Wednesday, July 30, 2008

up too late

got a new gig! pretty exciting. getting to focus in on web app stuff, and am working w/ folk who have some talent and exp... just bein around, listening, and asking questions should help me learn plenty of good stuff.

i'm in corp world wearing a suit atm w/ the new gig, but it's just a disguise ;)



so, along that vein of blending in but being different, i stopped looking at webapps and went back to a project brought up at my local citysec a while back. basically a discussion over how to detect malware the way potter is talking about coming up in vegas (iiuc: looking at the extremities of the bell curve of network flows to identify malware).

so i got a vm to kick around and found some live malware which was described as running over http... i've got a lot of analysis to do, and who knows if i'll ever get to what i want w/ it, but it's been interesting (and of course, there were unintended consiquences ;). here's some excerpts in a .txt so the blog doesn't completely dork the formatting...
Posted by at 2 comments:
Labels: , , ,

Saturday, July 19, 2008

irony?

via wikipedia:

There is some argument about what is or is not ironic, but all the different senses of irony revolve around the perceived notion of an incongruity between what is said and what is meant; or between an understanding of reality, or an expectation of a reality, and what actually happens.


so... is it ironic (per se? lol) that breaking up patterns is used to defeat IDS and WAFs, but also used to make sure you get served adds?

// split things up to **** blockers
var url = 'http://a'+'d.doublecl'+'ick.net/' + embedType + '/****.';


this last bit is tangental (surprised?). imo, the net neutral crowd had better be prepared to fight the powers that be long and hard, b/c there's a lot of movers and shakers who get pushed out of $$$ if they can't find a way to start taking money for all the time you spend online...
Posted by at 3 comments:

Thursday, July 17, 2008

google stuff

ran across this as well... i guess it is a google security service for web2 stuff... need to dig up some more info, but here's what caught my attn:

POST: http://safebrowsing.clients.google.com:80/safebrowsing/downloads?client=Firefox&appver=3.0&pver=2.1&wrkey=

Host safebrowsing.clients.google.com
User-Agent Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061015 Firefox/3.0
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language en-us,en;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 300
Proxy-Connection keep-alive
Content-length 25124
Content-Type text/plain

goog-malware-shavar;a:29,63-65,68-70,72-74,76-86,
88-100,102-104,106-111,114-115,118-126,128-134,
136-140,142,144-147,150-159,161-168,170-177,
179-180,184-186,188-190,192-195,198-211,213-214,
216-244,246-249,262,269-276,278-279,281-288,
290-299,301-308,311-313,
329-331,333-335,338-339,341-342,344-346,348-366,
369-370,372-392,394-396,399-408,410-413,415-416,
418-419,421-424,426-474,476-498,500-506,508-532,
534-535,537-539,541-569,571-574,576-578,580-583,
586-589,591-608,610-613,615-617,620-621,625,627,
629-631,635,639,645,647-648,650,652,663-664,666,
674,685,692,708,713,716,724,730-731,741,749,751,
754,760,767,771,778-780,783-784,793,796-797,802,
806,808,820-821,825,831,833,843-844,847,849,852,
854,856-857,861,863,869,873,888,891,893,895-897,
900,902-903,909-910,912-914,919,921,924,926,
928-932,934-937,940,944-946,949,953-954,958,962,
964-967,970-971,974-977,980-981,985-986,989-990,
993,1000,1003,1013,1019,1030,1035,1037,1040,1049,
1051,1054-1055,1064,1067,1071-1072,1075,1077,
1089,1093,1101,1106,1110,1118-1119,1122,1134,
1146-1148,1150,1152,1154-1155,1163,1175-1176,1179,
1185,1192,1200-1201,1204,1209,1213,1216,1222-1223,
1226,1229,1235,1243,1246,1266,1270,1272-1273,1276,
1279,1281,1289-1290,1292-1293,1296,1299,1303,
1306-1308,1310,1316-1317,1319,1321-1322,1324,1336,
1348-1349,1351,1355,1362,1378,1380-1381,1383-1384,
1387,1390,1394,1399,1402,1407,1416,1426,1431,1435,
1438,1440-1443,1449,1461,1463,1469,1473,1478,1482,
1487,1497-1509,1511,1513-1532,1536-1537,1540,1542,
1544-1545,1547-1553,1555-1571,1573,1577,1582-1583,
1585,1588-1589,1591-1592,1597,1608,1620-1623,
1625-1627,1631,1633,1739,1742,1746-1747,1758,1823,
1851,1888,1911,1915,1919,1932,1953,1956,1961-1962,
1964-1965,1969-1971,1976,1978,1981,2000,2004-2007,
2011,2025,2027,2031,2033-2035,2038,2040,2044,
2046-2047,2066-2067,2071-2072,2074,2091,2093,2096,
2099-2102,2109,2113-2114,2117-2133,2135-2136,
2138-2139,2141,2143-2149,2151-2169,2185,2187-2189,
2191,2194-2196,2205,2210,2213-2216,2224,2227,2260,
2330-2331,2372,2378,2385,2387,2392,2397,2429-2431,
2434-2436,2438-2441,2445-2446,2448-2449,2451,2454,
2457,2466-2469,2471-2473,2475,2479-2482,2485-2486,
2488-2489,2491-2493,2495-2496,2498-2500,2502,2508,
2512,2516,2520-2534,2544-2545,2548-2551,2561,
2563-2565,2571-2578,2583,2586,2589,2593,2600,
2602-2604,2607,2610,2620-2622,2625-2626,2631-2632,
2640-2644,2647-2649,2651,2653-2655,2664-2665,
2668-2672,2674-2675,2681,2683,2695-2696,2702-2708,
2710,2712-2720,2724-2726,2728,2730-2731,2733-2736,
2738,2742-2743,2745-2752,2754-2765,2767,2773-2774,
2776,2778-2779,2781,2785-2786,2791,2797-2818,
2820-2825,2827-2841,2843-2871,2873-2878,2880-2906,
2910,2913-2978,2980-2992,2995-3020,3022,3024-3031,
3033-3065,3068-3169,3171-3178,3180-3183,3185-3186,
3188-3190,3193-3196,3199-3204,3207,3210-3211,
3218-3219,3223,3227-3228,3231-3232,3235,3240,
3249-3250,3252-3254,3256,3260,3263-3264,3266,
3268-3271,3275-3277,3279,3284,3297,3299-3302,3307,
3309-3311,3313-3316,3318-3326,3330,3336-3338,
3346-3349,3351-3377,3379,3381-3383,3385-3391,
3395-3398,3405-3420,3430,3432,3436,3439-3502,
3505-3531,3537-3580,3582-3741,3747,3749,3751,3753,
3755,3757-3784,3788-3789,3791-3792,3794-3795,3798,
3805,3808,3813-3820,3822-3836,3838,3840-3895,
3897-3913,3915,3918,3920,3922,3926,3929-3933,
3935-3936,3938-3939,3943-3944,3947-3951,3954-3956,
3960-3961,3963-3966,3968,3972,3976,3980,3983,
3987-3989,3992,3994,3996,3998-3999,4001-4003,4005,
4007-4008,4011-4012,4014,4017-4019,4023,4025,
4027-4028,4031-4032,4035,4039,4041-4045,4047,4049,
4058-4062,4065,4068,4070,4073,4075,4077,4079,4083,
4087,4090,4092-4093,4095,4097-4100,4105-4106,4108,
4110-4111,4113,4116-4118,4122,4125,4127,4130,
4132-4134,4136-4138,4140-4141,4145-4146,4148-4149,
4151,4156,4161-4162,4166,4168,4170,4172,4175,4177,
4179,4181,4185-4186,4197,4208,4213-4215,4219,
4222-4224,4226-4227,4230-4231,4235,4240-4242,
4244-4246,4248,4250-4251,4254-4255,4257-4259,
4261-4262,4265,4269,4272,4274,4276,4278,4281-4283,
4286,4288,4291,4293,4295-4297,4299,4303,4305,
4307-4311,4313,4316,4318,4320-4321,4323-4324,4327,
4330,4332,4334,4337,4339-4341,4346-4347,4349,4351,
4354,4356,4358,4360-4361,4363-4367,4369,4373,
4376-4377,4380,4383,4385,4389-4390,4392-4393,4396,
4399,4401-4402,4404,4406-4407,4409,4411,4413,
4416-4423,4426,4428,4431-4432,4434-4435,4438,4440,
4442,4444,4446,4448-4449,4451-4452,4455,4458-4460,4463-4464,4467-4468,4471,4474,4479,4481,4485,4487,4489-4490,4492,4495,4498,4501-4502,4505,4507-4508,4511-4512,4515-4516,4518,4520-4521,4523,4525-4526,4528-4534,4537-4539,4543-4544,4546,4548-4549,4551,4553,4558,4562-4563,4565,4568,4570,4572-4573,4576-4578,4580-4581,4587,4591,4594,4596-4598,4600-4601,4603-4606,4608,4610,4612,4614-4619,4622,4625,4628,4630-4632,4635,4637,4640,4643,4647-4650,4653-4655,4657-4658,4660,4663-4665,4667-4669,4671,4673-4676,4678-4679,4681,4685-4686,4689-4690,4692-4698,4700-4701,4703-4705,4707-4708,4710-4714,4718-4721,4723-4726,4730-4731,4734,4737,4739-4741,4744-4747,4751,4754,4756-4758,4760-4784,4786-4787,4789,4791,4794,4798,4800-4802,4804,4806,4808,4810,4813,4815,4818-4821,4823-4825,4827-4830,4832,4834,4837-4838,4840,4842-4843,4845,4847,4849,4851-4854,4856,4858-4862,4864-4866,4868-4869,4872-4873,4875,4877-4882,4884-4886,4888-4889,4891-4892,4894-4898,4900-4904,4906-4908,4910-4913,4917-4918,4920-4921,4923-4924,4926-4928,4930-4932,4935-4936,4938-4939,4942-4951,4953-4955,4959-4963,4966-4967,4969-4976,4979-4982,4984-4997,5000,5002-5016,5018-5024,5026-5031,5033-5042,5045-5046,5048-5054,5056-5058,5060-5061,5063-5065,5067-5070,5072-5080,5082-5089,5091-5092,5094-5107,5109-5138:s:1-958,960-967,969-1001,1004-1006,1008,1011,1014-1019,1021-1225,1229-1243,1245-1246,1250-1252,1263-1266,1268-1371,1373-1487,1489-1492,1496-1506,1508-1509,1511-1518,1520-1521,1523-1530,1538-1541,1545-1546,1549-1550,1552,1557-1558,1560,1566-1572,1574-1660,1663-1672,1675-1693,1695,1697,1700-1702,1704-1746,1748-1794,1797-1799,1802-1813,1815-1837,1848,1853-1859,1864-1877,1883-1887,1889-1892,1898-2000,2002-2009,2011-2032,2034-2037,2039-2081,2083-2092,2094-2114,2116-2120,2122-2124,2127,2129,2131,2133-2134,2136-2138,2140,2145-2160,2166-2191,2193-2204,2206-2230,2236-2357,2359-2374,2376-2377,2379,2381-2394,2398-2403,2405-2409,2411-2412,2420-2431,2435-2444,2446-2466,2470-2472,2474-2490,2497-2503,2509-2514,2520-2529,2532-2541,2548-2549,2553-2554,2557,2560-2562,2566-2577,2579-2580,2587-2600,2602,2607-2612,2614-2625,2629-2631,2633-2644,2648-2654,2666-2709,2713-2977,2980-2996,2998-3008,3010-5203:mac
goog-phish-shavar;a:8860,9140,9157,9783,9910,9947,9978,10037,10065,10097,10142,10144,10149,10166,10194,10243,10258,10282,10308,10352,10362,10365,10373-10374,10387,10403-10404,10415,10487,10489-10491,10507,10509,10513,10517,10520,10523,10541-10542,10555-10556,10581,10592,10608,10621,10623,10626-10628,10647,10672-10673,10677,10680-10681,10747,10753,10760,10792-10794,10797,10812,10814,10817,10853,10875-10876,10881,10883-10884,10886,10894,10898,10903,10905,10910,10916,10924,10926,10997,11024,11043,11100,11124,11142,11165,11249,11252,11254,11257,11265,11269,11274,11291,11309,11331,11346-11347,11370,11378,11384,11394-11395,11397-11399,11401-11402,11404-11406,11469,11472,11474,11481,11509,11523-11524,11527-11528,11531,11539-11540,11550,11552-11554,11558-11559,11569,11583,11590-11591,11608,11642,11665,11669,11686,11695,11707,11709,11732-11733,11772-11773,11779,11791,11817,11833-11834,11843,11845,11853,11855,11861,11870,11892,11907,11941,11947,11971,12044-12046,12049,12077,12102,12156,12160,12162,12164,12166,12169,12171,12173-12174,12188-12189,12194,12199,12211,12229,12240,12275,12277,12279-12281,12292,12296-12297,12303,12318,12320,12323,12331-12334,12339,12379,12385,12391,12400,12414,12431,12433,12435-12440,12444,12446,12452,12457,12466,12468,12476-12478,12498,12503,12525,12551,12557,12560-12562,12564,12566,12568,12571-12573,12575,12577,12584-12585,12587,12595,12598-12599,12602,12607,12610,12613,12619,12621-12622,12639-12640,12690,12698-12699,12705,12707,12709,12720,12723,12727-12728,12731,12736-12737,12739,12748,12754,12758,12761,12768,12771,12800,12839,12846-12847,12849,12851-12860,12864,12867,12877,12910,12916,12931,12960,12975,12977,12980-12983,12989,12994,12999-13000,13002,13031,13037,13042,13047,13068,13082,13085,13087,13089-13094,13103-13104,13109,13114,13116,13119,13140,13142,13145-13147,13150-13151,13162-13163,13165-13166,13174-13175,13181,13187,13205,13216,13221,13223-13224,13226-13229,13231,13234-13236,13240,13248,13255,13262,13270,13272-13273,13276-13278,13284,13299-13300,13304-13308,13310-13313,13315-13392,13394-13406,13408,13410-13448,13450-13453,13455-13460,13462-13465,13467-13470,13472-13486,13488-13493,13495-13509,13511,13513-13516,13518-13519,13521-13523,13526-13559,13561-13566,13568-13574,13576-13580,13582-13586,13588-13595,13597-13604,13606-13627,13629-13635,13637-13643,13645-13646,13649-13655,13657-13662,13665-13678,13680,13682-13685,13687-13710,13712-13723,13725-13731,13733-13746,13749-13750,13752-13765,13767-13772,13774-13775,13777-13780,13782,13784-13791,13793-13798,13802-13803,13805,13807-13817,13819-13829,13831-13835,13837,13839-13841,13843-13847,13850-13854,13857-13872,13874-13876,13878-13883,13885-13895,13897-13899,13901-13902,13904-13912,13914-13916,13918-13920,13922-13926,13928-13929,13931-13942,13945-13948,13950-13958,13960-13964,13966-13967,13969-13974,13977-13985,13987-13990,13992-13999,14001-14015,14017-14022,14024-14031,14033-14050,14053-14065,14067-14076,14078-14088,14090-14115,14117-14120,14123-14134,14136-14144,14147,14149-14203,14205-14208,14211-14226,14228,14230-14231,14235-14237,14240-14243,14246-14253,14255-14256,14258,14260-14270,14272,14274-14291,14293-14298,14301-14303,14305-14307,14309-14318,14320-14327,14330-14346,14348-14376,14378,14380-14394,14396-14397,14399-14402,14404-14425,14427-14435,14437,14439,14443-14471,14474-14487,14489-14500,14502-14506,14509,14511-14512,14515-14519,14522-14542,14544-14548,14550,14552-14562,14565-14566,14568-14583,14585-14589,14591-14592,14594-14626,14628-14631,14633,14635-14645,14647-14659,14661-14671,14673-14685,14688-14692,14694-14696,14698-14700,14702-14711,14713-14726,14728-14734,14736-14740,14742,14744-14756,14758-14759,14762-14771,14773,14775-14787,14789-14790,14792,14795-14800,14802-14803,14805-14807,14810-14826,14828,14830,14832-14835,14837,14839-14845,14847-14855,14858-14868,14870-14878,14880-14885,14887-14896,14898-14903,14905-14914,14916-14917,14919-14922,14924-14928,14930-14935,14937-14945,14948-14963,14965-14980,14982-15029,15031-15043,15045-15057,15059-15070,15072-15076,15078-15080,15082-15084,15086,15088-15091,15093-15098,15101-15127,15129-15143,15145-15148,15150-15155,15157-15191,15193,15195-15199,15201-15209,15211-15225,15227-15273,15275-15290,15292-15316,15318-15323,15325-15331,15334,15336-15351,15353-15379,15381-15414,15416-15432,15435-15447,15449-15454,15456-15457,15460-15463,15465-15472,15474-15480,15482-15484,15487-15490,15493-15542,15544-15569,15572-15599,15601,15603-15604,15606-15614,15616-15620,15622-15626,15628-15630,15632,15635-15642,15644-15646,15648-15649,15651,15653-15663,15665-15669,15671-15678,15680,15682-15684,15686-15689,15691-15695,15697-15712,15714-15724,15727-15735,15737-15745,15747,15749-15750,15752-15753,15755-15759,15761-15769,15772-15777,15779-15783,15785-15786,15789-15802,15804-15812,15814-15835,15837,15839-15850,15852-15875,15877-15892,15894-15915,15917-15939,15941-15969,15971-15983,15985-16002,16004-16006,16008-16010,16012-16102,16104-16105,16107-16142,16144-16160,16162-16212,16214-16250,16252-16270,16272-16277,16279-16291,16293-16319,16321-16333,16335-16353,16355,16357-16364,16366,16368,16370-16373,16375-16385,16387-16391,16394-16402,16404,16406-16407,16410,16412-16425,16427,16429-16438,16440-16459,16461-16462,16464-16465,16467-16488,16490-16499,16501,16503,16505-16509,16511-16514,16516-16519,16523-16530,16533-16536,16538-16539,16541-16544,16546-16554,16556-16557,16559-16563,16566-16575,16577-16591,16593-16611,16613-16614,16616-16637,16639-16648,16650-16654,16657-16660,16662-16664,16666-16667,16669,16672,16674-16675,16677,16679-16694,16696-16698,16700-16713,16716-16725,16728-16733,16735-16739,16741-16746,16748,16750-16761,16763-16782,16785-16790,16792,16794,16796-16800,16802-16804,16806-16811,16814-16896,16898-16903,16905,16907-16911,16914-16979,16981-16984,16986-17017,17019-17057,17059-17162,17164-17169,17171,17173-17183,17185-17193,17195-17245,17247-17264,17266-17289,17291-17299,17302-17313,17315-17320,17322-17330,17332-17339,17341-17356,17358-17361,17363-17371,17373-17386,17390-17413,17415-17423,17425-17428,17431-17435,17437,17439-17440,17442-17447,17449,17451-17463,17466-17470,17472,17474-17476,17478,17480-17495,17497-17528,17530,17532-17575,17577-17582,17584,17586-17595,17597-17599,17601-17602,17604-17609,17612-17616,17619-17621,17623-17625,17627,17630-17631,17633-17634,17636-17642,17644-17653,17655-17669,17671-17691,17694-17697,17699,17701-17710,17712-17715,17717-17725,17727-17761,17763-17817,17819-17822,17824-17833,17836-17845,17847-17961:s:4,15,20,27,73,121,147,186,245,250,283,324,460,469,506,516,672,691,771,775,810,814,823,877,881,1061,1126,1150,1160,1193,1233,1355,1447,1459,1649,1651,1796,1813,1845,1880,2056,2354,2426,2465,2509,2701,2722,2724,2736,2847,2890,2930,2970,2972,3141,3564,3647,5062,5096,5401,5437,5452,5540,5553,5562,5564,5596,5598,5627-5628,5647,5653,5656-5657,5659,5662,5671,5675-5676,5684,5687,5696,5706,5713,5719,5722,5728,5737,5746,5754,5765-5766,5771,5776-5777,5793,5811,5836,5849,5879,5895,5909,5930,5940,5966,5973,5989,6023,6026,6052,6056,6064,6073,6085,6182,6189,6191,6210,6220,6223,6267,6292,6301,6313,6395,6409,6431,6488,6499,6518,6549,6563,6597,6602,6623,6638,6955-6956,6971,6974,6980,7084,7114,7135,7142,7150,7165,7231,7238,7293,7297,7317,7375,7390,7392,7400,7414,7416,7423,7433,7452,7465,7479,7481,7487,7489-7490,7492,7495,7503,7509,7512,7514,7530,7536,7540,7555-7556,7567,7575,7581,7587,7599,7606-7608,7612,7619,7635,7653,7701,7726,7750,7753,7777,7797,7800,7815-7816,7826,7829,7847,7875,7879,7882,7885,7889-7890,7892,7897,7917-7918,7920,7927,7932-7933,7939-7941,7943-7945,7948-7950,7958,7960-7962,7965-7967,7970,7982,7984,7986-7988,7993-7994,7997,7999,8001-8002,8004-8005,8009-8010,8016-8018,8020,8027-8029,8032,8034,8036,8038-8039,8042-8043,8045-8048,8050,8056,8058-8059,8063-8065,8067-8068,8072-8074,8076-8079,8081-8086,8088-8093,8095-8097,8100-8101,8103-8108,8110-8111,8114,8120-8122,8124,8128-8130,8132-8134,8136-8153,8155,8157,8160,8167-8168,8172,8177,8181,8186,8189,8191,8198-8199,8207-8208,8210,8219,8225,8229,8231,8233-8234,8236,8243,8246,8248,8251,8256,8259,8262,8265,8268,8271,8274,8277-8278,8282,8285,8289-8290,8295-8296,8298-8300,8302-8303,8305-8307,8310,8313-8314,8316-8317,8319,8328,8331,8334,8341,8343-8345,8348-8349,8355-8356,8358,8361-8362,8366-8367,8369,8371-8372,8375,8377-8378,8382-8383,8390,8392,8394,8399,8403,8405-8406,8409,8419-8421,8423,8438,8441-8442,8446,8453,8459,8462,8467,8469,8472-8475,8477,8479,8490,8492,8498,8500,8505,8508-8509,8514,8516-8517,8522-8523,8525-8526,8533,8536,8539,8541,8548,8551-8552,8556-8557,8559,8562-8563,8569,8579-8580,8583-8584,8587,8591-8595,8598-8600,8602-8604,8606-8607,8609-8610,8613,8616-8620,8624,8628,8634-8636,8638,8643-8645,8652,8654-8659,8666,8668,8672,8675,8678,8682-8683,8690,8694,8700,8705,8707,8710,8713-8714,8717,8719,8721,8723,8728,8730,8734,8736-8740,8750,8755-8756,8758-8763,8768,8771,8773-8774,8781,8784-8785,8787-8788,8790,8793,8795,8797,8800,8802-8807,8815,8821,8824-8825,8830,8834-8835,8840-8841,8845-8846,8851,8863,8867-8868,8870-8872,8875,8877,8882-8883,8888,8890-8892,8894,8899-8900,8902,8904,8923,8925,8928-8929,8931,8934,8941,8945,8949,8952,8958,8960-8961,8963-8964,8967-8968,8973,8975,8977,8979,8983,8988,8995,9013,9063,9066,9068,9077-9078,9092-9093,9095,9120,9130,9146,9162,9165-9166,9177,9188,9190,9210,9240,9243,9255,9264,9268,9290,9299,9336,9351,9353,9355,9357,9363,9367-9368,9374-9375,9377,9380,9385,9389,9391,9394,9403,9408,9410,9412,9416,9421,9428,9432,9434-9436,9439-9440,9443-9444,9456,9462,9467,9473,9478,9483,9486,9494-9495,9499,9511,9514,9516,9518,9521,9526,9536-9537,9546,9553,9555,9570-9571,9578,9594,9600,9609,9612,9619,9621,9623-9624,9626,9636,9643,9651,9654,9657,9659,9662-9666,9668,9670-9671,9674,9677-9678,9680,9685,9690,9694,9697,9700,9703,9705-9706,9708,9710,9712,9716,9720,9723-9724,9727,9729,9731-9732,9736-9737,9739,9743,9751,9757,9764,9773-9774,9793,9795,9808,9810,9820-9821,9823,9842,9853,9871,9873,9878,9884,9889,9892,9898-9899,9901,9906-9907,9911,9931,9943,9946,9973,9998,10007,10018,10032,10034-10035,10041,10044-10045,10047,10050,10065,10074-10075,10079,10096,10098-10099,10109,10115,10125,10129,10131,10142,10158,10160,10163,10169,10173,10182,10184-10185,10191,10193,10204,10212,10214,10218,10221,10227,10229,10234-10235,10237-10238,10242-10243,10246-10247,10258,10263-10264,10266,10268,10270,10273,10276,10279,10284,10287,10289,10308,10313,10316,10318,10321,10326,10328,10330-10335,10337-10339,10341,10344,10346,10350,10353,10356,10358,10361,10363-10364,10366-10367,10369,10372-10373,10378,10380,10382,10384-10386,10388,10391-10394,10398-10399,10404,10406-10407,10409-10410,10412,10416,10420,10422-10424,10428,10434-10436,10438,10440-10445,10447,10449-10453,10455-10456,10459,10462,10468,10470,10477-10478,10483,10485,10487,10491,10493,10499,10506,10508-10510,10514-10515,10517-10520,10523,10527-10529,10531-10536,10538-10539,10544-10545,10548-10549,10554,10556,10562-10564,10566,10571-10572,10575,10577-10578,10580,10582-10584,10587,10593,10598-10599,10603,10605-10606,10608,10616-10617,10621,10623-10625,10628,10633,10636,10638,10641,10646,10649,10651,10654-10657,10663-10664,10667,10670-10671,10681,10685,10689,10692,10694,10696-10697,10699-10700,10702,10704,10709,10713-10714,10721,10725-10726,10729,10735,10743,10747-10752,10755-10756,10760-10761,10763-10765,10767,10776,10780-10781,10783-10784,10794-10796,10799-10801,10805,10808,10812,10815-10816,10818-10819,10822,10824,10826-10827,10830,10834,10838-10839,10841-10843,10851-10853,10855-10856,10864,10869,10872-10873,10875-10877,10879,10882,10889-10892,10894,10896,10899-10902,10904,10906,10908-10909,10911-10913,10915,10917-10918,10920-10921,10923,10926-10927,10931-10932,10935,10937-10942,10944-10945,10947,10949,10951-10952,10954-10957,10959-10963,10966-10979,10981-10988,10990-10992,10994,10996-10997,11000,11002-11004,11006-11009,11011,11017-11032,11034-11035,11037-11039,11041,11043-11046,11048,11051-11054,11056-11063,11065-11068,11072-11073,11076-11085,11087-11091,11093-11096,11098-11101,11104,11106-11108,11112-11117,11119,11121-11123,11125-11128,11130-11146,11148,11150,11152,11155-11167,11169-11170,11172-11180,11182-11186,11188,11190-11194,11196,11198-11199,11202,11204-11205,11207-11222,11224-11225,11227-11229,11231-11242,11244,11246-11248,11250,11252,11254-11255,11257-11258,11260-11263,11265-11268,11270-11279,11281,11284-11290,11292-11293,11295-11298,11300,11302,11304,11308-11322,11325-11327,11330-11340,11342-11345,11347-11360,11362-11364,11368-11377,11379,11381-11387,11389-11397,11399,11403,11405,11408-11412,11414-11418,11420-11422,11424,11426,11428,11430-11434,11436,11438-11441,11445-11451,11453,11455-11457,11459-11470,11472-11474,11476-11479,11481-11483,11485-11491,11493-11495,11497-11498,11500-11514,11517-11518,11520,11523-11539,11541,11543,11545,11547-11553,11555-11562,11564,11566-11569,11571,11573-11574,11577-11584,11586-11589,11591,11594-11601,11604,11607-11609,11611-11620,11622-11628,11630-11631,11633-11637,11640,11642,11644-11645,11647-11648,11650,11652-11657,11659,11661-11664,11666-11667,11669,11673,11675,11677-11679,11681-11683,11685-11688,11691-11692,11694-11698,11702-11703,11705-11706,11708-11714,11716-11719,11721,11723,11728-11730,11732-11733,11735-11738,11744,11749-11752,11755,11757-11758,11760-11764,11766,11768,11770-11776,11778-11793,11795,11797-11798,11800-11806,11808-11809,11811-11815,11820-11823,11826-11827,11829-11833,11835-11839,11841-11842,11844-11846,11850-11857,11859,11862-11870,11873,11877,11881,11883-11884,11886,11889-11891,11893-11897,11899-11908,11910-11913,11916,11919-11923,11925-11927,11929-11930,11932,11935-11936,11938-11941,11943-11946,11948,11950-11956,11958-11961,11963-11964,11966-11974,11976-11977,11979,11981-11983,11985,11987,11989-11990,11992,11994,11996-11998,12001-12004,12007,12009,12012,12014,12016,12018,12020-12022,12025,12027-12029,12031,12033,12035-12036,12038-12043,12046,12051,12053,12056,12059-12068,12070-12076,12079-12085,12087-12098,12101-12105,12110,12112,12115-12121,12124,12126,12131-12132,12134-12135,12137-12142,12144,12146-12147,12149-12150,12155,12157,12159-12169,12171-12172,12174-12182,12184,12186,12188-12189,12195-12196,12198-12199,12203-12209,12211-12212,12217-12225,12227-12229,12234-12236,12238-12239,12244,12246,12248-12250,12253,12256-12258,12260,12262,12264-12266,12272,12279,12283,12288,12290-12299,12301-12303,12305-12309,12312-12321,12323-12328,12330-12332,12334,12336-12340,12342-12343,12345-12348,12351-12355,12358-12359,12361-12362,12364-12367,12370-12379,12381-12384,12386-12390,12392-12395,12398-12400,12402-12407,12409-12415,12418,12420-12429,12432-12434,12436,12439-12449,12451,12453,12462-12467,12469-12473,12476-12478,12480-12484,12486-12488,12490-12491,12493-12499,12502-12503,12505,12507-12508,12513-12516,12518-12519,12521-12526,12528-12529,12532,12534-12535,12538-12544,12546-12547,12550-12551,12553-12556,12558-12563,12565,12568,12570,12572-12573,12575,12579,12582,12589-12593,12595-12597,12600-12608,12610-12625,12627-12629,12631-12633,12635-12636,12638-12644,12646,12648,12650-12651,12654-12657,12660-12661,12663-12664,12667,12669-12674,12678-12690,12692-12701,12703-12714,12717-12719,12721-12723,12725,12729-12734,12736-12740,12742-12750,12752-12754,12757-12758,12760-12764,12766-12768,12770-12773,12775-12777,12779-12780,12782-12794,12797-12798,12802,12804,12806,12808-12809,12811,12814-12815,12817,12819,12821-12822,12826-12827,12829-12832,12835,12837-12855,12857-12860,12863-12865,12867-12869,12871-12872,12874,12877,12879,12881,12884-12885,12887-12894,12896,12898-12901,12903-12905,12907-12908,12911,12914-12916,12918,12921,12923-12924,12926,12929-12930,12933-12937,12939-12942,12944,12951-12954,12957-12959,12961,12963-12964,12967-12970,12973,12975-12979,12982,12985-12986,12989,12991-12992,12994,12996-12999,13001-13003,13005-13006,13008-13013,13015-13023,13025,13027,13030-13034,13036-13042,13045-13049,13051-13052,13054-13058,13060-13081,13083-13089,13091-13099,13101-13102,13104-13111,13113-13117,13119,13121-13126,13128-13131,13133,13136-13141,13143-13150,13152-13153,13155-13156,13158,13160-13175,13177-13180,13182-13185,13187,13190,13192-13194,13196,13199-13213,13215-13216,13219-13227,13229-13233,13235-13236,13241-13248,13250-13252,13257,13259-13263,13267,13270,13272-13277,13279-13289,13291-13299,13301-13314,13316-13317,13319-13320,13322-13324,13326-13327,13331-13335,13337-13355,13357-13360,13362-13365,13367,13369,13371,13373-13376,13378,13380-13395,13397-13399,13402-13408,13410,13412-13413,13415-13430,13432,13434-13438,13440-13457,13459-13463,13465-13470,13472-13474,13476-13496,13498-13501,13504-13505,13507,13510-13517,13519-13520,13522-13525,13527-13530,13532,13534-13541,13543-13547,13549-13554,13556-13558,13562,13565,13568-13571,13573-13584,13586-13595,13598,13601-13602,13608,13611-13622,13625-13627,13629-13631,13633-13634,13636-13639,13641-13644,13647-13648,13650-13653,13655,13657-13661,13663,13668,13670-13671,13675-13676,13678,13681-13682,13685-13691,13694,13700-13703,13707-13708,13711-13712,13714-13716,13718,13720-13725,13727-13738,13740-13744,13746,13748-13751,13753,13755-13756,13758-13759,13761-13762,13764,13766,13768,13770-13771,13773-13774,13776-13777,13779,13781-13793,13796-13797,13799-13804,13810-13817,13819,13823,13825-13837,13839,13841-13849,13851-13861,13864-13868,13870-13876,13878-13885,13887-13890,13892-13897,13900-13920,13922-13923,13925-13945,13947-13949,13953-13955,13957-13959,13961-13963,13965-13972,13975,13977-13996,13998,14000-14009,14011-14015,14017,14019,14021-14031,14033-14045,14047,14049-14057,14059-14062,14064-14075,14077-14081,14083-14085,14087-14088,14090-14092,14094-14099,14101-14104,14106,14108-14109,14111-14114,14116,14118-14120,14122-14124,14126,14128-14129,14131,14133-14160,14162-14174,14176,14178-14184,14187-14192,14194,14197-14201,14203-14209,14211-14213,14216-14218,14220-14225,14227-14235,14237-14251,14254-14276,14278-14288,14291-14303,14305-14317,14319-14322,14324-14339,14341-14345,14347-14349,14352-14354,14356-14358,14360-14363,14365,14367-14368,14370,14372-14374,14376-14378,14380-14390,14392-14393,14395,14397,14399-14406,14408-14425,14427-14434,14436-14439,14441-14447,14449-14451,14453-14456,14459-14472,14474-14476,14478-14481,14485-14487,14489-14495,14498,14500-14511,14513-14518,14520-14532,14534-14537,14539-14548,14550-14553,14555-14559,14562-14569,14571-14573,14575,14577-14583,14585-14587,14589-14591,14593-14596,14598-14603,14605-14611,14613-14620,14623-14628,14630,14633-14634,14636-14640,14643-14648,14652-14656,14660,14662-14669,14672-14673,14676-14678,14681-14685,14687-14694,14696-14697,14699-14717,14719,14722-14729,14731-14739,14741-14759,14761-14763,14765-14774,14776-14777,14779-14785,14788-14790,14792-14808,14811-14812,14814,14816-14822,14824,14826-14852,14854-14858,14860-14867,14869-14892,14895-14907,14909-14918,14920-14932,14934,14936-14937,14940-14942,14944-14948,14950-14955:mac


*edit: futzed with whitespace to give a better idea on the amt of numbers, and gave up... i need to get a blog/layout w/o craptastic whitespace issues...
Posted by at No comments:

crappy code

old crappy code lingers like that huge heap of trash out in the pacific...

nothin special, just ran across these today and they caught my eye...

0x0360: .0.60;...opacity
0x0370: :.0.60;..}....*.
0x0380: html.#TB_overlay
0x0390: .{./*.ie6.hack.*
0x03a0: /.......position
0x03b0: :.absolute;.....
0x03c0: ..height:.expres
0x03d0: sion(document.bo


document.write(' \n'); //FS hide this from IE4.5 Mac by splitting the tag


* edit: removed the hex b/c of stupid whitespace
** edit: the crappy code is IE, in case i wasn't specific enough on that
Posted by at No comments:

Saturday, July 12, 2008

tweet tweet tweet tweet?

000 ~ Over-confidence? (vmware-player 2.0.4)
"Building the vmblock module ... The module loads perfectly in the running kernel."
001~ Digg is not a geek site anymore. alternatives? fark is funny...

010 ~ Pandora is cool; I am slow... Groove Salad is cool too

011 ~ This talk is looking good; very nice paper; surprised @ .docx i/o .odt :P
Posted by at No comments:

Hack Bureaucracy

So Shawn Moyer gave a concise Blackhat talk a few years back (which had a surprise ending ;) about 'hacking the c-suite', w/ the general idea being that it was ethical and part of the job in some situations to advocate and evangelize good security to the corp leaders in order to facilitate infosec progress.

You social engineer them for the benefit of the company and the shareholders, and everyone comes out ahead... You aren't "attacking" the leadership at your org. You're playing the game by their rules to remove roadblocks to the strategic infosec benefit of the org you work for.

Another friend of mine recently happened into a situation where he put a different twist on the benevolent corp hacking thing.

The org in question has some managers who could use some help understanding how to be leaders. Everything is bureaucratic and TPS report-ish.

If you do something w/o the proper paperwork and w/o jumping through the right hoops, then you aren't a team player and should expect a reprimand, even though you're loaded up w/ work, and everyone knows the paperwork is just CYA, and the work needs to get done right now, etc etc.

So Junior is new on the team. He's really hungry and trying to make good impressions and do good work and all of that. My buddy comes across a configuration issue that he traces back to Junior. Just a simple mistake anyone coulda made, didn't impact production systems, and didn't seem to cause ownage or anything like that. He submitted the proper paperwork for the change, it's just that the paperwork included the error but was unwittingly approved.

The problem does need to get fixed, but my friend knows that if he submits a ticket saying "fix problem X on device Y" then there will be a change control inquiry as to how the problem was introduced in the first place, and Junior will face the wrath of the managers who don't understand leadership and won't gracefully admit that they didn't do their part of the job. That will mean reprimand, pointed fingers, and all around negativity.

What Junior really needs is some positive encouragement and some gentle coaching on doing things better in the future. My friend says f this, I'm not gonna let Junior burn for no good reason. So here's how he solves the problem.

He creates the proper change paperwork to fix the mistake, but words it in a specially crafted difficult-to-comprehend fashion. He does this knowing that the manager who needs to approve the ticket is also obviously not going to review it in detail. He knows the manager will say "wtf, i don't have time to figure out what my guy is sayin here... approved" and rubber stamp it.

IMO, this is a very wicked cool hack on bureaucracy. 1st, this is altruistic. in the long run, it is the right thing to do for the infosec team at the org. 2nd, we're doing something which gets around a stupid series of access controls. 3rd, if said access controls were functional and meaningful, *THE HACK WOULDN'T WORK*... i love that last bit.

So we have an infosec guy doing something technically/maybe subversive for all of the right reasons. Kinda like hacking the c-suite. I love it... total props :D
Posted by at No comments:
Labels: , , , , ,

Wednesday, July 2, 2008

random foo

go snort!!!... now i have something new i need to install and fiddle w/....

someone in the sec blog world was bitching about cell phones on planes a while back, and now we have some experimental foo to tell us mb it isn't bs... i have heard stories about interference w/ flight systems from electronics before, but nothing this substantial and focused (tho this isn't a flight system issue). i completely love how they took the issue and turned it into an attack vector in no time flat... wicked cool hacker thinking right there... the thing that sticks in my mind is that all these devices have this FCC sticker which says "this device is certified not to interfere or be vulnerable to interference", or something like that... wtf...

something i noticed while doing some web app work... i'm sure this is probably old hat to everyone, but my initial googling didn't find much... did you know that people are executing core os apps (DirectX) on servers w/ input from the client side???


td colspan="2" style="filter:progid:DXImageTransform.Microsoft.Gradient(endColorstr=...


i had no idea... how many filters are there available? from what i see, this looks like the client is saying "execute this code and pass it this data"... isn't this something we all agree is probably looking to be attacked?

nonono, it's probably another feature...
Posted by at No comments:

are things getting better?

so i had a very nifty conversation w/ my buddy n mentor (beware: microblogging linkage) earlier tonight.

so basically we picked up on a thread that i referenced in a prev post where schneier and ranum are talking about whether or not vuln research is ethical... well, shawn and i both believe in responsible disclosure, but we went off on a tangent about something ranum said:

Not only do we still have buffer overflows, I think it's safe to say there has not been a single category of vulnerabilities definitively eradicated ... Has what we've learned about writing software the last 20 years been expressed in the design of Web 2.0? Of course not! It can't even be said to have a "design."

ok, so i completely disagree w/ the non-disclosure argument (sry marcus, you will still always be a badass in my mind ;), i completely agree w/ what he is saying here...

i don't think our software developers are making things better overall. yes shawn, we are making a ton of progress w/ improving development frameworks to have lazy coders conform to secure defaults instead of insecure ones.

but overall, i don't feel like things are getting better. and yea, it's just a feeling. but, pretend for a min that statistically we're reducing the number of vulns introduced in each piece of code via dev education and improvements in dev frameworks. it seems that despite this percentage reduction in vulns, we're seeing an explosion in growth in the number of applications as well as the types of applications (ie: web 2).

the new apps might have vulns, but they will be the same types of vulns we've seen before for the most part, and have a chance of being mitigated by framework improvements, etc.

but the new types of apps (ie: web 2 apps) are completely new threat canvases. they are doing new things in new ways which no one has seen before. this inevitably leads to new ways to do unintended things. who knows what they will be, but if there is a way to do *anything* to a few million people who are using site foobar2dotohhhh.com, someone can find value to leverage that to some nefarious purpose...

imo the verizon security report (full disclosure: atm i have only skimmed it) is telling us that the future holds a lot of badness... 90% of the breaches used exploits more than 6 months old, and 70+% used sploits more than a year old.

it isn't like we're not still seeing OS and core app vulns. the code being written for modern apps by companies trying to improve security are still failing. and don't forget about non-core vulns, like flash and pdf, which aren't secured by any type of common patching/updating framework. and then there's the web app world w/ SQL injection and web app foo. oh, and let's not forget other categories of vulnerable applications, like games... there is a lot of software out there (AV, backup software, etc) which have rights on our boxes and contain vulns...

there are more eyes looking for vulns all over than ever before. and most people haven't even started looking closely at the really new stuff everyone is flocking to. besides the fact that there are a couple of vulnerable browsers on the tubes atm... shawn thinks things are getting better, but i think if you catch his talk in vegas you might see that he's making my point for me... ;)
Posted by at No comments:
Subscribe to: Posts (Atom)