You don't know what's in Linux Kernel. http://www.theregister.co.uk/2003/11/07/linux_kernel_backdoor_blocked/ Things like that can happen. I hope the community is doing a good job. and they are :) p.s, I use linux myself, and trust no one.

There had never been an attack on Ben Gurion Airport in Israel, ever! It's one of the safest air ports in the world. It's sounds like you're inventing those stuff up. sorry. Also, Israel is one of the nicest place to visit on earth, including "the dead sea" which is 90% salt, so you can float on the water, it's awesome. Tel-aviv is great place for parties, and the north of Israel is just beautiful. Please don't lie about stuff like that, people might believe you. written by an Israeli citizen.

Hello, This advisory had been published at the 9th of September http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html, about a Kernel Crush made by specially crafted SMB packet to port 445. This advisory were published in the begining as Denial-Of-Service but soon people found that it was exploitable! Soon lots of people tried to be the first to create working exploit for the MS09-050 (SMB2). Till then, Microsoft told that un-till an update will be available you can disable SMB2 and not ports 445/139.

Also, CoreImpact had first published an remote exploit PoC to their members at the 17th of Septemeber. Which means that an exploit had been found to subscribers at 17/9!!.
So this article is basically wrong. Anyways, more researchers still tried to create public exploit for it such as http://blog.metasploit.com/2009/10/smb2-351-packets-from-trampoline.html which describes what his way of exploiting this using 351 packets to achieve jump to his code (remote code execution).

So... This article has more than a few points which are not accurate including the "The first windows 7 zero day exploit" title.
Cheers.
Zuk

Interesting use of ClearView in hacker point of view, the program can be patched to not change the binaries, but just to write which places seem vulnerable, and try to attack those vectors of input to gain a zero-day attack on a program which other fuzzers didn't seem to detect those input errors, etc.

In-order to hack WEP it's quite simple today, you need to do the following :
1) Listen to packets going through (monitor mode)
2) Force people to send more packets using arp-replay packets or specially crafted packets
3) Capture about 25000 packets and make an crypto analysis [the more packets you capture, more chance you'll be able to decrypt the password] about this packets to get password


In WPA1/2 it's quite different :
1) Listen to packets going through in monitor mode
2) Wait un-till you capture a connection-login handshake (it's 2 packets both ways = 4 packets)
3) After you capture packets in 2, you need to do Dictionary attack on the captured session login. If that word isn't in your dictionary, you're screwed.

That's why a current wireless hacking methods against a strong not-in-dictionary WPA(PSK) password will be quite hard (if possible) to hack these days.

Just so we all be cleared.

Kernel issues do not always require a reboot.
Most of the time you can have a run-time patching within a separate LKM (Loadable Kernel Module).

Check this out for some more info about run-time patching

Easy, Chuck Norris!

I'd like to see the contest's questions, just to check how it was (and also perhaps there's something new to learn, right? :)), if anyone can give the test for self checking?

Thanks!

Here you go : that's not that hard to achieve (well, it is, but that's not impossible) : http://dvlabs.tippingpoint.com/advisory/TPTI-06-02 (Driver BO will run on kernel-mode obviously), so remote BO's on kernel side are not that never heard of.

Here's what happened : Moxie Marlinspike found this and sent his boss a message through his website, but the problem was, Mr. Kaminsky had tried his DNS poisoning on that website and all the traffic went through Kaminsky. Kaminsky afterward declared that he had found a way to do it :)


Of-course I'm j/k but Dan is a genius and can do it :)

Roee Hay's blog and a movie to demonstrate it : Movie on youtube showing successful attack

GG WP!!

I'm one of the guys like you who actually makes fun of MS in every possible way, but I still believe in my heart that there's lots of code in their system which is written quite good. and I also think they've contributed much to today's world/technology.
I still use linux though, but [sarcasem ]"the enemy"[/sarcasem] is actually not that evil, I guess (without thinking about ie/or any other monopoly behavior).