lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun, 20 May 2007 00:11:56 +0530
From: "Debasis Mohanty" <debasis.mohanty.listmails@...il.com>
To: "David Maynor" <david.a.maynor@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, dailydave@...ts.immunitysec.com
Subject: Re: Erratasec Research MD5

priceless!!



On 5/18/07, David Maynor <david.a.maynor@...il.com> wrote:
> dear lists,
>
> I've noticed a lot of people posting MD5 hashes on other mailing lists such
> as DailyDave to prove that they had an idea first. I'd like to lay down a
> claim that Robert and I thought up after our talk this weekend at Toorcon
> seattle.
>
> d2a027361bc41528c9415ecccdbcb1a7
>
> This MD5 is to prove that I was the first to mention the subject of the
> newest Erratasec research: Click-logging.
>
> Let me backtrack a bit... I just got back from Toorcon seattle. It was a lot
> of fun. I got to see all sorts of fun people, with badass talks. The best
> one of course was mine and Roberts on sniffing wireless traffic. I find it
> truly amazing that people in the security space still use wireless at all!
> If I'm not sniffing you or sidejacking your google maps request to send you
> to the wrong denny's, then I will for sure be using my infamous kernel
> exploits on your box. Then send you the screen video capture of it. Think of
> it like shooting you in the face, but with wireless. Wireless bullets. If I
> wasn't already one of the top influential hackers of 2006, that would be
> proof right there.
>
> After we gave our talk, I got to thinking. Robert and I were sitting around
> sidejacking and Robert asked me "David, what other old techniques can we
> rehash, rebrand and rejuvinate to talk about at the next con?" Then I
> thought back to the sweet days of keylogging, and it came to me..
> Click-Logging. If someone installs a rootkit or "trojan horse program" on
> your system, they can read what you're doing.. but not ALL of what we do is
> typed!! Like when I punch the monkey, that's with my mouse. Or whenn I make
> web pages in frontpage, that was WITH MY MOUSE! So naturally, we want to
> record all mosue strokes into our trojan horse program. We call this
> Click-Logging, and it's going to be our next major relase at all the
> conferences. That's just a taste. There is a lot more to come.
>
> David Maynor
> CTO, ErrataSec
> http://www.erratasec.com
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ