Create an Account
username: password:
 
  MemeStreams Logo

encoded arbitrary binary sequences
search
Home Agent Weblogs Social Network Post Help About

dc0de
Picture of dc0de
dc0de's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

dc0de's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
  War on Terrorism
Recreation
Local Information
Science
Society
  Politics and Law
   Surveillance
  Media
   Blogging
  Security
Sports
(Technology)
  Biotechnology
  Computers
   Computer Networking
   Computing Platforms
    Linux
    Microsoft Windows
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Current Topic: Technology

Creative MP3 Players Shipped with Windows Virus
Topic: Technology 10:08 am EDT, Sep  3, 2005

Stupid Creative Labs.... Funny.... Shipped a worm with their MP3 Players.

Creative MP3 Players Shipped with Windows Virus

Thread [1] - Link - Reply

mobile multimedia projector | XR-1X
Topic: Technology 9:52 am EDT, Aug 13, 2005

Wicked Cool toy....

I got to see one of these the other day, and was beside myself.

This is small, light, and fast to operate.

It shuts down quickly and has a brilliant display. It ran at high screen resolutions flawlessly.

At under 3lbs, and small, it's amazing... I want one for traveling.

mobile multimedia projector | XR-1X

Thread [1] - Link - Reply

EFF: Breaking News - More attempts to remove your privacy...
Topic: Technology 8:58 pm EDT, Aug  6, 2005

This is an additional outrage...

I hope that those people that know technology will step up, and find a way to lobby against this...

The DOJ is trying to get a 'finger' on everyone, so that they can watch your internet habits...As if Carnivore wasn't enough of a intrusion... now we should have "tappable" ISP configurations for the DOJ?

And what's worse, is the DOJ is trying to push the FCC to be the "Bad Guy", by citing a statute designed for telephony networks...

I'm exasperated...

EFF: Breaking News - More attempts to remove your privacy...

Thread [2] - Link - Reply

Mike Lynn's 'exploit', in plain (non-technical) English
Topic: Technology 6:03 pm EDT, Aug  4, 2005

Dagmar... What can I say... Perfectly summarized the problem.... Everyone in IT should read this...

There has been an almost unbelievable amount of hubbub lately about the research that Mike Lynn gave a demonstration of at the BlackHat conference last week, and there's been a positively dizzying amount of "spin" applied to the media. Let me say one thing to everyone reading this, right up front. What Lynn uncovered is a serious issue, probably actually more serious than what the media is making it out to be. While coverage on the issue is good (and useful to both "sides") the lack of actual accurate reporting on the issue isn't helpful to anyone.

Part of the problem is that apparently, outside of the list of BlackHat attendees, there's not that many people running around who truly understand what Lynn's research uncovered. Lynn did not reveal an "exploit" in the usual sense. In fact, Lynn of his own volition has been playing his cards fairly close to his chest on this, and omitted most of the technical details of the problem from his presentation in order to assure that no one would be able to easily "follow in his footsteps". Lynn, it can safely be said, was scared by what he discovered--scared enough that he has risked his livelihood not once but twice in order to be sure that should the technical aspects of what he's found not be resolved before someone with less respect for the continuation of the Internet figures it out for themselves, the network and security administrators of the world will have had time to take some steps to reduce the amount of damage done. It can no longer be thought of as a sure thing that just because a particular vulnerability could "break the Internet" that no one's going to try it just to see if it's really true. We have a rather excellent example in recent history that pretty much everyone is aware of by now... the MS Blaster worm which raged around the Internet wreaking rather unprecedented havok. Pretty much everyone on the Internet was either personally affected by this, or knows someone who was. Blaster made use of a vulnerability that had become rather common knowledge by the time it was released, but had already been known to many security professionals for months. The real problem that made things so painful and propagation of Blaster so widespread, was that for those months, Microsoft had been actively denying that there was ever a problem until Blaster forced them to admit it. Had system administrators been made aware of the issue and the meager steps needed to impede the spread of Blaster (which everyone implemented in a white-hot hurry once their networks were figuratively ablaze) the damage could have been much less indeed.

Cisco is not helping the issue, or I should say, Cisco's lawyers are not helping the issue. Cisco makes some really awesome products, and their technical people can't really be faulted for this one te... [ Read More (1.4k in body) ]

Mike Lynn's 'exploit', in plain (non-technical) English

Thread [17] - Link - Reply

RE: Mike Lynn is a Whistleblower, he should be protected
Topic: Technology 10:14 pm EDT, Jul 28, 2005

Rattle has hit the nail on the head. Mike has done the ethical ("right") thing. He's handled it well, and now is coming under fire.

Why doesn't Cisco simply say, "Yes, it's a flaw, and we dragged our feet on it..."?

Why doesn't ISS admit that they simply wanted to keep the exploit to themselves to further their consulting practice? (sarcasm) Who would be harmed anyway? We're ISS, the most ethical hacking company on the planet, we wouldn't harm anyone, right? (/sarcasm)

Rattle wrote:
The EFF should support Mike Lynn in his defense against ISS and Cisco. If security researchers are not protected as Whistleblowers when they uncover major flaws, our critical communication infrastructure will be at serious risk. These are the Good Guys.

Mike has taken on enormous personal risk to do the right thing. So far, the general impression in the blogs is that he is doing the right thing. The mainstream media coverage has been good as well. This is a departure from the past, and a good one at that. The headlines contain words like "Whistleblower" and "Coverup"..

It is quite ironic that Cisco & ISS are taking the "Intellectual Property" tactic. Just to add some irony to it, here is a a post of Mike Lynn here on MemeStreams proving CherryOS stole OSS code from the PearPC project:

just incase anyone didn't believe them already here goes the analysis (I do this sort of thing for a living) first off CherryOS.exe is what we call in the security industry "packed", that means that they have taken a compiled binary and run it through an obfuscator to make it hard to reverse engineer (or at least with hard if all you're doing is strings)...this is common for virus writers, worm writers, 31337 bot net kiddies, and on the legitimate side, game developers do this a lot...its not very common among the commercial (or free) legitimate software market (mostly because it doesn't work and doesn't do any good) so, the easiest way to defeat the packing is simply to let it start up (this one has several annoying checks for debuggers so its easiest to just attach after its loaded)...

the eula for this thing says its a violation to reverse engineer it, but if you do disassemble it you find they never had the rights to license it in the first place, so I don't feel worried to put this here...

I think I have made it clear beyond a shadow of a doubt that CherryOS.exe, shipped as the core of cherryos is nothing but a recompiled version of PearPC...it has at most minor changes, most to strip attribution, hide the theft, or remove debugging output...

The only way we can f... [ Read More (0.1k in body) ]

RE: Mike Lynn is a Whistleblower, he should be protected

Thread [8] - Link - Reply

Mike Lynn's Glorious Escapades
Topic: Technology 9:46 pm EDT, Jul 28, 2005

As many of you know, Mike Lynn has been vaulted into the spotlight by exposing a known vulnerability in the Cisco IOS router code. This vulnerability enables a nefarious person to gain priviledged access to the router, and provides full control of all traffic that the router sees.

Needless to say, this is bad.

Mike had worked with ISS and Cisco to publish the findings... and Cisco wimped at the end of the day. I won't go into details, as there enough sites with their take on the issue, however, I truly hope that the public sees Cisco and ISS's actions for what they are.

Both of these corporations have asked Mike to perform unethical and immoral actions to prevent this well known issue from being made ?more? public.

The actions of these large organizations are truly that of money mongering, as it has been suggested that ISS actually wanted to obtain the exploit code to provide to it's auditing teams, so they could MAKE MORE MONEY!!!... does it get any more UNETHICAL?

Cisco tried to downplay the vulnerability, stating

In Response To Mike Lynn's Presentation at Black Hat

* Cisco respects and encourages the work of independent research scientists; however, we follow an industry established disclosure process for communicating to our customers and partners.

* It is important to note that the information presented at the Black Hat Conference yesterday was not a disclosure of a new vulnerability or a flaw with Cisco IOS software. The research presented explores possible ways to expand exploitations of known security vulnerabilities impacting routers.

* As per Cisco's best practices guidelines, we recommend customers upgrade their software to the latest available versions.

* Customers should contact their account managers and sales engineers with questions and request for more information.

one word - BULLSHIT.

If those cowards at Cisco were even half-true with their statements, they would own up to the fact that their shit is flawed, and that they WERE notified of the flaw, and didn't do their own due-diligence to identify the depth and scope of the flaw.

So, instead of being honest, forthright and admitting their mistakes, they are targeting a friend, who with the best of intentions, raised the awareness of the issue to the world at BlackHat, due to the fact that Cisco sat on their hands when they should have been fixing their code.

Now, one has to ask themselves the following questions;

1. Why would Cisco put out such a blatant statement, and then focus on discrediting someone in the Information Security Field that has produced valuable products and solutions his entire career?

2. Why would Cisco NOT fix the flaws found in their code properly?

3. Why didn't Cisco alert all of it's users of the REAL threat of the flaw?

4. Why has ISS brought the FBI into the investigation?

5. Why did ISS try to keep the exploit code for their own auditors, and want to keep that information from Cisco?

6. Does Cisco and ISS think that we are all that stupid to agree with their public press and statements? We know Mike, personally, we know what motivates him, and he DID NOT DO THIS FOR PROFIT. Can Cisco and ISS say the same?

Well, I could rant for hours... but personally, I use Foundry Routers and Switches, and I won't ever own an ISS product. So I just hope that those of you who read this, convince those who make the decsions to dump Cisco and ISS... before they cover up another one of these flaws, that costs YOU money...

That's my 2ยข, YMMV.

dc0de.

Thread [1] - Link - Reply

(Last) Newer << 1 - 2 - 3 - 4 - 5 >>
 
 
Powered By Industrial Memetics		RSS2.0