[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20070525133651.142CFC3820@mailserver10.hushmail.com>
Date: Fri, 25 May 2007 09:36:50 -0400
From: <auto294156@...hmail.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc:
Subject: PHRACK 64: PHRACK WORLD NEWS
_ _
_/B\_ _/W\_
(* *) Phrack #64 file 3 (* *)
| - | | - |
| | Phrack World News | |
| | | |
| | compiled by The Circle of Lost Hackers | |
| | | |
| | | |
(____________________________________________________)
The Circle of Lost Hackers is looking for any kind of news related
to
security, hacking, conference report, philosophy, psychology,
surrealism,
new technologies, space war, spying systems, information warfare,
secret
societies, ... anything interesting! It could be a simple news with
just
an URL, a short text or a long text. Feel free to send us your news.
Again, we need your help for this section. We can't know everything,
we try to do our best, but we need you ... the scene needs you...the
humanity needs you...even your girlfriend needs you but should
already
know this... :-)
1. Speedy Gonzales news
2. One more outrage to the freedom of expression
3. How we could defeat the Orwellian Narus system
4. Feeling safer in a spying world
5. D-Wave computing demonstrates a quantum computer
--------------------------------------------
--[ 1.
_____ _
/ ___| | |
\ `--. _ __ ___ ___ __| |_ _
`--. \ '_ \ / _ \/ _ \/ _` | | | |
/\__/ / |_) | __/ __/ (_| | |_| |
\____/| .__/ \___|\___|\__,_|\__, |
| | __/ |
|_| |___/
_____ _
| __ \ | |
| | \/ ___ _ __ ______ _| | ___ ___
| | __ / _ \| '_ \|_ / _` | |/ _ \/ __|
| |_\ \ (_) | | | |/ / (_| | | __/\__ \
\____/\___/|_| |_/___\__,_|_|\___||___/
_ _
| \ | |
| \| | _____ _____
| . ` |/ _ \ \ /\ / / __|
| |\ | __/\ V V /\__ \
\_| \_/\___| \_/\_/ |___/
-Speedy News-[ There is no age to start hacking ]--
http://www.dailyecho.co.uk/news/latest/display.var.
1280820.0.how_girl_6_hacked_into_mps_commons_computer.php
-Speedy News-[ Eeye hacked ? ]--
snapshot.
-Speedy News-[ Anarchist Cookbook ]--
The anarchist cookbook version 2006, be careful...
http://www.beyondweird.com/cookbook.html
-Speedy News-[ Is Hezbollah better than Israeli militants? ]--
http://www.fcw.com/article96532-10-19-06-Web
-Speedy News-[ How to be secure like an 31337 DoD dude ]--
https://addons.mozilla.org/en-US/firefox/addon/3182
-Speedy News-[ Hi I'm Skyper, ex-Phrack and I like Phrack's design!
]--
http://conf.vnsecurity.net/cfp2007.txt
-Speedy News-[ The most obscure company in the world ]--
http://www.vanityfair.com/politics/features/2007/03/spyagency200703?
printable=true¤tPage=all
A "MUST READ" article...
-Speedy News-[ Terrorism excuse Vs freedom of information ]--
http://www.usatoday.com/news/washington/2007-03-13-archives_N.htm
-Speedy News-[ Zero Day can happen to anyone ]--
http://www.youtube.com/watch?v=L74o9RQbkUA
-Speedy News-[ NSA, contractors and the success of failure ]--
http://www.govexec.com/dailyfed/0407/040407mm.htm
-Speedy News-[Blood, Bullets, Bombs, and Bandwidth ]--
http://rezendi.com/travels/bbbb.html
-Speedy News-[ The day when the BCC predicted the future ]--
http://www.prisonplanet.com/articles/february2007/260207building7.ht
m
-Spirit News-[ Just because we like these websites ]--
http://www.cryptome.org/
http://www.2600.com/
--[ 2. One more outrage to the freedom of expression
by Napoleon Bonaparte
The distribution of a book containing a copy of the Protocols of
the Elders of Zion was stopped in Belgium and France by Israeli
lobbyists.
The authors advance that the bombing of the WTC could be in
relation with
Israel. It's not the good place to argue about this statement, but
what
is interesting is that 6 years after 11/09/01 we read probably more
than
100 theories about the possible authors of WTC bombing: Al Qaeda,
Saoudi
Arabia, Irak (!) or even Americans themselves. But this book
advances the
theory that _maybe_ there is something with Israel and the
diffusion is
forbidden, just one month after its release.
Before releasing this book, the Belgian association antisemitisme.be
read it to give his opinion. The result is apparent: the book is not
antisemitic. The only two things that could be antisemitic in this
book
are:
- the diffusion of "The Protocols of the Elders of Zion" in the
annexe
of the book. If you take a look on Amazon, you can find more than
30 books containing The Protocols.
- the cover of the book which show the US and Israeli flags linked
with a
bundle of dollars.
Actually you can find the same kind of picture on the website of the
Americo-Israeli company Zionoil: http://www.zionoil.com/ . And the
cover of the book was designed before the author found the same
picture on
Zionoil's website.
Also, something unsettling in this story is that the book was
removed
on the insistence of a Belgian politician: Claude Marinower. And on
the
website of this politician, we can see him with Moshe Katsav who is
the
president of Israel and recently accused by Attorney General Meni
Mazuz
for having committed rape and other crimes...
http://www.claudemarinower.be/uploads/ICJP-israelpresi.JPG
So why the distribution of this book was banned? Because the
diffusion of
"The Protocols of the Elders of Zion" is dangerous? Maybe but...
You can find on Internet or amazon some books like "The Anarchist
Cookbook" which is really more "dangerous" than the "The Protocols
of
the Elders of Zion". In this book you can find some information
like how
to kill someone or how to make a bomb. If we have to give to our
children
either "The Anarchist Cookbook" or "The Protocols of the Elders of
Zion",
I'm sure that 100% of the population will prefer to give "The
Protocols
of the Elders of Zion". Simply because it's not dangerous.
So why? Probably because there are some truth in this book.
The revelations in this book are not only about 11/09/2001 but also
about
the Brabant massacres in Belgium from 1982 to 1985. The authors
advances
that these massacres were linked to the GLADIO/stay-behind network.
As Napoleon Bonaparte said: "History is a set of lies agreed upon".
He was right...
[1]
http://www.antisemitisme.be/site/event_detail.asp?language=FR&eventI
d
=473&catId=26
[2] http://www.ejpress.org/article/14608
[3]
http://www.wiesenthal.com/site/apps/nl/content2.asp?c=fwLYKnN8LzH&b
=245494&ct=2439597
[4]
http://www.osservatorioantisemitismo.it/scheda_evento.asp?number=106
7&
idmacro=2&n_macro=3&idtipo=59
[5] http://ro.novopress.info/?p=2278
[6] http://www.biblebelievers.org.au/przion1.htm
--[ 3. How we could defeat the Orwellian Narus system
by Napoleon Bonaparte
AT&T, Verizon, VeriSign, Amdocs, Cisco, BellSouth, Top Layer
Networks,
Narus, ... all theses companies are inter-connected in our wonderful
Orwellian world. And I don't even talk about companies like Raytheon
or others involved in "ECHELON".
That's not new, our governments spy us. They eavesdrop our phones
conversation, our Internet communications, they take beautiful
photos of us with their imagery satellites, they can even see
through
walls using satellites reconnaissance (Lacrosse/Onyx?), they install
cameras everywhere in our cities (how many cameras in London???),
RFID tags are more and more present and with upcoming technologies
like
nanotechnologies, bio-informatics or smartdusts system there is
really
something to worry about.
With all these systems already installed, it's utopian to think that
we could come back to a world without any spying system. So what we
can do ? Probably not a lot of things. But I would like to propose a
funny idea about NARUS, the system allowing governments to eavesdrop
citizens Internet communications.
This short article is not an introduction to Narus. I will just give
you a short description of its capacities. A more longer article
could be written in a next release of Phrack (any volunteer?). So
Narus is an American company founded in 97. The first work of NARUS
was to analyze IP network traffic for billing purpose. In order to
accomplish this they have strongly contributed to the
standardization
of the IPDR Streaming Protocol by releasing an API Code [1] (study
this
doc, it's a key to break NARUS). Nowadays, Narus is also included in
what I will call the "spying business". According to their authors,
they can collect data from links, routers, soft switches, IDS/IPS,
databases, ..., normalize, correlate, aggregate and analyze all
these
data to provide a comprehensive and detailed model of users,
elements,
protocols, applications and networks behaviors. And the most
important:
everything is done in real time. So all your e-mails, instant
messages,
video streams, P2P traffic, HTTP traffic or VOIP can be monitored.
And
they doesn't care about which transmission technology you use,
optical
transmission can also be monitored. This system is simply amazing
and
we should send our congratulations to their designers. But we
should
also send our fears...
If we want to block Narus, there is an obvious way: using
cryptography. Nowadays, it's quite easy to send an encrypted email.
You
don't even have to worry about your email client, everything it's
transparent (once configured). The problem is that you need to give
your public key to your interlocutor, which is not really "user
friendly". Especially if the purpose is simply to send an email to
your girlfriend. But it's still the best solution to block a system
like Narus. Another way to block Narus is to use steganography, but
it's more complicate to implement.
In conclusion, there is no way to stop totally a system like Narus
and
the only good way to block it is to use cryptography. But we,
hackers,
we can do something against Narus. Something funny. The idea is the
following: we should know where a Narus system is installed!
First step. An organization, a country or simply someone should buy
a Narus system and reverse it. There are a lot of tools to reverse a
system, free or commercial. Since the purpose of Narus is to analyze
data, the main task is parsing data. And we know that systems
parsing
data are the most sensitive to bugs. So a first idea could be to
fuzzing
it with random requests and if it doesn't work doing some
reversing. Once
a bug is detected (and for sure, there IS at least one bug), the
next
step is to exploit it. Difficult task but not impossible. The most
interesting part is the next one: the shellcode.
There are two possibilities, either the system where Narus is
installed
has an outgoing Internet connexion or there isn't an outgoing
Internet
connexion. If not, the shellcode will be quite limited, the "best"
idea is maybe just to destroy the system but it's not useful. What
is
useful is when Narus is installed on a system with an outgoing
Internet
connexion. We don't want a shell or something like that on the
system,
what we want is to know where a Narus system is installed. So what
our
shellcode has to do is just to send a ping or a special packet to a
server on Internet to say "hello a Narus is installed at this
place". We
could hold a database with all the Narus system we discover in the
world.
This idea is probably not very difficult to implement. The only bad
thing is if we release the vulnerability, it won't take a long time
to
Narus to patch it.
But after all, what else can we do?
Again, as Napoleon said: "Victory belongs to the most persevering".
And hackers are...
[1] http://www.ipdr.org/public/DocumentMap/SP2.2.pdf
--[ 4. Feeling safer in a spying world
by Julius Caesar
At first, it's subtle. It just sneaks up on you. The only ones who
notice are the paranoid tinfoil hat nutjobs -- the ones screaming
about
conspiracies and big brother. They take a coincidence here and a
fact
from over there and come up with 42. It's all about 42.
We need cameras at ATM machines, to catch robbers and muggers.
Sometimes
they even catch a shot of the Ryder truck driving by in the
background.
People get mugged in elevators, so we need some cameras there too.
Traffic can be backed up for a while before the authorities notice,
so
let's have some cameras on the highway. Resolution gets better, and
we
can catch more child molestors and terrorists if they can record
license
plates and faces.
Cameras at intersections catch people running red lights and
speeding. We're getting safer every day.
Some neighborhoods need cameras to catch the hoods shooting each
other. Others need cameras to keep the sidewalks safe for shoppers.
It's
all about safety.
Then one day, the former head of the KGIA is in charge, or arranges
for his dimwitted son to fuck up yet again as president of
something.
Soon, we're at war. Not with anyone in particular. Just Them. You're
either with us, or you're with Them, and we're gonna to git Them.
Our phone calls need to me monitored, to make sure we're not one
of Them. Our web browsing and shopping and banking and reading and
writing and travel and credit all need to be monitored, so we can
catch
Them. We'll need to be seached when travelling or visiting a
government
building because we might have pointy metal things or guns on us. We
don't want to be like Them.
It's important to be safe, but how can we tell if we're safe or
not? What
if we wonder into a place with no cameras? How would we know? What
if
our web browsing isn't being monitored? How can we make sure we're
safe?
Fortunately, there are ways.
Cameras see through a lens, and lenses have specific shapes with
unique
characteristics. If we're in the viewing area of a camera, then we
are perpendicular to a part of the surface of the lens, which
usually
has reflective properties. This allows us to know when we're safely
in
view of a camera.
All it takes is a few organic LEDs and a power supply (like a 9V
battery). Arrange the LEDs in a circle about 35mm in diameter, and
wire
them appropriately for the power supply. Cut a hole in the center of
the circle formed by the LEDs.
Now look through the hole as you pan around the room. When you're
pointing at a lens, the portion of the curved surface of the lens
which
is perpendicular to you will reflect the light of the LEDs directly
back at you. You'll notice a small bright white pinpoint. Blink the
LEDs on and off to make sure it's reflecting your LEDs, and know
that
you are now safer.
Worried that your Internet connection may not be properly monitored
for activity that would identify you as one of Them? There are ways
to
confirm this too.
Older equipment, such as carnivore or DCS1000 could often be
detected
by traceroute, which would show up as odd hops on your route to the
net. As recently as 2006, AT&T's efforts to keep us safe showed up
with
traceroute. But the forces of Them have prevailed, and our
protectors
were forced to stop watching our net traffic. Almost. We can no
longer
feel safe when seeing that odd hop, because it doesn't show up on
traceroute anymore.
It will, however, show up with ping -R, which requests every machine
to add its IP to the ping packet as it travels the network.
First, do a traceroute to find out where your ISP connects to the
rest
of the net;
[snip]
5 68.87.129.137 (68.87.129.137) 28.902 ms 14.221 ms 13.883 ms
6 COMCAST-IP.car1.Washington1.Level3.net (63.210.62.58) 19.833
ms *
21.768 ms
7 te-7-2.car1.Washington1.Level3.net (63.210.62.49) 19.781 ms
19.092
ms 17.356 ms
Hop #5 is on comcast's network. Hop #6 is their transit provider. We
want to send a ping -R to the transit provider
(63.210.62.58);
[root@...ack root]# ping -R 63.210.62.58
PING 63.210.62.58 (63.210.62.58) from XXX.XXX.XXX.XXX : 56(124)
bytes
of data.
64 bytes from 63.210.62.58: icmp_seq=0 ttl=243 time=31.235 msec
NOP
RR: [snip]
68.87.129.138
68.86.90.90
4.68.121.50
4.68.127.153
12.123.8.117
117.8.123.12.in-addr.arpa. domain name pointer
sar1-a360s3.wswdc.ip.att.net.
An AT&T hop on Level3's network? Wow, we are still safely under the
watchful eye of our magnificent benevolent intelligence agencies. I
feel safer already.
--[ 5. D-Wave demonstrates a quantum computer
by aris
February the 13'th, 2007, Wave computing made a public demonstration
of their brand-new quantum computer, which could be a revolution in
computing and in cryptography in general. The demonstration took
place at Mountain View, Silicon Valley, though the quantum computer
itself was left at Vancouver, remotely connected by Internet.
The Quantum computer is a hybrid construction of classical
computing and
a quantum "accelerator" chip: The classical computer makes the
ordinary
operations, isolates the complicate stuff, prepare it to be
processed
by the quantum chip then gives back the results. The whole mechanism
is meant to be usable over networks (with RPC) to be accessible for
companies that want a quantum computer but can't manage to handle it
at their main office (The hardware has special requirements). [1]
The quantum chip is a 16 Qbits engine, using superconductiong
electronics.
Previous tries to do quantum computers were made previously, none
of them
known to have more than 3 or 4 Qbits. D-Wave also pretends being
able
to scale that number of Qbits up to 1024 in 2008 ! That fact made a
lot
of people in scientific area skeptic about the claims of D-Wave.
The US
National Aeronautics and Space Administration (commonly known as
NASA)
confirmed to the press that they've built the special chip for D-
Wave
conforming their specifications. [2]
Now, how does the chip works ? D-Wave hasn't released that much
details
about the internals of their chip. They have chosen the
superconductor
because it makes easier to exploit quantum mechanics. When atoms
are
very cold (approaching the 0K), they transform themselves into
superconducting atoms. They have special characteristics, including
the
fact their electrons get a different quantum behaviur.
In the internals, the chips contains 16 Qbits arranged in a 4x4
grid,
each Qbit being coupled with its four immediate neighbors and some
in
the diagonals. [3]
The coupling of Qbits is what gives them their power : a Qbit is
believed to be at two states at same time. When coupling two Qbits,
the combination of their state contains four states, and so on.
The more Qbits are coupled together, the more possible number of
states
they have, and when working an algorithm on them, you manipulate all
of their states at once, giving a very important performance boost.
By
its nature, it may even help to resolve NP-Complete problems, that
is,
problems that cannot be resolved by polynomial algorithms (we think
of large sudoku maps, multivariate polynomial systems, factoring
large
integers ...).
Not coupling all of their Qbits makes their chip easier to build and
to scale, but their 16Qbits computer is not equal to the
theoretical 16
Qbits computers academics and governments are trying to build for
years.
The impact of this news to the world is currently minimal. Their
chips
currently work slower than a low-range personal computer and costs
thousands of dollars, but maybe in some years it will become a real
solution for solving NP problems.
The NP problem that most people involved in security know is
obviously
the factoring of large numbers. We even have a proof that it exists
a *linear* algorithm to factorize a multiple of two large integers,
it is named Shor's algorithm. It means when we'll have the hardware
to run it, factorizing a 1024 bits RSA private key will only take
two
times the time needed to factorize a 512 bits key.
It completely destroys the security of the public cryptography as we
know it now.
Unfortunaly, we have no information on which known quantum
algorithms
run on D-Wave computer, and D-Wave made no statement about running
Shor's algorithm on their beast. Also, no claim have been given
letting
us think the chip could break RSA. And for sure, NSA experts
probably
already studied the situation (in the case they don't already own
their
own quantum computer).
References:
[1] http://www.dwavesys.com/index.php?page=quantum-computing
[2] http://www.itworld.com/Tech/3494/070309nasaquantum/index.html
[3] http://arstechnica.com/articles/paedia/hardware/quantum.ars
--
Best Commodity Trading Platform - Free Tools. Click Now!
http://tagline.hushmail.com/fc/CAaCXv1KfUS6Z1ptEXNTHEkvEbkHLqtZ/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists