xorl %eax, %eax

News: Phrack #68 Released!

with 6 comments

At last, Phrack #68 is out! As usual, here is a quick personal view of each article of this issue…

Introduction
by The Phrack Staff
It’s a nice introduction article, I like it. However, although this is not something directly connected to this article, I will write it here since it is about the new issue release. I have mentioned it on the previous issue too. I’m finding it very disgraceful seeing security conferences advertised on Phrack website just because some Phrack editor(s) are organizing or taking part on them (at least it is removed now).

Phrack Prophile on FX
by The Phrack Staff
I personally know and respect FX so this was a pleasant to read Phrack prophile. I don’t have much to say here, well done Phrack Staff! :)

Phrack World News
by TCLH
I personally really liked the way the news are presented in this article. It is written with a nice flow that connects the different news and makes perfect sense as a security world news overview.

Linenoise
by various
This is great news! Linenoise is back with some very good small articles. I guess I have a couple of friends that would highly appreciate the 0x07 one ;)

Loopback
by The Phrack Staff
A lot of things are said about the reactions of the Greek hacking scene article of the previous issue that I also didn’t find even close to reality (as I know it). Although I do not agree 100% with what this GHS email contains, it has some very accurate points, especially about the Greek Phrack submitters (Slasher, huku and argp) that all of them were, and some still are, owned and also exposed in the past (eg. Slasher). The rest of the Loopback was very fun to read.

Android platform based linux kernel rootkit
by dong-hoon you
A nice article about a poorly documented subject. We all know that such rootkits are backdoring Androids in the wild for quite sometime and h0h0 has even made a presentation on it at DefCon in 2010, but it is always good to have some technical documentation to get started with. Thank you x82!

Happy Hacking
by Anonymous
In the hard times we’re all living in it is nice to know what makes people happier. Very nice article.

Practical cracking of white-box implementations
by SysK
I’m not that much into crypto stuff so I found this article extremely informative. Congratulations to SysK for the excellent work.

Single Process Parasite: The quest for the stealth backdoor
by Crossbower
Backdoors is an old love of mine. In some cases they’re even more interesting than exploits. Based on this article of Crossbower I guess that we will soon see more Linux based malware…

Pseudomonarchia jemallocum: The false kingdom of jemalloc, or on exploiting the jemalloc memory manager
by argp and huku
About 2 years ago I played a lot with jemalloc for a Mozilla Firefox exploit but this does not even compare to the documentation that argp and huku did on this article. Excellent work. Congratulations to both argp and huku for this.

Infecting loadable kernel modules: kernel versions 2.6.x/3.0.x
by styx^
Very cool idea and really nice implementation. Again this article combined with the Crossbower’s article can result in some advanced Linux malware.

The Art of Exploitation: Exploiting MS11-004 Microsoft IIS 7.5 remote heap buffer overflow
by redpantz
“redpantz” did it again publishing an great exploitation article. As it is mentioned in the article, it is a great example that something that is initially considered a DoS even by experienced vulnerability researchers could in fact result in something much more serious.

The Art of Exploitation: Exploiting VLC A case study on jemalloc heap overflows
by huku and argp
This along with the previous jemalloc exploitation article are the currently best publicly available references for jemalloc exploitation. Once again, congratulations guys. Nice work.

Secure Function Evaluation vs. Deniability in OTR and similar protocols
by greg
As I mentioned above I’m not that much into cryptography so all these articles are very interesting and new to me.

Similarities for Fun & Profit
by Pouik (Androguard Team) and G0rfi3ld
I’ll be honest with you. I didn’t read it. I stopped after a few minutes so I cannot comment on it. I will read it when I have a clear head.

Lines in the Sand: Which Side Are You On in the Hacker Class War
by Anonymous
Neat article of what’s going on in the hacking world. Not much to say about it. Nice reading.

Abusing Netlogon to steal an Active Directory’s secrets
by p1ckp0ck3t
It’s been a while since we have seen such a high quality hacking article for Windows platform in Phrack. Definitely one of the best articles of this issue.

25 Years of SummerCon
by Shmeck
I like security/hacking gatherings, conferences, meetings, etc. but it is not good to see them advertised (even like this) on an e-zine such as Phrack. Anyway…

International Scenes
by Various
So, the last article talks about Korea that I happen to have some friends and Greece that I happen to have a few more. I cannot comment or add anything regarding the Korea part of the article but since I’ve been more or less involved in the Greek security world I think I have the right to express my opinion.
Definitely a much better and complete article from the previous Phrack issue. However, it still misses (maybe intentionally) to reference currently active Greek hackers, members of well known foreign underground groups as well as some very skilled (I am personally aware of two) Greek hacking groups that are active for at least the last 10 years. Anyway, I don’t like to be mean. Overall it’s a good article.

Written by xorl

April 15, 2012 at 04:16

Posted in news, phrack

6 Responses

Subscribe to comments with RSS.

  1. Perhaps certain people did not want details published etc? Perhaps certain group simply left out owing to subjective units of measurement by the authors. If that is so important, you could do these additions yourself :)

    The rest of the magazine is good too, especially in an era where there is a conscious choice of phrack article or self-promotion in a security conference, this is one of the things that should worry us.

    What bugs me is that after YEARS of nothing whatsoever, Greece is getting represented by quality articles and we all argue if favourite hacking team (loose usage of the term, looser than a drunk Essex chav on a Friday night) in included or not, making all appears like idiots ….

    lixtetrax

    April 16, 2012 at 18:37

  2. Nice write-up.

    Fucking FAIL release.

    sin

    April 16, 2012 at 19:23

  3. Lixtetrax, assuming that releasing on phrack isn’t meaningless, just look at past phrack releases for what is really quality content and what is not. Porting well known techniques to different architectures or exploiting yet another memory allocator doesn’t really make the cut.

    sin

    April 17, 2012 at 11:29

  4. if a release is good or not is a highly subjective article. You point out two articles that in your personal opinion don’t make the cut of “goodness”, fine, I can point out similar articles in the “golden era” oh phrack, this leads to no useful outcomes imho. This, and I will not comment any further here, even if I strongly disagree with you

    lixtetrax

    April 18, 2012 at 16:26

  5. Where are you dude ? There’s a kernel xfrm (http://tinyurl.com/7fxreng) waiting for you to give a review about :(

    hoho

    April 30, 2012 at 11:20

  6. I honestly wish I had time to do this as well as many other cool bugs that have been recently killed.

    xorl

    May 6, 2012 at 18:33


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s