ive currently have a hardware firewall w/ 802.1Q support going into a switch that segments my network off depending on traffic, this however was before the firewall was there and just the switch (when I first moved in), and I was used to my boxes lasting longer than 5 minutes.
lesson learned, you will find no windows computer on my network;]
Seriously, we've all sat down behind friends and families computers, most of the time we hear 'oh im sure it has plenty of viruses' or 'it does $THIS or $THAT all the time', people have grown to expect this from their computers. Additionally, how many times have you sat down behind a friends computer and seen the 'updates are available' bubble in the corner, and how many times has your friend/family said 'oh that, i normally just click the x' or similar.
I mean a big part of the problem is the patching method, IMHO all XP retail boxes should have SP2 at least, and ideally most people would be behind a crappy linksys nat router, but this isn't always the case. The problem really ends up being the end user who just doesnt care.
So in summary, whenever I hear things like 'oh that, i normally just click the x', and then I run across signs of the box being hacked/infected, I've decided to just let it go, if you don't care, neither do i.
i know a bit back I brought up a windows 2003 box at home, which i would say is hardly 'very out-of-date' out of the box. Within the first five minutes of it being up (while i was patching the box from windows update none the less), I got the nice rpc crashed error that is common from a rpc-dcom exploit with bad shellcode/bad offset, and the box promptly rebooted, woo.
So I brought it back up and went to windows update again, and again in less than 5 minutes _a different_ attacker hit the box and again it went crumbling down with the rpc crashed your box will be rebooted in XX seconds error.
So I brought it up again, pulled the network cable from it, setup the firewall and happily patched the box.
The point being that I don't think 12 minutes is unreasonable amount of time for _any_ copy of out-of-the-box windows to be breached-- I experieced it twice in half that time.
Probably because it's damn hard to guage it by the number of *unknown* exploits out there. I'd love to hear of a method if you know of one.
true.
and I've found nothing that makes me thing a box with it would be any more secure than an OpenBSD box.
1) Mandatory access control listings?
2) Role based access controls?
3) W^X makes no guarantee's about execution of arbitrary code, whereas PaX does.
3) 24/28 bit randomization of stack base addresess, compared to obsd's 14
4) OBSD has no method for randomizing the executable (.text) base, allowing replaying of code that exists in the program itself (overflow into stack, write data there, replay function already inside of the program and use your arguments, i.e. imagine system(exec_ptr);),
5) PaX allows per system call kernel stack randomization, obsd does not.
6) PaX randomizes brk()/heap, obsd does not.
7) PaX supports non-executable/read-only pages of memory in the kernel, OBSD does not.
8) OBSD does not randomize PLT addresses, making mmap randomization more or less useless. PaX does.
9) OBSD does not randomize.bss and heap addresses, PaX does.
10) return-to-libc style attacks are quite possible _and_ probable on OBSD, this is not the case with a PaX enabled system.
11) OBSD does not restrict mprotect() because it would break posix, W^X goes out the window when I introduce a call to mprotect() a section of memory. Sidepoint is that PaX doesn't break POSIX and strill restricts mprotect()
There be 8 points of just PaX and 2 points of GRSec that show how they are more secure than OBSD. 11 points total that show W^X's inferiority to PaX, I can understand that you may not walk away switching to Linux, and that wasn't my initial point. I was just trying to point out that the general consensus that obsd is ultra-secure is based off of a small teams misrepresentation of their OS, and a lot of people who in reality don't know the first thing about (in)security saying how secure it is. OBSD is commonly accepted FUD.
I dont' think anyone ever claimed OpenBSD was totally impervious forever and ever to all exploits. But it's track record for the past 8 years or so kinda speaks for itself.
You are still guaging that by the number of _known_ exploits, that ssh bug existed for at least a year before it went public.
Holes no one realized existed until much later.
Theo went on and on a few months back about how int overflows where the next big thing and how they were undetectable, which is bs as almost every platform out there provides hardware instructions that detect an int overflow.
You are going to have a rough time building a more secure box
linux with grsec/pax has been more secure than openbsd for quite some time, hell in that case obsd has been countinually behind the curve in the order of 3 years or so-- lookup a reply to theo by the author of pax where he details just how behind the curve they actually are.
Overall obsd is only good for those people who want a feel good experience and have no real code auditing experience/ability behind them. Often times obsd's code is broken in various forms, for instance their ntpd is broken if your clock gets too far ahead/behind because they are unable to deal with int overflows. Most of the people screaming obsd have never written a exploit nor patched a bug, and thus more or less unqualified to really speak on the subject, or at least thats my thoughts on the subject.
well I wasn't referencing it in itself, just making a general statement about obsd.
however, while incredibly inprobable, if there was a bug in the network code, and the correct malformed packet was sent through it, there exists the possibility of 'blindly' hacking it, you would just have to keep throwing packets through it. However, as stated having a bug like this is pretty improbable-- and it wouldn't be possible on say just a hub which just blindly forwards the packet, but it would be possible on something that processes the packet-- imagine some bug in say fragmentation reassembly or something.
Improbable, but not impossible.
something I'm wondering is, if it doesn't have the capability to uplink via satellite to receive the location information itself (i.e. it cannot pinpoint you through the same link its sending the database's location data), then does it actually have a global uplink like that or does it make use of open wifi hotspots?
I didn't visit the companies website but I read the article and that makes me wonder.
If i had any mod points and hadn't already commented I would have totally modded you up for that comment.
very well put and it is a thought that perhaps more americans charging off to war in hopes of financing college should think of.. for that matter anyone charging off to war or helping 'the machine' should give a long hard thought to that statement.
Has to be asked- was it entirely a coincidence that the camp was situated near the manufacturing facilities?
I would be incredibly surprised to find out that it was a coincidence. I would have loved to been a fly on the wall when the American's were first planning this out and realized they were going to be dropping a bomb pretty much on the pow camp.
I never implied either way, but because the common consensous, at least officially is that it was done to save american lives and that 'they got what the deserved', it makes it interesting when you realize just how close to americans they dropped it.
At any rate, I would hate to be the one to give the order regardless of who I was dropping it on, I was just stating that I think it would compound the problem when you know that it very well could be your neighbors son that you could be dropping 'the bomb' on.
Which is somewhat ironic, I didn't read the entire thing-- however I did read the first 2 articles (or 2 pages?) and the most prevelant theme I saw in it was doubt that the radiation was really as bad as stated by the Americans, or as its phrased there 'American Radio'.
When thats added to the idea that he was at ground zero for a while it really makes one wonder if the effects of radiation from 'those' atom bombs were overstated.
The other thing I thought interesting was that we dropped it within a mile of a prisoner of war camp, although I suppose it makes sense when combined with the knowledge that the pow camp existed so close to many manufacturing plants. Sense that it may make, I still wouldn't want to be the guy to decide to drop an atom bomb within a mile of an allied pow camp.
really i dont see why this is news, i mean seriously this is the same issue as with any file downloaded, especially so when it comes through a p2p medium.
If peopel would take the time to learn just the littlest bit about their computers i think we would find a lot of this stuff would at least decrease in volume (as it wouldnt be as effective of a method of advertising and such)
hehe, i got a giggle out of this. linuxdevices.com has a list of pda's that support linux natively. However, I must admit that after actually looking for half of these, I had a hard time actually finding anyplace to purchase most of them. The others were just crappy and I ended up with a zaurus.
At any rate, here is the list:
http://www.linuxdevices.com/articles/AT8728350077. html
After spending over a year both contributing and waiting for the linux port to become useable on my ipaq 2215, I decided to just buy a pda that supported linux natively. I commend these guys for their hard efforts, but really I wanted to be able to program _my stuff_ on it, not spend all my time programming to get a not-so-stable linux port that is only useable 30 seconds to a minute at a time.
perhaps that axim people will have better luck, i surely hope so. But really if this is what you are looking for you should consider buying one that supports linux natively. Not only will it save you some time but you also get to put your money where your mouth is and support companies that support you.
First let me explain my 'modifications' slightly to give you an idea of the depth of them. I have the words 'uid 0' and 'gid 0' tattoo'd in binary around my wrists and then full tribal sleeves that 'fade into' a printed circuit board pattern as they get to my shoulders, then my initials on my neck and various other non-visible tattoo's. Additionally I've had my nose, tongue, eyebrow and ears pierced.
I am also fairly good at what I do with about 5 years of experience in the industry, as a high school and college drop out I make slightly less than 100k/yr working as an intrusion analyst for the government, in addition to various free lance contracts.
Now that I have given you a picture of me, here is basically what I have experienced:
for the most part it doesn't matter, however this is not universally true. I've had jobs require me to wear long sleeves even though the only people I ever saw were other engineers, I've had companies that generally do not care what I wear/look like, however everytime I've found that 'we dont care' is the stated rule, I've found out that 'higher ups' did in fact care and that generally it's been to my advantage to just dress in a professional manner that covers up everything that is visible.
Generally speaking I've found that while most people don't care, those who sign the paychecks generally do-- and even if nothing is said, you are constantly having to double your efforts to reach the same 'status' as your non-modified co-workers, but this perhaps could be because my career has mostly focused on security and it's a bit different than 'the rest' of the IT arena. It could also be a result of my background, CISSP's and the likes seem to get slightly uncomfortable around people who are entirely self-taught in the security arena.
My final two points are simply that:
1) I did a little contract work in western europe and I did not feel that I had the same negative stigma when I dealt with people, even elementary school teachers-- which greatly surprised me.
2) All of my piercings are 'ex-piercings' as I've had to take them out each time for various jobs.
So to summarize, yes and no, but mostly yes.
Re:Acetylene Balloon Bomb
on
PHRACK Final
·
· Score: 1
AFAIK, its going underground and may resurface in a year or two. There was a lot of talk a bit back of it going underground, back when the project mayhem thing was still brand 'new'.
In other news, congrats on both of your papers, while both slightly dated these days they comprise of core ideas and methodologies of less-dated techniques today. Regardless of where you stand on the subject, you are proof of the concept of an educated and able whitehat, cheers and thanks.
When deep space exploration ramps up, it will be the corporations that name everything: the IBM stellar-sphere, the Microsoft galley, the planet Starbucks.
true and agreed- it is overhyped, but one thing everyone must accept is that governments fund this type of research the most, and most of the time its to either create:
a) better weapons
b) better weapon defenses
or
c) better communications
with that said it really shouldn't be surprising that everything has military applications.. HOWEVER! i do agree with your base point and understand that what I am saying is slightly different than what you are saying. cheers.
screw all that, really how many developers do you think would be willing to work for the company after it was bought? Additionally there is little benefit as they still wouldn't own the code (the important parts anyways)
if nothing else think of the implications of a highly mobile (flying) intranet- the original design was to survive a nuclear holocaust and this further helps that (although i doubt it gets high enough to really make a different)-- however it is a step in that direction.
Also, think of military uses, again it would need to be high altitude to be really usable but a highly mobile communications system could replace microwave point to point communications in that sense.
but hell, i really dont know what im talking about it's just what popped into my head.
Slashdot Mirror
ive currently have a hardware firewall w/ 802.1Q support going into a switch that segments my network off depending on traffic, this however was before the firewall was there and just the switch (when I first moved in), and I was used to my boxes lasting longer than 5 minutes. lesson learned, you will find no windows computer on my network ;]
Seriously, we've all sat down behind friends and families computers, most of the time we hear 'oh im sure it has plenty of viruses' or 'it does $THIS or $THAT all the time', people have grown to expect this from their computers. Additionally, how many times have you sat down behind a friends computer and seen the 'updates are available' bubble in the corner, and how many times has your friend/family said 'oh that, i normally just click the x' or similar. I mean a big part of the problem is the patching method, IMHO all XP retail boxes should have SP2 at least, and ideally most people would be behind a crappy linksys nat router, but this isn't always the case. The problem really ends up being the end user who just doesnt care. So in summary, whenever I hear things like 'oh that, i normally just click the x', and then I run across signs of the box being hacked/infected, I've decided to just let it go, if you don't care, neither do i.
i know a bit back I brought up a windows 2003 box at home, which i would say is hardly 'very out-of-date' out of the box. Within the first five minutes of it being up (while i was patching the box from windows update none the less), I got the nice rpc crashed error that is common from a rpc-dcom exploit with bad shellcode/bad offset, and the box promptly rebooted, woo. So I brought it back up and went to windows update again, and again in less than 5 minutes _a different_ attacker hit the box and again it went crumbling down with the rpc crashed your box will be rebooted in XX seconds error. So I brought it up again, pulled the network cable from it, setup the firewall and happily patched the box. The point being that I don't think 12 minutes is unreasonable amount of time for _any_ copy of out-of-the-box windows to be breached-- I experieced it twice in half that time.
Probably because it's damn hard to guage it by the number of *unknown* exploits out there. I'd love to hear of a method if you know of one. true. and I've found nothing that makes me thing a box with it would be any more secure than an OpenBSD box.
.bss and heap addresses, PaX does.
1) Mandatory access control listings?
2) Role based access controls?
3) W^X makes no guarantee's about execution of arbitrary code, whereas PaX does.
3) 24/28 bit randomization of stack base addresess, compared to obsd's 14
4) OBSD has no method for randomizing the executable (.text) base, allowing replaying of code that exists in the program itself (overflow into stack, write data there, replay function already inside of the program and use your arguments, i.e. imagine system(exec_ptr);),
5) PaX allows per system call kernel stack randomization, obsd does not.
6) PaX randomizes brk()/heap, obsd does not.
7) PaX supports non-executable/read-only pages of memory in the kernel, OBSD does not.
8) OBSD does not randomize PLT addresses, making mmap randomization more or less useless. PaX does.
9) OBSD does not randomize
10) return-to-libc style attacks are quite possible _and_ probable on OBSD, this is not the case with a PaX enabled system.
11) OBSD does not restrict mprotect() because it would break posix, W^X goes out the window when I introduce a call to mprotect() a section of memory. Sidepoint is that PaX doesn't break POSIX and strill restricts mprotect()
There be 8 points of just PaX and 2 points of GRSec that show how they are more secure than OBSD. 11 points total that show W^X's inferiority to PaX, I can understand that you may not walk away switching to Linux, and that wasn't my initial point. I was just trying to point out that the general consensus that obsd is ultra-secure is based off of a small teams misrepresentation of their OS, and a lot of people who in reality don't know the first thing about (in)security saying how secure it is. OBSD is commonly accepted FUD.
I dont' think anyone ever claimed OpenBSD was totally impervious forever and ever to all exploits. But it's track record for the past 8 years or so kinda speaks for itself. You are still guaging that by the number of _known_ exploits, that ssh bug existed for at least a year before it went public.
Holes no one realized existed until much later.
Theo went on and on a few months back about how int overflows where the next big thing and how they were undetectable, which is bs as almost every platform out there provides hardware instructions that detect an int overflow.
You are going to have a rough time building a more secure box
linux with grsec/pax has been more secure than openbsd for quite some time, hell in that case obsd has been countinually behind the curve in the order of 3 years or so-- lookup a reply to theo by the author of pax where he details just how behind the curve they actually are.
Overall obsd is only good for those people who want a feel good experience and have no real code auditing experience/ability behind them. Often times obsd's code is broken in various forms, for instance their ntpd is broken if your clock gets too far ahead/behind because they are unable to deal with int overflows. Most of the people screaming obsd have never written a exploit nor patched a bug, and thus more or less unqualified to really speak on the subject, or at least thats my thoughts on the subject.
what no comment on my reply ? ;]
well I wasn't referencing it in itself, just making a general statement about obsd. however, while incredibly inprobable, if there was a bug in the network code, and the correct malformed packet was sent through it, there exists the possibility of 'blindly' hacking it, you would just have to keep throwing packets through it. However, as stated having a bug like this is pretty improbable-- and it wouldn't be possible on say just a hub which just blindly forwards the packet, but it would be possible on something that processes the packet-- imagine some bug in say fragmentation reassembly or something. Improbable, but not impossible.
just because theo says its secure, and you believe it to be, doesnt mean it is.
For that matter, just because bugtraq doesn't have 0day, doesn't mean there isnt any.
soylent green is people
something I'm wondering is, if it doesn't have the capability to uplink via satellite to receive the location information itself (i.e. it cannot pinpoint you through the same link its sending the database's location data), then does it actually have a global uplink like that or does it make use of open wifi hotspots?
I didn't visit the companies website but I read the article and that makes me wonder.
If i had any mod points and hadn't already commented I would have totally modded you up for that comment.
.. for that matter anyone charging off to war or helping 'the machine' should give a long hard thought to that statement.
very well put and it is a thought that perhaps more americans charging off to war in hopes of financing college should think of
Has to be asked- was it entirely a coincidence that the camp was situated near the manufacturing facilities? I would be incredibly surprised to find out that it was a coincidence. I would have loved to been a fly on the wall when the American's were first planning this out and realized they were going to be dropping a bomb pretty much on the pow camp.
I never implied either way, but because the common consensous, at least officially is that it was done to save american lives and that 'they got what the deserved', it makes it interesting when you realize just how close to americans they dropped it.
At any rate, I would hate to be the one to give the order regardless of who I was dropping it on, I was just stating that I think it would compound the problem when you know that it very well could be your neighbors son that you could be dropping 'the bomb' on.
Which is somewhat ironic, I didn't read the entire thing-- however I did read the first 2 articles (or 2 pages?) and the most prevelant theme I saw in it was doubt that the radiation was really as bad as stated by the Americans, or as its phrased there 'American Radio'.
When thats added to the idea that he was at ground zero for a while it really makes one wonder if the effects of radiation from 'those' atom bombs were overstated.
The other thing I thought interesting was that we dropped it within a mile of a prisoner of war camp, although I suppose it makes sense when combined with the knowledge that the pow camp existed so close to many manufacturing plants. Sense that it may make, I still wouldn't want to be the guy to decide to drop an atom bomb within a mile of an allied pow camp.
really i dont see why this is news, i mean seriously this is the same issue as with any file downloaded, especially so when it comes through a p2p medium.
If peopel would take the time to learn just the littlest bit about their computers i think we would find a lot of this stuff would at least decrease in volume (as it wouldnt be as effective of a method of advertising and such)
sh sh, he plays in 'hex editors' all day inspecting viruses, dont ruin his imaginary fun with such concepts.
i find it humorous that you crack on vb coders when you yourself obviously cant code beyond a python or bash script (yes ive been to your blog).
hehe, i got a giggle out of this. linuxdevices.com has a list of pda's that support linux natively. However, I must admit that after actually looking for half of these, I had a hard time actually finding anyplace to purchase most of them. The others were just crappy and I ended up with a zaurus. At any rate, here is the list: http://www.linuxdevices.com/articles/AT8728350077. html
After spending over a year both contributing and waiting for the linux port to become useable on my ipaq 2215, I decided to just buy a pda that supported linux natively. I commend these guys for their hard efforts, but really I wanted to be able to program _my stuff_ on it, not spend all my time programming to get a not-so-stable linux port that is only useable 30 seconds to a minute at a time.
perhaps that axim people will have better luck, i surely hope so. But really if this is what you are looking for you should consider buying one that supports linux natively. Not only will it save you some time but you also get to put your money where your mouth is and support companies that support you.
First let me explain my 'modifications' slightly to give you an idea of the depth of them. I have the words 'uid 0' and 'gid 0' tattoo'd in binary around my wrists and then full tribal sleeves that 'fade into' a printed circuit board pattern as they get to my shoulders, then my initials on my neck and various other non-visible tattoo's. Additionally I've had my nose, tongue, eyebrow and ears pierced.
I am also fairly good at what I do with about 5 years of experience in the industry, as a high school and college drop out I make slightly less than 100k/yr working as an intrusion analyst for the government, in addition to various free lance contracts.
Now that I have given you a picture of me, here is basically what I have experienced:
for the most part it doesn't matter, however this is not universally true. I've had jobs require me to wear long sleeves even though the only people I ever saw were other engineers, I've had companies that generally do not care what I wear/look like, however everytime I've found that 'we dont care' is the stated rule, I've found out that 'higher ups' did in fact care and that generally it's been to my advantage to just dress in a professional manner that covers up everything that is visible.
Generally speaking I've found that while most people don't care, those who sign the paychecks generally do-- and even if nothing is said, you are constantly having to double your efforts to reach the same 'status' as your non-modified co-workers, but this perhaps could be because my career has mostly focused on security and it's a bit different than 'the rest' of the IT arena. It could also be a result of my background, CISSP's and the likes seem to get slightly uncomfortable around people who are entirely self-taught in the security arena.
My final two points are simply that:
1) I did a little contract work in western europe and I did not feel that I had the same negative stigma when I dealt with people, even elementary school teachers-- which greatly surprised me.
2) All of my piercings are 'ex-piercings' as I've had to take them out each time for various jobs.
So to summarize, yes and no, but mostly yes.
AFAIK, its going underground and may resurface in a year or two. There was a lot of talk a bit back of it going underground, back when the project mayhem thing was still brand 'new'.
In other news, congrats on both of your papers, while both slightly dated these days they comprise of core ideas and methodologies of less-dated techniques today. Regardless of where you stand on the subject, you are proof of the concept of an educated and able whitehat, cheers and thanks.
When deep space exploration ramps up, it will be the corporations that name everything: the IBM stellar-sphere, the Microsoft galley, the planet Starbucks.
true and agreed- it is overhyped, but one thing everyone must accept is that governments fund this type of research the most, and most of the time its to either create:
.. HOWEVER! i do agree with your base point and understand that what I am saying is slightly different than what you are saying. cheers.
a) better weapons
b) better weapon defenses
or
c) better communications
with that said it really shouldn't be surprising that everything has military applications
screw all that, really how many developers do you think would be willing to work for the company after it was bought? Additionally there is little benefit as they still wouldn't own the code (the important parts anyways)
if nothing else think of the implications of a highly mobile (flying) intranet- the original design was to survive a nuclear holocaust and this further helps that (although i doubt it gets high enough to really make a different)-- however it is a step in that direction. Also, think of military uses, again it would need to be high altitude to be really usable but a highly mobile communications system could replace microwave point to point communications in that sense. but hell, i really dont know what im talking about it's just what popped into my head.