They were just patting down and wanding a severely autistic child in a wheel chair. After sending her through the x-ray imagery twice.
What the fuck.
– email from my girlfriend
This is somehow perceived as thwarting terrorism.
WHY THE FUCK ARE THERE STILL SITES THAT DON’T ALLOW “SPECIAL CHARACTERS” IN PASSWORDS, LET ALONE USERNAMES?
For the sake of lulz, please narrate this to yourself in the voice of the Old Spice Guy […]
Security Advisory for NetWare 6.5 OpenSSH (“On Exploitability”)
Today I read a review on Threat Level tearing apart Richard Clarke’s new pile of hardbound bullshit. I really hate Richard Clarke. At least when it comes to cyber-anything, he’s full of shit and I don’t know why anyone considers him any kind of expert.
Rather than my usual obscene rant, I’m just going to provide some choice video clips. These are my two favorite segments from the PBS Frontline titled “Cyberwar” from a few years ago.
Update: I found a photographic record of Richard Clarke and his brave three hundred pushing enemy packets off the edge of the internet.
"Those packets look thirsty, boys!"
I can’t find this anywhere else, so I’m just going to quickly throw it up here. These are the tables and columns of a Sguil database. I think there are some extra tables (nessus, etc.) because this is from running a SecurityOnion live CD which uses NSMNow to do the Sguil setup. Also Sguil seems to copy the following tables for each date and sensor: data, event, icmphdr, sancp, tcphdr, and udphdr, e.g. each day it will make data_sensorname_20100407.
Database: server1_db
+--------------------------+
| Tables |
+--------------------------+
| data |
| event |
| history |
| icmphdr |
| nessus |
| nessus_data |
| pads |
| portscan |
| sancp |
| sensor |
| status |
| tcphdr |
| udphdr |
| user_info |
| version |
+--------------------------+
Database: server1_db Table: data
+--------------+------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
| Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment |
+--------------+------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
| sid | int(10) unsigned | | NO | MUL | | | select,insert,update,references | |
| cid | int(10) unsigned | | NO | | | | select,insert,update,references | |
| data_payload | text | latin1_swedish_ci | YES | | | | select,insert,update,references | |
+--------------+------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
Database: server1_db Table: event
+-------------------+----------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
| Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment |
+-------------------+----------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
| sid | int(10) unsigned | | NO | MUL | | | select,insert,update,references | |
| cid | int(10) unsigned | | NO | | | | select,insert,update,references | |
| signature | varchar(255) | latin1_swedish_ci | NO | MUL | | | select,insert,update,references | |
| signature_gen | int(10) unsigned | | NO | | | | select,insert,update,references | |
| signature_id | int(10) unsigned | | NO | | | | select,insert,update,references | |
| signature_rev | int(10) unsigned | | NO | | | | select,insert,update,references | |
| timestamp | datetime | | NO | MUL | | | select,insert,update,references | |
| unified_event_id | int(10) unsigned | | YES | | | | select,insert,update,references | |
| unified_event_ref | int(10) unsigned | | YES | | | | select,insert,update,references | |
| unified_ref_time | datetime | | YES | | | | select,insert,update,references | |
| priority | int(10) unsigned | | YES | | | | select,insert,update,references | |
| class | varchar(20) | latin1_swedish_ci | YES | | | | select,insert,update,references | |
| status | smallint(5) unsigned | | YES | MUL | 0 | | select,insert,update,references | |
| src_ip | int(10) unsigned | | YES | MUL | | | select,insert,update,references | |
| dst_ip | int(10) unsigned | | YES | MUL | | | select,insert,update,references | |
| src_port | int(10) unsigned | | YES | MUL | | | select,insert,update,references | |
| dst_port | int(10) unsigned | | YES | MUL | | | select,insert,update,references | |
| icmp_type | tinyint(3) unsigned | | YES | MUL | | | select,insert,update,references | |
| icmp_code | tinyint(3) unsigned | | YES | MUL | | | select,insert,update,references | |
| ip_proto | tinyint(3) unsigned | | YES | | | | select,insert,update,references | |
| ip_ver | tinyint(3) unsigned | | YES | | | | select,insert,update,references | |
| ip_hlen | tinyint(3) unsigned | | YES | | | | select,insert,update,references | |
| ip_tos | tinyint(3) unsigned | | YES | | | | select,insert,update,references | |
| ip_len | smallint(5) unsigned | | YES | | | | select,insert,update,references | |
| ip_id | smallint(5) unsigned | | YES | | | | select,insert,update,references | |
| ip_flags | tinyint(3) unsigned | | YES | | | | select,insert,update,references | |
| ip_off | smallint(5) unsigned | | YES | | | | select,insert,update,references | |
| ip_ttl | tinyint(3) unsigned | | YES | | | | select,insert,update,references | |
| ip_csum | smallint(5) unsigned | | YES | | | | select,insert,update,references | |
| last_modified | datetime | | YES | MUL | | | select,insert,update,references | |
| last_uid | int(10) unsigned | | YES | | | | select,insert,update,references | |
| abuse_queue | enum('Y','N') | latin1_swedish_ci | YES | | | | select,insert,update,references | |
| abuse_sent | enum('Y','N') | latin1_swedish_ci | YES | | | | select,insert,update,references | |
+-------------------+----------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
Database: server1_db Table: history
+-----------+----------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
| Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment |
+-----------+----------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
| sid | int(10) unsigned | | NO | | | | select,insert,update,references | |
| cid | int(10) unsigned | | NO | | | | select,insert,update,references | |
| uid | int(10) unsigned | | NO | | | | select,insert,update,references | |
| timestamp | datetime | | NO | MUL | | | select,insert,update,references | |
| status | smallint(5) unsigned | | NO | | | | select,insert,update,references | |
| comment | varchar(255) | latin1_swedish_ci | YES | | | | select,insert,update,references | |
+-----------+----------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
Database: server1_db Table: icmphdr
+-----------+----------------------+-----------+------+-----+---------+-------+---------------------------------+---------+
| Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment |
+-----------+----------------------+-----------+------+-----+---------+-------+---------------------------------+---------+
| sid | int(10) unsigned | | NO | MUL | | | select,insert,update,references | |
| cid | int(10) unsigned | | NO | | | | select,insert,update,references | |
| icmp_csum | smallint(5) unsigned | | YES | | | | select,insert,update,references | |
| icmp_id | smallint(5) unsigned | | YES | | | | select,insert,update,references | |
| icmp_seq | smallint(5) unsigned | | YES | | | | select,insert,update,references | |
+-----------+----------------------+-----------+------+-----+---------+-------+---------------------------------+---------+
Database: server1_db Table: nessus
+-----------+-------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
| Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment |
+-----------+-------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
| uid | int(11) | | NO | | | | select,insert,update,references | |
| rid | varchar(40) | latin1_swedish_ci | NO | PRI | | | select,insert,update,references | |
| ip | varchar(15) | latin1_swedish_ci | NO | MUL | | | select,insert,update,references | |
| timestart | datetime | | YES | | | | select,insert,update,references | |
| timeend | datetime | | YES | | | | select,insert,update,references | |
+-----------+-------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
Database: server1_db Wildcard: nessus_data
+-------------+
| Tables |
+-------------+
| nessus_data |
+-------------+
Database: server1_db Table: pads
+-------------+---------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
| Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment |
+-------------+---------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
| hostname | varchar(255) | latin1_swedish_ci | NO | | | | select,insert,update,references | |
| sid | int(10) unsigned | | NO | PRI | | | select,insert,update,references | |
| asset_id | int(10) unsigned | | NO | PRI | | | select,insert,update,references | |
| timestamp | datetime | | NO | | | | select,insert,update,references | |
| ip | int(10) unsigned | | NO | | | | select,insert,update,references | |
| service | varchar(40) | latin1_swedish_ci | NO | | | | select,insert,update,references | |
| port | int(10) unsigned | | NO | | | | select,insert,update,references | |
| ip_proto | tinyint(3) unsigned | | NO | | | | select,insert,update,references | |
| application | varchar(255) | latin1_swedish_ci | NO | | | | select,insert,update,references | |
| hex_payload | varchar(255) | latin1_swedish_ci | YES | | | | select,insert,update,references | |
+-------------+---------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
Database: server1_db Table: portscan
+-----------+------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
| Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment |
+-----------+------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
| hostname | varchar(255) | latin1_swedish_ci | YES | | | | select,insert,update,references | |
| timestamp | datetime | | YES | MUL | | | select,insert,update,references | |
| src_ip | varchar(16) | latin1_swedish_ci | YES | MUL | | | select,insert,update,references | |
| src_port | int(10) unsigned | | YES | | | | select,insert,update,references | |
| dst_ip | varchar(16) | latin1_swedish_ci | YES | | | | select,insert,update,references | |
| dst_port | int(10) unsigned | | YES | | | | select,insert,update,references | |
| data | text | latin1_swedish_ci | YES | | | | select,insert,update,references | |
+-----------+------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
Database: server1_db Table: sancp
+------------+----------------------+-----------+------+-----+---------+-------+---------------------------------+---------+
| Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment |
+------------+----------------------+-----------+------+-----+---------+-------+---------------------------------+---------+
| sid | int(10) unsigned | | NO | MUL | | | select,insert,update,references | |
| sancpid | bigint(20) unsigned | | NO | | | | select,insert,update,references | |
| start_time | datetime | | NO | MUL | | | select,insert,update,references | |
| end_time | datetime | | NO | | | | select,insert,update,references | |
| duration | int(10) unsigned | | NO | | | | select,insert,update,references | |
| ip_proto | tinyint(3) unsigned | | NO | | | | select,insert,update,references | |
| src_ip | int(10) unsigned | | YES | MUL | | | select,insert,update,references | |
| src_port | smallint(5) unsigned | | YES | MUL | | | select,insert,update,references | |
| dst_ip | int(10) unsigned | | YES | MUL | | | select,insert,update,references | |
| dst_port | smallint(5) unsigned | | YES | MUL | | | select,insert,update,references | |
| src_pkts | int(10) unsigned | | NO | | | | select,insert,update,references | |
| src_bytes | int(10) unsigned | | NO | | | | select,insert,update,references | |
| dst_pkts | int(10) unsigned | | NO | | | | select,insert,update,references | |
| dst_bytes | int(10) unsigned | | NO | | | | select,insert,update,references | |
| src_flags | tinyint(3) unsigned | | NO | | | | select,insert,update,references | |
| dst_flags | tinyint(3) unsigned | | NO | | | | select,insert,update,references | |
+------------+----------------------+-----------+------+-----+---------+-------+---------------------------------+---------+
Database: server1_db Table: sensor
+-------------+------------------+-------------------+------+-----+-------------------+----------------+---------------------------------+---------+
| Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment |
+-------------+------------------+-------------------+------+-----+-------------------+----------------+---------------------------------+---------+
| sid | int(10) unsigned | | NO | PRI | | auto_increment | select,insert,update,references | |
| hostname | varchar(255) | latin1_swedish_ci | NO | MUL | | | select,insert,update,references | |
| agent_type | varchar(40) | latin1_swedish_ci | YES | | | | select,insert,update,references | |
| net_name | varchar(40) | latin1_swedish_ci | YES | | | | select,insert,update,references | |
| interface | varchar(255) | latin1_swedish_ci | YES | | | | select,insert,update,references | |
| description | text | latin1_swedish_ci | YES | | | | select,insert,update,references | |
| bpf_filter | text | latin1_swedish_ci | YES | | | | select,insert,update,references | |
| updated | timestamp | | NO | | CURRENT_TIMESTAMP | | select,insert,update,references | |
| active | enum('Y','N') | latin1_swedish_ci | YES | | Y | | select,insert,update,references | |
| ip | varchar(15) | latin1_swedish_ci | YES | | | | select,insert,update,references | |
| public_key | varchar(255) | latin1_swedish_ci | YES | | | | select,insert,update,references | |
+-------------+------------------+-------------------+------+-----+-------------------+----------------+---------------------------------+---------+
Database: server1_db Table: status
+-------------+----------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
| Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment |
+-------------+----------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
| status_id | smallint(5) unsigned | | NO | PRI | | | select,insert,update,references | |
| description | varchar(255) | latin1_swedish_ci | NO | | | | select,insert,update,references | |
| long_desc | varchar(255) | latin1_swedish_ci | YES | | | | select,insert,update,references | |
+-------------+----------------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
Database: server1_db Table: tcphdr
+-----------+----------------------+-----------+------+-----+---------+-------+---------------------------------+---------+
| Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment |
+-----------+----------------------+-----------+------+-----+---------+-------+---------------------------------+---------+
| sid | int(10) unsigned | | NO | MUL | | | select,insert,update,references | |
| cid | int(10) unsigned | | NO | | | | select,insert,update,references | |
| tcp_seq | int(10) unsigned | | YES | | | | select,insert,update,references | |
| tcp_ack | int(10) unsigned | | YES | | | | select,insert,update,references | |
| tcp_off | tinyint(3) unsigned | | YES | | | | select,insert,update,references | |
| tcp_res | tinyint(3) unsigned | | YES | | | | select,insert,update,references | |
| tcp_flags | tinyint(3) unsigned | | YES | | | | select,insert,update,references | |
| tcp_win | smallint(5) unsigned | | YES | | | | select,insert,update,references | |
| tcp_csum | smallint(5) unsigned | | YES | | | | select,insert,update,references | |
| tcp_urp | smallint(5) unsigned | | YES | | | | select,insert,update,references | |
+-----------+----------------------+-----------+------+-----+---------+-------+---------------------------------+---------+
Database: server1_db Table: udphdr
+----------+----------------------+-----------+------+-----+---------+-------+---------------------------------+---------+
| Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment |
+----------+----------------------+-----------+------+-----+---------+-------+---------------------------------+---------+
| sid | int(10) unsigned | | NO | MUL | | | select,insert,update,references | |
| cid | int(10) unsigned | | NO | | | | select,insert,update,references | |
| udp_len | smallint(5) unsigned | | YES | | | | select,insert,update,references | |
| udp_csum | smallint(5) unsigned | | YES | | | | select,insert,update,references | |
+----------+----------------------+-----------+------+-----+---------+-------+---------------------------------+---------+
Database: server1_db Wildcard: user_info
+-----------+
| Tables |
+-----------+
| user_info |
+-----------+
Database: server1_db Table: version
+-----------+-------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
| Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment |
+-----------+-------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
| version | varchar(32) | latin1_swedish_ci | YES | | | | select,insert,update,references | |
| installed | datetime | | YES | | | | select,insert,update,references | |
+-----------+-------------+-------------------+------+-----+---------+-------+---------------------------------+---------+
But don’t take my word for it — take Ross Anderson’s.
I bought Crysis so I could play a Mechwarrior mod with it. When I tried to start it, a window popped up saying:
A required security module cannot be activated. This program cannot be executed (5003).
One of my friends located the explanation. Indeed, I had IDA Pro running in the background.
Good job, guys. That will really prevent piracy, a lot. You are great at what you do.
I’ve ranted about Verified By Visa before. Since then, I’ve had the good fortune of having no dealings at all with the idiotic system – until tonight. Since I’m using a different Visa card for a purchase, it’s harassing me to create myself a new Verified By Visa account which includes my Social Security number for some fucking reason. And when they prompt me for a password?
Passwords must contain at least one lower case alpha character, one upper case alpha character, and one numeric value. Special characters and spaces are not allowed.
You fucking idiots. Go fuck the devil in hell.
I saw an article about this new technology that’s supposed to “stop computer viruses in their tracks.” The idea is interesting, but overall I think it would be useful in only a very limited, focused application. Things would get far too complicated, far too quickly, for it to be both successful and at all versatile.
So I think the fact that it’s being patented, and the fawning article in New Scientist, are laughable. I was going to viciously mock them but it turns out David Harley beat me to it. He added less sarcastic commentary here.
A long-time pet project of mine is decoding the network protocol of Valve Software’s “Source” game engine, used in Half-Life 2, Counter-Strike: Source, Team Fortress 2, and Left 4 Dead. I’ve never made it very far, but it has led me down some interesting paths in reverse engineering, debugging, and visualization. One example of the latter is this Python script I wrote to analyze a series of packets. It creates an image in which each row represents a packet, and each pixel represents one byte of the packet. The pixels range from black (for a value of 0x00) to bright green (0xFF). I got the idea from Greg Conti in his interview on the Network Security Podcast. Here’s what I did:
