Cryptome Under Fire
John Young at Cryptome.org is reporting that its hosting provider decided to terminate their relationship on the basis of violating their Acceptable Use Policy :
“This notice of termination is surprising for Verio has been consistently supportive of freedom of information against those who wish to suppress it. Since 1999 Cryptome has received a number of e-mailed notices from Verio’s legal department in response to complaints from a variety of parties, ranging from British intelligence to alleged copyright holders to persons angry that their vices have been exposed (see below). In every case Verio has heretofore accepted Cryptome’s explanation for publishing material, and in some cases removal of the material, and service has continued. In this latest instance there was no notice received from Verio describing the violation of acceptable use to justify termination of service prior to receipt of the certified letter, thus no opportunity to understand or respond to the basis for termination.“
Guess who’ll be the first echo-cursing in an unnamed CavePlex? That’ll be Osama Bin Laden feeling sorry for not making copies of key documents on how the U.S Coast Guard is vulnerable to TEMPEST attacks. Cutting out the sarcasm, Cryptome is an OSINT heaven, no doubt about it, but it’s also an initiative debunking the entire concept that secrecy actually results in improved and sustained security on an international level.
The data collected at Cryptome would never be destroyed, mainly because it’s all digital, it’s all distributable, and it simply wants to be free. Thought of the day – The man who brought fire to the world got burned at the stake.
Cryptome Under Fire
John Young at Cryptome.org is reporting that its hosting provider decided to terminate their relationship on the basis of violating their Acceptable Use Policy :
“This notice of termination is surprising for Verio has been consistently supportive of freedom of information against those who wish to suppress it. Since 1999 Cryptome has received a number of e-mailed notices from Verio’s legal department in response to complaints from a variety of parties, ranging from British intelligence to alleged copyright holders to persons angry that their vices have been exposed (see below). In every case Verio has heretofore accepted Cryptome’s explanation for publishing material, and in some cases removal of the material, and service has continued. In this latest instance there was no notice received from Verio describing the violation of acceptable use to justify termination of service prior to receipt of the certified letter, thus no opportunity to understand or respond to the basis for termination.“
Guess who’ll be the first echo-cursing in an unnamed CavePlex? That’ll be Osama Bin Laden feeling sorry for not making copies of key documents on how the U.S Coast Guard is vulnerable to TEMPEST attacks. Cutting out the sarcasm, Cryptome is an OSINT heaven, no doubt about it, but it’s also an initiative debunking the entire concept that secrecy actually results in improved and sustained security on an international level.
The data collected at Cryptome would never be destroyed, mainly because it’s all digital, it’s all distributable, and it simply wants to be free. Thought of the day – The man who brought fire to the world got burned at the stake.
Video Demonstration of Vbootkit
Orignally introduced at this year’s Blackhat con in Amsterdam, the Vbootkit is a kit showcasing the execution of unsigned code on Windows Vista. Recently, the researchers released two videos demonstrating the attack worth watching. Here’s the authors’ research itself. Answering the mythical question on which is the most secure OS, direct the reply in a “which is the most securely configured one” manner, and you’ll break through the technology solution myopia and hopefully enter the security risk management stage. A secure OS from what? Nothing’s unhackable, the unhackable just takes a little while — where the invisible incentivising in the desired direction is the shortcut.
Video Demonstration of Vbootkit
Orignally introduced at this year’s Blackhat con in Amsterdam, the Vbootkit is a kit showcasing the execution of unsigned code on Windows Vista. Recently, the researchers released two videos demonstrating the attack worth watching. Here’s the authors’ research itself. Answering the mythical question on which is the most secure OS, direct the reply in a “which is the most securely configured one” manner, and you’ll break through the technology solution myopia and hopefully enter the security risk management stage. A secure OS from what? Nothing’s unhackable, the unhackable just takes a little while — where the invisible incentivising in the desired direction is the shortcut.
Wireless NAC != Wireless IPS: AirTight…Leaks…
if it isn’t. It does this by spoofing deauthentication packets in both directions from the user to the access point and from the access point to the user (Packet caps of this to the right). These packets are in the standard and are basically there to say “go away, I am not interested in working with you”. So I am sure you are curious what happens if you modify you driver and an access point to ignore these types of packets? Nothing, you can just keep humming away and do whatever it is you want to. Now the argument we heard when we originally mentioned this to people is that these types of devices are not designed to stop determined attackers, just a clueless guy who plugs in a Linksys in accounting and those guys don’t use custom wifi drivers. To bad, we do, and this company would have failed a penetration test. Relying on a remote attacker to adhere to a standard for your security too to work is crazy, that’s as bad as the Cisco Security Agent API hooking that relied on you executing jumps to its analysis engine to work properly. In the Cisco case and the Airtight case you can just ignore the spec and the security breaks down.In problem 2 it was noted to verify that an access point is actually on the network a sensor would spoof a packet to be transmitted through the access point and if it was received by the sensor the containment process would begin by generating fake deauthentication messages. This is a problem because it leaks information about your internal network. This method of determining whether or not an access point is on the network means that UDP packets are being generated with the internal IP address of not just the sensor sending the spoofed packets but also the management console and sending them over sniffable wireless access for all to see and capture. So even if you are not on the network and just sniffing the channel the AP is on you can get information on that company’s internal network information like addressing scheme and layout; you could even write a snort rule to detect just these types of packets.. Thank you very much! With the work that has been done on Ferret we have become hyper sensitive to unintentional information leaks and this is definitely one.
-
Recent Comments
hoppiemochie on vBulletin v3.6.8 PREMODED with… pedro on Flashden Two Level Accordian M… Radeheatahemy on vBulletin v3.6.8 PREMODED with…
