lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200606041826.k54IQbTe022766@turing-police.cc.vt.edu>
Date: Sun Jun  4 19:26:47 2006
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Is your security 6/6/6 ready?

On Sun, 04 Jun 2006 20:54:37 +0300, analyzerx said:
> you must be retarted right?

Actually, his question *is* legitimate.  I'm sure that at least a
few script kiddies will take advantage of "Mark of the Devil Day" to
cause mischief.  There were similar concerns about hackers doing stuff
in conjunction with the Y2K rollover (when they could fly under the wire).

Of course, as a co-worker and I pointed out to many people back then,
launching a hack attack when the target is probably in an 'all-hands'
alert mode *watching* for the slightest twitchiness in the system was
a bad idea.  The time to do it was on Jan 3, about 6PM local time at the
target - at which point the entire IT staff was probably saying "F**k this,
even if it's Monday, we're going out and getting falling-down, shit-faced,
blowing-chunks(*) drunk. We didn't have a Y2K disaster."

Interestingly enough, the SANS DShield project had a interesting post
regarding "non-standard incident prediction" just the other day, which
overlaps the 6/6/06 issue:

http://isc.sans.org/diary.php?storyid=1379

That sort of 'Level 8' thinking *should* be at least thought about as
part of a reasonable organizational security stance.  And at least *some*
people think something interesting is going to happen Tuesday:

http://www.cnn.com/2006/US/06/03/hell.party.ap/index.html

"According to the town's semi-official web site..."  Hmm.  Now combine
that with the SANS article's comment about fake websites targeting
World Cup fans, and add a dash of paranoia.... ;)

(*) That's *really* drunk: http://www.eforu.com/jokes/bartender/23.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060604/8f364ba5/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ