gmane.comp.security.dailydave

Iron Man, nukes, vogon poetry.

Dave Aitel — 2012-05-25T17:34:44

So now that Max is six, I get to read comic books while pretending
they're for him. And one thing you learn quickly is that the comic books
people revere - the old-school Stan Lee era comic books - are godawful.
They're just terrible. The art is terrible. The writing is campy and
flowless and just basically as nauseating as possible describing
characters without motivation, depth or charm. It's Vogon-poetry level
stuff.

That said, it's "age-appropriate" for a six year old. And because these
characters are still relentlessly marketed today, their 60's era
original cardboard cutouts are still "cool" to modern kids.

You can get good comics as well, but they tend to give a six year old
nightmares. The best
<http://www.amazon.com/Astonishing-X-Men-Omnibus-Joss-Whedon/dp/0785138013/ref=ntt_at_ep_dpt_2>,
obviously, is an X-Men comic written by Joss Whedon, who wrote Buffy and
the new Avengers movie. But if your six year old is anything like mine,
he wants to dress up as Iron Man all the time (cause why not if you

Re: Hacking the tribal websites, scuba divers,and lilacs.

Dave Aitel — 2012-05-24T16:08:15

People are pointing out that they didn't so much "hack" as "buy ad
space", which kinda ruins my point and doesn't let me vent about the
person behind me during my commute this morning. :>

http://www.lawfareblog.com/2012/05/state-department-hackers/ has more
information. The Cupcake thing was real though, iiuc.

-dave

On 5/24/12 10:47 AM, Dave Aitel wrote:

Re: Hacking the tribal websites, scuba divers, and lilacs.

Karin Kosina — 2012-05-24T15:09:02

Hello,

  This whole State-hacking-Yemeni-websites story is probably not true.
It seems that the original AP report misquoted Secretary Clinton. It 
appears they didn't "hack" anything, just spammed a bunch of forums: 

  http://www.lawfareblog.com/2012/05/state-department-hackers/      

Bestest, 
kyrah

PS. This does not take away from Dave's argument in any way of course,
    just thought I'd share it.

_______________________________________________
Dailydave mailing list
Dailydave< at >lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Hack Cup 2012

Nicolas Waisman — 2012-05-24T15:28:19

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We have only three slot left for the Hack Cup tournament. Whether you
are good at soccer or not, it's a good excuse to getaway for the Vegas
noise, play a team sport and just have fun.

Sign up today as a team or a free player here:
https://www.hack-cup.com/add-your-team

Cheers
Nico

- -- 
Nico Waisman
Immunity, Inc.
nicolas< at >immunityinc.com
(+54) 11-4833-3205.
Malabia 2162 2nd floor
Buenos Aires, Argentina

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk++U5MACgkQnx8KWzmcRsGf1QCeN1RbGIp9opV3YLv8CHzY0XMX
Td8AnitooMpD0TYp1pamoO4auvPW79bX
=tKII
-----END PGP SIGNATURE-----

Hacking the tribal websites, scuba divers, and lilacs.

Dave Aitel — 2012-05-24T14:47:59

http://www.washingtonpost.com/national/clinton-state-department-hacked-al-qaida-sites-in-yemen-part-of-covert-war-on-terror/2012/05/23/gJQAKFOdlU_story.html


So you know how when you're at a stoplight, and you see flashing lights
from a fire truck behind you, and you'll carefully maneuver to pull over
into a nook on the side of the road? But sometimes the person behind you
will just scoot forward to claim your space, blocking the firetruck and
ruining the whole point of your moving aside. Then like, at the very
next block, they'll do the exact same thing to the little SUV that
follows the fire truck? And at that point you'll look back, trying to
figure out who they are, and what it is exactly about the situation here
they're not getting, while making certain culturally appropriate yet not
too violent (Miami has liberal concealed carry laws) gestures?

In a nutshell, that's how operators feel when policy makers ask them to
deface websites. On the surface, removing Al Qaeda propaganda may SEEM
like a step for

"Jailbreaking"

Dave Aitel — 2012-05-23T20:42:21

So for those of you who do not follow the twitters...IntevyDis released
a new version of VulnDisco Mobile, which includes an "untethered"
jaibreak for the latest iOS.
http://www.idownloadblog.com/2012/05/22/new-jailbreak-vulndisco-mobile/

You can watch the movie to see a CANVAS node pop up as usual.

And for those of you who love movies, I'm going to be on Fox Live
tomorrow to discuss this one:
http://www.nextgov.com/cybersecurity/2012/05/al-qaeda-video-calls-electronic-jihad-government-computers/55886/?oref=ng-dropdown

Will there be buffy quotes? Who knows unless you tune in? :>

-dave

zeus plug-in

2012-05-22T04:11:45

Has anyone here analyzed the Leprechaun(sp?) plug-in for Zeus?

--dan

Tool of the day!

Dave Aitel — 2012-05-21T19:13:02

So every sub-genre of hacker has their own set of specialized knowledge.
And in the sub-genre that "sees a lot of mailspools" (which you could
label "Unix Hackers") you often have this problem where you have a lot
of email, and you want to quickly distill it down to "files that are
interesting". Of course, emails come in all shapes and sizes and are all
decoded differently and it's a bit annoying to figure out how to decode
them all.

The best tool in my experience for this is Frank Pilhofer's UUDeview
(http://www.fpx.de/fp/Software/UUDeview/) . You just point it at a
directory of mail, and "it does the right thing", offering prompts up
when it needs to. Simple, easy, and effective.


-dave

Howard Schmidt

Dave Aitel — 2012-05-18T14:01:26

"As for getting into the power grid, I can't see that that's realistic,"
Schmidt said. <http://www.wired.com/threatlevel/2010/03/schmidt-cyberwar/>


Likewise as that Threat Point article from the start of his time in the
White House points out: 


"People have to recognize that when we close the door and go home, we
are just normal netizens like anyone else," Schmidt said. "I've been in
the internet from the very beginning. We don't want to see it changed to
where it is no longer available and we don't have the ability to do
things *anonymously* as we choose to in certain realms."


Also in that article you can see the initial tension between the NSA and
the office of the Cyber Security Coordinator. And the last few weeks
have been dominated by the NSA and White House togethertrying (and
failing)
<http://www.whitehouse.gov/blog/2012/01/26/legislation-address-growing-danger-cyber-threats?utm_source=related>to
push forward legislation that regulates the security of critical
infrastructure (such as the power g

Ten years.

Dave Aitel — 2012-05-17T14:28:51

Immunity is ten years old now - and like any ten year old, it is
interested mostly in shiny things that bleep and bloop. :>

But also like any ten year old we are growing and always hungry, and so
if you're interested in working in the new DC office or Miami Beach HQ,
please let me know. We only have one perk and that is this: We'll keep
you entirely focused on breaking into things in one way or another.

-dave

New INFILTRATE 2012 Movie is up! With surpriseintroduction by Halvar!

Dave Aitel — 2012-05-14T19:07:39

OH: "So....static analysis! Let's talk about it!" (Long pause follows.)

That's pretty much straight out of most parties I go to! Luckily, there
are a few people who can go into static analysis to great levels of
depth, and some of them give talks at INFILTRATE. :>

http://www.immunityinc.com/infiltratemovies/movies/JulienVanegue.mp4

-dave

Re: Mobile Phone Security Survey

Hamid — 2012-05-11T18:47:45

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


There were some issues regarding some optional questions that has been
marked as mandatory mistakenly. Thanks to quick feedbacks they are
fixed now.

Hamid
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPrV7RAAoJEJdNrGOKdZcqp0kIAKdRp5MTJxGBZEHd7YB06kqF
OHc724eRFHF7uLEpI8OmXFaZNithtnT2RRFBQB6OVtDDcdng1iV4kj3A4U2wnUoM
DZw8WfelZ1XPCsIulR10lxDY/E7mTRGQzO24ZvlGCXGoU8+L2qin6lBrxKUNR8sp
5X/QxVpCWKTnkct3j1oaF31ZTVKcO6pygB4QC7/0yNBl4/xUs3wNsBj//bSn6DMW
7Y84pWuaAp+bHwY4rdBMkA15tXzpC4mla+4vd1A7/BV9rvENQ6V3OsBJBGpI1Hvp
1Bh2yTDOV3G0puh0MNEH5sQAIEUSfBXuoEMkant/YjYMaiQ143hh2GW66eEE4Uc=
=D9tu
-----END PGP SIGNATURE-----

Mobile Phone Security Survey

Hamid — 2012-05-11T18:13:37

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello DD!

Few weeks ago I had a writeup about (in)security trends in mobile phones
and now I've reached to a point that I need results of a survey to
validate and confirm some facts that are going to be covered in paper.

I would appreciate your help by participating in this survey, or be even
more awesome and spread it among your friends that are not security geeks!

Survey link:

http://goo.gl/pQO02


Thank you!
Hamid
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPrVbRAAoJEJdNrGOKdZcqg8YH/inKMCaa6MMwscLb0DRtvBz8
12GvtSaWq1Vx1xaqSuJfUU50JeCYBCO8+spzuL8abDgcmORUeisHAoGb1q1AkOg8
k3okbtnbCWkOWlMsLqclBnq49aple1E5LkTkeRbRwAmwxECgehQsTPifMbBHEivx
h7FCDRiBWmoDPkthkdRBDrkX615EwzY5CPgM7O40fjao6zpqalu6CVPG+9yN331C
Xou/LnzfTcSNBAZnGsfHBuT4SV0H7yJbmNJvmyh09CqCm9pU8gXL6woEKYcP3lTG
4FEg4Y3DmGbyjvORIBiz6embNR47GyEgk3sCdJmFRVTNZXnMpGUK4wqCMPyIigw=
=Lk6c
-----END PGP SIGNATURE--

With a real team, it's not about the numbers

Dave Aitel — 2012-05-01T14:05:41

I find articles like the recent one in Forbes <http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/> quite funny in a way - and likewise talks about "rootite" and bug mining and so forth. Part of this is because philosophically I know that teams who focus on the money tend to lose. Obviously you need a lot of money to get things done in this industry, but I think it's a slippery slope from that to looking for where the money really is, which is defense <http://immunityinc.com/infiltratemovies/movies/andrewcushman_keynote.mp4>. 

And when you're doing defense, you're not writing exploits, you're creating "security tests". You're not as concerned with "where will this exploit get me" so much as meeting this month's exploit quota. "How many checks do you have?" is the kind of customer you're competing for.

This month CANVAS released one exploit. And that one exploit in Samba is worth more to me than a hundred "security tes

72 hours

Shari Bermudez — 2012-04-26T20:49:24

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just a reminder that there are only 72 business hours remaining before
registration closes for the WebHacking and Master training classes.
Sign up today. Call 786-220-0600 or email training< at >immunityinc.com.
The 20% discount offer for re-tweeting still stands.

http://immunityinc.com/education-currentschedule.shtml

- --
INFILTRATE 2013 is being held at the famous Fontainebleau Hotel in
Miami Beach, FL from April 11-12, 2013.  Do not miss out.  Early
registration is now open.
http://infiltratecon.com/


Shari Bermudez
Project Manager
Immunity Services LLC-a division of Immunity Inc.
1130 Washington Ave.8th FL
Miami Beach, FL 33139
(p) 786-220-0600 (f) 786-513-8100
(e) shari< at >immunityinc.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk+ZtNQACgkQTAtnp8341PUF0wCgx5GDKoCAQtxJaqV2zqoCPDfM
lewAniLlntYAHhO1LDpTNjvI1UP7exli
=O6Pe
-----END PGP SIGNATURE-----

Spooked at RSA 2012

Dave Aitel — 2012-04-26T13:55:11

So we put my RSA 2012 talk up, along with the comments from the viewers that RSA collected. 

I 100% agree with every comment in the feedback form, which include such bon mots such as "You reek of pride". Frankly, I am quite proud of what the offensive community has been able to do over the last ten years. And I was a bit hurried during the actual talk (the one below is from my 6am-dry-run-in-hotel-room since they didn't record the talk itself) - I got spooked by the 20-minutes-left sign like a novice.  
 
http://partners.immunityinc.com/movies/RSA2012.mov
https://immunityinc.com/downloads/RSA2012.pdf

What's happening at SyScan'12 Singapore

Thomas Lim — 2012-04-19T05:36:32

Dear Dailydave readers

Do you know what's going to happen at SyScan'12 Singapore next week?

BEER, BEER, BEER, BEER, BEER, BEER, BEER, BEER....

13 AWESOME SPEAKERS:
a. Stefan Esser (i0n1c)
b. Chris Valasek (nudeaberdasher)
c. Tarjei Mandt (kernelpool)
d. Alex Ionescu
e. Edgar Barbosa (0pC0de)
f. Jon Oberheide
g. Brett Moore (antic0de)
h. James Burton (Jayji)
i. Seung Jin Lee (Beist)
j. Ryan MacArthur (Backpacker)
k. Loukas (snare)
l. Aaron LeMasters (AaXon)
m. Paul Craig

BEER, BEER, BEER, BEER, BEER, BEER, BEER, BEER....

11 INCREDIBLE PRESENTATIONS, 7 BRAND NEW ONES:
a. Heaps of Doom (Brand NEW)
b. De Mysteriis Dom Jobsivs (Sub New)
c. Owning entire organisations with regional software..(Brand NEW)
d. I/O, You own (Brand NEW)
e. Entomology: A case study of rare and interesting bugs
f. Exploiting the Linux Kernel
g. ACPI 5.0 Rootkit Attacks against Windows 8 (Brand NEW)
h. iOS Kernel Heap Armageddon (Brand NEW)
i. Post Exploitation Process Continuation
k. iOS Applications - Different Developers, Same Mist

Save yourself 20% by tweeting

Shari Bermudez — 2012-04-23T19:16:16

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Want to come to our June Master or WebHacking class but do not want to
pay full price?  You can save yourself 20% in ~5 minutes by following
these simple steps:

(1) If you are not already doing so, follow us on Twitter < at >immunityinc
and/or < at >infiltratecon.

(2) ReTweet this tweet from today: "RT and receive 20% off June
training classes when you sign up before 4/27! ow.ly/asvSG e-mail
admin< at >immunityinc for info!"

(3) Email training< at >immunityinc.com to sign up for your class at 20%
off of the listed price!

- --
INFILTRATE 2013 is being held at the famous Fontainebleau Hotel in
Miami Beach, FL from April 11-12, 2013.  Do not miss out.  Early
registration is now open.
http://infiltratecon.com/


Shari Bermudez
Project Manager
Immunity Services LLC-a division of Immunity Inc.
1130 Washington Ave.8th FL
Miami Beach, FL 33139
(p) 786-220-0600 (f) 786-513-8100
(e) shari< at >immunityinc.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuP

TIME IS RUNNING OUT

Shari Bermudez — 2012-04-20T14:19:53

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Time is running out to sign up for our June WebHacking and Master
Training Classes.   If you are thinking about reserving your seat but
have not done so, the time to sign up is now.

_June 4-6, 2012 - WebHacking Class:  _
Immunity's WebHacking course focuses on understanding common web
hacking techniques by having students exploit vulnerable systems.
Security professionals with some hands on web hacking experience will
get the most out of this course.
_
June 4-8, 2012 - Master Class:_
The Master class focuses on SMT, kernel exploitation and vulnerability
findings. Intermediate to advanced exploit development skills are
recommended for students wishing to take the Master class.

Please email training< at >immunityinc.com to sign up, obtain a copy of the
prerequisite test or for additional information.

We hope to see you in Miami Beach soon!

- --
INFILTRATE 2013 is being held at the famous Fontainebleau Hotel in
Miami Beach, FL from April 11-12, 2013.  Do not miss ou

RIT!

Dave Aitel — 2012-04-18T16:12:14

Chris and Miguel are heading up to RIT today and will be around tomorrow
recruiting for Immunity. If you're at or near RIT and you want to hear
about the fun stuff they're working (which you can help work on!) then
send admin< at >immunityinc.com <mailto:admin< at >immunityinc.com> a quick email
and they'll vector you in! I hear there will be real wings served the
way only upstate NY knows how. I miss those wings, I have to say.

Down here in Miami Beach, Shuckers <http://shuckersbarandgrill.com/> has
the best wings. And it's reachable by boat!

-dave

Re: CISPA == MAPP

Richard Bejtlich — 2012-04-17T20:26:10

Hi Allison,

I have a different view -- I'll try not to step on too many toes. :)


The problem is people are approaching this as a technical problem.
It's a trust problem.


The incentive is to not share.  There is no incentive for a company to
tell anyone that they've been breached.


The bill in question doesn't say the government is entitled to your
information.  They're trying to improve the incentives for companies
to tell the government that they've been compromised so that the
problem is better understood.

I regularly speak to significant intrusion victims, and my company
helps them recover.  If you think I'm biased, I am biased towards
experiencing this problem on a sadly too frequent basis, over the last
14 years.

I don't think any legislation is perfect, or maybe even required,
since "intel sharing" between government and the private sector isn't
going to have as much impact as the legislators think.  However,
having met Chairman Rogers and been in several private and public
meetings with the p