Wednesday, October 14, 2009

Myspace Uses Flash Drives

Apparently, Myspace has just converted all of its data storage from hard disks to flash drives.

Computer World Article

Using the new solid state memory instead of hard drives saves more than 99% of the power used by the servers, but solid state memory only has a limited number of write cycles, somewhere between 1,000 and 100,000 depending on the type. Then the disks are fried.

Someone write a program to constantly update and upload information to their my space account.

Thursday, April 23, 2009

Spanning Tree Protocol

I was promiscuously sniffing data on a network the other day when I kept coming across a series of packets with a protocol I knew nothing about, with data for setting what seemed to be a root variable. I realized that the protocol was known as Spanning Tree Protocol and it was used to create an acyclic minimum spanning tree out of the networks switches so that packets are never caught in loops. Switches use this protocol in order to determine what ports to open and close in order to establish a cycle free path for packet transmission.


The thing is, the packet was in plain-text and not validated so I decided to do some research to see whether STP in conjunction with MAC spoofing could be used to DOS a network.


Spanning Tree Protocol works by creating a minimum spanning tree of the network switches so no loops are established. The packet flow created is not the minimum spanning tree of the entire network, but a minimum spanning tree from a given node elected to be the root node.


STP is designed to help elect a root node.


This is exploitable because an attacker can disrupt a minimum spanning tree and force a new election. By creating packets from a fake switch and getting elected root node by setting the ID to 1, an attacker can send the networks switches into a constant state of re-election. A more detailed explanation can be found as well as proof of concept code at http://lucastomicki.net/attacking.stp.php.

Free Stuff On the Internet

I just got so much free stuff off of the internet. It was crazy.

www.thunderfap.com
www.totallyfreestuff.com

I also got a bunch of free boxes from USPS. Of course they are all for mailing stuff. Doing otherwise could be a felony. But there are a bunch of cool youtube videos of things to do with free USPS or DHL boxes.

-TWG

Tuesday, February 17, 2009

Go away, we're not home

The other day me and one of my buddies were just sitting around monitoring our TCP/IP traffic when all of a sudden we started receiving ack packets from addresses we had not sent any data to at all. The interesting thing was, the packets only contained a packet header and 23 bytes of data. “Go away, we're not home” was the message we were sent. After taking the recipient of the packets off the web temporarily I hopped a few gateways and ran a port scan on the computer that had sent us the packets. It was a normal Windows machine with all the typical ports open, 123, 139, and 445 if I remember correctly, but port 21 was also open. Looking into this further it was apparent that indeed port 21 was open, but not for file transfer protocol. Whenever any data was sent to the port it closed the connection and sent the “Go away, we're not home” message. In fact probing any port, even closed ports, on the machine produced this response.

Turning to the web for answers, we realized that these machines that we had stumbled upon, 5 to be exact, were most likely a part of the storm botnet. After collecting a few more pieces of data we decided to leave the machines alone.

Today I was reading a little more about the botnet on the web when I came across a webpage on which Microsoft takes credit for dismantling the storm botnet.First of all the storm botnet is hardly dismantled. Second, its Microsoft's fault the botnet got as large as it did in the first place. Even if they did reduce it in number, thats nothing to brag about. Their product is hosting something with enough power to mess up the Internet across the globe. Its not the time for bragging.

Proprietary software makes me ill.

Monday, February 9, 2009

Removing Ads from Free Web Hosting

About an hour ago, I decided that I wanted to build a website in addition to this blog. I quickly scourged Google for free web hosts, and found only a few that offered "no-ads" but they all had some sort of catch or queue. Being impatient I reluctantly chose a site that offered free web hosting, but put its own Google Adsense ads on your page. I wouldn't have minded, but I wasn't given control over the ads' placements or color schemes and they really looked hideous. I realized I would have to figure out a way to remedy the situation myself.

After uploading a sample webpage, I navigated and veiwed its source. After re-uploading, a few slightly modified versions of that page I noticed that the hosting service was appending the code for all of its ads right after the first <body> tag. I experimented with comments, trying things like <body <!-- but whenever I placed the last > the ad code would escape the comment.

I decided to bend the rules of HTML. To solve the problem I made the first <body <!-- tag and then another <body> after it. The ad code generated by the HTML parser ended the comment and my second body tag worked perfectly. Wa-lah, no ads. Mark one loss for HTML parsers. Mark one win for me.

Sunday, February 8, 2009

Hacking using GRUB Bootloader

Grub bootloader is used to select on operating system to boot at startup on most GNU/Linux machines or machines that dual boot. Grub works by loading the operating system you want and sending the boot parameters required for different boot options. However, the freedom to choose such parameters grants the user a little too much freedom. Most operating systems come with a safe or single user mode that allows the user administrative access on the local machine in order to fix the machine However, since this mode does not prompt for authentication, a user given access to the GRUB bootloader could very simply boot to this mode and have complete control over a machine.

For example, root access on a Unix machine with Grub can be as simple as restarting the machine, waiting for the grub bootloader to run, highlighting the operating system to boot and pressing 'e' to edit the bootloader settings for that entry. Administrative access is granted on Unix machines in single user mode, or run level 1. This mode can be accessed by adding the word 'single' to the end of the kernel line. After booting to single user mode, an attacker can drop to a root terminal and create a new user with administrative access or install another backdoor. System compromised.

When Security goes Bad

Whenever any hacker comes in contact with any form of security, his first thought is always, “How could someone bypass this.” This is the question that has been fueling the world of software security for decades. After all security is a good thing, security keeps us and our information safe. But what happens when something is too secure? This is not a typical question to ask oneself, especially in a world where the only way to completely secure your computer from malware is to completely unplug it from the wall. However, when something is too secure the effects can be as devastating as insecurity.

My older laptop is a Toshiba Satellite M105 with a Phoenix Trusted Core BIOS. One day as part of an experiment, I set a BIOS password on the computer. A week passed before I returned to thus particular project, and I could no longer remember the BIOS password. I thought it was no big deal, and looked up the Phoenix backdoor passwords which included BIOS, CMOS, phoenix, and PHOENIX. After trying the first three, my computer shut off, and after the last I was still locked out. An hour later I had disassembled my laptop and taken a soldering iron to the BIOS battery. A few hours later I hoped the BIOS would forget the password. I got a bad checksum error, but when I tried to continue I was again prompted for the password. I understand the backdoor passwords not existing, because thats just stupid, but there is no way for me to recover this password short of reprogramming part of the BIOS and replacing a chip. There is a plausible possibility that I might not get to use that computer ever again.$700 down the drain to good security.
 
My Zimbio
Top Stories Computer Blogs - BlogCatalog Blog Directory