| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ds7t7a$apc$1@sea.gmane.org>
Date: Mon Feb 6 16:37:27 2006
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: Re: NSA tracking open source security tools
Fyodor wrote:
> Ethereal, Cain & Abel, and Kismet. Nifty. For those
> without the magazine, I have posted a pic at:
>
> http://www.insecure.org/nmap/nmap_inthenews.html#bush
>
> Maybe open source software really will take over the world :).
Even better, all you need to do is break into the uk2.net server on which
securitywizardry.com is hosted, replace the file "Dgclock.class" with any
arbitrary java trojan exploiting your favourite ByteVerifier vulnerability,
and SH4z4m! YoU jU5t pwn3d teh NSA!!
[ ...snip... ]
<applet code="Dgclock.class" width=98 height=30>
<param name="TZ" value="GMT-0800">
<param name="ShowDate" value="yes">
<param name="ShowFrame" value="no">
<param name="fg" value="c0c0c0">
<param name="bg" value="black">
</applet></font></td>
[ ...snip... ]
Or you might be able to haxx0r securityfocus or prognosisx if uk2.net's
security is too good. Either way I would have thought that breaking into
the NSA's internal net was usually pretty difficult, but if they will
*insist* on inviting insecure mobile code inside the cordon, well, that kind
of makes a mockery of their border defences, dunnit?
[ ...snip... ]
<applet CODE="yavs.class" CODEBASE="http://news.securitytracker.com/"
WIDTH="215" HEIGHT="220">
<param NAME="MSGTEXT"
VALUE="http://news.securitytracker.com/server/affiliate?BE51CB69F83FF017">
[ ...snip... ]
<applet codebase="http://www.prognosisx.com/infosyssec/" code="yavs.class"
width=215 height=220>
<param name="MSGTEXT"
value="http://www.prognosisx.com/infosyssec/announce.txt">
[ ...snip... ]
LOL, it woulda been *amazing* fun to have done that while the photo-op was
taking place: just imagine it, there's Bush and all those spooks standing
there in front of the Talisker radar, trying to look all serious and
competent... suddenly the whole display board lights up, red alarms flash,
alerts start appearing, the defcon scale goes off the counter.... suddenly
lots of little nukes start exploding and the whole thing turns into a game
of missile command and flashes up "THE END" in big strobing letters as Dubya
and co. dive for cover under the tables....
Heh. What a historical missed opportunity for the prank of the century.
TRMC must be spinning in their graves.[*]
cheers,
DaveK
[*] well, any of them that are dead might be.
--
Can't think of a witty .sigline today....
Powered by blists - more mailing lists