|
 |
dimarts, 22 / febrer / 2005 |
[F-Secure] Paris Hilton's phone hacked
A list of celebrity phone numbers and email addresses appeared on the Internet after Paris Hilton's T-Mobile Sidekick got hacked. The intruders stole Paris' Sidekick Address Book, Notes and some personal photos. Many of the phone numbers has been verified and found to be valid, until the owners change them, at least. On the list, among others, there is Christina Aguilera, Eminem, Lindsay Lohan and Vin Diesel.
(...)
This only serves as another reminder for people to use difficult enough passwords everywhere and no, pet names are not difficult enough...
|
12:10 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[eEye Digital Security White Paper] Remote Windows Kernel Exploitation Step into the Ring O
In the article that follows, I will walk through the remote exploitation of a kernel-based vulnerability. The example I use was a flaw in the Symantec line of personal firewalls. The flaw existed due to incorrect handling of DNS responses. This issue was patched long ago, but it was chosen as it demonstrates certain obstacles relating to the communication layers that must be overcome when exploiting a hostbased firewall.
I will provide two shell code examples: the first is a “kernel loader”, which will allow you to plug in and execute any user-land code you wish; the second operates entirely at the kernel level. A keystroke logger is installed and the keystroke buffer may be retrieved from a remote system. This example demonstrates more of an old school software crack than that of network shell code.
|
07:54 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
 arp-sk és una eina per jugar amb el protocol ARP. Hi ha versió per a Linux i per a Windows. A la pàgina web del projecte, a més, hi ha moltíssima informació sobre aquest protocol.
|
07:26 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[Schneier on Security] SHA-1 Broken i Cryptanalysis of SHA-1. Tal com ja vaig indicar el passat 11 de febrer,el NIST aconsellava abandonar l'algoritme de xifrat SHA-11... i només uns dies després, a través del weblog de Bruce Schneier veig que l'algortime ja ha estat trencat:
SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.
The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper announcing their results.
- collisions in the the full SHA-1 in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length.
- collisions in SHA-0 in 2**39 operations.
- collisions in 58-round SHA-1 in 2**33 operations.
This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result. It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn't affect applications such as HMAC where collisions aren't important). Sobre aquest tema, s'ha escrit força: More on Newly Broken SHA-1, Crypto researchers break SHA-1, Researchers find security flaw in SHA-1 algorithm, SHA-1 broken...?, Researchers: Digital encryption standard flawed, SHA-1 Broken... així com els primers efectes: PGP moving to stronger SHA Algorithm.
|
06:55 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
 Tens complex d'inferioritat per no saber escriure als canals d'IRC com ho fa la gent més cool? T'agradaria poder dir que:
V0Ls P0d3R 35cr1Ur3 COM El5 p41O5 Mé5 K3WL Kw3 3$Cr1UEN @L5 C@N4l5 De xAt? O bé vols fer el pas invers i traduir a text intel·ligible allò que alguna gent escriu?
La solució: «l33t sp34k g3Ner4+0r».
|
06:28 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
© Copyright 2003-2005 Xavier Caballe.  . Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicència Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
|
