Chick Virus Writers

I read this interview with a female hacker. She writes viruses and is a freelancer. She goes by the handle hh86. Credit to SPTH for the original interview.

So hh86 says that her friends really don't know she is a virus writer. Incognito. Nice. She is hard core in that she writes her viruses in assembly language. Writing with compiled languages is restricting for her.

Shrug for the 64 bit Windows platform is a virus she admires. She is author of the Delae family of viruses. These are ones with names that start with w32.

One of hh86's techniques is to obscure the entry point of her viruses. Unlike other virus authors, she does not do IRC much. She is in contact with antivirus peeps.

Look for a new zine to be released by hh86 next month.

Find Your Foe

Continuing from my last post, I learned a few tricks by watching some video from DefCon 18. Everyone has a web browser. You can use the browser to deliver software to users.

FaceBook has a feature where the client checks whether a user's friends are online or not. This is just an HTTP request to FaceBook. Good stuff to know.

Here was the finale of the talk I watched. Create a web page with malicious code. Have a piece of JavaScript that inquires the MAC address of the user's router.

The MAC address is set in hardware. It cannot be changed. Once you have the user's MAC address, you can send it to Google. Then Google will tell you where the router is located geographically. Bamm. You can track the people who come to your web paged. Owned.

Cracking the FaceBook Session

Just watched a 3 part series on YouTube. It was from DefCon 18. Dude was looking to exploit another guy on FaceBook. He noted that FaceBook uses PHP. And PHP is open source, including its session management code. When you log into FaceBook, you get a session which is nothing more than a random string.

The session string is stored as a cookie in your browser. PHP session creation uses a 160 bit string. It would take millions of year to brute force such a string. However you can study the properties of the string to narrow down the possible values it might contain. Then you can narrow down the bits that are truly random, and break down the door.

One part of the string is the IP address. You can grab this by sending a person to your web site. Another piece of the string are two random number seeded with the web server start time. Cause the server to reboot, and you will approximately know when the start time is.

So after narrowing down the cookie, our friend managed to narrow the random bits down from 160 to 20. Now 20 bits can be cracked in a few seconds. He measured that it takes on average 500k attempts to guess 20 bits of random numbers. Good stuff. Getting back to FaceBook, they actually use a modified version of PHP called Hip Hop. And after our boy figured out how to crack the session cookie, PHP was patched to make it harder to crack.

Maybe next time I will also go over how this dude can figure out where you are geographically located by hacking your router. I love it.

Phony Checks

I just read this doozy of a story. It was from way back in 1995. A dude got a piece of junk mail with a $95,000 check in it. The check had the words non-negotiable written in the corner. So the guy goes to his ATM and deposits the check. 10 days later, the money is still in his account. A teller from the bank says the money is his since it has been over 10 business days and the check had not been returned. This is a synopsis of the Midnight Deadline.

The dude did some researching on check validity. The authority on this subject if the banking book by Brady. It states what a check needs in order to be valid. Just because a check has the words non-negotiable on it does not make it invalid. So the guys thinks about trying to get the $95k out of his account in cash. But that is a big process because banks usually don't dole out so much cash. Instead he gets a cashiers check.

Over a month later, a security officer from the bank accuses the guy of fraud. However all checks are initially assumed to be valid. The bank must server the depositor a notice of dishonor in a timely fashion. This was obviously not the case with this guy (it had been over a month). The guy decides he wants to get the Wall Street Journal to do an article on him. It takes a long time for that article to make it to print.

The guy decides to put the story on his own web site. His bank account gets frozen. His ATM card gets confiscated. He tries unsuccessfully to reach the president of the bank. In the end, he winds up negotiating with senior counsel from the bank. He can't get any photographers in the bank on the day when he hands the cashiers check back to them. It is too bad he did not try to keep the money in the end. He had a good legal ground to stand on. If he did not want the money himself, he could have given it to charity.

Prison Break

Let's talk about getting out of prison. No. I am not talking about breaking out. I mean serving your time and being released. If you remain on good behavior, you will accrue 54 days off per year. These can add up if you spend many years in the slammer.

You can normally serve the last portion of your sentence in a Community Corrections Center (CCC). This is a house out in the city. You get to work a job. But you must spend nights and weekends back at the house.

Do well at the CCC, and you may be able to serve the very end of your sentence under house arrest. After you are out, you must report to your probation officer frequently. Try to stay out of trouble. Sooner or later things will lighten up. Ok. I have been going over the highlights of what I know about the big house. Time to return to more hackology like coding mad apps.

Prison Life

Here are a bunch of tips to guide your life behind bars. Don't threaten other prisoners. If you want to make an impressive, be like Nike and just do it. You know what they say. Actions speak louder than words.

When you do have a beef with another prisoner, don't involve the guards. That makes you seem like a snitch. Nobody likes a snitch. If your problem involves a guard, then you can submit a complaint.

Complaints against guards or other prison employees will take a long time for resolution. To maximize the chance that your complaint will be effective, keep it short and specific.

Finally let's talk about solitary confinement. You get put into "the hole". It is a small area. Most everything is concrete, except your toilet and bed, which are steel. It is cold in there. The food you get fed is minimal and also cold. Normal punishments get you into the hole for 1 week.

Federal Bureau of Prisons

There are a whopping six different levels of security in the federal prison system. A designator at the prison will figure out what level you start out at. Let's get into the different levels.

1. Minimum - This is for short sentence convicts. There is no fence to keep you in. If it is your first time, you will probably wind up here unless you were convicted of a violent offense.

2. Federal Correctional Institution - You are fenced in here. You got sharp stuff at the top of the fence to prevent you from climbing over.

3. Medium Federal Correctional Institution - There are extra guards on duty here. Inmates are serving long sentences. You don't get to move around as much compared to the lesser security prisons.

4. High Federal Correctional Institution - More oversight by guards. Less movement by inmates. Very long sentences served by inmates.

5. United States Penitentiary - The real bad guys are kept here. You cell mates will be murders and such. They don't use a fence to keep you in. There is a very high brick wall surrounding the prison. If you make it in here, you may get roughed up bad by other prisoners.

6. Supermax - Also known as Max. You are always stuck in your cell. If you need a shower, you get a sponge and some water. If you must leave your cell, you are cuffed and escorted by a lot of guards.

Surveillance and Defending Yourself

If the Feds need hard evidence on your, they can do a wiretap. This requires a court order. It is also expensive to operate. There are some devices you can buy that detect whether you are under surveillance.

Before sentencing you meet up with a probation officer. That title is a bit misleading. Their job at this point has nothing to do with probation. They write up a report which is supposed to be a comprehensive profile of you. Make sure you have your lawyer present during this interview.

Lawyers cost a lot. If you cannot afford one, your best bet is to study up yourself. This is good advice even if you must rely on the public defender. Buy a couple of the great books such as The Prisoners Self Help Litigation Manual. You should also pick up Federal Sentencing Guidelines, as well as Federal Criminal Codes and Rules. You got to lean the rules of the game before you can play ball.

Jails and Sentencing

Not all jails are created equal. County jails are rough. You might spend some time there before you get sentenced. State prisons are also hard core. In general it is better to go to federal prison.

Here is the trade off. If you do serve time at a tough state prison, you will most likely serve a shorter sentence. The federal prisons are better to be in, but you will probably spend more time there.

Let's switch gears and talk about how to handle yourself when you are charged. Don't say anything. Speak only with your attorney. Anything you say will only count against you.

If people do snitch, the only ones that benefit are usually the first ones to talk. So if you are going to be a rat, do it early. I don't recommend it though. Providing useful information to the FBI might get you a sentence reduction. Hope for upwards of half your sentence eliminated. In reality you will only get about a third of your sentence chopped.

Bail and Sentencing

Much of your court success will depend on the skills of your attorney. Here is a hint. You should not use the public defender. Instead you got to hire your own lawyer. The problem is that they will cost you a whole lot of cash. We are talking $100k or more.

It is good to know a lot about the laws and court yourself. Here are some tips if you are going to sign a plea agreement. Try not to sign away your right to an appeal. Later you might find a way to lesson your sentence. Have a list of issues you can appeal ready during your sentencing. Bring these issues up at sentencing. Follow through by filing a notice to appeal. Do this quickly after your sentencing.

There are some factors that might extend your sentence. If you are highly skilled, and your used those skills to hack, you get extra time. Now let's talk a little about bail. You get locked up as soon as they come to collect the evidence and yourself. In general, you do not get released on bail. That is a low probability event. If you do make bail, it can take weeks to process the bail papers.

Prison Guidance

I just read a huge file on what to do when you get arrested for hacking. It was written by a dude who served 42 months in the pen. Some advice was common sense. For example, try not to pick enemies. However there was some advice that shows true insight. You should not join a group or gang. It will only count against you.

Get ready for the press to lie about you. Trust no one. You are probably being arrested because you allowed somebody else to know what you were doing. If you do get caught, you had better have studied up. It might reduce your sentence by half or more.
After you have been convicted of some crime(s), they will calculate the duration of your sentence. Here is the freaky thing. The length of your stay will not only depend on the crimes you have been convicted of. It might might also include other crimes that were not even brought forth against you.

Get a lawyer. The best bang for your buck will be one that specializes in sentencing. It would be best if you knew the United States Sentencing Guidelines (USSG). Don't put your hopes in beating the Fed. They have a 95% conviction rate. Try to minimize the damage and your time in the slammer.

Doomsday File

Scotland Yard has arrested Julian Assange. He is cofounder of Wikileaks. Britain plans to extradite Assange to Sweden, where he is wanted for sexual misconduct crimes. Assange is an Australian citizen. The judge in Britain says this has nothing to do with Wikileaks. However the Wikileaks servers are located in Sweden. Hmmm.

What I find most interesting is Assange's "insurance policy" against being apprehended. He has widely distributed a doomsday file. The file is named "insurance.aes256". It supposedly contains a bunch of secret info that has not been released to the public yet.

Assange warns that if he gets detained, the password to this file will be distributed and chaos will ensue. The file itself is 1.4G large. Who knows what goodies are in there. The way things are going with his Swedish case, I bet we are about to get the next large dose of Wikileaks mania.

TSA Body Scanners

The TSA is now requiring airplane passengers to submit to a full body scan machine. Supposedly a TSA employee in the back room will view the images. Passengers did have the ability to opt out of the scan and receive a pat down. However the new TSA policy is to give you the full feel up during this pat down. Madness has ensued.

You know this is wrong when even the pilots are complaining about the new procedures. They worry about the radiation from the body scan. And some pilots hate being felt up when they opt out. Don't you love it when the TSA comes up with crazy rules like this?

When I fly, I will just obey and go through the scanner. So what if some chump in the back gets to see my privates. I don't want nobody feeling up my junk. The rest of the American public may not be willing to take this any more though.

Making it in Prison

I just checked out the latest issue of Phrack magazine. This one is issue 67. Inside the thing, they refer to it as issue 0x43. Ha ha. Put your numbers in hexadecimal huh?

The best article this month is "How to Make it in Prison". It seems to be written by an insider with insider knowledge. Here is a summary of the tips:

* stay clean
* do not join a gang
* fight those who challenge you
* hide all personal info
* do not do favors without payment

You really should check out the Prison article yourself if you plan to do any hard time.

DDoS Wars

This is too funny to be true. Hackers from the 4chan site declared war on Tumblr. Their goal was to launch a denial of service attack on the rival web site. Their weapon of choice was the Low Orbit Ion Cannon (LOIC). The LOIC is a prog that you can use to flood a web site. The source code is actually available on SourceForge.

The funny thing is that you should be able to set up a filter to block any effects from the LOIC. Well any web site worth their salt should be able to defend against such child's play. Tumblr decided to launch their own counter offensive. They called upon their members to blast 4chan. The end result of this war was that both sites went down hard. LOL. You got to love some of the propaganda each site used to rally their users to join in the DDoS battle. This is great stuff if you are looking for a chuckle.

Canoe from Plywood

I just read a sweet instructional on how to build a canoe out of a single sheet of plywood. This thing is a working floating canoe. Sure anybody can slap a thing together out of a sheet of plywood. But this one was designed so that an amateur can actually float in it and not tip over.

The bad boy goes over trade offs involving thick and thin plywood. He then goes on to give you the specs to build the darn thing. He also gets technical on how to maximize the boat size without making it unstable. Check out his main page on other boat construction skills. Tight.

Making Money

It is all fun and games to get technical and figure things out. But you got to eat right? How much can you realistically make in the security industry. Let me tell you this much. You got to get a government security clearance. That opens all kinds of doors, including the high pay.

Real security admins make between $70k to $90k. And these are the normal mid level peeps. I am not talking about the senior administrators. Mid level admins top out around 6 figures. These are real wages being made by real people I know.

It almost makes you want to drop the programming game and get into cyber security.

WireShark Skills

I read a blogger bragging that he snuck into a building. He avoided the security cameras. He got off the elevator but could not enter the floor. Instead he pulled out his laptop, ran his WireShark app, and sniffed some wireless network traffic.

This dude was proud that he captured all kinds of info on the computer sending the network traffic over the air. A lot of people thought this guy was a n00b, because what he did was nothing special. I disagree. I give him props for using WireShark to extract meaningful data from network traffic he was not familiar with.

I know another guy that tried to show that he could capture the HTML code for a web site, even if the web site programmer tried to prevent it. This other dude installed a copy of WireShark, installed the prerequisite Win P-Cap software, and booted up WireShark. He knew exactly what he was looking for. He only captured the traffic on his own box. However he was still unable to capture the HTML source code for a web page.

This second guy considers himself the ultimate hacker. Guess not. The moral is that WireShark, while powerful, requires some skills to operate. I should know. I used it before to do some password risk analysis. That is a story for another day. However I do respect the guy who could run WireShark on random wireless network traffic and figure out what was going on.

Hacker Book List

I just went through this massive list of hacker news books. Wow. Where are I going to get the cash to purchase a bunch of these goodies? I mean they don't carry most of those at the library. Anybody know a good way to get sought after books for cheap?

Well here are some of the books off the list that I have read. Check out Code Complete by Steve McConnell. It will tell you how to write code the right way. Then there is the Mythical Man Month. This is useful if you are writers code with a bunch of other people (on a team). One book a buddy of mine just got is How To Win Friends and Influence People. Dale Carnegie wrote this one way back when. It is timeless.

Next is Debugging by David Agans. I wrote a blog post about this one. Then I put some random book cover image in the post. The author emailed me complaining. Sheesh. Good book anyway. Another book on the list is The One Minute Manager. Can't say I remember much from the read. You might as well skip it.

A good one is The UNIX Programming Environment. I just consulted this book last month when working on a UNIX project. Good stuff. I read Dive Into Python because I got a free copy. Don't remember much about it either. Finally I checked out Getting Real by 37Signals Corporation. That one was free too. You might want to check it out if you are starting up a company on your own.

Happy reading.

D.C. Voting Hackage

The District of Columbia subjected their online voting system to penetration testing. Some college kids hacked the thing in about a day. Doh! Part of the voting process was to upload a file which got encrypted.

Guess how the hack worked? The students could name the file their were uploading whatever they wanted. Turns out they embedded UNIX commands within in the filename. This allowed them to run whatever commands they wanted. The result was that they totally owned the web server.

LOL. They are trying hard to spin this pwnage. Luckily this was not a system for everybody in the nation's capital to vote online. It was just an absentee ballot voting system. People like the troops overseas have to vote through absentee ballot. I hear they are still going to use this system to distribute ballot electronically. However you will have to print out the form and mail it back. Can't have any more server hackage going on in Washington DC.

Browser Tab Speedup

I read about a tech dude who opens a lot of tabs in his browser. He then keeps them open for days. The only problem is that this causes lots of performance problems in his system. He had an inexpensive computer. So he decided to build one on his own to support his strange browsing habit.

Dude's parts came out to $1300. That's a lot of dough for a PC. He spent a lot on a solid state disk drive. It is supposed to be very fast. He figure that Windows uses the drive for virtual memory. So it must be ultra fast. He is very pleased with the performance of the beast. He also got a lot of the latest ran. He sprung for a top of the line CPU.

A lot of people commented that the guy could have switched to using bookmarks instead of tabs. The dude wanted fast access to the data. Another reader thought he could save the web pages off to disk for immediate recall. That still did not sit well with the dude. I thought I opened a lot of tabs. But heck, this guy takes the prize. I guess he did the right thing as long as he is happy. Personally I don't got $1300 to spend on mega browser tabs.

Difuze by Rrola

The hacker who goes by the handle Rrola has done it again. He produced a 256 byte intro called Difuze. We are not talking about 256 kilobytes of code here. It is just 256 bytes. This blog post is is probably a lot more than 256 bytes.

I found this gem while reading Reddit. The thing runs in DOS. It has a lot of interesting graphics, with music to boot. The easiest way to experience this program is to watch the YouTube video of it.

So how did Rrola pack such a brilliant changing graphics display in just 256 bytes? He has a set of partial differential equations that govern how the graphics should look. They are rules referred to as the Gray-Scott reaction-diffusion. Thus the name Difuze.

The reason these graphics are cool is because they simulate 2 chemicals interacting with each other. The system also adds back the chemicals as they are consumed. It is like something that occurs in nature. Great stuff. I salute you Rrola. Keep em coming.

Malvertising

The new entry point for attacking the enterprise is the web browser. Bugs in web browser implementations allow hackers to exploit your users. You know what Google says? The browser is the new operating system.

It is difficult to lock down web browsers. Hackers are injecting malware in advertising. This process is being coined malvertising. It is simpler than trying to get a user to download and execute a file.

The injection of malware ads is also pretty simple. You just put together a real ad which has the hack embedded in it. You don't need to take user a web site. Allow the web site to come to you to serve up your ad.

How do you stop such a malvertising attack? You can make sure you users are not administrators of their machines. You can also disable the technologies that allow the attacks to work. This includes JavaScript and ActiveX. The only problem with these extreme measures is that it may impact legitimate user activities.

Tweaking Vista

My friend's Windows Vista computer is slow. I have gone through some general steps to get the thing running fast. Let's now go over some last ditch specifics to speed things up.

The theme is that you should disable anything that might take up extra CPU resources, and thus slow things down. Turn off any fancy visual effects. Turn off disk performance monitoring. Disable user account control (UAC).

Clear out your Internet Explorer browsing history. There might be tons of stuff in your web browser cache. And if you are using Firefox as your default browser, install FasterFox to help it run better.

Turn off any Windows services you don't need. This one is a little tricky. You don't want to make Windows crash. However every service may be configurable to run at startup. If you can identify some that you definitely don't need, disable them.

Finally you can fine tune your page file. This is a big file on your disk that acts as virtual memory. Make this file be on your fastest disk if you have many physical hard drives. Set the size to a fixed large size. Normally Windows can manage this for you. However if you have a lot of free disk space, make it big and constant size.

If you follow all my advice from the last couple posts, I bet you can get some old hardware running Windows Vista lightning fast. Good luck.

Windows Optimization

How do you make a Windows machine run fast? There are a couple themes. One is to ensure that unnecessary programs are not running. Another is to make sure the system is optimized.

If you have spyware running on your system, it might slow it down. Run a spyware removal program like AdAware.

When Windows starts up, it runs a number of programs that you have configured as startup items. Execute msconfig from the Windows command prompt. Then uncheck any startup programs that you don't want to run. This will get your system faster in booting and running.

Another way to prevent spyware or bloatware from running on startup is to uninstall the stuff. Go to Add/Remove programs from your Control Panel. Get rid of anything you don't use. The uninstall will normally take the items out of the startup path.

Then there are some system optimization tricks you can try. Defragment your hard disk(s). Turn off indexing on your hard drive. Get programs out of your system tray. All the items I mentioned so far could increase your performance significantly. Maybe I will do one more post with some very special techniques.

Making Windows Fast

A friend of mine was complaining how slow their computer was. It was taking around 5 minutes to copy a file locally. That did not sound right. He was running Windows Vista. Luckily I have never ran that version of Windows. How do you make such a beast run faster? It seems to be a black art.

To start with, I have heard that you should have at least 1GB of RAM to run Windows Vista. And it always helps to have more memory. But I doubt that is the specific cause of this slowness. Another hardware option I read about was to get a faster hard drive. Upgrade from a 5400rpm drive to a 7200rpm one will give you some gains. That also did not seem to be the root cause.

I plan to review how Windows works, and what might make a system slow. Then I can try these things out on this machine.

Rubik's Cube

A friend recently got a bunch of Rubik's cube, as well as a solution guide. I decided to try the cube by myself. Did not want to "cheat" and read the solution. That initially got me 1 side solved. Got lucky and solved a second side. I figure it is time to analyze this thing and come up with some techniques to solve the whole thing.

One good start is to get one side solved. However that is not enough. Each side adjacent to the solved side must also have the common squares in the correct order. That way you can solve a second or third side without having to move the pieces on the first side. That's the way I want to proceed with my hack. I want to figure out a way to manipulate some cube faces without messing up a side that I have already solved.

Blogger Start Page

I like using Blogger. They give you free unlimited blogging abilities. However I had a problem with it recently. The start page where you log in was always being displayed in Chinese. WTF? I always view my pages in English. This curse just would not go away.

Logically Google must be storing some Chinese language preference somewhere. Should I get rid of all my cookies? Or is there some other secret place where they stored the language? This questioning was getting me nowhere.

Then I found out a trick of my own. I forced Blogger to display in English. From then on, the Blogger start page always shows English. I consider this a Blogger bug. But hey. The thing is free so I won't complain too loudly.

FaceBook Infio

So 171 million FaceBook names and profiles have been captured and put into a text file. You need BitTorrent to download the files. Let me tell you. The files are huge. I spent a number of hours downloading the torrent.

The text file with the URLs of all the profiles grabbed was so huge I could not open it up. I downloaded a few programs to see if they could open up such a massive file (10Gig). The only one I found that worked was called UltraEdit. This program costs $60 for the full version. Strangely enough there was a cracked copy of UltraEdit available as a torrent. I used the 30-day trial version to spy on the FaceBook profiles.

My next idea is to stuff all these URLs into an Oracle database. Then I will run a program that browses the profiles to see what nice info I can grab. The profiles sometimes show the user's FaceBook friends. That might provide even more profiles. A brute force crawl of the profiles could take a couple years. Might need to put an army of machines on that task. I will start with a few trial runs, and keep you posted.

FaceBook Profile Leak

Hacker Ron Bowes used a scraper to grab the name and profile URL of 171 million FaceBook users. You might think he would sell this information. But he did not. Instead he blogged about it on the Scull Security blog. He also uploaded the data in text files as a 2.8 gigabyte torrent to the Pirate Bay.

Bowes used a script that interrogated the Facebook public profile directory. All of this is publicly available data. Search engines like Google have access to this information already. You can tell whether your data is publicly available on FaceBook by seeing whether "search for me on FaceBook" is set to everyone in your settings. You can also see whether "enable public search" is checked in your settings.

I am going to download this large torrent and see what this data is all about. Probably will just get usernames and URLs. Then perhaps I can write a small program that scrapes the profiles and builds up my own database. Not sure if I have enough bandwidth, disk space, and processing power to do that. We shall see.

WikiLeaks Disclosure

It seems WikiLeaks is the big story these days. I read about them on the front page of my local paper. There were links to their recent disclosure all around the web. What they did was post a massive amount of classified information about the war in Afghanistan.

I downloaded all the data from WikiLeaks and am still waiting to be impressed. It seems that what they have is a whole lot of small reports of incidents. There is more formatting than actual content there. You get a blurb about some Afghanistan incident. You have counts of if anybody got killed. And they tag whether it was friend or foe.

In my mind, I was thinking there would be some juicy details of being there in the war. Instead I got a huge amount of small entries which were initially classified by the government. Maybe I will uploaded all this data to a database. WikiLeaks makes it easy by providing scripts to uploaded the data. However I still think I will not be wowed by their data. All they show is that there is a source willing to give them classified government information. The actual data is a bit boring. Next.

Old School Hacking

Check out a book online called Hackers : Heroes of the Computer Revolution. This book covers monumental events from the hacking world of the 1970's and 1980's. Let's look at the topics of some of the chapters.

Of course they need to talk about the Homebrew Computer Club. It was a meeting for electronics hobbyists. They first met in 1975. The meeting was held in a garage in California. Apple cofounder Steve Wozniak attended.

Woz gets his own chapter. He build his own computer before personal computers were around. It was based on the Motorola 6502 processor. Of course Woz worked with Steve Jobs back in the early days.

The book talks about the origins of Altair BASIC. It was created by Microsoft ihn the early days. The thing was immediately pirated, causing Bill Gates to write a letter to the thieves. This is the BASIC that was involved in the creation of the now defunct Doctor Dobb's Journal.

BitTorrent Contest

BitTorrent is sponsoring a contest. You got to design an app that uses their software development kit. The SDK is restrictive in that you can only code in HTML and JavaScript. The top prize is a grand and prime app placement.

Hey. I bet anybody could use an extra thousand for toys. However I cannot imagine you making any money off an app for BitTorrent. These users are trading files for free. They want stuff for free. If you try to sell the app, somebody is going to get ahold of your app and trade it for free.

Still I find this an interesting challenge. Too bad I am concentrating on learning how to write applets in Java right now.

Ideas From War Games

I am watching War Games 2, the movie. Started out looking like a serious B movie. There are no real stars in this thing. However there are some interesting ideas in there.

The government put a type of war games on the Internet. This game offered real cash for people who could get to level 5. However those who made it got targeted for surveillance.

The problem was that the computer that tried to get players and track them got smart. This program is called Ripley. Too bad it did not need human intervention.

I did get a few laughs out of the main character doing some hacking. He gained the trust of his neighbor. Then he used his neighbor's online banking account to "borrow" some cash.

The main character also dealt with stolen credit cards, and also some prepaid phone cards. The dude liked playing online games. He also was a true to heart hacker.

Robin Sage

Some time ago, a woman named Robin Sage started appearing on social networks. She was supposed to be in her twenties. She was supposed to have worked for the Naval Network Warfare Council. As you might expect, she was getting connected with military personnel.

The online persona looked good. Her picture was hot. She was allegedly a grad of MIT. And she interned at the National Security Agency. It turns out this profile was fabricated. A hacker put it together as part of an experiment.

The funny thing is that the online persona networked with military top brass. She even got some job offers extended to her. The tragedy is that, through her military contacts, the hacker was able to get a lot of information about troop movements in Iran and Iraq. Nice.

A nice picture, and some early assumptions, caused the scam to pick up momentum. Luckily some skeptics dug deep and discerned the sham. Beware who you meet online. Often they are not who they seem.

Face Camoflage


I just read a blog post at SocialBeat on techniques to disguise your face from recognition software. People be posting their image to the web on sites like FaceBook. And there is software that is growing smart at figuring out who you are just from your picture. This is kind of like a Big Brother future. But the software is only so smart. A little mask can throw the software off track.
Now nobody is saying you need to make sure you go out looking like cat woman. You can maybe just touch up your face using photoshop before you post it online. Then you can remain below the radar from the image trackers online.
I think what we really need is some type of image processing which can mask your face from the image processing, but leave it looking the same for humans. Sounds like a good research project. You could start with the actual facial recognition software. Then you could try out different subtle hacks to the image to make it confuse the software. Or you could reverse engineer the code in the facial recognition software, and find its weakness. That's even better.

Government Agency for Cyperspace Identity

The United States Federal Government and a number of entities in the private sector have drafted the "National Strategy for Trusted Identities in Cyberspace". Their goal is to secure cyberspace. This effort is a direct response to the increasing amount of identity theft and online fraud going on each year. Last year there were over 10 million occurrences of identity theft. Ouch.

This proposal recommends creation of an Identity Ecosystem. There should be an authority to authenticate digital identification. Participation is supposed to be mandatory. The new system will be built with interoperability in mind. That means everything works with everything else like ATM systems do with cash. The proposal is for this not to be all done by the government.

People do not seem to have control over their personal info any more. And there are other problem plaguing people which will not be solved by this initiative such as malware. However the president is to designate a government agency to lead this effort. The proposal goes out of its way to clarify that they are not talking about a national ID card. This is a digital problem requiring a digital solution.

Topsites

Like most folks, I have friends that download movies from BitTorrent sites. Personally I don't have much experience getting movies from such sites. However I did read a story about topsites.

Topsites are secret web sites that share pirated stuff like movies and software games. These aren't normal peer to peer sites like Kazaa. These are open to a limited amount of people in the club. You need to be on their list to get access to the sites.

Getting movies and such onto topsites is not easy. They only want the high quality stuff. That requires high tech and expensive hardware to rip movies. But you do get some bragging rights when your stuff is downloaded by everyone.

Spying on Cell Phones

I was reading some interesting blog today. Then I saw some ads on the site. I clicked through one ad to find a big web page on a product that let's you spy on someone else's cell phone usage. The marketing sounded too good to be true. I wondered whether such a hack could actually exist. Perhaps it is some type of blue tooth device hacking. You ever hear of blue snarfing or blue bugging? I seem to have studied this stuff in school a while ago.

Let's get back to the features of this offer. You can listen in on another person's calls. You can read their text messages. You can also track them via GPS. You can view their contact list. And you can see their photos. All of this is supposed to be undetectable. These are alleged features. I am not sure whether I belief them or not.

This functionality is supposedly not limited to cell phones. It works on any blue tooth enables devices like laptops as well. Law enforcement uses these techniques as well. This works on any phone. You do not see evidence of this on the target's phone. You do not see any apps on the target phone. Nor does it consume much memory. All the data collected fits in megabytes, even after a year's worth of recording. There is different software to install on your phone based on your model. Nothing is logged on the target phone. It is an all software solution.

There are some bonuses with this deal such as how to catch cheaters, how to use spy gadgets, and how to get the truth. Those are the names of the bonus products. These products include detailed info on dirty tricks, covert surveillance, spying via web cams, lie detection, and mind games. I almost would go for this deal just for the bonuses if I could trust them. The whole thing costs $99. If I had more cash, I would try going for this. But if something sounds too good to be true, it most likely is. This might be a hack to get my credit card number and leave me with nothing. Still I can dream that such a broad tool set of capability actually exists out there. Anybody want to give this deal a try?

Meet Phiber Optik

This post is going to be something of a history lesson. I just finished reading a book about the hacker gang Masters of Deception. One of the main characters in the book is Mark Abene. In the late 1980's and early 90's he went by the handle Phiber Optik.

Phiber Optik starting computing on a TRS-80 MC-10. This is a little home computer from Radio Shack that was essentially a scaled down version of the TRS-80 Color Computer. I know because I started out on a Color Computer I (CoCo 1), and later graduated to a CoCo 3. Once Phiber Optik got a modem, he was off to the races.

Phiber Optik initially started making claims that he was a part of the hacker gang Legion of Doom (LoD). The thing is that you cannot will yourself into that group. You needed to be voted in. Luckily the members unanimously voted him in due to his skills and exploits. Some of these exploits results in Phiber Optik getting raided by the Secret Service back in 1990. This is weird. I thought the Secret Service just guarded the president.

Phiber Optik was only 17 years old when he first got raided. He was just a junior in high school. This did not end his hacking career. There are different stories of how it happened. But he eventually got kicked out of the Legion of Doom. He then went on to form a new group - the Masters of Deception. It was a play on the LoD. This was the MoD.

All the founding members of the MoD were eventually brought up on charges by the New York grand jury. Mark held out the longest. All the other members pleaded guilty to the charges to avoid too much jail time. One of the members turned on the others and cooperated with the authorities. These guys were so very interesting that I might do some more history reporting and let you know more about them.

The MOD

I finished reading the book Masters of Deception by Michelle Slatalla and Joshua Quittner. The book chronicles the lives of the main members of the hacking group Masters of Deception (MOD). The group's name is actually a play on the Legion of Doom (LOD), which was a rival hacker group.

The book itself was a good read. It was hard to keep all the hackers straight, given that they all go by handles. Some hackers have multiple handles given the system they are on. The thing that annoyed me about the book was that there was no Table of Contents. Well I am going to rectify that. Here is the table of contents I would have created for this book:

Prologue - AT&T Crash
Chapter 1 - Scorpion
Chapter 2 - Phiber Optik
Chapter 3 - Plik
Chapter 4 - New York Telephone
Chapter 5 - MOD
Chapter 6 - Corrupt
Chapter 7 - The Learning Link
Chapter 8 - Raided
Chapter 9 - Alfredo
Chapter 10 - Fifth Amendment
Chapter 11 - Tymet
Chapter 12 - MODNET
Chapter 13 - Parmaster
Chapter 14 - Broker
Chapter 15 - Grand Jury
Chapter 16 - Plea
Afterward - 2600

I recommend you get this book and read it. The thing gives you a good feel for who these people are. I might go over some of the hackers revealed in this book.

Windows Help Center Vuln

Tavis Ormandy discovered an old vuln in Windows Help Center that allows an attacker to run an arbitrary command on your machine. This only applies to older operating systems like Windows 2003 and Windows XP. Tavis alerted Microsoft to the problem. Then he went public with his info.

The real hack here is that people are making a big deal about Tavis being employed by Google. Supposed reported are making it look like Tavis reported the hole to Microsoft and immediately shared the zero day with the world before Microsoft could patch the hole. Imagine that. Reporters are hacking security consultants with their stories. What will they think of next?

You can find a lot of technical details on the original vulnerability from SecLists. They even disassemble the Windows Help Center executable code, and show you how the arbitrary commands can get through the parsing. That is some deep stuff.

Masters of Deception

A buddy of mine bought me the book Master of Deception. It chronicles the exploits of some young hackers from the 1980's. One of them is the famous Phiber Optik. I have heard this name before. And I thought he was some ominous hacker. Indeed he might have been. But the book paints him as a teen that stayed up all night trying to figure out phone systems. That is not the thug I expected him to be.

The book annoyed me a bit. There was no table of contents. That does not help me get a feel for what I am reading in each chapter. When I finish the book, I will come up with my own proposed table of contents for the book and post it here. Okay? For now I really do like the insight into the lives of the kids that cracked the phone system, as well as the authorities that pursued them.

Plane Protection

Here is a smart idea I have read about. Suppose you need to fly, and want to transport something of value. Sure you can carry it on board and keep it close. But maybe you want to check it in. How do you make sure it has the best chance of making it to your destination? You pack it with a gun.

This is the scoop. You need to declare that you are checking in a package with a gun. Then you sign some forms. The package then gets priority handling and storage during the flight. That is understandable. Who at the airline wants to be responsible for a gun checked in disappearing? I like this idea. Except you need to carry a gun and bring it to the airport.

The more sensible approach might just be to Fed Ex your item and insure it. That way the shipping company has a financial incentive to make sure you package arrives without being tampered. It is a little more hassle than checking a package. However it may give you more peace of mind that bringing the gun along on the flight.

Secure Voice and Texting

I just read about tow new apps that run on Android to secure your cell phone communications. They are Red Phone and Text Secure. You will be able to view the source code for these apps. It is limited to the Android platform, and for calls in the USA only.

Red Phone is an end to end encryption solution for voice calls. It uses ZRTP encryption developed by the dude who brought you PKZIP. This is a VOIP implementation. So the calls do not use up your cell phone minutes. Instead you communicate over Wifi or 3G. It uses SMS to initiate the calls.

Text Secure uses the Off The Record protocol. All messages are stored in an encrypted database on your phone. Messages are compressed and sent via SMS. This technology is based on the NSA Suite B standard. That is the same one used for Top Secret government communications. So you know it is secure.

High Performance Graphic Card Computing

There is a hot trend out there to get high performance from your code. Run it on your graphics card hardware. Nvidia has released their CUDA architecture which let's you do this easily. You write your code in the C programming language, along with some extensions provided by Nvidia.

You need a GeForce style card to use CUDA. The card itself has a number of multiprocessor. Each multiprocessor has a bunch of cores on it. The cores handle different threads executing in parallel. This can give you 10 times the performance of your normal CPU.

Nvidia distributes both a toolkit and software development kit for the Linux platform. You also need the gcc compiler. CUDA comes with a cudart runtime. You set up what CUDA calls kernels that run in separate threads on different cores. You use the local multiprocessor memory which is faster than your main system memory.

You probably already have sunk some cash on a nice video card. If you had chosen the Nvidia card and run Linux, you can take advantage of some very high performance GPU programming.

Penetration Testers

Once you think your systems are locked down, you should probably get somebody to try to break in. Normally you imagine hackers from the outside breaking in. However the truth is that the intruder may be somebody on the inside. Or an attacker can have some help from somebody on the inside. So your security tests need to take this into account.

You are going to want the guys who disguise themselves and try to physically gain entry to your systems doing your tests. I read a funny story the other day. A guy left a bunch of USB flash drives around. More than half of them were picked up people and used. They got a surprise when the guy's software automatically ran on their machines. People are just not too careful.

Just like you have internal software test teams, you could also have an internal penetration tests team. These guys are called the Red Team. But it is best to use somebody from the outside. Just make sure you are not hiring a criminal, even if they are "reformed".

Frame Busting

I read a detailed paper on how popular web sites perform frame busting. There are web site attacks like clickjacking where the site uses frames to trick users. The attack goes like this. The site uses a frame to make you think that you are running on the real web site. Instead you are seeing the real web site, but are on the hacker's frame. Web sites try to prevent this by detecting whether you are on their site, or in an unscrupulous frame.

The frame busting technique is normally some extra JavaScript on the real site to detect the frame problem. This technique is not normally used on every single page on a web site. It is seen on login screens. Hackers are trying to bypass the frame busting techniques. For example, when they enclose their site in double frames, the prevention sometimes fails. So how can you combat such frame hacks on the Internet?

Your code can check the domain name. But that can be tricked away as well. You can play some tricks with some overlay HTML elements. However those are not fool proof either. What you really need is some support from the browser. IE8 has defenses against clickjacking. So does Mozilla. But you have to employ these defenses in your code. You also have to have users with the right browsers to take advantage of it. The paper I read recommended that you do some HTML hacks of your own to hide content if your pages are found to be framed.

Hackers Wanted

Word on the street is that the documentary "Hackers Wanted" has been leaked onto the Pirate Bay. This documentary features people such as Woz (cofounder Apple Corp), Kevin Rose (founder of Digg), and Adrian Lamo. More on Adrian later. The documentary is narrated by actor Kevin Spacey.

In case you do not know, the Pirate Bay (also know as TPB), is a web site hosted in Sweden. It is a big bit torrent site. You got to register to access the porn on it. They run Linux, Lighttpd, PHP, and MySQL to provide the site. It seems to always be in the news for controversy. The place got raided by police back in '06. And last year they got taken to court. The site is supported by ads.

The most interesting part of the documentary seems to be the coverage on Adrian Lamo. To tell the truth, I had not heard of him before this documentary. This guy used to be a grey hat hacker. He hacked big corporations, identifying security holes for free. They called him the Homeless Hacker because he roamed around. His is most known for hacking into the New York Times, adding himself as an expert source in their database. They prosecuted him for that, and he got 6 months confinement, 2 years probation, and a heft $65k fine. The dude has since gone on to college, and is now a journalist.

I will leave with a funny story about Adrian Lamo. They wanted him on the NBC Nightly News. He was asked to demonstrate his skills. So he proceeded to quickly hack the NBC Network, upon which he was escorted out the building. LMAO.

The Demo Scene

Have you ever seen those cool videos produced by computers? Well then you have experienced the demo scene. It is a type of culture where people with computers produce audio visual presentations.

The demos usually integrate a soundtrack with the graphics. They demos vary in length. However five minutes is very common. An important requirement is that the demo must run in real time on the computer. That is, you cannot preprocess the graphics, and later speed them up for presentation.

Demos are usually released as part of competitions. This happens mostly in Europe, where the demo scene is big. Many of the demos are produced by groups or crews. Personally I have been wowed by the demo scene products which are small in size. By small I mean the program that generates the demo has a very small memory footprint. I am talking as low as 256 bytes here. To put that in perspective, this blog post is probably more than 256 byes. LOL.