floppy drive. The front will also have suitable buttons for power and reset. Round the back I think I should be able to find suitable openings for those PCI cards I'm going to put on the Mobo.
Do you know what, I'll give it a name, a PeeCee!
Nobody cares anymore. Yes, ITX mobos were once cool, but now you can get them just about anywhere for less than £100.
This is amusing, actually. Tell me again how one puts a "virus-worm hybrid" into a non-executable file and have it infect mp3 players on multiple platforms?
Here's one example:
Foundstone Research Labs Advisory - FS2002-10
Advisory Name: Multiple Exploitable Buffer Overflows in Winamp
Release Date: December 18, 2002
Application: Winamp 3.0 and Winamp 2.81
Platforms: Windows NT/2000/XP
Severity: Remote code execution
Vendors: Nullsoft (http://www.nullsoft.com)
Authors: Tony Bettini, Foundstone (tony.bettini@foundstone.com) CVE Candidate: CAN-2002-1176
CAN-2002-1177
Reference: http://www.foundstone.com/advisories
Overview:
One buffer overflow exists in Winamp 2.81 (latest 2.x release) and two buffer overflows exist in Winamp 3.0 (latest 3.x release). The Winamp 2.81 overflow is with the handling of the Artist ID3v2 tag upon immediate loading of an MP3. The two Winamp 3.0 overflows are present in Media Library's handling of the Artist and Album ID3v2 tags.
Detailed Description:
Winamp 2.81 Overflow
If a long Artist ID3v2 tag is present within an MP3, Winamp 2.81 will crash yielding privileges immediately upon loading the MP3.
Two Winamp 3.0 Media Library Overflows
If an MP3 is loaded into Winamp 3.0 that has an ID3v2 tag, the Artist and Album fields of the ID3v2 tag are displayed within the Media Library window of Winamp3. An attacker could create a malicious MP3 file, that if loaded via the Media Library window, would compromise the system and allow for remote code execution.
An attacker could create a malicious MP3 file that exploits either the overflow of the Artist ID3v2 tag or the Album ID3v2 tag (or both). For either overflow to occur, the user has to attempt to load the MP3 file from the Media Library by at least single clicking on either the MP3 via the Artist or Album window.
Vendor Response:
Nullsoft has released fixed versions of Winamp 2.81 and Winamp 3.0 and both are available at: http://www.winamp.com
Foundstone would like to thank Nullsoft for their cooperation with the remediation of this vulnerability.
Solution:
For Winamp 2.81 users
We recommend either upgrading to Winamp 3.0 or redownloading Winamp 2.81 (which has since been fixed) from: http://www.winamp.com
For Winamp 3.0 users
Only Winamp 3.0 build #488 built on December 15, 2002 and later are not vulnerable. We recommend if the About Winamp3 dialog box within Winamp 3.0 displays a 3.0 release that has a lower build number than 488 or earlier date than Dec 15 2002, we recommend redownloading Winamp 3.0 from: http://www.winamp.com
Wow! That one brings back some memories. It was the first demo that really impressed me on the PC. I kept seeing Amiga demos that always looked pretty cool and was miffed because I knew the PC could do as well/better. Then Second Reality came along. What a demo. Running it on a 386 with amplified audio was quite an experience in them days. Then the 486 came along and it got even better. Then the pentium came along and, poof, nothing. Wish I could see/hear that one again.
...we didn't know about it until after the event. Now AOL are just going to watch out for these guys. Bit of a catch 22 though, how would they get 1M CDs without going public?
Slashdot Mirror
I'm a consultant for an internet security company. The job is challenging, varied, fun and well paid. I get involved in pen tests, source code audits, hardware audits, etc etc. I wouldn't have got this job were it not for the fact that in a former life I used to 'play' with things I shouldn't. Don't get me wrong, I've never been arrested or charged with any crime relating to computer misuse, I've never done anything that serious. Something as simple as writings 'POKEs' for computer games was considered hacking/cracking in the old days.
I'm not the only one in the company like this. There are other senior members of staff that some good past experience. Between us all it means that we have a vast wealth of knowledge and experience that enables us to offer a good service to the customer.
So, the point of my post is, that being an ex hacker/cracker isn't a problem to my employers.
If a criminal is a criminal, does that not mean the whole point of prisons doesn't work? They aren't just there for punishment, they're there for the convict the reflect on his/her past and become a reformed person.
I'm a professional killer!
Love to see peoples responses to that one.
I'm going to do something nobody has done for a long time. I'm going to go out and buy an ATX motherboard along with all the ancillaries (spelling?) and stick them in a metal box with holes in the front for my CD-ROM drive and floppy drive. The front will also have suitable buttons for power and reset. Round the back I think I should be able to find suitable openings for those PCI cards I'm going to put on the Mobo. Do you know what, I'll give it a name, a PeeCee! Nobody cares anymore. Yes, ITX mobos were once cool, but now you can get them just about anywhere for less than £100.
This is amusing, actually. Tell me again how one puts a "virus-worm hybrid" into a non-executable file and have it infect mp3 players on multiple platforms?
Here's one example:
Foundstone Research Labs Advisory - FS2002-10
Advisory Name: Multiple Exploitable Buffer Overflows in Winamp
Release Date: December 18, 2002
Application: Winamp 3.0 and Winamp 2.81
Platforms: Windows NT/2000/XP
Severity: Remote code execution
Vendors: Nullsoft (http://www.nullsoft.com)
Authors: Tony Bettini, Foundstone (tony.bettini@foundstone.com)
CVE Candidate: CAN-2002-1176
CAN-2002-1177
Reference: http://www.foundstone.com/advisories
Overview:
One buffer overflow exists in Winamp 2.81 (latest 2.x release) and two
buffer overflows exist in Winamp 3.0 (latest 3.x release). The
Winamp 2.81 overflow is with the handling of the Artist ID3v2 tag upon
immediate loading of an MP3. The two Winamp 3.0 overflows are present
in Media Library's handling of the Artist and Album ID3v2 tags.
Detailed Description:
Winamp 2.81 Overflow
If a long Artist ID3v2 tag is present within an MP3, Winamp 2.81 will
crash yielding privileges immediately upon loading the MP3.
Two Winamp 3.0 Media Library Overflows
If an MP3 is loaded into Winamp 3.0 that has an ID3v2 tag, the Artist
and Album fields of the ID3v2 tag are displayed within the Media
Library window of Winamp3. An attacker could create a malicious MP3
file, that if loaded via the Media Library window, would compromise
the system and allow for remote code execution.
An attacker could create a malicious MP3 file that exploits either the
overflow of the Artist ID3v2 tag or the Album ID3v2 tag (or both). For
either overflow to occur, the user has to attempt to load the MP3 file
from the Media Library by at least single clicking on either the MP3
via the Artist or Album window.
Vendor Response:
Nullsoft has released fixed versions of Winamp 2.81 and Winamp 3.0 and
both are available at: http://www.winamp.com
Foundstone would like to thank Nullsoft for their cooperation with
the remediation of this vulnerability.
Solution:
For Winamp 2.81 users
We recommend either upgrading to Winamp 3.0 or redownloading Winamp 2.81
(which has since been fixed) from: http://www.winamp.com
For Winamp 3.0 users
Only Winamp 3.0 build #488 built on December 15, 2002 and later are not
vulnerable. We recommend if the About Winamp3 dialog box within
Winamp 3.0 displays a 3.0 release that has a lower build number than
488 or earlier date than Dec 15 2002, we recommend redownloading
Winamp 3.0 from: http://www.winamp.com
Wow! That one brings back some memories. It was the first demo that really impressed me on the PC. I kept seeing Amiga demos that always looked pretty cool and was miffed because I knew the PC could do as well/better. Then Second Reality came along. What a demo. Running it on a 386 with amplified audio was quite an experience in them days. Then the 486 came along and it got even better. Then the pentium came along and, poof, nothing. Wish I could see/hear that one again.
cable is still regarded as the longest single run of cable in the world
Obviously nobody has seen the mess under my desk!!!
...some unbelievably stupid. Here
...we didn't know about it until after the event. Now AOL are just going to watch out for these guys. Bit of a catch 22 though, how would they get 1M CDs without going public?
Slash releases have the same naming schemes as the machines on my network at home! Bender (Sun SparcServer4) being my particular favourite.
Has anybody actually tried to use a PDA whilst walking? Not the easiest thing to do.