Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more.
Follow us on Twitter, Facebook or RSS for the latest updates.
Ethical debates are always interesting, and people have gotten in trouble lately for reverse engineering and various other branches of research.
This is a fairly old topic, but as I’m clearing out some old drafts, I still find it an interesting one.
There’s been an ongoing debate in security circles concerning how security researchers should disclose vulnerabilities for a long time, Darknet is of course in the Full Disclosure school of thinking. The common viewpoint is that the researchers should disclose the vulnerabilities to the company, giving them some time to fix the problem.
Typically, however, if nothing is done to fix the vulnerability, then researchers eventually will disclose it publicly. That’s where a lot of the conflict occurs, and there are even some questionable laws that might get you in trouble for publicly discussing a vulnerability. However, does this apply to spyware research as well?
The main question is, should the vulnerabilities ever be posted publically? I of course say yes, as if I’m using that software, I have the right to know there’s something wrong with it and take remedial measures, even if there’s no patch (that’s the beauty of open source, you can patch it yourself!).
There was a lot of conversation during the 180solution period about responsible disclosure and disclosing the affiliates used to install spyware, someone 180 always manage to spin it into a self-serving press release about how they triumphed over evil.
Ah ethics, always an interesting topic.
The whole thing became a virtual war between a high profile security researcher and the spammy 180solution folks.
The sniping between a controversial adware company and a prominent anti-spyware researcher continued Thursday as 180solutions defended its practices and called critic Ben Edelman “irresponsible.”
Earlier this week, Bellevue, Wash.-based 180 solutions, which distributes software that delivers ads to users’ computers, blasted Edelman, a Harvard researcher, for improperly disclosing a hack into the company’s installation software. Last week, Edelman had posted an analysis of an illegal download of 180’s Zango software by an affiliate Web site of 180’s advertising network.
Can you believe this the provincial government in British Columbia has managed to auction off a set of data tapes containing people’s social insurance numbers, dates of birth and medical records among other information.
The provincial government has auctioned off computer tapes containing thousands of highly sensitive records, including information about people’s medical conditions, their social insurance numbers and their dates of birth.
Sold for $300 along with various other pieces of equipment, the 41 high-capacity data tapes were auctioned in mid-2005 at a site in Surrey that routinely sells government surplus items to the public.
Included among the files were records showing certain people’s medical status — including whether they have a mental illness, HIV or a substance-abuse problem — details of applications for social assistance, and whether or not people are fit to work.
Stupidity knows no bounds really. Do people not understand SENSITIVE, or CONFIDENTIAL or PRIVATE?
In an interview Friday afternoon, Labour Minister Mike de Jong, whose ministry oversees the auction process, said he has ordered an immediate investigation to determine how the breach took place.
“It is completely unacceptable for information like this to be unsecured in the way this clearly is,” he said.
“People deserve to know [this] type of information . . . is secure and kept private,” he added, offering an apology. “I can think of no excuse for information of this sort finding its way into the public domain.”
Well yes I totally agree. And well..this is not the first time is it? And I’m damn sure it wont be the last.
If you don’t know, Brutus is one of the fastest, most flexible remote password crackers you can get your hands on – it’s also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. Brutus was first made publicly available in October 1998 and since that time there have been at least 70,000 downloads and over 175,000 visitors to this page. Development continues so new releases will be available in the near future.
Brutus was written originally to help me check routers etc. for default and common passwords.
Brutus version AET2 is the current release and includes the following authentication types :
HTTP (Basic Authentication)
HTTP (HTML Form/CGI)
Other types such as IMAP, NNTP, NetBus etc are freely downloadable from this site and simply imported into your copy of Brutus. You can create your own types or use other peoples.
The current release includes the following functionality :
Multi-stage authentication engine
60 simultaneous target connections
No username, single username and multiple username modes
Password list, combo (user/password) list and configurable brute force modes
Highly customisable authentication sequences
Load and resume position
Import and Export custom authentication types as BAD files seamlessly
SOCKS proxy support for all authentication types
User and password list generation and manipulation functionality
HTML Form interpretation for HTML Form/CGI authentication types
Error handling and recovery capability inc. resume after crash/failure.
You can download brutus-aet2.zip here (the password is darknet123):
Sometimes doing good can help bad things propagate, sometimes it’s good to consider the big picture and the repercussions of your charitable actions.
This is a case where such logic rings true.
Programs to send PCs to third world countries might inadvertently fuel the development of malware for hire scams, an anti-virus guru warns.
Eugene Kaspersky, head of anti-virus research at Kaspersky Labs, cautions that developing nations have become leading centres for virus development. Sending cheap PCs to countries with active virus writing cliques might therefore have unintended negative consequences, he suggests.
“A particular cause for concern is programs which advocate ‘cheap computers for poor third world countries’,” Kaspersky writes. “These further encourage criminal activity on the internet. Statistics on the number of malicious programs originating from specific countries confirm this: the world leader in virus writing is China, followed by Latin America, with Russia and Eastern European countries not far behind.”
It has to be considered I guess, but this shouldn’t be a reason to NOT give them computers, IMHO anyway.
But what about all the positive uses in education, for example, possible through the use of second-hand PCs in developing nations? We reckon these more than outweigh the possible misuse of some computers at the fringes of such programs.
We wanted to quiz Kaspersky more closely on his comments but he wasn’t available to speak to us at the time of going to press.
I say let’s do the best we can, and take the bad guys out as we go along.
“pleez, pleez, PLEEZ teach me how to hack a Hotmail Account!!!”
-unidentified IRC user
From here on in you walk alone. Neither little_v OR Black Sun Research Facility AND its members will be responsible for what you do with the information presented here. Do not use this information to impress your “l33t0_b0rit0” friends. Do not operate in shower. Objects in article may be closer than they appear.
Note: If you see (x), where x is a number, it means that this term is defined at (x) at the bottom of this article.
The purpose of this article is NOT, I repeat, NOT to teach someone how to “hack an email account”. It’s true purpose is actually MUCH more devious. The purpose of this and all other articles in the “An Exploit Explained: ” series is to teach readers about various web technologies, and the basics of security and exploiting. I will try to give you a hands-on, learn as you go type of education in computer security. Sound good??? Then let’s get in to it!!
On Wednesday, Sept. 22 1999, yet another bleary day in the life of little v, the following message was sent to my inbox:
Subject:Yet another major Hotmail security hole-
Yet another major Hotmail security hole-injecting
There isamajor security flaw inHotmail which allows
works both on Internet Explorer5.0(guess IE4.x)
andNetscape Communicator4.x.Hotmail filters the
does notfilter properly the following case:
So the following HTML isexecuted<IMG
ifthe user has enabled automatically loading of
images(most users have).
Probably thismay be used inother HTML tags.
email message allows forexample displayingafake
login screen where the user enters his password
which isthenstolen.Idon't want to make a scary
demonstration, but I am sure it is also possible to
read user'smessages,tosend messages from user's
name and doing other mischief. Hotmail deliberately
attacks, but obviously there are holes. It is much
easier to exploit this vulnerability if the user uses
Internet Explorer 5.0. AFAIK this is not a browser
Ok, don’t puke, I’m going to explain what just happened in a fashion that even your dog can understand.
What is this all about?
This important part of this posting to the Bugtraq(1) (http://www.securityfocus.com) mailing list is the actual exploit(2).
The exploit would be:
first message in your Inbox is from :
What does it do?
How does it work?