lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <46E96C35.9060502@infiltrated.net>
Date: Thu, 13 Sep 2007 12:58:29 -0400
From: "J. Oquendo" <sil@...iltrated.net>
To: Robert Lemos <lists@...ertlemos.com>, 
	full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Pro US government hackerganda

Robert Lemos wrote:

> In this case, without judging how truthful the Chinese are being

Hackerganda... Buzzword? Who cares. Lets play Politrix, here goes...

"China has downloaded 10 to 20 terabytes of data..." said Maj. Gen.
William Lord, director of information, services and integration in the
Air Force’s Office of Warfighting Integration and Chief Information
Officer, during the recent Air Force IT Conference in Montgomery, Ala.
(http://www.computerworld.com/blogs/node/3320)

1) 10 - 20 terabytes? Undetected? What a marvelous feat. What kind of
connection did they have to do this without being detected since they
bbviously they went undetected for at minimum, 10 terabytes of data
according to this quote. Who was watching logs? Were they asleep at the
wheel too a-la 9/11 pseudointelligence agencies. Maybe China borrowed
Peter Lothberg's mothers backbone to do this
(http://slashdot.org/articles/07/07/12/1236231.shtml)

2) Notice how the remainder of the quote was left off? Here it is in
full: “China has downloaded 10 to 20 terabytes of data from the NIPRNet
(DOD’s Non-Classified IP Router Network),”  Funny NIPRnet is unimportant
information in fact a majority of it can be found via
www.google.com/unclesam


Outside of this play on words in all honesty if the US government gets
its information stolen then they deserve it. What the hell am I paying
uber taxes for outside of the War in Vietnam2k.

Here is a "story" since people will make what they want out of it. Story
goes, a friend was talking to another friend who happened to be a
platoon leader in Iraq. The military friend spoke in angst to his friend
because his squadron was sending out orders to each other pre-tour via
hotmail and IM. Secret, Top Secret information... All went out via non
secure channels. Hows that for security.

How about those moronic diplomats who confused anonymity with security
and were logging into their email accounts with a tor proxy. Hrmm...


torny# whoami
root
torny# cd /usr/local/squid/logs/
torny# ls -ltha cache.log
-rw-r-----  1 squid  squid    40K Sep  6 09:49 cache.log
torny# ls -ltha store.log
-rw-r-----  1 squid  squid   602K Sep 13 11:16 store.log
torny# tail -n 2 store.log
1189611525.071 RELEASE -1 FFFFFFFF B8721ECBA84E697E3D431CC57BEF9972  200
1189611784        -1        -1 text/plain -1/138 GET
http://www.google.com/tools/swg2/update?
1189700157.679 RELEASE -1 FFFFFFFF 28228FB9480AEE7916FD738A209C6027  200
1189700417        -1        -1 text/plain -1/138 GET
http://www.google.com/tools/swg2/update?

Funny thing is I leave this opened purposely as part of a honeypot.
Never have I used my squid proxy server but guess what:

torny# grep login store.log
1187186702.458 RELEASE -1 FFFFFFFF 0EE6D49B3E4BA072166EBF15AAF26ABE  200
1187187634        -1 375007920 text/html 599/599 POST
http://xxx.xxxxx.mil/mail/login.asp

Wait... Am I running an analyzer!@^@%$ ... The government needs to get
their stuff together period. As for the "hey chinese hax0red our
google.gov toolbar" ... "no USA hacker Chinese Great Steamed Dumplings"
BS its all political chess. If the US truly wanted to stop it they COULD
(note the word COULD), question should be do they really want to or are
they (the US) simply filling these "vulnerable" machines with honeypot
garbage material.


-- 
====================================================
J. Oquendo
"Excusatio non petita, accusatio manifesta"

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E
sil . infiltrated @ net http://www.infiltrated.net



Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5157 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ