Create an Account
username: password:
 
  MemeStreams Logo

Curiouser and Curiouser

search

Acidus
Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
I am a hacker and you are afraid and that makes you more dangerous than I ever could be.

Wikipedia gateway for Mobile
Topic: Miscellaneous 1:50 pm EDT, Jun 27, 2006

Doing some work with WML and WAP today and came across this gateway to Wikipedia for Mobile phones. Does a good job stripping and formatting the HTML to help low bandwidth devices like Sidekicks.

Wikipedia gateway for Mobile


Live action version of GoldenEye 64
Topic: Games 1:37 am EDT, Jun 25, 2006

A little slow at first, but these kids made a live action walkthrough (with some liberties...) of Goldeneye 64, complete with sound effects, disappearing corpses, talking to Q, going to the sub screens, dying, and more.

Live action version of GoldenEye 64


XSS worm spreading through Yahoo webmail
Topic: Technology 2:00 pm EDT, Jun 12, 2006

I just received an email with an html attachment, on a yahoo account.

When I opened the mail, yahoo automatically displayed the html, and executed
the code within. What the hell. =) It forwarded the message to my contacts
list, (or some other set of addresses, dunno,) and redirected my browser to
a website.

XSS-based worm spreading through Yahoo's web mail. Looking an an email message causes the XSS to run. The XSS uses AJAX to make an HTTP POST to the URL on YAhoo for sending mail. The worm does this to send email containing the worm to everyone in your address book and sends your address book to a 3rd party. Probably to sell your email address to spammers.

This is a great example of XSS+AJAX=BAD! Even if Yahoo mail doesn't use AJAX, the XSS can use AJAX to make requests for you using your credentials.

XSS worm spreading through Yahoo webmail


Laughing Boy on TV?
Topic: Miscellaneous 11:26 pm EDT, Jun 11, 2006

I swear I just saw Laughing Boy on TV as one of the main people on some Ghost hunting show. I know he was in to this so I can only assume its him.

Mullet Power!


Debian -- nanourl
Topic: Miscellaneous 1:44 pm EDT, May 31, 2006

... ... hahahahahahahahahaha!

Someone made a Debian package for Nanourl, my implementation of TinyURL!

Maybe I should update that now.

Debian -- nanourl


Info on Qwest's phone switches
Topic: Technology 10:16 am EDT, May 31, 2006

Found this while doing some massive crawls. Has links like to information about each of Qwest's phone switches like features, activition date, replacement date, etc.

Example of switch lookup

Info on Qwest's phone switches


The biggest hacking incident in the web-hosting history!
Topic: Current Events 5:01 pm EDT, May 23, 2006

******************************************

UPDATE 11.30 PM GMT

We are receiving 17,000 more defaced websites in these minutes. We will account them in this news but we are not sure we will ever be able to handle such a huge amount of notifications as to mirror all of them we should possess a distributed platform such the one Google is having on Akamai. The latest notified defacements seems to belong to the ISP secureserver.com

We have not examined the source code to the asp file in detail or done more than superficial research on this mass defacement, but this does not appear to be a vulnerability in IIS. This appears to be a problem with poor script coding and / or failing to properly validate user form input. I would guess that the hacker is able to inject their own code into the asp or php script being used to send mail."

Holy Shit! I was just handed something fun to look at for work.

Basically, this guy found 0day in the godaddy administration pages for every godaddy account. The count is 22,000+ and rising!

The biggest hacking incident in the web-hosting history!


Reporting Vulnerabilities is for the Brave
Topic: Miscellaneous 10:42 am EDT, May 23, 2006

As a consequence of that experience, I intend to provide the following instructions to students (until something changes):

1. If you find strange behaviors that may indicate that a web site is vulnerable, don’t try to confirm if it’s actually vulnerable.

2. Try to avoid using that system as much as is reasonable.

3. Don’t tell anyone (including me), don’t try to impress anyone, don’t brag that you’re smart because you found an issue, and don’t make innuendos. However much I wish I could, I can’t keep your anonymity and protect you from police questioning (where you may incriminate yourself), a police investigation gone awry and miscarriages of justice. We all want to do the right thing, and help people we perceive as in danger. However, you shouldn’t help when it puts you at the same or greater risk. The risk of being accused of felonies and having to defend yourself in court (as if you had the money to hire a lawyer — you’re a student!) is just too high. Moreover, this is a web site, an application; real people are not in physical danger. Forget about it.

4. Delete any evidence that you knew about this problem. You are not responsible for that web site, it’s not your problem — you have no reason to keep any such evidence. Go on with your life.

5. If you decide to report it against my advice, don’t tell or ask me anything about it. I’ve exhausted my limited pool of bravery — as other people would put it, I’ve experienced a chilling effect. Despite the possible benefits to the university and society at large, I’m intimidated by the possible consequences to my career, bank account and sanity. I agree with HD Moore, as far as production web sites are concerned: “There is no way to report a vulnerability safely”.

Reporting Vulnerabilities is for the Brave


RE: Telling the Truth hurts...
Topic: Current Events 2:44 am EDT, May 15, 2006

Dc0de has joined what we have started referring to as "the club." People we know who have received legal threats for saying true things in a public place. This seems to happen a lot to computer security people.

People who use the legal system to squash critics instead of appropriately addressing their criticism in print are operating in a manner that is out of sync with the core values of this nation. I hold this sort of behavior in very poor esteem.

All around scary stuff. Its a sad day when opinions get silenced by lawsuits.

That slander charge is a bitch. I said a lot of very bad, public things about Blackboard, their executives, and the sexual habits of their mothers. Thankfully no one ever pulled that crap on me.

Actually, slander is a growing concern of mine. The way you all have seen me give a presentation at say, Phreaknic, is the same way I give a presentation at BlackHat: rather informal with a fair amount of profanity directed at those who deserve it.

Its only a matter of time before some no talent ass clown somewhere takes offense.

RE: Telling the Truth hurts...


London Calling
Topic: Miscellaneous 2:31 am EDT, May 15, 2006

The ice age is coming, the sun's zooming in
Meltdown expected, the wheat is growing thin
Engines stop running, but I have no fear
Cause London is burning and I, I live by the river

I had forgotten what a kick ass song this was


(Last) Newer << 82 ++ 92 - 93 - 94 - 95 - 96 - 97 - 98 - 99 - 100 ++ 110 >> Older (First)
 
 
Powered By Industrial Memetics
RSS2.0