Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:Conveniently forgetting the details - You lie!! (Score 1) 929

There had never been an attack on Ben Gurion Airport in Israel, ever! It's one of the safest air ports in the world. It's sounds like you're inventing those stuff up. sorry. Also, Israel is one of the nicest place to visit on earth, including "the dead sea" which is 90% salt, so you can float on the water, it's awesome. Tel-aviv is great place for parties, and the north of Israel is just beautiful. Please don't lie about stuff like that, people might believe you. written by an Israeli citizen.

Comment Some mistakes in the articles and comments (Score 1) 289

Hello, This advisory had been published at the 9th of September http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html, about a Kernel Crush made by specially crafted SMB packet to port 445. This advisory were published in the begining as Denial-Of-Service but soon people found that it was exploitable! Soon lots of people tried to be the first to create working exploit for the MS09-050 (SMB2). Till then, Microsoft told that un-till an update will be available you can disable SMB2 and not ports 445/139.

Also, CoreImpact had first published an remote exploit PoC to their members at the 17th of Septemeber. Which means that an exploit had been found to subscribers at 17/9!!.
So this article is basically wrong. Anyways, more researchers still tried to create public exploit for it such as http://blog.metasploit.com/2009/10/smb2-351-packets-from-trampoline.html which describes what his way of exploiting this using 351 packets to achieve jump to his code (remote code execution).

So... This article has more than a few points which are not accurate including the "The first windows 7 zero day exploit" title.
Cheers.
Zuk

Comment Interesting use of ClearView in hacker PoV (Score 1) 234

Interesting use of ClearView in hacker point of view, the program can be patched to not change the binaries, but just to write which places seem vulnerable, and try to attack those vectors of input to gain a zero-day attack on a program which other fuzzers didn't seem to detect those input errors, etc.

Comment Short information about current Wireless Hacking (Score 5, Informative) 166

In-order to hack WEP it's quite simple today, you need to do the following :
1) Listen to packets going through (monitor mode)
2) Force people to send more packets using arp-replay packets or specially crafted packets
3) Capture about 25000 packets and make an crypto analysis [the more packets you capture, more chance you'll be able to decrypt the password] about this packets to get password


In WPA1/2 it's quite different :
1) Listen to packets going through in monitor mode
2) Wait un-till you capture a connection-login handshake (it's 2 packets both ways = 4 packets)
3) After you capture packets in 2, you need to do Dictionary attack on the captured session login. If that word isn't in your dictionary, you're screwed.

That's why a current wireless hacking methods against a strong not-in-dictionary WPA(PSK) password will be quite hard (if possible) to hack these days.

Just so we all be cleared.

Comment Re:Typical Bullshit- Linux Kernel Runtime Patching (Score 1) 341

I've yet to see a good Linux/Unix distribution that offers centralized patch management in an easily administered manner to compare with WSUS.
Kernel issues still require a reboot.

Kernel issues do not always require a reboot.
Most of the time you can have a run-time patching within a separate LKM (Loadable Kernel Module).

Check this out for some more info about run-time patching

Comment Re:local... remote... -- WRONG (Score 1) 595

It would be quite an accomplishment to introduce a remote exploit directly in the kernel.

Here you go : that's not that hard to achieve (well, it is, but that's not impossible) : http://dvlabs.tippingpoint.com/advisory/TPTI-06-02 (Driver BO will run on kernel-mode obviously), so remote BO's on kernel side are not that never heard of.

Comment weird that they both came up with this - same time (Score 1) 280

"Two researchers, Dan Kaminsky and Moxie Marlinspike, came up with exact same way to fake being a popular website with authentication from a certificate authority."

Here's what happened : Moxie Marlinspike found this and sent his boss a message through his website, but the problem was, Mr. Kaminsky had tried his DNS poisoning on that website and all the traffic went through Kaminsky. Kaminsky afterward declared that he had found a way to do it :)


Of-course I'm j/k but Dan is a genius and can do it :)

Comment Re:"Technology over politics"... (Score 1) 634

I'm one of the guys like you who actually makes fun of MS in every possible way, but I still believe in my heart that there's lots of code in their system which is written quite good. and I also think they've contributed much to today's world/technology.
I still use linux though, but [sarcasem ]"the enemy"[/sarcasem] is actually not that evil, I guess (without thinking about ie/or any other monopoly behavior).

Comment Python (Score 1) 634

Definitely Python, as it can both teach regular programming pretty easy and also can teach OOP concepts easily as-well
So, learning python can be a start to learn C++/C#/JAVA and help understand it much more. Also, It's quite easy language, you can do pretty much whatever you want, it will help you understand sockets, file parsing, oop, variables a bit less though (it will make a new programmer a bit confuse) but overall it's a great language and I couldn't be thinking how my life would be without python :)

Comment Bars that require 21+ is ridicules (Score 1) 198

Because of requiring such age for entering bars in the states, the young guys there just want to drink (and do drink) much more than he would have drank if it was legal. They fly abroad all over the world and see that they can drink over 18 and only in their home they can't. That's truly ridicules, and I think that's one of the reasons that lots of people in the states do drugs (like much more comparing to the rest of the world).
Social Networks

Journal Journal: Facebook automation script?

Once I've done that "send message to all the girls" (*it started with a bet though*) on one social network, I've had lots of request for scripts (see the related journal - Ultimate computer usage ).
Some of them, as you can guess are not in some weird social security sites without any security or randomization stuff, so I had to change my ways in order to do automatic stuff on lets say, facebook.com;
When I've start

Slashdot Top Deals

Before Xerox, five carbons were the maximum extension of anybody's ego.

Working...