Cuil Not Kewl
Cuil claims to be a more comprehensive search than Google. It has 120 billion web pages in its index. The word cuil is supposed to sound like kewl. Cuil is an old Irish word meaning knowledge or wisdom. It does not collect information on its users like Google does. The site was unleashed on Monday, when the servers powering it crashed under a heavy load.
The company behind Cuil was formed in 2006 by ex-Google employees. Currently it has 30 employees. It has raised around $33 million so far from investors. The company claims that it searches three times as many pages as Google, but does it with less servers.
I do not know the extent of Cuil's capabilities. The search engine had exactly one chance to make a first impression on me. So I search for black of hat. Cuil could not find my blog. I then searched for "black of hat" in quotes. Cuil was still unable to show my blog in their search results. So I popped over to Google. My blog is listed on page 1 for a Google search of "black of hat". For now I am sticking with Google. Enough said.
Member of the A Team
This guy must have had the best legal representation. He was never convicted of any crimes. He walked away with an 11 thousand dollar fine. That would amount to little more than a slap on the wrist. Here is where the story gets interesting. Apparently there were many companies that wanted this hacker to work for them. This included companies whose information systems he had hacked. The real amazing feat is that companies were willing to pay this hacker the big bucks to come work for them.
Perhaps this is not too surprising. If you really want to keep your systems secure, what better a way than hiring the best people who know how to break into your system. I guess this is the hacker dream. Either write some progs that get you a lot of money. Or write progs that make you famous and get you the high paying job.
There must be a lot of money in the credit and greater financial industry. So there should be funding to pay individuals like the superman foreign hacker. I wonder if the antivirus industry also employs individuals like this. So far I have only demonstrated on my blog that I can write some programs. So that might only qualify me for a normal programming job. No big bucks there. I imagine that I need to write some more ambitious or profitable code. Time to go to the think tank and figure out which programs they would be.
Loopback IP Address
In case you do not know, 127.0.0.1 is a special purpose IP address. It is the loop back IP address. It bypasses the network interface hardware and resolves to the localhost. In other words, this IP address is the address of your computer. I am sure you can browse what is on the loopback IP address. It is provided so that you can test our things with a real IP address that does not actually go out to the network. It is just an IP address which is your machine.
With the advent of IPV6, 127.0.0.1 is no longer valid. But the joke still packs a punch for those who know. Besides it does not sound cool to say my IP address is 0:0:0:0:0:0:0:1. It just does not have a nice ring to it. Plus the dummies who are posing as hackers (aka script kiddies) might not even recognize this as an IPV6 address.
The good thing about this magic number is not that it weeds out fakers who know nothing about TCP/IP. The good thing is that is helps you find people who might actually want to talk a little shop talk. Chance are if somebody laughs and knows what the loopback IP address is, they also know a good deal about other interesting technology. Now when you are chatting online you might not want to identify and chat up some other nerds. But then again, sometimes you may just want to easily see who else is wearing a black of hat.
DLL Injection
The crux of the hack was to perform DLL injection for any poker application processes to keep track of all file input and output. Specifically he wanted to know which files were being created by the poker applications. So essentially he wrote his own version of CreateFile, which any poker app will eventually be called, injected his version of this function into the poker app, then passed the results to his monitoring application. I will say that I have heard about DLL injection before for other type of monitoring such as keyboard logging. But I thought this was a brilliant idea for keeping track of what files an application is creating.
Along the same lines as tracking which files are being created by the poker app, James used DLL injection to spy on all the other type of file I/O being performed. So he knew what data was being written to files. He knew what data was being read from files. The trick was to write his own version of the ReadFile and WriteFile operations, inject his versions in the poker app, and record the results. This is almost not fair. On the Windows system, an application must used these primitives to conduct input and output. It is just the way Windows works. Of course an application that wants to be secure can try to detect such DLL injection techniques. However from a programmatic standpoint this is not easy. The replaced I/O function mimic the behavior of the real ones from an outside point of view.
Good work James. I think I shall keep a watch on Coding the Wheel for other innovative hacks.
Eight Ball
One thing I noticed about this blog was that the ads on the right hand side got repeated three times down the page. I did not think this was done intentionally. The ads were supplied by Google AdWords. I like when people maximize their earning opportunities with AdSense. So I actually got in contact with Kasper to let him know about this. The other weird thing about the ads were that they did not correspond closely with the subject of his blog post. This is most likely due to Google’s matching algorithm, and not Kasper’s blog post. I guess I could also contact Google about this mismatch.
My girl is always asking me to challenge her with cool puzzles like this. Perhaps I will try to recount this particular Eight Ball puzzle for her. I have frequently found that people who ask me about this puzzle have a good time when I get the answer wrong. They usually try to guide me to the correct solution. I think in the future I shall purposely get the answer to this question wrong to promote good discussion.
Here is a shout out to Kasper Graversen for a nice blog post. Although Kasper himself is not allowed to say so, you should click on some of the ads on the right hand side of his web site. Kasper most likely gets a little cash each time this happens. Hopefully Google will not constitute my words here as a violation of their AdSense policies. In the effort of full disclosure, I used to have AdSense on my blogs until I got dropped by Google. So I have a little insight into the matter.
Awesome Demo
A funny piece of the demo that continues throughout the whole thing is a bunch of kooky music that plays in the background. There are some non-trivial graphics produced such as reflections of some flames in what looks like some water. I saw a bunch of dots moving in what I assumed to be a stellar voyage of some sorts. The demo had a bunch of complex 3-D spinning as well. The graphics themselves appeared to be a rather low resolution (since at times I could see the actual pixels). This did not distract from the greatness of the demo though. And regardless of the resolution, the graphics seemed to match the music that was being played.
Some of the things that impressed me were the moving camera angles for the scenes that were being displayed by the graphics. There were a lot of amusing messages placed in the demo. For example, there were a bunch of shout outs to lft’s friends. The text often had different effects applied, like some dancing characters at times.
I have seen some other demos before. This one ranks up with many of the better ones I have seen. In the past, I have seen demos written for a PC with minimal resources. For example, I saw demos of apps that ran in as little as 64k of code, or even 8k of code. The unique part of Craft was that it was all done on custom hardware developed by lft. My hat is off to the superhero known as lft. Good work man.
Eric Raymond FAQ
One comment from Eric was to write software and give it away for free. Don’t get me wrong. If I could get rich by writing code and charging for it, I would do it. For now I am posting most of my good and new programs here on my blog. So I meet this criteria. I should point out that Eric owns a company which sells software. So perhaps he himself is not necessarily a top hacker. LOL. Another recommendation from Eric was publish useful information. I author a number of blogs. Some of the posts to these blogs are just rants. But I got to hope that some of the information is very useful in a hacker sort of way. So I have maybe 2 of the many traits of a hacker. I am not losing any sleep about my status though.
The funnier part of the FAQ were in the section that described what you should not do. Eric seriously advises against obtaining a silly user ID. Well I might be a little guilty of this one. For instance, right here I am “Black of Hat” or Xero. A little silly I agree. However I do not go by the code eLitehaCkerz or anything weird like that. The second caution from Eric was to not write posts/emails with poor grammar and spellings errors. I almost always agree with this sentiment. There is one exception to this rule in my blogs. I am know as Rawk Starr in one of them. And I will confess that Rawk writes in the worst English and has atrocious spelling. However Rawk is not posing as a hacker so I think I should be OK there.
In the old days I used to chat online and find a lot of self proclaimed hackers. As a joke, I would often tell them my machine IP address is 127.0.0.1, and challenge them to hack my machine. Of course the joke would be on them if they hacked this IP address. That alone might be the source for another blog post.
Legend of Mitnick
Mitnick is widely known for being prosecuted for hacking computers back in the 1990’s. He was arrested in 1995 after a two year search for him had been conducted. Mitnick spend over 4 years in jail prior to be tried in court. By 1999 he signed a plea bargain and was sentenced to 5 years in jail. Luckily they counted the 4.5 years he spent in jail prior to being sentenced. Mitnick claims he was denied bail, and that he was held in solitude for 8 months.
There are a lot of rumors surrounding the facts of Mitnick’s hacking and subsequent arrest. For example, it is rumored that he hacked NORAD, giving rise to the movie War Games. Many sites also state that Mitnick was on the FBI’s 10 most wanted listed before he was apprehended.
Mitnick has become a cult hero for hackers. He has reportedly gone by the handle “The Condor”. He now calls himself a retired hacker, and does work under his company Mitnick Security Consulting. He accuses the government of making an example of him. In the past he had amassed a great deal of supporters. Mitnick never denied some of the facts surrounding his hacking. But he, along with many others, believes his punishment was too hard and did not fit the crime he was accused of.
Along with security consulting, Mitnick frequently does public speaking and interviews. I was especially interested in his advice on how to avoid being hacked. Who better than a hacker to get protection advice from? He advises users to conduct frequent backups. He also advocates use of a firewall. Mitnick strongly recommends applying all security patches to your operating system and software. Finally, Mitnick recommends a host of software such as AVG or Norton, PGP, and SpyCop. Time to download some of these goodies.
DNS Rebinding Attack
It seems that other trade presses were reporting this same story. I obtained a lot more information from a Network World magazine article online. An alert about the problem was issued by the Computer Emergency Readiness Team (CERT), which is part of Homeland Security. I further found that Dan Kaminsky’s official title at IOActive is “Director of Penetration Testing”. The patch for the problem was released on July 8th. There was impressive multi-vendor coordination due to the severity of the weakness. If the problem was not patched, it could have led to web outages.
I benefited by reading the original alert issued by CERT. It labels this weakness “Cache Poisoning” or Cache Pollution. It did not come out and say it, however I think the TCP/IP transaction ID field which is problematic is actually named TXID. The TXID is a 16 bit field. However some DNS implementations were not using the full 16 bits, making it easier to spoof the numbers.
Kaminsky got kudos from the black hat community for his responsible disclosure of the weakness. It seems he could have sold this information to evil hackers for a large sum of money. I hope this gives the guy some credibility. Since he did not initially come out and provide all the details of the bug, it was hard to tell whether the problem was just a lot of hype. However it seems that the select few who got the details so they could develop patches took the guy seriously.
Hard Core
Most of the people who responded recommended that this guy go back to college and get a degree. In the long run, this will help his career immensely. I agree. You might learn a little bit a college. However there are many opportunities which absolutely require a college degree. The fact that you managed to go to college and get a degree says something in and of itself. Some other readers advised the young developer to go back out and find another programming job. This can be done. But it is not easy. The guy will not get the same respect that he would if he had a college degree. This is the hard truth. So you got to play the game.
I felt for the guy who was reaching out for advice. It appeared he taught himself programming well enough to hold a development job. And he really wanted to do the right thing and go to college. Here is how I know this guy must be hard core. He stated that he passed up spending time with a cute girl because it cut into his development time. This comment got him blasted by a few readers. Yeah he may someday look back and regret that decision. But to me it shows quite a level of commitment to the craft. I have a feeling that this guy is going to be OK. When you are that hungry to code, it is going to take a lot to stop you.
Good luck dude. May the force be with you. Go get your bachelor’s degree.
Captcha Cracked
Now I am not sure if web sites have given up on the war against spam. I hear that even audio CAPTCHAs are broke. It might be inevitable that this was going to happen. Computers can be programmed to do amazing feats. But it often takes drive and motivation to overcome hard tasks. This can be translated into the need for money to fund these activities. Perhaps it has become very valuable to crack the CAPTCHAs. Therefore the price to break them was high enough to spur on some hackers. I cannot imagine why this has been posted for free. Maybe somebody is trying to get famous.
This reminds me of a request for bids on one of the freelance programming sites. Somebody was willing to pay between $50 to $100 to devise a program to break a certain CAPTCHA. I guess now there is no need to pay. There may be some hope. I tried to do a quick Google search on cracking CAPTCHAs. All I got back was a bunch of articles on cracking. It was interesting that many articles stated that tough CAPTCHAs were cracked using humans in the loop. For example, hackers would create a game in which players needed to break the CAPTCHA supplied by the program.
I think I might try to write my own software to break a simple CAPTCHA. And I will keep you posted on my findings.
Admin in Prison
Now I do not feel too much pain for this guy. Apparently he makes $126k a year. And last year he made a $22k bonus. That is truly some large bank. But here is the funny part. The guy had some problems at work. He was reprimanded a couple times. And I hear they tried unsuccessfully to fire him. These facts do not add up though. What kind of guy who you want to fire gets a massive $22k bonus? Maybe they are covering something up about the story.
This guy has enough cash to hire himself a lawyer. Not sure what kind of defense he can use. I guess he can say that he forgot his password. But the jury is not going to buy that. Perhaps he can make some counter suit and say they had it out for him. This is still not the way to go. You should not have to divulge your secret password. Then again you should not reset everybody’s password and lock them out of the system. There was obviously a lack of checks and balances at this location. You cannot let just one sys admin have the only admin password. Otherwise you might find yourself getting locked out like this guy.
I recall one time I talked a backwards company into giving me some Internet access. We set up an account with an ISP. When I left, they asked me to cough up my password. I protested saying that was not appropriate. However I gave them instructions to contact the ISP and either drop the account, or have the ISP reset my password. I was not going to cough up my password at any cost though. It did not affect the company. This account was set up solely for my Internet access. That they wanted my password was evidence enough that this was indeed a backward company.
Zero Day Exploits
All software has vulnerabilities. Sometimes when these vulnerabilities are discovered, their existence is published. Then normally software manufacturers release patches that fix and remove the vulnerability. However there exist some such threats that have not been made public. These holes are thus not patched by the software vendors. They can be used to attack systems. It is these unpatched holes that are called Zero Day Exploits.
The curious thing about such Zero Day Exploits is that it is not necessarily illegal to sell information about them. In fact, legitimate companies and/or governments do pay for information about them. Obviously there is something a little sketchy about this business. However I do not think the sale of them break any laws. According to the Fast Company magazine article, this stance on its legality is shared by the Electronic Frontier Foundation as well.
I imagine there is a fine line between the world of information security and the black hat. The people making the large money by selling Zero Day exploits are doing so as a business venture. Yes maybe these people are small operations in terms of personnel. But the amount of money transferring hands is not. Fast Company states that the right exploits can fetch well into the 6 figures range. This may even be a viable business venture. Why else would a magazine like Fast Company be covering it?
Stock Profit
There was a lot of trading and volatility in both of these stocks today. So I found myself checking the stock price every hour or so. Then I had to take into account my purchase price for both stocks to compute my profit for these stocks. These computations got old really quickly. Why shouldn’t I write a computer program to do this for me automatically? Now that I think about it, I did once write a program like this to calculate my profits (eventually losses) from purchasing Movie Gallery stock. Here is a screen shot of that program.
I now recall that I got tired of looking up the current trading price of Movie Gallery stock. So I added in a feature whereby the program automatically visited Yahoo Finance and pulled the latest price for me. The problem with this program is that is was hard coded for Movie Gallery stock. And it only supported profit computation for one stock at a time. What I really need to a portfolio profit calculator program. It will allow you to input the stocks you have purchased, along with the purchase prices. It will then grab the recent stock price and compute your overall profit.
Yes I know that brokerage web sites already do this for you. But I do not want to log into those sites and enter my credentials on any computer other than my locked down home computer. However I still would like a daily update of my profitability. Thus I need a flexible program to be written. Maybe I can carve out some time to do this soon. With the wild price swings of Fannie Mae and Freddie Mac, I am going to need this program pronto.
As a final note, I remember in the really old days I coded up a really simple version of such a program. I have since lost the source code for that program. It was called ka-ching, because every time you ran it, it would make a ka-ching money sound if it computed a profit. Isn’t that funny? Conversely this program would make a toilet flushing sound if it computed a loss for your stocks. In my current work environment, I am going to have to pass on the sound effects.
Hottest Blogger
I would not be disappointed if Geoffrey Ellis won too. She has a full figure if you know what I mean. Too bad Geoffrey has already declared that she shall never pose naked for Playboy. But I wonder if she might be persuaded if the stakes were high enough. I cannot help but think that most of these females are taking advantage of their looks to improve their marketability in the marketplace. Why not take it to a whole new level by posing for Playboy?
The real bonus would be if all nine would pose for one issue of Playboy. That would be an issue that you would need to run out and buy. Don't you agree?
No Pay Classifieds
Apparently the no pay classifieds site is a front end to a big database that will serve up free ads specific to your geographic location. I was not about to type in any information about where I live. This site was founded by a guy advertising in a hacker magazine after all. So I tried to do some searches without entering my address. I never got any results. Now I am not sure if this is due to the fact that I did not enter my location information, or whether the site was broken. All I know is that I cannot in good faith recommend the site to anybody.
The site itself was not the real news story here. The real kicker was the story about the founder John Lambros. This guy has a huge web site documenting his bad experience in Brazil. Apparently this United States citizen was in Brazil and got arrested. A bunch of Brazilian lawyers proceeded to milk John and his family of a lot of money. They John claims he was tortured while in prison in Brazil. Furthermore John says they implanted a device in his brain to monitor and control him. Finally he was extradited to the United States where he is serving a very long prison sentence. John’s conclusion in the matter is that everyone should boycott Brazil as a result of his times there.
I have to give it to this guy. He has a huge amount of documentation published on the web about his story. There are a lot of copies of legal matters in the courts. And there is even an x-ray photograph of his brain implements. Now I cannot say for sure which if any part of his story is true. But the whole thing comes off as being crazy. The part about the brain implant drove it over the top. If you really want to get a taste of what I am talking about, do a Google search for boycott Brazil and you will see what I mean
Honeypot
Basically the idea is to install a fresh version of Microsoft Windows. Then you customize the machine to look like a real machine by doing things like setting background wallpaper, adding some documents, etc. You make the machine vulnerable by changing the passwords to the word password. Finally you connect the machine to the Internet and wait for it to be infected with botnet malware.
The goal of this exercise is to monitor and analyze the techniques used by botnet installers. At some time in the future you can unplug the infected machine from the network, and see what types of nasty programs have been secretly installed. This sounds like a lot of fun. I am sure I can scrounge up an extra machine to use for this purpose.
I was thinking that I could take a more active approach to get bad programs installed on my computer. For example, I could search the Internet for evil programs that I could run on my machine. These are the ones that you normally want to avoid on your real machine. However I figure I could expedite the installation of malware by doing this. Then I could isolate the machine and find out what type of hacks had occurred on my machine.
Thanks to L0j1k (http://www.l0j1k.net) for sharing such an informative and interesting article.
Working on the Cleaner
The problem with copying code to the network is that it is sometimes slow. My code is usually already compiled. That means there are a lot of large binary files located with my source code. The other developers do not need the binaries. They can compile the source code themselves and get the binaries if they want them. So I usually spend a lot of time going through my directories removing the binaries to speed up the copy time. That is where I got the inspiration for my latest program "Cleaner".
Now the alpha or beta version of Cleaner that I have now is not ready for distribution. It is too specialized. And I have to make code changes just to get it to clean the right folder on my computer. However I plan to generalize the problem and post it here some time in the future. I envision this to be a general purpose program to free up space on your hard drive. Yes I know hard disk space is cheap. But when you need to do things like copy the code somewhere, space becomes important.
Cleaner is a good opportunity. I need it for work so I can code it up when I am on the clock at work. But I find no reason not to share it with the world. Although my company or its customers may own the rights to Cleaner, I do not think they will exercise that right and restrict me from posting it here. I might have to check with the legal department on that. In the mean time, get ready for Cleaner coming to a web site near you.