xorl %eax, %eax

Archive for the ‘news’ Category

Back again

with one comment

It has been exactly 1623 days since my last post here. That is 4.5 years and as you can easily imagine, many things have changed. One of them is that for roughly that time I have been a “security professional” (yes, a fucking whitehat) which was a really big change.

In any case, blog is back again but probably with slightly different content.

Written by xorl

November 4, 2017 at 10:09

Posted in news

News: Phrack #68 Released!

with 6 comments

At last, Phrack #68 is out! As usual, here is a quick personal view of each article of this issue…

by The Phrack Staff
It’s a nice introduction article, I like it. However, although this is not something directly connected to this article, I will write it here since it is about the new issue release. I have mentioned it on the previous issue too. I’m finding it very disgraceful seeing security conferences advertised on Phrack website just because some Phrack editor(s) are organizing or taking part on them (at least it is removed now).

Phrack Prophile on FX
by The Phrack Staff
I personally know and respect FX so this was a pleasant to read Phrack prophile. I don’t have much to say here, well done Phrack Staff! :)

Phrack World News
I personally really liked the way the news are presented in this article. It is written with a nice flow that connects the different news and makes perfect sense as a security world news overview.

by various
This is great news! Linenoise is back with some very good small articles. I guess I have a couple of friends that would highly appreciate the 0x07 one ;)

by The Phrack Staff
A lot of things are said about the reactions of the Greek hacking scene article of the previous issue that I also didn’t find even close to reality (as I know it). Although I do not agree 100% with what this GHS email contains, it has some very accurate points, especially about the Greek Phrack submitters (Slasher, huku and argp) that all of them were, and some still are, owned and also exposed in the past (eg. Slasher). The rest of the Loopback was very fun to read.

Android platform based linux kernel rootkit
by dong-hoon you
A nice article about a poorly documented subject. We all know that such rootkits are backdoring Androids in the wild for quite sometime and h0h0 has even made a presentation on it at DefCon in 2010, but it is always good to have some technical documentation to get started with. Thank you x82!

Happy Hacking
by Anonymous
In the hard times we’re all living in it is nice to know what makes people happier. Very nice article.

Practical cracking of white-box implementations
by SysK
I’m not that much into crypto stuff so I found this article extremely informative. Congratulations to SysK for the excellent work.

Single Process Parasite: The quest for the stealth backdoor
by Crossbower
Backdoors is an old love of mine. In some cases they’re even more interesting than exploits. Based on this article of Crossbower I guess that we will soon see more Linux based malware…

Pseudomonarchia jemallocum: The false kingdom of jemalloc, or on exploiting the jemalloc memory manager
by argp and huku
About 2 years ago I played a lot with jemalloc for a Mozilla Firefox exploit but this does not even compare to the documentation that argp and huku did on this article. Excellent work. Congratulations to both argp and huku for this.

Infecting loadable kernel modules: kernel versions 2.6.x/3.0.x
by styx^
Very cool idea and really nice implementation. Again this article combined with the Crossbower’s article can result in some advanced Linux malware.

The Art of Exploitation: Exploiting MS11-004 Microsoft IIS 7.5 remote heap buffer overflow
by redpantz
“redpantz” did it again publishing an great exploitation article. As it is mentioned in the article, it is a great example that something that is initially considered a DoS even by experienced vulnerability researchers could in fact result in something much more serious.

The Art of Exploitation: Exploiting VLC A case study on jemalloc heap overflows
by huku and argp
This along with the previous jemalloc exploitation article are the currently best publicly available references for jemalloc exploitation. Once again, congratulations guys. Nice work.

Secure Function Evaluation vs. Deniability in OTR and similar protocols
by greg
As I mentioned above I’m not that much into cryptography so all these articles are very interesting and new to me.

Similarities for Fun & Profit
by Pouik (Androguard Team) and G0rfi3ld
I’ll be honest with you. I didn’t read it. I stopped after a few minutes so I cannot comment on it. I will read it when I have a clear head.

Lines in the Sand: Which Side Are You On in the Hacker Class War
by Anonymous
Neat article of what’s going on in the hacking world. Not much to say about it. Nice reading.

Abusing Netlogon to steal an Active Directory’s secrets
by p1ckp0ck3t
It’s been a while since we have seen such a high quality hacking article for Windows platform in Phrack. Definitely one of the best articles of this issue.

25 Years of SummerCon
by Shmeck
I like security/hacking gatherings, conferences, meetings, etc. but it is not good to see them advertised (even like this) on an e-zine such as Phrack. Anyway…

International Scenes
by Various
So, the last article talks about Korea that I happen to have some friends and Greece that I happen to have a few more. I cannot comment or add anything regarding the Korea part of the article but since I’ve been more or less involved in the Greek security world I think I have the right to express my opinion.
Definitely a much better and complete article from the previous Phrack issue. However, it still misses (maybe intentionally) to reference currently active Greek hackers, members of well known foreign underground groups as well as some very skilled (I am personally aware of two) Greek hacking groups that are active for at least the last 10 years. Anyway, I don’t like to be mean. Overall it’s a good article.

Written by xorl

April 15, 2012 at 04:16

Posted in news, phrack

News: Recent Hacks

leave a comment »

Another quick update on the recent hacks and similar news that made it to the public.

vendor-sec Mailing List
Hehe… This is a cute little story that you can read on various sites. For example, check out this CNET article. According to Marcus Meissner (moderator of the list), their private mailing list was being sniffed at least since January 20. Of course, Mr. M. Meissner though it would be polite to let the mailing list members know about his discovery of the compromise by emailing them and then living the backdoored system online. This resulted in getting ultra-pwned by seeing the mailing list getting rm’d (quite expected after his disclosure of the hack). Happily for some people… Tango down! ;P

Another high profile hack in the security industry. Check out this post of ComputerWorld to get an idea. Unfortunately, the information regarding this issue are limited to the official company’s statements and this makes it quite difficult knowing what really happened/is happening.

Anonymous vs Bank of America
Basically, you can get an overview of this operation either from the countless news websites such as this one or using Bank of America Suck. I can still recall many so-called “security experts” making fun of Anonymous a couple of years ago. Where are they now?

Anonymous on Bradley Manning’s Side
From the Forbes blog we can read this post about Anonymous’ actions regarding the absolutely unfair and inhuman treatment of Bradley Manning.

French Ministry of Finance Ownage
Another recent and very interesting attack. Here are some information from the Sophos NakedSecurity blog.

PHP.NET Compromise
From Full-Disclosure mailing list we have seen this email today. However, there is still no official report from PHP project and the given website states that the codebase was not backdoored, just altered for demonstration purposes. Currently, the project’s official wiki is offline.

I might have missed some public high profile hack(s) but I think I have included the most important. If you think there should be something more here, leave a comment to let me know. :)

Written by xorl

March 19, 2011 at 00:26

Posted in hax, news

News: New Category Addition

leave a comment »

Most of the people knowing me in real life or follow my tweets on twitter are aware of my passion for auto and motorcycle mechanics. That said, I’m adding a new category to my blog where I will be able to discuss such subjects. Hopefully, I’ll find some time to prepare and publish a couple of useful ‘how-to’ blog posts as well as some modern technology features used in nowadays industry for both cars and bikes. Unfortunately, currently my spare time is very limited. Nevertheless, welcome to “motorcycles & cars” category. I Hope you’ll enjoy this as much as I do. :)

Written by xorl

February 28, 2011 at 18:54

News: Recent Hacks

with 4 comments

Unfortunately, I didn’t have time to blog about all the neat recent hacks that took place. For this reason I’ll publish this post that basically summarizes the most important (in my opinion) hacks.

Gregory D. Evans / LIGATT Security Ownage
You can find everything you need at the attrition.org‘s website here. You know, this is one of the attacks that most people knew it was coming and it makes perfectly sense to both the security industry and security enthusiasts seeing Gregory D. Evans getting owned like this.

Nasdaq Hack
I don’t know anything apart from what’s already public regarding this hack. Consequently, I won’t comment anything here. You can find information in all the major news media sites such as Reuters, CNBC, MSN Breaking News, etc.

rootkit.com ownage
Most people interested in computer security are aware of rootkit.com which is a community interested in everything about rootkits. It was created on 1999 and many members occasionally release techniques and tools mainly regarding rootkit development. Yesterday their hacked MySQL database was released to public through stfu.cc website.

HBGary Ownage
Another recent attack to a whitehat is this one. This was a payback attack from the Anonymous who also released more than 4.5GB of private data via torrent which you can find here. Their message to HBGary is:

Greetings HBGary (a computer "security" company),

Your recent claims of "infiltrating" Anonymous amuse us, and so do your attempts at using Anonymous as a means to garner press attention for yourself. How's this for attention?

You brought this upon yourself. You've tried to bite at the Anonymous hand, and now the Anonymous hand is bitch-slapping you in the face. You expected a counter-attack in the form of a verbal braul (as you so eloquently put it in one of your private emails), but now you've received the full fury of Anonymous. We award you no points.

What you seem to have failed to realize is that, just because you have the title and general appearence of a "security" company, you're nothing compared to Anonymous. You have little to no security knowledge. Your business thrives off charging ridiclous prices for simple things like NMAPs, and you don't deserve praise or even recognition as security experts. And now you turn to Anonymous for fame and attention? You're a pathetic gathering of media-whoring money-grabbing sycophants who want to reel in business for your equally pathetic company.

Let us teach you a lesson you'll never forget: you don't mess with Anonymous. You especially don't mess with Anonymous simply because you want to jump on a trend for public attention, which Aaron Barr admitted to in the following email:

"But its not about them...its about our audience having the right impression of our capability and the competency of our research. Anonymous will do what every they can to discredit that. and they have the mic so to speak because they are on Al Jazeeera, ABC, CNN, etc. I am going to keep up the debate because I think it is good business but I will be smart about my public responses."

You've clearly overlooked something very obvious here: we are everyone and we are no one. If you swing a sword of malice into Anonymous' innards, we will simply engulf it. You cannot break us, you cannot harm us, even though you have clearly tried...

You think you've gathered full names and home addresses of the "higher-ups" of Anonymous? You haven't. You think Anonymous has a founder and various co-founders? False. You believe that you can sell the information you've found to the FBI? False. Now, why is this one false? We've seen your internal documents, all of them, and do you know what we did? We laughed. Most of the information you've "extracted" is publicly available via our IRC networks. The personal details of Anonymous "members" you think you've acquired are, quite simply, nonsense.

So why can't you sell this information to the FBI like you intended? Because we're going to give it to them for free. Your gloriously fallacious work can be a wonder for all to scour, as will all of your private emails (more than 44,000 beauties for the public to enjoy). Now as you're probably aware, Anonymous is quite serious when it comes to things like this, and usually we can elaborate gratuitously on our reasoning behind operations, but we will give you a simple explanation, because you seem like primitive people:

You have blindly charged into the Anonymous hive, a hive from which you've tried to steal honey. Did you think the bees would not defend it? Well here we are. You've angered the hive, and now you are being stung.

It would appear that security experts are not expertly secured.

We are Anonymous.
We are legion.
We do not forgive.
We do not forget.
Expect us - always.


Quick 'n dirty way to read the emails in a human-readable format:
1. Get a client. http://www.mozillamessaging.com/thunderbird/
2. Get a file renaming tool. http://www.bulkrenameutility.co.uk/Download.php (Windows)
3. Rename all the mail files so that they have a .eml extension.
4. Drag & drop them into Thunderbird.
5. Enjoy.		

EU Carbon Trading Hack
This another of these attacks that I cannot comment since I have zero knowledge beyond what’s already said by the media. So, here are a couple of links for the interested reader… CBS News, The Register, BusinessWeek, etc. This a very interesting subject especially for Greece since it involves data from stolen accounts from Greece among other countries.

I’m fairly sure that there are many more attacks such as the “Egyptian government hacks” one on high profile systems but I’m trying to blog just about the most important (always in my opinion). Feel free to contact me if I missed some cool recent hack. :)

Written by xorl

February 7, 2011 at 05:41

Posted in hax, news

News: Kaspersky AntiVirus Source Code Leak

with one comment

It’s been a couple of months since I first heard this as a rumor. Finally, after quite a long period it’s publicly available via torrent and various mirror sites. Earlier today Kaspersky Labs made an official statement regarding this source code leak case (you can read about it here) saying that this code was stolen by a former employee and it was part of the 2008 customer products. That person was arrested and received a a three year suspended prison sentence.

Written by xorl

January 31, 2011 at 18:51

Posted in hax, news

News: SourceForge.net Owned

with one comment

Yesterday, the official SourceForge.net blog reported a successful attack on its servers. Today another update post was published and hopefully tomorrow a more detailed one will be released.

So, today SourceForge.net published another blog post (available here) but it doesn’t contain any technical details regarding the attack. They only important point in this post is that the attacker(s) were sniffing for passwords and SourceForge.net suggests that the users should reset their passwords.

Another Update:
Finally, SourceForge.net released a detailed report which you can read here. Unfortunately, the juicy attack details have not been released and we just know that the attacker used a privilege escalation vulnerability to root a SourceForge.net box. Later, using the hacked accounts he attempted to penetrate to other servers. Too bad… I was hoping for a “Full Report“. Anyway…

Written by xorl

January 28, 2011 at 05:22

Posted in hax, news