gmane.comp.security.dailydave

Re: Hacking the tribal websites, scuba divers,and lilacs.

Dave Aitel — 2012-05-24T16:08:15

People are pointing out that they didn't so much "hack" as "buy ad
space", which kinda ruins my point and doesn't let me vent about the
person behind me during my commute this morning. :>

http://www.lawfareblog.com/2012/05/state-department-hackers/ has more
information. The Cupcake thing was real though, iiuc.

-dave

On 5/24/12 10:47 AM, Dave Aitel wrote:

Re: Hacking the tribal websites, scuba divers, and lilacs.

Karin Kosina — 2012-05-24T15:09:02

Hello,

  This whole State-hacking-Yemeni-websites story is probably not true.
It seems that the original AP report misquoted Secretary Clinton. It 
appears they didn't "hack" anything, just spammed a bunch of forums: 

  http://www.lawfareblog.com/2012/05/state-department-hackers/      

Bestest, 
kyrah

PS. This does not take away from Dave's argument in any way of course,
    just thought I'd share it.

_______________________________________________
Dailydave mailing list
Dailydave< at >lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Hack Cup 2012

Nicolas Waisman — 2012-05-24T15:28:19

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We have only three slot left for the Hack Cup tournament. Whether you
are good at soccer or not, it's a good excuse to getaway for the Vegas
noise, play a team sport and just have fun.

Sign up today as a team or a free player here:
https://www.hack-cup.com/add-your-team

Cheers
Nico

- -- 
Nico Waisman
Immunity, Inc.
nicolas< at >immunityinc.com
(+54) 11-4833-3205.
Malabia 2162 2nd floor
Buenos Aires, Argentina

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk++U5MACgkQnx8KWzmcRsGf1QCeN1RbGIp9opV3YLv8CHzY0XMX
Td8AnitooMpD0TYp1pamoO4auvPW79bX
=tKII
-----END PGP SIGNATURE-----

Hacking the tribal websites, scuba divers, and lilacs.

Dave Aitel — 2012-05-24T14:47:59

http://www.washingtonpost.com/national/clinton-state-department-hacked-al-qaida-sites-in-yemen-part-of-covert-war-on-terror/2012/05/23/gJQAKFOdlU_story.html

So you know how when you're at a stoplight, and you see flashing lights
from a fire truck behind you, and you'll carefully maneuver to pull over
into a nook on the side of the road? But sometimes the person behind you
will just scoot forward to claim your space, blocking the firetruck and
ruining the whole point of your moving aside. Then like, at the very
next block, they'll do the exact same thing to the little SUV that
follows the fire truck? And at that point you'll look back, trying to
figure out who they are, and what it is exactly about the situation here
they're not getting, while making certain culturally appropriate yet not
too violent (Miami has liberal concealed carry laws) gestures?

In a nutshell, that's how operators feel when policy makers ask them to
deface websites. On the surface, removing Al Qaeda propaganda may SEEM
like a step forwards. You can see the policy brain working like this:

1. Our opponent has moved their PR and recruitment to web sites
2. I have people who can hack web sites
3. What if we do something super clever to their web sites? TAKE THAT
AL QAEDA!

Your basic operator team is thinking of a few other things:

1. What parts of our toolchain are going to be exposed by hacking into a
tribal website?
1a. A rootkit of some kind that we've tested, possible modified from
open sources <http://immunityinc.com/products-hydrogen.shtml>, but
regardless, something fairly valuable.
1b. An exploit signature. Even if the Yemenis don't necessarily store
all their traffic and analyze it afterwards, perhaps the nice Indian
folks of Tata Communications
<http://www.tatacommunications.com/about/history.asp> (which is how you
got your SQLi to Yemen in the first place) checked their satellite
traffic logs after the event, and now whatever cool technique you used
to get in is burnt, along with everything unencrypted you did (recon,
trojan listening post, etc.). So then the Indian government goes through
their logs of their own satellites and checks out what you're doing
there, or in Pakistan, or whatever. This causes an attribution problem
of hilarious proportions.
1c. It's no doubt that if this sort of thing gets positive news in
the Washington Post, that someone's going to want to do it again but on
harder targets. So now you face the dilemma - do you burn the strategic
resources (exploits, rootkits, methodologies and techniques) that you've
been using on "real things" for short lived PR stunts?
1d. Those ads are just going to come out on some other website in
about fifteen minutes, and people who never would have looked at them
are going to go check out what the Americans didn't want them to see. On
a "stern warning" to "hellfire missile" scale, you're looking a lot more
like a shaken finger and a cross look here.

A decent operator is a bit like a scuba diver. In their head (or a
logbook) is a long list of possible OPSEC weaknesses, which are checked
and maintained like blood-nitrogen content to get a "feel" for their
exposure over time (which influences their actions in complex ways that
would make Jacques Cousteau confused). In the original unethical hacking
class we would do this exercise where we would randomly pull the plug on
a students network cable, and ask them "what did you leave exposed". The
goal was to instill a fear, like the old gas trainings. "Smell a lilac?
Run for the hills!
<http://www.slate.com/articles/news_and_politics/explainer/2006/08/does_poison_gas_smell_good.html>"
That sort of thing.

In any case, with "hacking of tribal websites" or "cupcake recipe
promotion
<http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/8553366/MI6-attacks-al-Qaeda-in-Operation-Cupcake.html>"
generally your operator team is smelling lilacs, and not in a good way.

-dave

"Jailbreaking"

Dave Aitel — 2012-05-23T20:42:21

So for those of you who do not follow the twitters...IntevyDis released
a new version of VulnDisco Mobile, which includes an "untethered"
jaibreak for the latest iOS.
http://www.idownloadblog.com/2012/05/22/new-jailbreak-vulndisco-mobile/

You can watch the movie to see a CANVAS node pop up as usual.

And for those of you who love movies, I'm going to be on Fox Live
tomorrow to discuss this one:
http://www.nextgov.com/cybersecurity/2012/05/al-qaeda-video-calls-electronic-jihad-government-computers/55886/?oref=ng-dropdown

Will there be buffy quotes? Who knows unless you tune in? :>

-dave

zeus plug-in

2012-05-22T04:11:45

Has anyone here analyzed the Leprechaun(sp?) plug-in for Zeus?

--dan

Tool of the day!

Dave Aitel — 2012-05-21T19:13:02

So every sub-genre of hacker has their own set of specialized knowledge.
And in the sub-genre that "sees a lot of mailspools" (which you could
label "Unix Hackers") you often have this problem where you have a lot
of email, and you want to quickly distill it down to "files that are
interesting". Of course, emails come in all shapes and sizes and are all
decoded differently and it's a bit annoying to figure out how to decode
them all.

The best tool in my experience for this is Frank Pilhofer's UUDeview
(http://www.fpx.de/fp/Software/UUDeview/) . You just point it at a
directory of mail, and "it does the right thing", offering prompts up
when it needs to. Simple, easy, and effective.


-dave

Howard Schmidt

Dave Aitel — 2012-05-18T14:01:26

"As for getting into the power grid, I can't see that that's realistic,"
Schmidt said. <http://www.wired.com/threatlevel/2010/03/schmidt-cyberwar/>

Likewise as that Threat Point article from the start of his time in the
White House points out:

"People have to recognize that when we close the door and go home, we
are just normal netizens like anyone else," Schmidt said. "I've been in
the internet from the very beginning. We don't want to see it changed to
where it is no longer available and we don't have the ability to do
things *anonymously* as we choose to in certain realms."

Also in that article you can see the initial tension between the NSA and
the office of the Cyber Security Coordinator. And the last few weeks
have been dominated by the NSA and White House togethertrying (and
failing)
<http://www.whitehouse.gov/blog/2012/01/26/legislation-address-growing-danger-cyber-threats?utm_source=related>to
push forward legislation that regulates the security of critical
infrastructure (such as the power grid).

But Schmidt's dream was always elsewhere - in the role of human identity
and the internet. And you can see it in his trusted identities strategy
<http://www.whitehouse.gov/blog/2010/06/25/national-strategy-trusted-identities-cyberspace>.
This also is where I see the largest influence from his Microsoft days,
from the days the technologies Passport and CardSpace (remember them?)
looked "promising".

But trusted identities is not necessarily where people want to go, even
if it helps security in some way (or enables rather revolutionary things
like Internet voting). And aside from a few favored vendors who wanted
to make money implementing an identity scheme for every American, you
don't see a groundswell of support.

Keep in mind that we have Aurora and the associated rise of "APT",
Wikileaks, and the public hacking of various water utilities
<http://news.cnet.com/8301-27080_3-57330029-245/dhs-denies-report-of-water-utility-hack/>
during his time in office. Also during his time America and Russia and
China
<http://www.huffingtonpost.com/2012/05/07/china-us-vow-cooperation-cybersecurity_n_1498245.html>
have connected on CyberSecurity more than you may have thought they
would. Most of what a Cyber Security Czar does is shrouded in secrecy,
so it's hard to truly say what Howard's legacy will be, but it's
probably safe to say a new identity management policy for the entire
country will not be it.

-dave

Ten years.

Dave Aitel — 2012-05-17T14:28:51

Immunity is ten years old now - and like any ten year old, it is
interested mostly in shiny things that bleep and bloop. :>

But also like any ten year old we are growing and always hungry, and so
if you're interested in working in the new DC office or Miami Beach HQ,
please let me know. We only have one perk and that is this: We'll keep
you entirely focused on breaking into things in one way or another.

-dave

New INFILTRATE 2012 Movie is up! With surpriseintroduction by Halvar!

Dave Aitel — 2012-05-14T19:07:39

OH: "So....static analysis! Let's talk about it!" (Long pause follows.)

That's pretty much straight out of most parties I go to! Luckily, there
are a few people who can go into static analysis to great levels of
depth, and some of them give talks at INFILTRATE. :>

http://www.immunityinc.com/infiltratemovies/movies/JulienVanegue.mp4

-dave

Re: Mobile Phone Security Survey

Hamid — 2012-05-11T18:47:45

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


There were some issues regarding some optional questions that has been
marked as mandatory mistakenly. Thanks to quick feedbacks they are
fixed now.

Hamid
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPrV7RAAoJEJdNrGOKdZcqp0kIAKdRp5MTJxGBZEHd7YB06kqF
OHc724eRFHF7uLEpI8OmXFaZNithtnT2RRFBQB6OVtDDcdng1iV4kj3A4U2wnUoM
DZw8WfelZ1XPCsIulR10lxDY/E7mTRGQzO24ZvlGCXGoU8+L2qin6lBrxKUNR8sp
5X/QxVpCWKTnkct3j1oaF31ZTVKcO6pygB4QC7/0yNBl4/xUs3wNsBj//bSn6DMW
7Y84pWuaAp+bHwY4rdBMkA15tXzpC4mla+4vd1A7/BV9rvENQ6V3OsBJBGpI1Hvp
1Bh2yTDOV3G0puh0MNEH5sQAIEUSfBXuoEMkant/YjYMaiQ143hh2GW66eEE4Uc=
=D9tu
-----END PGP SIGNATURE-----

Mobile Phone Security Survey

Hamid — 2012-05-11T18:13:37

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello DD!

Few weeks ago I had a writeup about (in)security trends in mobile phones
and now I've reached to a point that I need results of a survey to
validate and confirm some facts that are going to be covered in paper.

I would appreciate your help by participating in this survey, or be even
more awesome and spread it among your friends that are not security geeks!

Survey link:

http://goo.gl/pQO02


Thank you!
Hamid
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPrVbRAAoJEJdNrGOKdZcqg8YH/inKMCaa6MMwscLb0DRtvBz8
12GvtSaWq1Vx1xaqSuJfUU50JeCYBCO8+spzuL8abDgcmORUeisHAoGb1q1AkOg8
k3okbtnbCWkOWlMsLqclBnq49aple1E5LkTkeRbRwAmwxECgehQsTPifMbBHEivx
h7FCDRiBWmoDPkthkdRBDrkX615EwzY5CPgM7O40fjao6zpqalu6CVPG+9yN331C
Xou/LnzfTcSNBAZnGsfHBuT4SV0H7yJbmNJvmyh09CqCm9pU8gXL6woEKYcP3lTG
4FEg4Y3DmGbyjvORIBiz6embNR47GyEgk3sCdJmFRVTNZXnMpGUK4wqCMPyIigw=
=Lk6c
-----END PGP SIGNATURE-----

With a real team, it's not about the numbers

Dave Aitel — 2012-05-01T14:05:41

I find articles like the recent one in Forbes <http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/> quite funny in a way - and likewise talks about "rootite" and bug mining and so forth. Part of this is because philosophically I know that teams who focus on the money tend to lose. Obviously you need a lot of money to get things done in this industry, but I think it's a slippery slope from that to looking for where the money really is, which is defense <http://immunityinc.com/infiltratemovies/movies/andrewcushman_keynote.mp4>.

And when you're doing defense, you're not writing exploits, you're creating "security tests". You're not as concerned with "where will this exploit get me" so much as meeting this month's exploit quota. "How many checks do you have?" is the kind of customer you're competing for.

This month CANVAS released one exploit. And that one exploit in Samba is worth more to me than a hundred "security tests" in random bits of Microsoft software no one interesting has ever installed. [1]

You can see it in action here, or if you have CANVAS, you can download it as of last night.
http://partners.immunityinc.com/movies/CANVAS-SambaNDR.mov

-dave
[1] As a side note, you'll notice none of the static analysis companies can find this bug.
[2] Also you should read Kostya's blog post <http://expertmiami.blogspot.com/2012/05/skype-does-away-with-random-supernodes.html> today just because it's in English.

72 hours

Shari Bermudez — 2012-04-26T20:49:24

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just a reminder that there are only 72 business hours remaining before
registration closes for the WebHacking and Master training classes.
Sign up today. Call 786-220-0600 or email training< at >immunityinc.com.
The 20% discount offer for re-tweeting still stands.

http://immunityinc.com/education-currentschedule.shtml

- --
INFILTRATE 2013 is being held at the famous Fontainebleau Hotel in
Miami Beach, FL from April 11-12, 2013.  Do not miss out.  Early
registration is now open.
http://infiltratecon.com/


Shari Bermudez
Project Manager
Immunity Services LLC-a division of Immunity Inc.
1130 Washington Ave.8th FL
Miami Beach, FL 33139
(p) 786-220-0600 (f) 786-513-8100
(e) shari< at >immunityinc.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk+ZtNQACgkQTAtnp8341PUF0wCgx5GDKoCAQtxJaqV2zqoCPDfM
lewAniLlntYAHhO1LDpTNjvI1UP7exli
=O6Pe
-----END PGP SIGNATURE-----

Spooked at RSA 2012

Dave Aitel — 2012-04-26T13:55:11

So we put my RSA 2012 talk up, along with the comments from the viewers that RSA collected. 

I 100% agree with every comment in the feedback form, which include such bon mots such as "You reek of pride". Frankly, I am quite proud of what the offensive community has been able to do over the last ten years. And I was a bit hurried during the actual talk (the one below is from my 6am-dry-run-in-hotel-room since they didn't record the talk itself) - I got spooked by the 20-minutes-left sign like a novice.  
 
http://partners.immunityinc.com/movies/RSA2012.mov
https://immunityinc.com/downloads/RSA2012.pdf

What's happening at SyScan'12 Singapore

Thomas Lim — 2012-04-19T05:36:32

Dear Dailydave readers

Do you know what's going to happen at SyScan'12 Singapore next week?

BEER, BEER, BEER, BEER, BEER, BEER, BEER, BEER....

13 AWESOME SPEAKERS:
a. Stefan Esser (i0n1c)
b. Chris Valasek (nudeaberdasher)
c. Tarjei Mandt (kernelpool)
d. Alex Ionescu
e. Edgar Barbosa (0pC0de)
f. Jon Oberheide
g. Brett Moore (antic0de)
h. James Burton (Jayji)
i. Seung Jin Lee (Beist)
j. Ryan MacArthur (Backpacker)
k. Loukas (snare)
l. Aaron LeMasters (AaXon)
m. Paul Craig

BEER, BEER, BEER, BEER, BEER, BEER, BEER, BEER....

11 INCREDIBLE PRESENTATIONS, 7 BRAND NEW ONES:
a. Heaps of Doom (Brand NEW)
b. De Mysteriis Dom Jobsivs (Sub New)
c. Owning entire organisations with regional software..(Brand NEW)
d. I/O, You own (Brand NEW)
e. Entomology: A case study of rare and interesting bugs
f. Exploiting the Linux Kernel
g. ACPI 5.0 Rootkit Attacks against Windows 8 (Brand NEW)
h. iOS Kernel Heap Armageddon (Brand NEW)
i. Post Exploitation Process Continuation
k. iOS Applications - Different Developers, Same Mistakes (Brand NEW)
l. Automating the Identification of Data Structures (Brand NEW)

BEER, BEER, BEER, BEER, BEER, BEER, BEER, BEER....

SECURE CODING COMPETITION WITH $10,000, $7,000 AND $3,000 CASH

BEER, BEER, BEER, BEER, BEER, BEER, BEER, BEER....

PHONES4PWN WITH $15,000 CASH

BEER, BEER, BEER, BEER, BEER, BEER, BEER, BEER....BEER, BEER, BEER,
BEER, BEER, BEER, BEER, BEER....BEER, BEER, BEER, BEER, BEER, BEER,
BEER, BEER....

SHACK< at >PATTAYA

BEER, BEER, BEER, BEER, BEER, BEER, BEER, BEER....LADYBOYS, LADYBOYS,
LADYBOYS, LADYBOYS, LADYBOYS, LADYBOYS, LADYBOYS, LADYBOYS...BEER, BEER,
BEER, BEER, CHAMPAGNE, CIGARS, BEER, BEER....LADYBOYS, LADYBOYS,
LADYBOYS, LADYBOYS, LADYBOYS, LADYBOYS, LADYBOYS, LADYBOYS...BEER, BEER,
BEER, BEER, BEER, BEER, BEER, BEER....LADYBOYS, LADYBOYS, LADYBOYS,
LADYBOYS, LADYBOYS, LADYBOYS, LADYBOYS, LADYBOYS...

Save yourself 20% by tweeting

Shari Bermudez — 2012-04-23T19:16:16

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Want to come to our June Master or WebHacking class but do not want to
pay full price?  You can save yourself 20% in ~5 minutes by following
these simple steps:

(1) If you are not already doing so, follow us on Twitter < at >immunityinc
and/or < at >infiltratecon.

(2) ReTweet this tweet from today: "RT and receive 20% off June
training classes when you sign up before 4/27! ow.ly/asvSG e-mail
admin< at >immunityinc for info!"

(3) Email training< at >immunityinc.com to sign up for your class at 20%
off of the listed price!

- --
INFILTRATE 2013 is being held at the famous Fontainebleau Hotel in
Miami Beach, FL from April 11-12, 2013.  Do not miss out.  Early
registration is now open.
http://infiltratecon.com/


Shari Bermudez
Project Manager
Immunity Services LLC-a division of Immunity Inc.
1130 Washington Ave.8th FL
Miami Beach, FL 33139
(p) 786-220-0600 (f) 786-513-8100
(e) shari< at >immunityinc.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk+VqoAACgkQTAtnp8341PXT/QCfSWJKgh/78RK8r8Iws56yUO5G
vKEAnjXG/QhWY47///2mMVV5fJwFxvu/
=0K8p
-----END PGP SIGNATURE-----

TIME IS RUNNING OUT

Shari Bermudez — 2012-04-20T14:19:53

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Time is running out to sign up for our June WebHacking and Master
Training Classes.   If you are thinking about reserving your seat but
have not done so, the time to sign up is now.

_June 4-6, 2012 - WebHacking Class:  _
Immunity's WebHacking course focuses on understanding common web
hacking techniques by having students exploit vulnerable systems.
Security professionals with some hands on web hacking experience will
get the most out of this course.
_
June 4-8, 2012 - Master Class:_
The Master class focuses on SMT, kernel exploitation and vulnerability
findings. Intermediate to advanced exploit development skills are
recommended for students wishing to take the Master class.

Please email training< at >immunityinc.com to sign up, obtain a copy of the
prerequisite test or for additional information.

We hope to see you in Miami Beach soon!

- --
INFILTRATE 2013 is being held at the famous Fontainebleau Hotel in
Miami Beach, FL from April 11-12, 2013.  Do not miss out.  Early
registration is now open.
http://infiltratecon.com/


Shari Bermudez
Project Manager
Immunity Services LLC-a division of Immunity Inc.
1130 Washington Ave.8th FL
Miami Beach, FL 33139
(p) 786-220-0600 (f) 786-513-8100
(e) shari< at >immunityinc.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk+RcIgACgkQTAtnp8341PWvogCgjMeh85VBaea5/anVxs26e3HI
9MwAoIL/OPPMPWr7xc++vNk0u2XoMtEC
=lUyj
-----END PGP SIGNATURE-----

RIT!

Dave Aitel — 2012-04-18T16:12:14

Chris and Miguel are heading up to RIT today and will be around tomorrow
recruiting for Immunity. If you're at or near RIT and you want to hear
about the fun stuff they're working (which you can help work on!) then
send admin< at >immunityinc.com <mailto:admin< at >immunityinc.com> a quick email
and they'll vector you in! I hear there will be real wings served the
way only upstate NY knows how. I miss those wings, I have to say.

Down here in Miami Beach, Shuckers <http://shuckersbarandgrill.com/> has
the best wings. And it's reachable by boat!

-dave

Re: CISPA == MAPP

Richard Bejtlich — 2012-04-17T20:26:10

Hi Allison,

I have a different view -- I'll try not to step on too many toes. :)


The problem is people are approaching this as a technical problem.
It's a trust problem.


The incentive is to not share.  There is no incentive for a company to
tell anyone that they've been breached.


The bill in question doesn't say the government is entitled to your
information.  They're trying to improve the incentives for companies
to tell the government that they've been compromised so that the
problem is better understood.

I regularly speak to significant intrusion victims, and my company
helps them recover.  If you think I'm biased, I am biased towards
experiencing this problem on a sadly too frequent basis, over the last
14 years.

I don't think any legislation is perfect, or maybe even required,
since "intel sharing" between government and the private sector isn't
going to have as much impact as the legislators think.  However,
having met Chairman Rogers and been in several private and public
meetings with the principal legislators concerned, I think they are
trying to make a difference without harming civil liberties.

Sincerely,

Richard

Hack Cup 2012

Nicolas Waisman — 2012-04-18T13:33:25

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Immunity is excited to announce our third annual Hack Cup this year in
Las Vegas! As always, it will be held on the first day of DefCon (July,
27th).

Anyone interested in playing indoor soccer is welcome to join! The
dynamic will be the same as previous years:

 o The tournament will go from 9:00-13:00.

 o We will have 12 teams of five players each, playing 15-minute matches
in four different groups. We recommend that you have at least 2-5
substitutes as it's a very fast field and you may have had a few beers
the night before. Last year, several teams absorbed people who came
without a team, so if you don't know five other soccer players, all is
not lost. You'll make new friends!

Last year the Spanish team FOCA won the tournament.  Can they defend
their victory title or will another team cause an upset?

We just opened the team subscription page which can be found here:
http://www.hack-cup.com/add-your-team

Keep in mind that there are only 12 spots and it's first come, first
serve!

For more information or pictures of last year, please visit our
stunningly attractive and highly scalable website:
http://www.hack-cup.com/

Thanks,
Team Hack Cup!

PS: Almost forgot about the mandatory Buffy quote:

DAWN:    Whatcha doin'?
BUFFY:  (Reading a magazine) Playing soccer.

- -- 
Nico Waisman
Immunity, Inc.
nicolas< at >immunityinc.com
(+54) 11-4833-3205.
Malabia 2162 2nd floor
Buenos Aires, Argentina

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+OwqUACgkQnx8KWzmcRsEi8ACgnn23HNF4dLbRtIXsj0TFOcMd
fF4Ani/mqWhBd3SSooeIqcKh5Z75dhlk
=rhwp
-----END PGP SIGNATURE-----