07 May 2007

AACS encryption key T-Shirts

I've gotta get me one of these!!! http://www.jinx.com/scripts/details.asp?productID=992 Just another reason that I love Jinx. More info on the whole AACS encryption key controversy can be found over at WikiPedia here. Bed Of Razors from the album "Hatebreeder" by Children Of Bodom

Technorati Tags:

Passed SSP-DRAP (Defeating Rogue Access Points) With 100%

I just sat and passed the above exam, so I'm now going to spend the rest of the day relaxing. I was invited to become a SANS Stay Sharp Instructor, and this is the first course that I opted for teaching, I had to get over 85% though to be able to teach this one, seems that I managed that one okay though ;-) I'm not going to even try to schedule when I will be teaching this one until I get back from my holiday though, once I do though, I will post an update on here for anyone who's interested in attending it though. After going through the course ware myself, I can definitely say it'll be a fun and interesting course. The good thing about it as well though, is that I think that just about anyone could walk away with some added knowledge after attending it. I do plan on doing as many of the SANS Stay Sharp Courses as possible though, as this will put me in a better position to cater for different peoples training needs, and help me get the word out about SANS in the UK a bit more hopefully. SANS may be really huge in the US, but it seems that their UK presence is severely lacking, and I really want to do something about that. You can get more info on the SSP-DRAP course from the SANS site here. Silent Night, Bodom Night from the album "Hatebreeder" by Children Of Bodom

Technorati Tags: ,

04 May 2007

Month Of .......Bugs

Okay, so there have been all sorts of Month Of security findings lately, but I really wish that people would ramp this up a little bit to the major vendors aside from Apple and Microsoft. I mean where are the Cisco, Sun and IBM bugs? I've been meaning to spend some time on Solaris 10 myself, but it would take more than just me to pull this one off (any takers?) Also, there has been a Month Of Myspace Bugs, but what about other social networking sites, or webmail sites? Also what about applications, like Citrix, Oracle, MS-SQL Server I know that a lot people have been complaining that the whole Month of thing is going a bit far, but it does seem to be waking up certain vendors quite a bit. Just my thoughts, that I'm probably going to get a load of criticism for, but hey. We're all after the same goal here, making the Internet more secure, the sooner we discover these bugs, the better off everyone will be.

03 May 2007

The Number...

09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 c0 There you have it, talk about generating a lot of noise on the Internet ;-) More info here.

02 May 2007

Apple Patches QuickTime Security Flaw

From TheRegister.co.uk QuickTime one of four popular apps currently at risk By Dan Goodin in San Francisco More by this author Published Wednesday 2nd May 2007 02:04 GMT Apple has patched a high-profile vulnerability in QuickTime eleven days after the flaw allowed a hacker to publicly hijack a brand new MacBook Pro. The Apple media player is just one of four popular applications suffering from security defects that currently require the urgent attention of those who use them. The three other applications include Adobe Photoshop, the Winamp media player and Trillian, a client that combines the functionality of IRC, AOL Instant Messenger, MSN Messenger and other chat programs. Today's update from Apple means that two of the four applications have patches (Trillian's patched download is here.) Users who care about the security of their machines should install them promptly. According to an advisory from Secunia, the current version of Winamp contains a flaw in the way the program handles MP4 files that could allow a booby-trapped file to execute arbitrary code on a victim's machine. Secunia rates the flaw highly critical, the site's second most serious rating. Until there is a patch, Winamp users may want to think twice about playing MP4 files unless absolutely sure they originated from reputable sources. Secunia has also warned of at least two serious vulnerabilities in Photoshop that are also labeled highly critical. One flaw, a buffer overflow vulnerability, affects Adobe Photoshop CS2 and Adobe Photoshop CS3 and involves their handling of Bitmap files. The other affects the same two Photoshop versions as well as Adobe Photoshop Elements 5.x and leaves users open to attack if they open malformed PNG graphics files. Users are advised not to open untrusted PNG or Bitmap files pending the release of a security update from Adobe. Version 3.1.5.0 of Trillian carries three vulnerabilities related to IRC that could allow for the interception of private conversations or the execution of code with the same privileges as the currently logged on user, according to iDefense Labs. The security provider didn't assign a rating to the vulnerabilities. Apple describes the patched vulnerability in QuickTime for Java as an implementation issue that "may allow reading or writing out of the bounds of the allocated heap." By luring a victim to a malicious website, a miscreant could hijack a user's machine, Apple warns. The update is available for Mac and Windows platforms. The QuickTime vulnerability was discovered by Dino Dai Zovi, who spent about nine hours to write code that exploited it and submitted it as part of a contest at the CanSecWest security conference. His discovery, first reported to affect Safari, was later shown to target QuickTime. In either case, the exploit allowed him to take control of a 15-inch MacBook Pro when it visited a website that hosted the malicious code. ® ------------------------------------------------------------------------------------------- Well, 11 days isn't record time, but it's still pretty quick in the grand scheme of things, so well done to Apple, now they just need to learn to release patches even quicker. Like I said, 11 days isn't that bad at all, but it's still 11 days to exploit what appears to be a rapidly growing market share.

Technorati Tags: , ,

Nine Inch Nails - Year Zero: A Post-Iran War American Dystopia Set in 2020

From Jonesreport.com "I thought about what was at the forefront of my concern...the state of being an American citizen, a lot of concern about the direction our country is headed in. Kind of the erosion of freedoms that it seems like we're experiencing and the way we treat the rest of the world and our own citizens felt like something I needed to comment on." -Trent Reznor Best-selling industrial rock band Nine Inch Nails' latest album, Year Zero, delves into new ground. For the first time, the group's front man and primary writer, Trent Reznor, focuses mainly on politics. He seems to be jumping headfirst into a game of politics with the resistance party. However, he does so not just with the album's music, but also numerous accompanying multimedia-- Reznor has thrown a private concert, scattered random tracks in random locations, made websites, all above and beyond the album itself. And it’s all about his message of resistance. Reznor covers nearly all the bases: The war on terror, the military industrial complex, the death of America from the loss of liberty, and the resultant New World Order. Reznor even had a flag made to represent the resistance against the NWO (see top). The video to the album's first single, Survivalism, shows, in all its Orwellian glory, cameras in black and white strategically located around town displaying people in the bathroom, watching TV, having sex, preparing to vandalize a wall with graffiti, and finally, there’s Nine Inch Nails performing the song in a dingy room. There are CCTV cameras everywhere now, not just in public places. What should be private is public and worse, the people either don't realize they are being watched or have become accustomed to living without privacy. The video to the first single-- Survivalism-- featuring a dystopic world viewed through invasive and completely pervasive CCTV cameras (note: this external link contains some graphic imagery and that of a nightmarish police state) It seems that in this world-- projected 15 years into the future, in 2022-- the USA has turned into Nazi Germany and privacy is a thing of the past. After a minute into the video, a police force wearing all black uniforms can be seen working their way around town, as if they are preparing to foil some terrorist plot. Meanwhile, a group of vandals can be seen, slowly working out the details of their plan, each step recorded on film. It seems the graffiti artists have it coming to them. When the Gestapo force finally counters the insurgents, it turns out it was actually NIN the police were after. The video concludes with a member of the band dragged out with a line of blood following him. The cameras in the room the band was playing in have been destroyed or shut off. This is the way this dystopia deals with insurgency and resistance. It’s how the USA might deal with resistance if we ever start enforcing the Patriot Act and the Military Commissions Act. Some people may say that it will never get that bad. People would start listening before it got too bad. I’d have to disagree. Most contemporary news reports concerning some kind of defeat of the Constitution or liberty either side with the government or take a neutral stance. Groups that speak out about liberty such as the ACLU, CASPIAN, and the EFF are routinely labeled "privacy advocates" and written off in a paragraph or two, and a lot of the time it’s near the end, after most people have either stopped reading or already made up their minds. The mainstream media acts as if only certain groups of people care about privacy and freedom, like it’s not what the USA was founded upon. This is their way of filtering and spinning a report to make people feel that the ‘normal’ or ‘sober’ approach is not that of privacy, a way of alienating Americans from the essence of what it means to be American. Loss of Liberty This opensourceresistance image shows how America is dying and that loss of liberty is the key to one-world government. Now looking at the album itself, the lyrics seem to be obsessed with premonitions of the future and Reznor's resistance to it. The setting is the USA, in the year 2022. As evidenced by the video for Survivalism, the Constitution has been eviscerated and a new dark age of oppression has emerged. In My Violent Heart, Reznor defiantly screams, “on hands and knees we crawl, you scan not stop us all,” and in Survivalism, “I got my propaganda, I got revisionism, I got my violence, in hi-def ultra-realism. All a part of this great nation; I got my fist I got my plan I got survivalism.” Translation: the constant lies fed to the people by the media are devoured by the masses and you have to fight it just to survive. Reznor forecasts the year 2022 seemingly in an attempt to make people aware of the end point. The incremental, systematic collapse of our Constitution today makes it difficult to see what is happening. Just do a search on Google for “population reduction” or “echelon” or “Patriot Act” and you’ll discover Reznor is not dreaming too deeply. The album is dark with a grinding, synthetic industrial sound-- typical of Nine Inch Nails, yet it is full of substance and energy. It has its highpoint with Hyperpower!, a progressive chant that grows and grows until it roars like millions of screaming people, and its low point with Another Version of the Truth, a melodic and calmingly enchanting piece with simple sounds of a piano and a synth. There is a consistent underlying theme maintained throughout the record of a gloomy future dystopia and all its minutiae. Songs are rife with sentiments long held by 9/11 truthers and anti-establishment types, such as Capital G: Don't give a sh*t about the temperature in Guatemala Don't really see what all the fuss is about Ain't gonna worry bout no future generations and a I'm sure somebody's gonna figure it out Here Reznor marginalizes global warming, stating that if and when a real problem develops, we'll take care of it. This is very contrary to articles like those in the Washington Post forecasting , “…global temperatures will probably rise 4 degrees Celsius over the next century. If so, catastrophic flooding, famine and water shortages may follow, along with the extinction of up to half of existing animal species...fortunately, there is such a solution…It’s called a carbon tax, and it should be applied across the board to every industry that uses fossil fuels, every home or building with a heating system, every motorist, and every public transportation system.” How dare Reznor defy the mainstream media? It’s not like the global warming scare is torn to shreds in films like the Great Global Warming Swindle or anything. No, people should believe the nightly news. They are not fear mongers. They have “top” scientists. The continual warfare of Orwell’s 1984 is alive and well in Year Zero. In The Good Soldier, Reznor sings about his terror-filled vision of America in the future: Gun fire in the street Where we used to meet Echoes out a beat and the bass goes Bomb right over my head Step over the dead Reznor also imagines a Bureau of Morality, a branch of the government that will monitor behavior and thoughts to a whole new level. With this new Bureau, imagines Reznor, the government will truly begin to act as the parent, telling citizens what is right and wrong, especially concerning thoughts about the government. Ironically, Reznor has put a warning from the "USBM" mocking the FBI’s anti-piracy warning on the back of the Year Zero CD case: Interestingly, the number actually dials, connecting to a recording: “This is a message from the United States Bureau of Morality, pursuant to statute 24-12-2, Disclosure of Surveillance. Citizen: by calling this number, you and your family are implicitly pleading guilty to the consumption of anti-American media and have been flagged as potential militants. The United States Bureau of Morality has activated the tracking system embedded in your personal media, and initiated citizen surveillance. United States surveillance law gives us the right to search and seize information relating to subversive activities from your person, vehicle, workplace or home. Any attempt to hinder or prevent our investigation will be met with all necessary force. You are now part of the problem. Your reeducation is about to begin. God bless America.” But everything up to this point is soft compared to the website that the CD links a buyer to, exterminal.net. The consumer incentives are chocked full of artsy gimmicks-- the CD has a special thermo-chrome heat-sensitive coating that changes its face when heated (see video demonstration), displaying binary code that translates roughly into exterminal.net. The website contains lots of political tidbits about the hellish future where everyone is a terror suspect, and people who have alternative viewpoints are criminals. It also talks about Guantanamo Bay or, as it calls it, "the Extrajudiciary Federal Detainment Camp, Guam." Police and surveillance state Interrogation sessions are on the site as well, chronicling what it would be like to be sent there. The interrogation for J. Markakis refers to a drug put into the water called Parepin, alluding to the Soma tablets in a Brave New World by Aldous Huxley. For those not familiar, Soma was the drug distributed by the government to ensure people kept in line with the system, the opiate of the masses. Exterminal.net also includes random documents, such as a letter from the Bureau of Morality, notifying Elliot Carraig that his "citizenship total" has been decreased and that he has lost his "credit." It seems that Reznor envisions a world in which the government can take anything away from you at any time for any reason, and that everything will be connected by a points system. This could be a possible cashless society. All in all, Reznor seems to have taken the world from Orwell's 1984 and Huxley's Brave New World and modernized it with things like the internet and Guantanamo Bay (Ministry of Love anyone?). If there is any doubt up to this point that Reznor is serious, let the website http://opensourceresistance.net/ be examined. True to its name, much of the content is user generated, and the band's concept album seems to support the content more than the other way around. Filled with posters and slogans about freedom and resistance, there is a video available in QuickTime or streaming flash formats, “rescued raw footage,” in which around 50 people are brought into a warehouse setting wherein a man gets up on stage and schools the people about the Military Commissions and Patriot Acts. Then he tells them to "wake up," which is a phrase distinctly 9/11 truth (and lifting imagery from the equally dystopic A Clockwork Orange). What does this have to do with Trent Reznor? After about 20 minutes or so, the people are whisked away and then music starts playing. Suddenly, a stage can be seen and the wall opens up to allow for a private concert by Nine Inch Nails, which is eventually broken up by police. Let it be known this is not a coincidence; this is clearly orchestrated largely by NIN. There is no denying the message of opensourceresistance.net: the government desires to take our freedoms away supposedly to fight terrorism, but they are not trustworthy. Really, it’s about the introduction of the terrorism concept to then expand on it until it replaces the concept of crime completely, turning everyone into a terrorist, ushering in new treatment of would be criminals, in that all of their rights are lost and everything is a privilege arbitrarily given by the government, not God given and government protected. Posters can be found in the broadcasts and submitted sections that delve further into the sentiment of the Year Zero project. One poster demonstrates how an idea can be spread by just one person, infesting the entire world. This example shows the New World Order, the one-world government idea. Information is Infectous There are 10,000 (as of 2005) of these in London's central business district alone and about 4,000,000 in the UK. This means many Londoners are taped up to 300 times a day whether they are aware of it or not, like it or not. This site is just replete with evidence of anti-NWO sentiment; there is no way to cover it all. Just this one website covers many of the issues that Americans should be concerned about: the loss of privacy thru the use of cameras, government propaganda, America's death, the birth of the NWO, warnings from history and dystopic novels, the paranoia of the US citizens and their government, China's one-child policy, freedom of speech and religion, nonviolent resistance, prisoner abuse, and making a difference by waking up and voicing concerns. Please join the war on tyranny. Please “wake up and give a sh*t.” Reznor's Nine Inch Nails are commendable for speaking out-- as few truly huge music acts have been doing in this era. Other such mainstream music groups in this vein include Muse (who have stated their belief that 9/11 was an inside job) and Radiohead's Thom Yorke, who has not been quite so explicit, but has called for Tony Blair's immediate resignation. Perhaps NIN's interactive method of disseminating relevant info will help fight the New World Order before our world meets this grim vision-- perhaps as soon as 15 years into the future. While there have been talks of a movie, a follow-up release, tentatively titled Year Zero Part 2, is due out sometime in 2008.

Technorati Tags:

Bad Vista

So I've been playing with Vista on and off at work for abut a month now, and well, I hate the damn thing. To be really honest there isn't one thing that I like about it at this point, I'm willing to give it some more time, but I'm dual booting my AlienWare laptop with Fedora Core 6 and Vista Ultimate, and well, Vista is painful to use. So this site seems to sum up my feelings perfectly.

A Letter To Warner Chairman Edgar Bronfman

Ok, so as many of you will know I am really into Open Source, and freedom of information, and our rights as Human beings, and well, I love music as well. I've been against DRM from the onset, and doing as much as possible to put an end to it as well, the guys over at Defective By Design have been really doing a great job of getting the message out there as well, so go and visit their site and sign up, they do send out news e-mails every now and then, but it's certainly not spam. At the moment there is an letter to Warner's Chairman, Edgar Bronfman, and I'm really urging anyone reading this, to please go over and sign it. Both Apple and EMI have now committed to selling DRM free music, and Warner refuses to budge, I'm not saying that this letter will do the job, but it may help. You can read the letter and sign it here. C'mon people, do it for the music!

Technorati Tags: ,

Mod_Auth_OpenPGP

This has got to be one of the coolest projects out there, and I seriously take my hat off to Arturo "Buanzo" Busleiman for developing this. The blurb on this project off of Freshmeat.net is the following: "Mod_Auth_OpenPGP is an Apache module that implements access authorization to servers, vhosts, or directories when incoming requests' HTTP OpenPGP signatures are valid and known by the local keyring. It's the Apache companion for Firefox's extension "Enigform". There is also a really worthwhile interview with Arturo over on the FreeSoftwareMagazine site, which can be read here, I would definitely recommend taking a read if you're into security, Open Source software or Apache, as this has seriously got to be one of the coolest extensions out there for Apache at the moment. I'm really hoping that some big financial companies see this and start using it, it could save us all a lot of trouble.

Technorati Tags: , , , ,