lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon Feb  6 16:37:27 2006
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: Re: NSA tracking open source security tools

Fyodor wrote:

> Ethereal, Cain & Abel, and Kismet.  Nifty.  For those
> without the magazine, I have posted a pic at:
>
> http://www.insecure.org/nmap/nmap_inthenews.html#bush
>
> Maybe open source software really will take over the world :).

  Even better, all you need to do is break into the uk2.net server on which
securitywizardry.com is hosted, replace the file "Dgclock.class" with any
arbitrary java trojan exploiting your favourite ByteVerifier vulnerability,
and SH4z4m! YoU jU5t pwn3d teh NSA!!

[ ...snip... ]
     <applet code="Dgclock.class" width=98 height=30>
   <param name="TZ" value="GMT-0800">
    <param name="ShowDate" value="yes">
    <param name="ShowFrame" value="no">
    <param name="fg" value="c0c0c0">
    <param name="bg" value="black">
    </applet></font></td>

[ ...snip... ]

  Or you might be able to haxx0r securityfocus or prognosisx if uk2.net's 
security is too good.  Either way I would have thought that breaking into 
the NSA's internal net was usually pretty difficult, but if they will 
*insist* on inviting insecure mobile code inside the cordon, well, that kind 
of makes a mockery of their border defences, dunnit?

[ ...snip... ]
 <applet CODE="yavs.class" CODEBASE="http://news.securitytracker.com/"
WIDTH="215" HEIGHT="220">
 <param NAME="MSGTEXT"
VALUE="http://news.securitytracker.com/server/affiliate?BE51CB69F83FF017">
[ ...snip... ]
<applet codebase="http://www.prognosisx.com/infosyssec/" code="yavs.class" 
width=215 height=220>
<param name="MSGTEXT" 
value="http://www.prognosisx.com/infosyssec/announce.txt">

[ ...snip... ]


  LOL, it woulda been *amazing* fun to have done that while the photo-op was 
taking place: just imagine it, there's Bush and all those spooks standing 
there in front of the Talisker radar, trying to look all serious and 
competent... suddenly the whole display board lights up, red alarms flash, 
alerts start appearing, the defcon scale goes off the counter.... suddenly 
lots of little nukes start exploding and the whole thing turns into a game 
of missile command and flashes up "THE END" in big strobing letters as Dubya 
and co. dive for cover under the tables....

  Heh.  What a historical missed opportunity for the prank of the century. 
TRMC must be spinning in their graves.[*]

    cheers,
      DaveK

[*] well, any of them that are dead might be.
-- 
Can't think of a witty .sigline today....



Powered by blists - more mailing lists