Grey bar Blue bar
Share this:

Mon, 29 Dec 2008

Dont look now, but it seems they broke the Interwebs again..

Those pesky hackers!

Alex Sotirov (of heap feng shui fame, famous for breaking everything from Vista, to web browsers, to facebook) and Jacob Applebaum (of cold-boot attack fame, and more importantly of "knuth is my homeboy" fame) will be talking in a few hours at the 25c3 conference in Germany and by all accounts its going to be an "Internet Breaker".

There is a fair bit of speculation on the nature of the bug (though most people some confident that its routing protocol related) and HD Moore has blogged that the pair have sought legal advice pre-publishing.

If i had to, i would take a guess at BGP too, mainly because the talk is labeled "Making the theoretical possible" which was a tagline used by the l0pht back when they were talking about shutting down the internet with BGP related attacks.

The only problem i have with all this, is that it reveals confusion over how we measure "the year" when we award pwnies.. if the talk happens on the last day (just about) of 2008.. Does it count for pwnies 09??

/mh

Wed, 26 Nov 2008

Wired Article on DNSGate..

Wired magazine has covered the DNSGate saga with full dramatic details like: "never, ever repeat what you just told me over a cell phone".

Its a quick read, and worth it for the classic line: "The DNS community had kept the secret for months. The computer security community couldn't keep it 12 days"

Thu, 6 Nov 2008

"Unix Terrorist" in trouble over TJX ?

Anyone who was around for Defcon-10 will have an opinion on the infamous Gobbles-Silvio-UnixTerrorist talk in which mail spools where published and everyone was slammed [1]

According to mumble on the Interwebs (and a comment from RiskyBusiness) it appears as if the Stephen Watt who allegedly "modified and provided a “sniffer” program used by the conspirators to monitor and capture the data crossing corporate computer networks" == Unix Terrorist..

It's not clear the extent of Watts involvment with the breakin, but it does send a cold shiver down the spine of anyone who puts out tools / software..

/mh

[1.] for me it just hurt seeing Silvio trying to make a real point while UT was trying to make a few jokes..

Thu, 18 Sep 2008

Sarah Palin, a yahoo email account, and something more shocking...

By now everyone knows that John McCain's running mate Sarah Palin had her yahoo email account hacked. I guess a presidential candidate using yahoo for govt. related email was about as shocking as Sarah Palins nomination as possible future president ((unless of course you have ever heard of other govt. officials using yahoo/gmail/hotmail for serious business)(inside joke for south africans!)).

People have been talking about secure password resets for a long time [1] and this was pretty shocking all around..

But even more shocking for me (as a totally removed observer), was the Errata Security post (authors of hamster, which we commented on [here]) ending their post with an endorsement of the McCain/Palin ticket.. i thought all (american) hax0rs leaned towards "the change"

Thu, 24 Jul 2008

these tubes are quick

Kaminsky's thunder has all but evaporated into a fine mist, and Ptacek has gone all silent. In the meantime, the MetaSploit crowd put their heads down and produced:

http://www.caughq.org/exploits/CAU-EX-2008-0003.txt

DNS poisoning for the masses.

(If anything ever deservered the tag 'infosec-soapies', this would be it!!!)