Now Playing –Bleach – Velonica (looped more than 50 times for the past hour)
Earlier on I was involved in a conversation regarding IP addresses and stuffs. Before this I posted a link to a article for the ‘most hyped bug of the internets 2008’ which is the DNS flaw in which could lead to DNS poisoning and several other major implications (read — broken internuts).
Dan Kaminsky, director of penetration testing for IOActive, warned security software vendors about the problem with the Domain Name System that translates Web addresses into numerical Internet Protocol addresses in a secret meeting in March. And on July 8 vendors released their patches in an unprecedented, synchronized effort. While the efforts may have staved off a complete shutdown of the Internet, the flaw was still exploited in small, random attacks after the patches were released, Kaminsky said in August.
This is not a big deal, yet.
However, this is scary. http://it.slashdot.org/article.pl?sid=08%2F12%2F23%2F0046258&from=rss
Man-in-the-middle attacks. I did it to my housemate before using Cain and Abel (lol), and I manage to make him load youtube.com when he key-ed in google.com (xD). Now, if someone can manipulate the certs…
This will happen. “With a completely legitimate and trusted certificate, the attack is perfect. No warning and no error.” (Eddy Nigg, 2008).
It’s like logging in to maybank2u and ended up to some weird rogue sites and risking your particulars and moolah.
Well that just shows how minor particulars can be used to exploit a bigger ‘hole’. Lol.
… and that shows that security is just as good as a string tying a bunch of sticks (information) that can be easily cut and tadaa everything is exposed.
I was tracking about this earlier ago via RSS and the update of the MIT Students for Boston subway system:
The lawsuit against the students was dismissed after a judge lifted a gag order in August that prevented the students from discussing their work. The students had planned to present their research at the Defcon hacker conference in Las Vegas on August 10, but canceled their presentation after a judge granted the MBTA’s request for an injunction the day before.
Excuse me…? Defcon? WTF. That’s like my dream place man. RECON, DEFCON, etc… if only I’m that good by then lol.
So I was clicking on this link http://defcon.org/html/defcon-16/dc-16-speakers.html#Anderson and found out something even interesting on the top:
BackTrack Foo – From bug to 0day
Owner, Offensive Security As pentesters and hackers we often find the need to create our exploits on the fly. Doing this always presents a challenge. But one challenge took us to a new limit and a new level. We want to share the method with you. From Bug to 0Day will show the audience the process of fuzzing, locating the bug, using egghunters then figuring out to build a pure alphanumeric shellcode to exploit it.
This will truly be the most mind bending 60 mins you will spend in exploit development.
Mati is a network security professional, currently working with various Military and Government agencies as well as private sector businesses. His day to day work involves vulnerability research, exploit development and whitebox / blackbox Penetration Testing.
Mati is most know for his role in creating the award winning, internationally acclaimed linux pentesting distro, BackTrack. As well as his lead role in creating the hottest security training school in the international market today, “Offensive Security”. This focused, intense school hones the skills for security professionals by teaching them the tools and methodologies popular in the market. Mati has been training security and hacking courses for over 10 years and is actively involved in the security arena.
WTFFFFF they actually teach you on how to create 0day exploits?!?! I’d been looking around (and it’s too hard for me lol DUHHHH) and Offensive Security guys are teaching it in DEFCON now. .____. Damn……….
Sigh well if you’re good enough to be part of BackTrack team, I believe you can virtually get into most of the systems, particularly Malaysia servers etc.
Now, if only I’m as good as the MIT students xD *dreaming*
So… now you know why CS students play around with numbers all the time. Lol!