RSS Feed

Netsec, comsec, infosec and IA news, research and trends



MIT: the Home of Hacking from Chris


CheckInstall is a nifty way to build from source tarballs and register the results in the RPM database. It is a substitute for "make install" that creates an RPM package.

dsniff install HOWTO for RH 8 and 9

IISBanner lets one replace the default IIS Server Header to Supress Patch and Version Information
ScanADS lets one scan for alternate data streams on a W2k/XP box. Alternate Data Streams provide an easy way for miscreants to hide data such that it does not show up in normal file and directory listings.


Orrin Hatch
The chairman of the Senate Judiciary Committee has suggested remotely destroying computers used for downloading music.

Mr Hatch said damaging computers "may be the only way you can teach someone about copyright".

"I'm all for destroying their machines."

"There's no excuse for anyone violating copyright laws."

Listen to the Music of Orrin Hatch!

...Sen Hatch went on to propose the following:
1) Cars be designed to explode when the speed limit is exceeded
2) Police stand outside of bars and shoot patrons as they leave to prevent them from driving under the influence
3) The US utilize cruise missles to discourage parking violations

It seems that Orrin Hatch (R- Utah) and Howard Berman (D- CA) have a lot in common other than corporate donations from Hollywood.

Hack4Life leaked another Cert/CC Vulnerability Announcement on Friday. This one allows code to be embedded in a PDF file. When the PDF is read on a Unix/Linux platform, it is executed with the rights of the user reading the document.


Totally Off Topic

Gustave Gilbert, an intelligence officer, interviewed Hermann Goering at Nuremberg on 18th April, 1946.

"We got around to the subject of war again and I said that, contrary to his attitude, I did not think that the common people are very thankful for leaders who bring them war and destruction.

"Why, of course, the people don't want war," Goering shrugged. "Why would some poor slob on a farm want to risk his life in a war when the best that he can get out of it is to come back to his farm in one piece. Naturally, the common people don't want war; neither in Russia nor in England nor in America, nor for that matter in Germany. That is understood. But, after all, it is the leaders of the country who determine the policy and it is always a simple matter to drag the people along, whether it is a democracy or a fascist dictatorship or a Parliament or a Communist dictatorship."

"There is one difference," I pointed out. "In a democracy the people have some say in the matter through their elected representatives, and in the United States only Congress can declare wars."

"Oh, that is all well and good, but, voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same way in any country.""

Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID
This book will help you get snort up and running quickly.

Installing Snort, Acid and Barnyard on OpenBSD 3.3

Snip from Nanog List Regarding Outlook
The only lame excuses I can come up with (for using Outlook) are possibly: laziness, stupidity, ignorance, complacency, fear of non-compliance (but I think that's a stretch) and perhaps the raccoon mentality of 'it's new and shiny - I MUST have it'. Beyond that I have no idea why groups continue to use a Microsoft Virus Run-Time Environment or even see the excuses above as legitimate justification.


ODESSA - The Open Digital Evidence Search and Seizure Architecture is a cross-platform framework for performing Computer Forensics and Incident Response.

Gray World has several covert communications tools:

Cctt, "Covert Channel Tunneling Tool" is a tool presenting several exploitation techniques allowing the creation of arbitrary data transfer channels in the data streams authorized by a network access control system.

Firepass - is a tunneling tool, allowing to bypass firewall restrictions and encapsulate data flows inside legal ones to use HTTP POST requests.

Wsh, "Web Shell" - remote UNIX/WIN shell, that works via HTTP/HTTPS. The package contains two perl scripts for server and client hosts: the first one is for console usage and the second one runs as CGI script on the target host.

This page is powered by Blogger.

Site Meter Locations of visitors to this page