Blog
MTBF and Light Bulbs..
Some of you will know that i finally moved out of the shoe box i lived in for 6 years and moved into a house (about 3 months ago) Since then i have replaced 3 different light bulbs at different places in the house.. Now this made me start thinking.. Surely when the house was new, they fitted in all the bulbs as brand new.. Now some sections of the house light a series of 4 or 6 bulbs at once.. yet there appears to be no link at all between “sibling” bulbs and their life-span..
BMC Video on DTrace..
BMC did his 90 minute engedu talk on DTrace at google to show some of its coolness (and from the looks of things to help get a Linux port going). DTrace looks awesome for system instrumentation (like strace on steroids)(although limiting it like that does it no justice at all). From the DTrace Page: “DTrace is a comprehensive dynamic tracing framework for the Solaris Operating Environment. DTrace provides a powerful infrastructure to permit administrators, developers, and service personnel to concisely answer arbitrary questions about the behavior of the operating system and user programs.”
Its the #1 thing that has me all excited about leopard (shipping with dtrace by default) and i genuinely cant wait (maybe now ill spend the extra minutes finding out how growlNotify manages to occasionally hose my box ;> )
Ok.. Now this is pretty cool…
For all those guys who usually scoff at CSI / Police Movies where the detective shouts “enhance image” or remove that person, you have to admit that life dos indeed imitate art..
(Click image or here)
Pretty neat…
2 Un-related thoughts.. on Echelon and the recent Skype Outage..
I suspect somewhere there exist cardinal rules of blogging which would state that using a single post to make 2 completely un-related posts is a no-no.. I will now promptly ignore it 2 push out 2 random thoughts that came up..
Echelon and Echelon spam..
While watching the Bourne Ultimatum the other night the usual “echelon“esque scene played out.. Guy on phone says keyword.. pan to NSA/CIA type building.. computer drone type person screams something like “we have a hot one”..
Core Release Pass the Hash Toolkit..
Hernan Ochoa from Core has released the Pass the Hash Toolkit which is very cool.. It basically means that you dont have to bother cracking a password on a taken machine anymore, you can simply use his iam.exe to associate the captured hash with your current session.. Its accompanying whoisthere.exe means you can grab hashes easily and the fact that its all released with source means you should be able to use it on a customer network without a sinking feeling in your stomach :>
We’re hiring
SensePost is an exciting & dynamic young company with strong values &
a world vision. We specialize in high-end technical security services
& we’re looking for exceptional people to help grow our world-class
team. If you’d like to be part of a relaxed, inspired team where your
work is valued & appreciation for your work is visibly demonstrated,
where opportunities to learn abound & innovation is encouraged, then
why not join us at SensePost?
On hamsters, Escaping, Escaping of Hamsters and the Lack of escaping in Hamster…
OK.. So as i mentioned before, I saw Robert Graham from Erratasec demo hamster live on stage and wondered if hamster was doing useful input/output sanitization.. If it wasn’t, he was setting himself up for a pop-up that read “owned on stage” or worse a re-direct to tubgirl.. He didnt get owned on stage, which suggested that either the crowd was really well behaved or the tool was doing some tidying up so i decided to wait till i got home to check..
mh.blackhatFeedback(Side-jacking, Hamster)
Ok.. so its a lot later than i promised, but i did mention that i would post some feedback on some of the talks i ended up catching at this years BlackHat. By far the talk that grabbed the most press was the Erratasec talk on Side-Jacking.
Essentially the researchers demonstrated a tool (hamster) that allows an attacker on a shared network (wifi was used as an example, but i guess any shared medium would suffice) to hi-jack users accounts by sniffing their session-ids.
On hacking and politics
I meant to blog this whilst I was still in Vegas, but only got around
to it now. Its arb, but worth a bit of thinking… Kenneth Geers’
talk titled ‘Greetz from Room 101’ was on which countries have the
Top Ten most Orwellian computer networks. In his precis he asks
“Could a cyber attack lead to a real-life government overthrow?”
I find these kinds of discussions really interesting, because of the
significant role that information technology plays in today’s wars on
crime and ‘terror’. In such “wars” the lines between right and wrong
are very loosely defined. As we saw clearly in South Africa today’s
terrorist is tomorrow’s freedom fighter. Thus, a technology that
could be used fight terror today, could just as easily be used to
oppress freedom tomorrow. Technology will serve any master.
F(inally)ull Release of BlackHat-Defcon Timing Stuff..
The slides | tool | paper from BlackHat07/DefCon07 have been posted online for your wget’ing pleasure.
More details on squeeza (the tool) can be found on the squeeza page, but in a nutshell is a sql injection tool that uses Metasploits concept of splitting exploit/payloads/etc with SQL Injection attacks. Current modules are written for MS-SQL server but include functionality for (user defined sql queries, some db schema enumeration, command execution, file-transfer, db_info) and the information is returned (channel selection) via one of (application error messages, DNS, Timing). The modularity’ness means that these all mix and match – I.e. if you write a module to “extract data from all tables that look like username*”, the results would be available on any of the available channels.. (Its a pretty neat tool.. and saved our bacon more than once) So check it out, and send feedback to research@sensepost.com