So you think you're good enough to break the protection?

You want to see how good you are in reversing applications?

And you want to do it the legal way?

Then you're at the right place!

Awesome! I think I try some tonight after work.

crackmes.de: Tools for practicing reverse engineering

One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, "Samy" had amassed over 1 million friends on the popular online community.

Basically the worm was XSS embedded in someone’s profile on MySpace. When someone would view the profile, they would execute the Javascript in their own browser. The payload of the XSS was Ajax which would make GET and POST requests to MySpace, adding the XSS Payload to that user’s profile. This spreads the worm!

As with most worms using a new attack vector, this was harmless, adding the message “samy is my hero” to each infected profile along with the XSS payload

Update: Here is the source code of the XSS Payload. I haven't had time to format it properly. I'll do an analysis of it later and post it to Memestreams.

BetaNews | Cross-Site Scripting Worm Hits MySpace

Frustrated by MemeStreams? Sick of our bad UI design? Tired of all these stupid people and their insipid political ideas and boring personal interests? Why start a flame war when you can take out your frustrations like a man... with firearms! Send an email to tom@memestreams.net with your mailing address and I'll mail you some MemeStreams sitckers! Stick them to your car. Stick them to your laptop. Stick them to your little sister. Or better yet, take them down to the range...

MemeStreams Stickers!

Last week Healthcare Advocates sued both the Harding Earley firm and the Internet Archive, saying the access to its old Web pages, stored in the Internet Archive's database, was unauthorized and illegal.

Ignoring robots.txt != DMCA Violation.

This is the most retarded application of the DMCA I have ever seen.

Keeper of Expired Web Pages Is Sued Because Archive Was Used in Another Suit - New York Times

This paragraph is from the Washington Times:

] The CIA's chief weapons inspector said he cannot rule out
] the possibility that Iraqi weapons of mass destruction
] were secretly shipped to Syria before the March 2003
] invasion, citing "sufficiently credible" evidence that
] WMDs may have been moved there.

Sounds like WMD probably went to Syria from Iraq...

This text is from the Washington Post:

] Although Syria helped Iraq evade U.N.-imposed sanctions
] by shipping military and other products across its borders,
] the investigators "found no senior policy, program, or
] intelligence officials who admitted any direct knowledge of
] such movement of WMD." Because of the insular nature of
] Saddam Hussein's government, however, the investigators were
] "unable to rule out unofficial movement of limited
] WMD-related materials."

Liberal Bias?

The Times doesn't respond to this quote:

] Iraq's ability to produce nuclear arms, which the
] administration asserted was a grave and gathering
] threat that required an immediate military response,
] had "progressively decayed" since 1991. Investigators
] found no evidence of "concerted efforts to restart the
] program."

But

] Hussein "retained the intent and capability and he
] intended to resume full-scale WMD efforts once the
] U.N. sanctions were lifted," Pentagon spokesman Bryan
] Whitman said yesterday. "Duelfer provides plenty of
] rationale for why this country went to war in Iraq."

Thats the key question isn't it?

The times says:

] Clearly, the media needs an object lesson in an old
] truth: Absence of evidence is not evidence of absence.

Yeah, but is it ok to actually launch a war based on a total absence of evidence? Is a sentence like "Years later, there is still absolutely no evidence that the Bush administration's justification for the Iraq war was accurate." a reasonable enough headline for you? You really have no idea whether or not you were right. You've grabbed onto the tinyest thread left to uphold your position. This is the kind of crap I expect from silly online debates. This is not something that I want to hear coming out of the US Government.

There is absolutely no proof that bunny rabbits don't have tea on pluto. However, its extremely unlikely, and most people would tend to beleive that it isn't true. At what point to you admit that the idea that there was an imminent threat that Saddam would give WMD to a terrorist organization is extremely unlikely, and start asking objective questions about whether or not it actually made sense to re-elect a political team that sent thousands to their graves based on what was most likely a bad call? Oh no. We couldn't do that... That might involve voting for a (blech) liberal. Fuck Liberals. They suck. Conservatives rule!

Links:
http://www.usatoday.com/news/world/iraq/2004-10-06-wmd_x.htm
http://www.washingtonpost.com/wp-dyn/articles/A12115-2004Oct6.html
http://www.washingtonpost.com/wp-dyn/content/article/2005/04/25/AR2005042501554.html
http://washingtontimes.com/national/20050427-121915-1667r.htm
http://washingtontimes.com/national/20050427-110457-2216r.htm

Liberal Bias or Crazy Moonies

] I was connected via a soldier on Iraq who sent me a
] picture of the radios they are using to set off the
] IEDs. Some of them are using FRS radios (Family
] Radios). The picture I saw was a Motorola TalkAbout
] 5000 (or something like that).
]
] What I did was make a FRS radio connected to a 7 watt
] external amplifier, and with a BASIC stamp controlling
] the main function buttons of the radio. It will hop through
] all 838 possible codes (22 channels, 38 privacy codes) and
] transmit for 1 second on each channel. Hopefully
] setting off the bombs before they drive through.

Very interesting. There is a picture of a nokia phone that someone has attached a small circuit board to. I assume the voltage for the ringer switches a relay that trips the explosive. Pretty tech savvy for an islamist fundi. They should find one of these guys for make magazine. :)

IED construction/ Auto destruction

] Regarding bags that block radio signals; we (me,
] colleague who shall remain nameless) tested this with our
] building access cards and our cell phones. An anti-static
] bag for computer chips was demonstrated to NOT block the
] signals. However, an (aluminized) anti-moisture bag for
] corn chips (specifically, Fritos) successfully
] deactivated both my cell phone (GSM) and my access card,
] even pressed directly against the reader.
]
] It is a small help to know that effective RF shielding is
] available in many snack vending machines, and that the
] shield itself is a mundane enough item that it will not
] attract attention.

Pringle's cans and Fritos bags!

Aluminum-lined junk food packaging: It giveth the signal, and it taketh it away.

Freedom to Tinker: Why Use Remotely-Readable Passports?

] Magnetic Stripe Snooping at Home

[ Billy makes the front page of /. Go billy! -k]

I was rather surprised myself. When SS was /.ed in August, I had submitted the link, and it was a slow news day. I imagine this was because of the Make article (and hence the credit to Billy Hoffman).

On a side note I received my copy of Make last week and it really is damn cool. Excellent layout, beautiful graphics. People should check it out.

StripeSnoop on /.

] SHA-1 has been broken. Not a reduced-round version. Not a
] simplified version. The real thing.

All your digital signatures are belong to us.

You have no chance to survive make new keys.

(well, not really new keys, but you get the drift)

Schneier on Security: SHA-1 Broken

] Southeast Cybercrime Summit 2005 March 1-4, 2005

Potentially of interest...

Computer Forensics - Internet Cop Con in Atlanta in March