I've been exercising my new found privileges as an Addison Wesley author (getting free books) and have been burning through Subverting the Windows Kernel and... just... wow. I'd look at the FU rootkit before but the intricacy of it all was somehow lost on me at the time.
Now I'm starting to understand the little smile that comes on Jamie's lips when I start talking about stealthy JavaScript dynamically hooking user actions over drinks in a nightclub out in Vegas.
I'm pleased to say we hired Sullo, the creator of Nikto. I assure you, it had nothing to do with his considerable web security knowledge, but solely so he wouldn't sue my ass for the Jiktologo.
Couple this with hiring RFP last year, and we are almost done absorbing all the early web security tool creators into the HP Security Labs collective. Hmmm, I wonder if the Sensepost guys can work remote from South Africa? ;-)
Posts like this are exactly why Memestreams should exist. Thanks Stephanie!
Stephanie wrote:
Each wine put forth some stiff competition, and the judging was difficult. The bottom line: these wines are all horrible. We did the research so you can stay away from them.
[Wild Irish Rose] The thorn in your hangover is a wild rose from Ireland. Bottled by Canandaigua Wine in Chanadaigua, NY, the same company as Cisco. Like its brother Cisco, "Wild I" definitely has some secret additives that go straight to the cranium. Another web page claims that this foul beverage is a conspiracy by the republicans to kill the homeless.
[Thunderbird] If your taste buds are shot, and you need to get trashed with a quickness, then "T-bird" is the drink for you. Or, if you like to smell your hand after pumping gas, look no further than Thunderbird. As you drink on, the bird soars higher while you sink lower.
WARNING: This light yellow liquid turns your lips and mouth black! A mysterious chemical reaction similar to disappearing-reappearing ink makes you look like you've been chewing on hearty clumps of charcoal.
[Cisco] Known as "liquid crack," for its reputation for wreaking more mental havoc than the cheapest tequila. Something in this syrupy hooch seems to have a synapse-blasting effect not unlike low-grade cocaine. The label insists that the ingredients are merely "citrus wine & grape wine with artificial flavor & artificial color," but anyone who has tried it knows better. Tales of Cisco-induced semi-psychotic fits are common. Often, people on a Cisco binge end up curled into a fetal ball, shuddering and muttering paranoid rants. Nudity and violence may well be involved too.
In 1991, Cisco's tendency to cause a temporary form of inebriated insanity led the Federal Trade Commission to require its bottlers to print a warning on the label (above right). The FTC also forced them to drop their marketing slogan, "Takes You by Surprise," even though it was entirely accurate.
[Night Train Express] The night train runs only one route: sober to stupid with no roundtrip tickets available, and a strong liklihood of a train wreck along the way. This trainyard favorite is vinted and bottled by E&J Gallo Winery, in in Modesto, CA. Don't bother looking on their web page, because they dare not mention it there.
[Jeppson's Malört] ...the flavor is a mixture of tussin, nail polish remover, gasoline, bug spray, varnish remover, and metal with a hint of herbs. The taste powerfully lingers for at least ten minutes.
[Buckfast Tonic Wine] Buckfast was thick, with a strong taste of molasses. There was also a hint of some type of herb reminiscent of oregano, and a soapy aftertaste.
[White Ace] Our reporter brought a 3 liter jug of "White Ace" cider back to the states, which is 7% alcohol per volume and only about $3.50 US for the whole 3 liter jug. When the test subject drank the whole bottle of "White Ace," in Las Vegas, the effects were severe. He got kicked out of 4 Queens casino for washing his hands in a urinal, then fell asleep for 3 hours and woke up soaked in his own urine. He woke up and got into a 6 year old's pirate costume, ran around slapping gamblers in the gut, got kicked out of The Imperial Palace, and became so obnoxious that his friends put him on a plane and sent him home early.
In the past month, at least three consumers have reported that photo frames -- small flat-panel displays for displaying digital images -- received over the holidays attempted to install malicious code on their computer systems, according to the Internet Storm Center, a network-threat monitoring group. Each case involved the same product and the same chain of stores, suggesting that the electronic systems were infected at the factory or somewhere during shipping, said Marcus Sachs, who volunteers as the director of the Internet Storm Center.
"I think that supply-side attacks are going to go from zero to some small percentage," he said. "It is obviously not going to be as dangerous as mass mailing e-mail infections, but you could have some really clever targeted attacks."
Interesting vector. But this isn't just a rootkit, this code trys to propagate!
The malicious code appears to act like a rootkit, hiding itself and disabling access to antivirus resources.
"It propagates to any connected device by copying a script, a com file and an autorun file," one consumer reported to the ISC. "It hides all systems files and itself while completely eliminating the user admin ability to show hidden files. It creates processes that negate any attempt to go to anti virus and anti spam web sites. It prevents the remote installation of any antivirus components."
Ok, thats pretty slick. Now, for the money shot.
"Kodak works very closely with our suppliers to see that they have the latest version of antivirus software on the manufacturing systems," Landry said. "We also ask that any PCs in the factory are not connected to the Internet."
... ... wow. Maybe 14 year old Poles should pwn factories instead of train systems. They could change the mass production of just about anything. Toys, computers, ... pharmaceuticals...
You know there is a problem when an HP VP in Israel tells you about something funny they read on Memestreams.
Yes its nice that I can complain (loudly) about a certain firm's software and get a phone call from the product manager less than 24 hours later asking how to make it better.
But it sucks when a motley collection of idle thoughts and rants is read, with seriousness no less, by people of means and influence. And then people ask me about it in meetings. Talk about odd. Silly people, my blog isn't like some other blogs in the security space (ala a mouthpiece for a company or to drive a consulting biz). Its just what it is, and what it is is most certainly not a catalyst for work place discussion or an indication of policy.
[sigh] I was quite happy without Acidus == Billy Hoffman being public knowledge. It was that way for 6+ years. Of course then Blackboard went and blew that out of the water. If only I would publish under another name.
Or maybe I already have ;-) No, I'm not that clever. Or maybe!?!.... nope, nada.
Tom posted some quick enhancements I made to Memestreams today. If you are running IE 7 or Firefox 2+ you you might notice your search bar is glowing while browsing Memestreams. You can install MemeStreams as a search provider with one click now in both those browsers as shown below:
Firefox
Internet Explorer
Of course, those of you who regularly search MemeStreams may have a complaint or two about the performance. We're fixing that soon. Its entirely a disk I/O problem and we'll be buying a new server with better storage performance when the new machine comes online in February.
Spork wrote: Some dissent over at digg. another reason people should be using memestreams... Hopefully the number of users here will grow.
Its all about Metcalfe's Law. The more people that use Memestreams, the more data the reputation agent has to process, the better and more personalized the results are that get returned when you click "Agent" at the top of the screen. We have been seeing some good growth numbers and that makes us happy (seeing how we do this for free).
We are working on numerous improvements that should make Memestreams more usable. I don't want to give you the full list, so I'll give you what I'm personally committed to delivering by April 1st.
-Faster box with more ram so the search feature doesn't have to hit disk to access the indexes. -Replacing the categories system with tags -Export Memestream content