Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment Re:It's not just miles ahead of the competition... (Score 1) 125

A point is that one of the more useful basic features of NMap, the SYN partial-handshake scan (default when run as root) can't be replicated by nc. It always leaves marks in connect logs. Hping can replicate that feature though: "hping -8 -S known host.com" will SYN scan all ports listed in /etc/services on host.com

Comment It's not just miles ahead of the competition... (Score 2, Informative) 125

NMap is the best there is, period. There's not even specialist scanners that can up it's features, especially since you can set packet flags manually in the more recent versions. It really, really fills it's niche. I use it all the time in my daily life just for benign remote service discovery, and I assume many people do too. I've never had anyone complain about it either.

Comment Re:Idiotic (Score 1) 320

Okay, i stand corrected. The attack described in that article is obviously a professional targeted heist, especially considering the 0day. Just out of curiosity, how was the attack discovered? It should be quite possible to pull off that kind of attack without discovery even considering the spamming (injecting rookits with steganographic connect-back using dual-stage shellcode and making the website look like harmless viagra spam, assuming that the "unknown vulnerability" is a normal client memory corruption class of vuln). How do you know more subtle attacks aren't passing under your radar?

Comment Re:Wireless attack platform, yessire. (Score 1) 219

This and it's descendants is going to be really useful for hacking/pen testing. It's the perfect platform model for wireless attacks. Imagine walking through a crowd with one of these in your pocket, compromising computers and phones as people stream around you. Or, you could use it as a deniable relay, penetrating a 802.11 network via a cell connection to the phone. Or as a http://en.wikipedia.org/wiki/Jack_Box, enabling control of a rootkited server via a cell connection. That kind of stuff will be a lot easier to pull off with this kind of platform. Yes, i have a perverted mind. *sigh* But i think people with similiar minds will put this one to some real clever uses. I mean, all the heavy computing can be moved to a host behind TOR hidden service, or in a "bulletproof" country.

Whoopsie, I posted anonymous for some reason?

Comment Idiotic (Score 5, Insightful) 320

The "masses of probes" are just normal automated botnet attacks, and the "unidentified attacks" are probably just unwashed masses of skiddies. If you want me to believe that a real cyberwar (in this case more aptly named "computer espionage") is up and going you better give me or assure me that you have some sort of evidence (like captured transmissions showing that the attackers know what they are looking for in terms of intercepted/exfiltrated data) showing that you're actually being attacked by foreign governments or skilled people with an actual terrorist agenda. There is nothing in TFA except buzzwords, hyperbole and "x declined to comment".

Comment Re:Idiots (Score 1) 223

Note however that it's possible to detect contemporary rootkits in situ on a live system, even if any process that runs in ring0 obviously has the upper hand in a pure theoretical sense. One technique for this is to compare data returned from API calls with raw reads of the data (this is the technique used by "RootkitRevealer".)

Comment Re:Go vigilante (Score 2, Informative) 223

Take a look at Schneier's arguments against this: http://www.schneier.com/blog/archives/2008/02/benevolent_worm_1.html. One additional point is that stack/heap overflows and other memory-corrupting vulnerabilities often can't be made to be 100% reliable, and can be difficult to code for different service packs and such. This can be, and is, coded around as a matter of course, but a bug in the exploitation process can have disastrous and unpredictable results (in this case, interruption of a large swath of critical internal office file sharing networks.) This doesn't matter to the criminals, but it presumably matters to any prospective "grey hat" worm authors.

Comment It would be so easy. (Score 5, Interesting) 223

Every time i see one of these high-yield Windows remote execution holes, I'm tempted to couple a timed network-stack-erasing payload to it (24 hours should be enough for it to be able to infect through vpn-connected laptops and such) and send it cracking. Then i always begin to wonder why this hasn't been done already; is the combination of narcissistic recklessness and technical competence really that rare? It could be argued that it's more fun to play pranks and infiltrate corporate and government networks, but we don't even see things like that (I know it was more common up to the early 90s, when the "criminal prankster hacker scene" still existed outside of small tight groups...)? Or do people just cover it up? You sysadmins out there, have you ever had anything like that happen to you, or anyone you know?

Slashdot Top Deals

Lend money to a bad debtor and he will hate you.

Working...