lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 17 May 2007 15:33:39 -0500
From: "David Maynor" <david.a.maynor@...il.com>
To: full-disclosure@...ts.grok.org.uk
Cc: dailydave@...ts.immunitysec.com
Subject: Erratasec Research MD5

dear lists,

I've noticed a lot of people posting MD5 hashes on other mailing lists such
as DailyDave to prove that they had an idea first. I'd like to lay down a
claim that Robert and I thought up after our talk this weekend at Toorcon
seattle.

d2a027361bc41528c9415ecccdbcb1a7

This MD5 is to prove that I was the first to mention the subject of the
newest Erratasec research: Click-logging.

Let me backtrack a bit... I just got back from Toorcon seattle. It was a lot
of fun. I got to see all sorts of fun people, with badass talks. The best
one of course was mine and Roberts on sniffing wireless traffic. I find it
truly amazing that people in the security space still use wireless at all!
If I'm not sniffing you or sidejacking your google maps request to send you
to the wrong denny's, then I will for sure be using my infamous kernel
exploits on your box. Then send you the screen video capture of it. Think of
it like shooting you in the face, but with wireless. Wireless bullets. If I
wasn't already one of the top influential hackers of 2006, that would be
proof right there.

After we gave our talk, I got to thinking. Robert and I were sitting around
sidejacking and Robert asked me "David, what other old techniques can we
rehash, rebrand and rejuvinate to talk about at the next con?" Then I
thought back to the sweet days of keylogging, and it came to me..
Click-Logging. If someone installs a rootkit or "trojan horse program" on
your system, they can read what you're doing.. but not ALL of what we do is
typed!! Like when I punch the monkey, that's with my mouse. Or whenn I make
web pages in frontpage, that was WITH MY MOUSE! So naturally, we want to
record all mosue strokes into our trojan horse program. We call this
Click-Logging, and it's going to be our next major relase at all the
conferences. That's just a taste. There is a lot more to come.

David Maynor
CTO, ErrataSec
http://www.erratasec.com

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ