Comments Posted By Pantagruel
Displaying 1 To 30 Of 290 Comments
UAE Telco Etisalat Installs Spyware On Users Blackberries
@huraimel
This can be circumvented using PGP (www.pgp.com/products/pgp_support_package_for_bb/).
This spyware update however introdudes a backdoor and straight access to the BB’s contents, rendering encryption on-demand useless (i’m not sure if the BB stores the email fully encrypted [local storage I mean]), no BB here to have a test.
» Posted By Pantagruel On July 27, 2009 @ 9:23 am
According to a poll http://www.arabianbusiness.com/562771-more-than-50-of-blackberry-users-to-ditch-etisalat—poll , some 50% or more is about to ditch Etisalat due to their spyware ‘update’. This seems more than logical to me and shows more regimes are interrested in gathering info at any means possible.
» Posted By Pantagruel On July 24, 2009 @ 12:43 pm
Retarded E-mails – Brute Force, Change School Grades, Hack US Military & MORE
Agree, it used to be funny to read all the request.
Nowadays it’s become bothersome, everyone wants the easy way out.
They do not seem to be willing to acquire the skill but want to be ‘l33t’ without breaking a sweat.If you want accomplish anything in live(nice grades in school, good job, etc), learn and master your art!
» Posted By Pantagruel On May 19, 2009 @ 11:35 am
Kyrgyzstan Taken Offline by DDoS Attacks
Nice bit of FUD mr. Jackson.
Nothing like some warmed up cold war left-overs. Go clean up you own garden and than start bitchin’ to the neighbors lawn.Russia is pumping 1 1/2 billion euro into this dwarf state Kyrgyzstan and the Americans are bitching about the fact they will be kicked of the Manas military base. So who has to gain from this media circus??
» Posted By Pantagruel On February 4, 2009 @ 10:14 am
With Navin,
Yep nice report.
The amount of missed and false negatives is worrying and it’s a good thing for Acunetix that they appear to do so well. The other should definitely wake up and get improving.» Posted By Pantagruel On January 29, 2009 @ 8:35 am
Happy New Year For 2009 From Darknet
Happy new year to DarkNet and all DarkNet lurkers/contributors
» Posted By Pantagruel On January 2, 2009 @ 12:25 pm
Virtualization Security – IT Managers and Security Experts Disagree
With Bogwitch
We used to segregate our services, each on their own server (http/smtp/ftp/etc) so if one get broken into the remaining others would be relatively safe (this ofcourse depends on the type of exploit used to get into server X and the availability of this hole on the remaining servers). Herding your servers onto one big server in the form of virtual might result in the big bad wolf penetrating the fence and finding a nice flock of easy pray.
Rafal Los has a point ,with ‘green’ pro environmental thinking have found it’s way into the IT world, managers seem quite concerned about trying to cut down power consumption which, according to the vendors mentioned, can be achieved through virtualisation.
We are currently suffering such a manager being convinced VM will save atleast 30%. The only fun is the server fit to run all virtual environments itself consumes already 10% more when idle. (Our first ’shepherd’ server which did consume 30% less power quickly ran out of resources resulting in a DoS of the smtp VM)
Regarding the rising oil prices the manager does have a point, but this adds little to security which should be prime in a 5000+ user environment.» Posted By Pantagruel On December 20, 2008 @ 11:38 am
Microsoft Breaks Patch Cycle to Issue IE Patch
Regarding the exploits nature (remote code execution) it’s a good thing MS deceided to issue this out of band fix. There is little pr value in keeping it on the shelves just to stick to the ‘patch tuesday’ cycle.
The only downside is they deceided on releasing a patch after somewhat of a public uproar instead of auto-update distribute it sooner after the exploit was found.» Posted By Pantagruel On December 17, 2008 @ 9:48 am
The World’s Fastest MD5 Cracker – BarsWF
@Varun
The forum doesn’t mention it, register and drop them a line.
You could try CygWin and alikes but that will at a huge speed penalty (dual boot would be a better option)
» Posted By Pantagruel On December 6, 2008 @ 8:41 am
Retarded E-mails – Crack Hotmail? Hack Facebook? Boyfriend Cheating?
@Tom welcome to the human race, there will always be a reason for someone or some group of people to feel offended. Have fun scanning all sites using retard or any derivative of the word and spend your remaining live feeling offended.
But perhaps you’re rigth, dimwit sounds far better
» Posted By Pantagruel On December 6, 2008 @ 8:49 am
ROTFLMAO
Indeed bewildered and bemused to read about the blatant inquiries for help on illegal subjects.
Let me be a good sport and share the 3v1L kn0wL3dg3 0f h4ck1n’
-1 You don’t even need to know leetspeak, go to ioyu.com/io/javascript/l33t.asp and let all you bud’s know how |_337 U R!
(btw this will NOT mask for any spelling erro’s)
-2 After you’ve mastered typing this url browse to http://www.amazon.com/Hacking-Dummies-Kevin-Beaver/dp/076455784X and buy it with your mum’s c-card (remember you’ve so far been too dumb to get someone elses cc data). Now comes the difficult part, get atleast a 6-pack of jolt/dew/whatever and READ the book (no cheatin’, browsin’ is NO readin’
)
-3 Well done, you’ve made it this far!, you’ll get a + for persistence which you’ll need for the future cause as anyone will tell you: There is no easy way, you’ll have to get low, down and dirty if you want to really know the trade.
» Posted By Pantagruel On December 4, 2008 @ 2:03 pm
Twitter Squatting – The New Domain Jacking?
Squatting in general is lame, be it domainname or blogID squatting.
Instead of getting a real job they just want to get some fast money by extorting a big company.» Posted By Pantagruel On November 5, 2008 @ 11:25 am
Morris Worm To Turn 20 – How Far Things Have Come
The mother of all worms!
And just like goodpeople mentioned, it oozes old skool feeling giving those of us who have experienced this worm a warm feeling.
» Posted By Pantagruel On November 5, 2008 @ 10:09 am
MultiInjector – Automated Stealth SQL Injection Tool
Oh dear, they just made a whole bunch of wannebee SQL crackers happy.
And indeed is this a good thing??, in a sense it is this allow even the pen-test nitwit to test their sql frontend before releasing it.
» Posted By Pantagruel On November 5, 2008 @ 2:32 pm
Microsoft Rushes Out Critical RPC Bug Fix
MS has been covering this patch with a large load of secrecy, so I guess it must be really easy to abuse and gain root level access.
The first proof of concept codes appeared within hours after the release of the patch, have a look at http://www.immunityinc.com
» Posted By Pantagruel On October 25, 2008 @ 9:53 am
Swiss Researchers Sniff Password from Wired Keyboard
Eventhought the technique of data capturing through EM monitoring is indeed quite old school, it’s still a good story.
Guess it’s time to swap the tin-foil hat for a Copper-foil version
and for those fond of home improvement, have a look at:networks.silicon.com/lans/0,39024663,39121501,00.htm
Wonder what designs they offer
» Posted By Pantagruel On October 25, 2008 @ 10:05 am
p0f – Advanced Passive OS Fingerprinting Tool
Indeed funny you never coverd p0f before, it did get mentioned a few times in other posts.
p0f appears to be more of a tooth pick compared to the swiss army knife Nmap
» Posted By Pantagruel On October 25, 2008 @ 9:49 am
XSS-Proxy – Cross Site Scripting Attack Tool
Thanks for the info.
We had an intro of a new online ordering system some days ago. It relied heavily on the internal database of goods. But for well known suppliers their was an option to ‘patch-through’ into their website, process an order and retrieve the necesarry info into the mother application. I asked them about a possible xss vuln, but the tech didn’t know wha it was and started blabbing about vpn connection between machine’s etc.
After reading through this I am itching, but since they will be my ex-employer within 2 months (got laid off but have found a new job quite quickly) it will be their problem to solve.» Posted By Pantagruel On October 25, 2008 @ 9:58 am
NetStumbler – Windows Freeware to Detects Insecure Wireless Networks
@ Morgan Storey
Actively scanning for an open AP can indeed be considered illegal. Try testing every door in your neighbourhood, your bound to get attention from people or the police.
@ Tim
Indeed those poor souls who have yet to see the light, the light of a bright *bsd star
» Posted By Pantagruel On October 11, 2008 @ 6:54 am
THC-ePassports – THC Clones Biometric ePassport – Elvis Presley Passport
Yep it’s Schiphol Airport (NL).
After reading through the thc website article, it all seems rather easy to prep a fake id.
» Posted By Pantagruel On October 3, 2008 @ 11:01 am
Pro ATM Hacker ‘Chao’ Gives Out ATM Hacking Tips
Nice read, but nothing ground bracking
» Posted By Pantagruel On October 1, 2008 @ 1:13 pm
onesixtyone 0.3.2 – An Efficient SNMP Scanner
Looks nice.
MMM compile gives a:
onesixtyone.c:336: warning: conflicting types for built-in function âlogfâ (opensuse 11). It runs however without a problem.Dong the mentioned
Running onesixtyone on a class B network (switched 100Mbs with 1Gbs backbone) with -w 10 gives us a performance of 3 seconds per class C, with no dropped packets. All 65536 IP addresses were scanned in less than 13 minutes.
requires some for i in looping to check an IP range.
» Posted By Pantagruel On September 8, 2008 @ 7:11 pm
Google Releases New Browser Chrome – Vulnerabilities on First Day
So now all we have to do is wait for another serious flaw in Chrome and Google spilling all the users details it has gathered in it’s browser/email client/desktop search app installed on the victims pc.
I get the impression the where rushing the Chrome release and left out the serious bug hunt routine.
» Posted By Pantagruel On September 9, 2008 @ 8:58 pm
International Space Station Infected by Virus!
Houston we have a problem
Guess some cosmonaut was thinking IIS to be a nice ‘camping’ spot for some online fraggin’.
I find it rather strange that the people borading for IIS aren’t checked more thoroughly, there should be a “NO usb gadget!” rule and all data carriers should be thoroughly scanned for viral and other malware. Seem rather silly to lose your sciencetific works due to some malware or perhaps even send IIS crashing just because someone wanted to look at some pictures of his/her partner and kids.
» Posted By Pantagruel On September 24, 2008 @ 6:55 am
UK Hacker Gary McKinnon Loses Appeal Against Extradition
I’m afraid that the prosecution will use this scape goat to the max of their possibilities. Like d347hm4n says, this is the next best thing since they will never get their hands on a Chinese or Russian hacker.
Like Darknet mentions, his reluctance to be forthcoming will be used against him and his Asperger’s syndrome most likely explained as ‘dangerous’ compulsive behavior.
I do not condone hacking but it’s clear this particular case should be examined more closely regarding instead of turning it into a road show.
» Posted By Pantagruel On September 2, 2008 @ 8:52 am
Modern Exploits – Do You Still Need To Learn Assembly Language (ASM)
@Darknet
Sitting around waiting for the coconut to fall down from the tree can take a while, that’s true and the bunch of us are (atleast what I gather from the various responses on this and other bloggings here @ Darknet) of the pro-active type.
I am not ashamed to admit recycling the odd bit and bob of code in new projects, there’s little use in reinventing the wheel.
Mashing up existing stuff is a nice way to start but you’re right, it will leave you highly dependant on other people’s skills
» Posted By Pantagruel On September 24, 2008 @ 2:08 pm
With Goodpeople.
Profound hardware and OS knowledge will get you more possible sploits than just being able to write a sploit in asm. Programming knowledge in general will suit you very nicely (even VBA for applications can be very handy if to want to bring down word/xl/xs/ppt) and C/C++ variants will fit the bill.
[In the dark ages we did our first novell sploit in Pascal and later on converted it to asm both for fun and size of the exploit].
With packages like MetaSploit you really do not need to be able to actually code the sploit, it’s very helpfull straight from the box and there are regular additions.
As Goodpeople mentions, learning to programming will teach you how to think along a logical line and you’ll be able to get things more clear and sorted out (let’s compare it to the way you break up your code into blocks and sections which logically belong to each other). But even more important it good analytical skills. It’s more than just knowing or ‘feeling’ the problem, you need to be able to clearly put down how/why it goes wrong and what would be best to do to avoid or exploit }:) this problem.
» Posted By Pantagruel On September 24, 2008 @ 6:45 am
CSRF Vulnerability in Twitter Allows Forced Following
Free after Goodpeople
1. Scout out a pub/bar
2. entice the intended target
3. Buy him/her a beer/whine/cider
4. enjoy the real world face to face» Posted By Pantagruel On September 24, 2008 @ 6:48 am
Webcam Hacker Jailed for 4 Years for Spying on Teenager
With the amount of ‘open’ webcams available you’d wonder (have a look at goolag http://www.darknet.org.uk/2008/03/goolag-gui-tool-for-google-hacking/ or do some old skool Google hacking) why he even bothered.
Nevertheless good riddens! he crossed the line with the extortion thing» Posted By Pantagruel On August 28, 2008 @ 1:53 pm
OpenVAS – Open Vulnerability Assessment System (Nessus is Back!)
«« Back To Stats PageCame across it this morning.
It’s good to have ‘nessus’ back in the GPL field, will definately give it a go this weekend» Posted By Pantagruel On August 18, 2008 @ 8:44 pm
| 246,182 views |
