Throughout the ages of computing many have ventured in forbidden data and got caught… Many were heroes, many were villains, but still they all deserve respect. It is in respect to them that I shall here quote the Manifesto of Mentor:

“Another one got caught today, it’s all over the papers. “Teenager Arrested in Computer Crime Scandal”, “Hacker Arrested after Bank Tampering”…
Damn kids. They’re all alike.
But did you, in your three-piece psychology and 1950’s technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?
I am a hacker, enter my world…
Mine is a world that begins with school… I’m smarter than most of the other kids, this crap they teach us bores me…
Damn underachiever. They’re all alike.
I’m in junior high or high school. I’ve listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. “No, Ms. Smith, I didn’t show my work. I did it in my head…”
Damn kid. Probably copied it. They’re all alike.
I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it’s because I screwed it up. Not because it doesn’t like me… Or feels threatened by me.. Or thinks I’m a smart ass.. Or doesn’t like teaching and shouldn’t be here…
Damn kid. All he does is play games. They’re all alike.
And then it happened… a door opened to a world… rushing through the phone line like heroin through an addict’s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought… a board is found. “This is it… this is where I belong…” I know everyone here… even if I’ve never met them, never talked to them, may never hear from them again… I know you all…
Damn kid. Tying up the phone line again. They’re all alike…
You bet your ass we’re all alike… we’ve been spoon-fed baby food at school when we hungered for steak… the bits of meat that you did let slip through were pre-chewed and tasteless. We’ve been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.
This is our world now… the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn’t run by profiteering gluttons, and you call us criminals. We explore… and you call us criminals. We seek after knowledge… and you call us criminals. We exist without skin color, without nationality, without religious bias… and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it’s for our own good, yet we’re the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
I am a hacker, and this is my manifesto. You may stop this individual, but you can’t stop us all… after all, we’re all alike.” - The Mentor in the Phrack e-zine, Volume one, Issue 7, Phile 3 of 10.

May his words be remembered forever,

k12yp70n

Many people consider migrating to Vista because it is more secure… Well this video is from one of our friends at Ubunite (Right Sidebar banner to visit his site) and it proves that this might not be as true as you think.

On the other hand, there are less viruses and exploits for Vista than for Xp, but then again, it’s all a matter of time…

Diasruptor

Technorati Profile

The researchers at Independent Security Evaluators have recently discovered a major flaw in iPhone, more specifically on the Safari App.

Apparently this flaw allows to take control of the iPhone and, has even enabled the researchers to transfer files from the user’s iPhone to the remote attacker.

This flaw also affects both Windows and Macintosh version of Safari.

The iPhone exploit works as quoted below:

“The exploit is delivered via a malicious web page opened in the Safari browser on the iPhone. There are several delivery vectors that an attacker might utilize to get a victim to open such a web page. For example:

1. An attacker controlled wireless access point: Because the iPhone learns access points by name (SSID), if a user ever gets near an attacker-controlled access point with the same name (and encryption type) as an access point previously trusted by the user, the iPhone will automatically use the malicious access point. This allows the attacker to add the exploit to any web page browsed by the user by replacing the requested page with a page containing the exploit.
2. A mis-configured forum website: If a web forum’s software is not configured to prevent users from including potentially dangerous data in their posts, an attacker could cause the exploit to run in any iPhone browser that viewed the thread. (This would require some slight changes in our proof of concept exploit, however.)
3. A link delivered via e-mail or SMS: If an attacker can trick a user into opening a website that the attacker controls, the attacker can easily embed the exploit into the main page of the website.

When the iPhone’s version of Safari opens the malicious web page, arbitrary code embedded in the exploit is run with administrative privileges. In our proof of concept, this code reads the log of SMS messages, the address book, the call history, and the voicemail data. It then transmits all this information to the attacker. However, this code could be replaced with code that does anything that the iPhone can do. It could send the user’s mail passwords to the attacker, send text messages that sign the user up for pay services, or record audio that could be relayed to the attacker.”

If you are an iPhone user and you are concerned about this, but still wish to browse the Internet with your device, I would advise you to:

- Not to open weblinks from e-mails (there is also another flaw in Mail that makes phishing quite an easy task);

- Browse only trusted sites;

- Not to use WiFi networks which you do not know (remember, if they control your Internet, they control what you see).

I surely hope that Apple can find a fix for this problem before it’s too late…

May the code be with you,

k12yp70n

It appears that the malware writers of the Storm worm have found a new way of feeding the hungry spamming botnet,

by using good’ old e-cards in e-mails (worms and e-mails… they’ re more than just a happy couple)….

The method of infection is the usual:

- A little e-card arrives to your mailbox;

- You click on the link, which “leads” to your beautiful e-card;

- Storm installs itself;

- Ooops.

We all know how dangerous the Internet can be. Sure, we also recognise its benefits, but of course there is always that dark side (which seems to be a bit of an itch to uncle Bill) of viruses, trojan horses and all sorts of malware and cyber-scams.Every single day billions and billions of new viruses are unleashed on the WWW no one is safe of having his or her browser hijacked (yes, Windows still controls a large share of the market).Nothing but expectable that every other kind of malware and malicious deeds would experience such growth,

BUT…

According to a study by the security firm Marshal, 85% of all spam is caused by only six botnets.

UNBELIEVABLE!!!!

The Srizbi botnet is responsible for 39%;

Rustock botnet for 21%;

Mega-D was the leading source of spam in early February;

Spam-D was responsible for 11%;

The missing two are Pandex (aka Pushdo) and Spam-Mailer;

Bradley Anstis, VP of products at Marshal said that “The size of a botnet, measured by how many bots it has, does not necessarily correlate with how much spam it sends. Our team has observed huge variations in the rate at which different spambots pump out spam,”, so in other words the rate of spam sending may not be directly correlated with the number of hosts infected.

In response to a vulnerability that virtualization softwares by VMware exhibited, the company has released its most recent security application: VMSafe.

VMSafe prevents a potential attacker from running malicious code in the supervised OS and affect the underlying host. According to Raghu Raghuram, vice-president of data center products and solutions “The industry has come out in full force to support VMWare VMSafe technology with plans for a whole new class of security products that offer customers new advantages to running applications in virtual machines…”

Even though the credibility of the security offered by virtual machines has been shaken, there are still over twenty companies that support VMware’s technology.

Still better be careful…