This has to be one of funniest spoof I have ever seen/heard, so I figured I would share it!
And here are the lyrics if you want to follow along!
The Day The Routers Died... a song performed by the secret-wg in the closing plenary of the RIPE 55 conference
a long long time ago
i can still remember
when my laptop could connect elsewhere
and i tell you all there was a day
the network card i threw away
had a purpose - and worked for you and me....
But 18 years completely wasted
with each address we've aggregated
the tables overflowing
the traffic just stopped flowing....
And now we're bearing all the scars
and all my traceroutes showing stars...
the packets would travel faster in cars...
the day....the routers died
Chorus (ALL!!!!!)
So bye bye, folks at RIPE 55
Be persuaded to upgrade it or your network will die
IPv6 just makes me let out a sigh
But I spose we'd better give it a try
I suppose we'd better give it a try
Now did you write an RFC
That dictated how we all should be
Did we listen like we should that day
Now were you back at RIPE fifty-four
Where we heard the same things months before
And the people knew they'd have to change their ways....
And we - knew that all the ISPs
Could be - future proof for centuries
But that was then not now
Spent too much time playing WoW
ooh there was time we sat on IRC
Making jokes on how this day would be
Now there's no more use for TCP
The day the routers died...
Chorus (chime in now)
So bye bye, folks at RIPE 55
Be persuaded to upgrade it or your network will die
IPv6 just makes me let out a sigh
But I spose we'd better give it a try
I suppose we'd better give it a try
I remember those old days I mourn
Sitting in my room, downloading porn
Yeah that's how it used to be....
When the packets flowed from A to B
via routers that could talk IP
There was data..that could be exchanged between you and me....
Oh but - I could see you all ignore
The fact - we'd fill up IPv4
But we all lost the nerve
And we got what we deserved!
And while...we threw our network kit away
And wished we'd heard the things they say
Put all our lives in disarray
The day...the routers died...
Chorus (those silent will be shot)
So bye bye, folks at RIPE 55
Be persuaded to upgrade it or your network will die
IPv6 just makes me let out a sigh
But I spose we'd better give it a try
I suppose we'd better give it a try
Saw a man with whom I used to peer
Asked him to rescue my career
He just sighed and turned away..
I went down to the net cafe
that I used to visit everyday
But the man there said I might as well just leave...
And now we've all lost our purpose..
my cisco shares completely worthless...
No future meetings for me
At the Hotel Krasnapolsky
and the men that make us push and push
Like Geoff Huston and Randy Bush
Should've listened to what they told us....
The day...the routers....died
Chorus (time to lose your voice)
So bye bye, folks at RIPE 55
Be persuaded to upgrade it or your network will die
IPv6 just makes me let out a sigh
But I spose we'd better give it a try
I suppose we'd better give it a try
Words and performance by Gary Feldman
The RIPE Community Resolution on IPv4 Depletion and Deployment of IPv6 can be found here
So... I took the leap and upgraded my powerbook to the brand spanking new Leopard OS.
First impression... it's ok... I don't think it is worth $130, especially if you take into account the fact that I don't use any of the builtin applications.
Anyway, the thing that strikes me as VERY strange is the firewall management.
After setting the Firewall to "Block All Incoming Connections" there shouldn't be anything getting in. Not the case...
[Tue Oct 30 <-> 14:45:02] #- (root@depthstar) - ( ~ )
#- (2)> ipfw list
33300 deny icmp from any to me in icmptypes 8
65535 allow ip from any to any
WAAAaa?
I will investigate further and let you know what I find. So far not impressed by the new Firewall features...
I have said it before, and will keep on saying it... Passwords are not a good mean of authenticaion. The problem is... it is in most areas the only available mean of loging in.
The advent of Rainbow Tables makes it VERY easy to crack a huge number of password in very little time. The way it works is by pre-computing a list of all the hashes corresponding to all the possible encryption for all characters. Once you are in possession of such a table (can be huge), you just need to lookup the password hashes you are looking for and you are all set.
I just found the following post, which describes the whole process and ease of use. Once again, Windows is the worst operating system security-wise, due to their legacy use of a non-salted / limited number of characters...
I Just learnt of this today. If you thought that Google Earth was tons of fun, you haven't seen the last of it.
Apparently, the good folks from Google have hidden a nice easter egg in the last installment of Google Earth (4.2) for both Macs and PC.
They have indeed included a failry basic but tons-of-fun flight simulator. It gives you the choice of two planes, and you can fly those wherever you want (start from a couple of airports in the world, or directly start from any point of the map. To control the plane, you can use a joystick, your arrows on the keyboard, or your mouse (my favorite). Keep in mind that the controls are a bit touchy.
To access the flight simulator, you can do the following:
Look no further than the folks at Offensive Security , makers of the popular Backtrack linux-based distribution.
Before I go in too much detail about the whole training and certification itself, let me give you some background for BackTrack.
Backtrack is now in its second iteration, with a third one on the way. It consists of a slackware based live distribution of linux. What makes it special is the amount of effort put into it to make it the perfect tool for security professionals.
If you are planning on doing a lot of pen-testing, backtrack is definitely one of the best tools out there.
However, it is not necessarily easy to use.
To that end, the folks behind it (Remote Exploit ) have started another company (Offensive Security ) that is geared towards bringing education and training on its use in a very elaborate environment.
So far, they are offering only one course / certification called "Offensice Security Certified Professional or OSCP". They are also planning on two new training (without certifications) which are an extension of the original OSCP, but with a focus on Wi-Fi (Backtrack Wifu) and more in depth use of Backtrack (Backtrack to the max, which should be released at the same time as Backtrack 3).
Now for the course itself. This is one of the best certification training I have seen around. For one thing, it is on the "cheap" side. For about $400, you will get a month of training in a complete lab environment. The training will go over all common aspects of security and exploitation, and will definitely teach you how to think outside the box. This price will also include the certification itself.
Usually, the whole package goes like this:
Upon signing up, you are given a PDF workbook (complete with lab exercises), a set of instructional video (to learn the different techniques) and access to the specialy designed lab (to practice what you learn in the video / workbook). Each lesson will come with its own exercises, except for a few that would be damaging to the lab environment (such as ARP spoofing and other MAC related tricks).
After the month is up, you can either decide that you didn't have enough time to run through the course. and opt to purchase additional time ($150 for 30 days), or you can proceed forward and sign up for the certification process.
In order to get certified, you will be given a different lab, with a much different set of machines running multiple different OSes and configurations. To complete the challenge, you will have to obtain administrative rights (root / administrator) on all the machines, and provide proof that you have indeed "hacked" the box.
Note that there is a huge emphasis throughout the course and exam on the documentation process. You are required to keep notes on everything you do, and believe me, those are useful!
If you are successful in the last challenge, you will receive your printed certification within a couple weeks.
I am now OSCP certified (redundant, I know), and all I can say is that I learnt a LOT during the whole course training and certification. I would almost admit to having had a lot of fun, but keep in mind that I am a geek and love this stuff. I can't wait for the other training to be ready to go (Wi-Fu will be ready on Sept 3rd) and I will try my darndest to get those.
One caveat you might want to know is that you are not the only student on the lab environment. You are sharing the whole thing with other students and in a way competing against them. For instance, if a machine has to be compromised a certain way, it is possible that another student will have it compromised before you, and have left the vulnerable service unavailable. Luckily, in this type of situation, the lab admin are usually available to help, either via IRC or IM.
Also note, if you take the class, you WILL get frustrated with the machine called BOB. That is normal ;)
Lastly, the whole training / certification is an online process, which you can go through from anywhere you have an internet connection. Connectivity to the lab is done through VPN.
Well I hope this has inspired you, and I look forward to chatting with you on the Students IRC support channel (my nickname is aZaFred).
This is a bit freaky for any Simpsons fan... Yet again, the British are the best!
Now, giving credit where credit is due, I found this video at kungfucabbage.com . Not sure if that is where it came from originally, but oh well, that's as close as a credit I could find.
I have finally had it with Dreamhost. The upside: it is very cheap. The downside: you get what you pay for...
In
the past couple of weeks, all my sites have been down at least twice
for extended periods of time (>5 hours). It could be more, but I
quickly discovered that running Nagios to monitor Dreamhost's server
was completely innefective, since it is alarming pretty much all the
time for one thing or another. Well, this is not acceptable, and I
really don't want to host any websites under these conditions. (Have a look here, and don't forget to browse through the comments section for a better picture. )
As
a result, I am in the process of moving all my sites away from
Dreamhost, on to Cari.net. Sure it is a lot more expensive, but at
least I get my own server, with root access (which is practical when
things go wrong on my end). I also enjoy not having my rsync killed by
some tweet because it was apparently using too many CPU cycles... yeah,
whatever... Finally, the fact that I can run FreeBSD on said server,
and configure it exactly like I want is a definite bonus. A similar
configuration on my home server has been rock solid for the past two
years. (the only thing missing was the bandwidth, which is where Cari
figures in). Also, Cari will offer automated data backup, redundant
network and power. So everything should be peachy once I put in the
initial effort of configuring everything.
The straw that broke
the camel's back was when I wrote to Dreamhost support that my main
website had gone slow as molasses, through no change on my part. The
answer was a staggering "well, php is not a fast language". Funny
though, the same site running on Cari.net (or even on my home server
for that matter) is lighting fast. Not to mention also the number of
customer posting relating to database slowness... that's probably
completely unrelated! (yes, that is sarcasm...)
What is funny
though, is that during every outage they experience, among all the
legitimate complaints, you always have some customer saying things like
"don't give the guys a dreamhost a hard time, they do the best they
can!". Well, if it were a free service, then sure... but they have a
LOT of paying customers, and should definitely have the means to buy
the proper equipment. My guess is that they are experiencing a failure
in design. For example, for every site hosted, you don't have just one
single point of failure, you have at least four (in the server world. I
am not even going to touch the networking side of the equation...).
First, you rely on your main web-server to be online. In order to work,
you also need the SAN to be online, so your files can be accessed, then
you need the database server to be online for your dynamic content, and
finally, you need the mailserver to be online in order to receive/send
messages. Also, it is nice when Dreamhost's own server are working, so
that you can manage everything.
Now go ahead and browse to the link I posted above. Do you get the picture?
I am not even going to go into details on the security aspect of this equation. A fresh reminder? sure, have a look here: Dreamhost FTP accounts Hacked.
I am not even going to hint at the fact that the databases server are
shared and accessible through the network to thousand of customer, and
the only thing protecting you is a password.
Anyway, let's sum this rant up... I am paying a lot more, but I am getting a lot more for my money with Cari.net. Also, if something goes wrong it wiill most likely be my fault! (save for power and network outage).
Browsing a bit around the Internet as one often does while at work, I came upon this tool. It is offered by the makers of Canvas, one of the more popular commercial pen-testing platform. Personally, I prefer the likes of Core Impact, but Canvas is a lot cheaper.
It was of course demoed at Defcon 15, and while I couldn't attend (what is it with 15 days PTO / year in the US???) I heard great things from this product.
Without further introduction, here is the Silica .
Essentially, it is a customized Nokia N800 (see below) with an installation of Immunity's Canvas product.
Apparently, it is also possible to load Metasploit anda slew of other very useful tools.
I hope I can one day get my hands on one of those!
Basically, the poster was advertising a new flaw in the sudo package, and offereing a piece of proof of concept code.
At first glance, it looked like any other day on full-disclosure...
Looking at the amount of engineering that has gone into PAINT, no wonder it is one of the most used tool on any computer, by any graphics designer around the world!
A man is getting into the shower just as his wife is finishing up
her shower when the doorbell rings. After a few seconds of arguing over
which one should go and answer the doorbell, the wife gives up, quickly
wraps herself up in a towel and runs downstairs. When she opens the
door, there stands Bob, the next door neighbor. Before she says a word,
Bob says, "I'll give you $ 800 just to drop that towel that you have
on". After thinking for a moment, the woman drops her towel and stands
naked in front of Bob. Bob has a close look at her for a few seconds,
hands over $800 and quietly leaves. Confused, but excited about her
good fortune, the woman wraps back up in the towel and goes upstairs!
When she gets back to the bathroom, her husband asks from the shower
"Who was that?" "It was Bob the next door neighbor," she replies.
"Great," the husband says, "did he say anything about the! $800 he owes
me?"
MORAL OF THE STORY: Share critical credit information with your stakeholders to prevent avoidable exposure!
CORPORATE LESSON # 2
A priest was driving along and saw a nun on the side of the road,
he stopped and offered her a lift which she gladly accepted. She got in
and crossed her legs, forcing her gown to open and reveal a lovely leg.
The priest had a look and nearly had an accident. After controlling the
car, he stealthily slid his hand up her leg. The nun looked at him and
immediately said, "Father, remember psalm 129?" The priest was
flustered and apologized profusely. He forced himself to remove his
hand. However, he was unable to remove his eyes from her leg. Further
on, while changing gear, he let his hand slide up her leg again. The
nun once again said, "Father, remember psalm 129?" Once again the
priest apologized. "Sorry sister, but the mind is weak." Arriving at
the convent, the nun got out, gave him a meaningful glance and went on
her way. On his arrival at the church, the priest rushed to retrieve a
bible and looked up psalm 129. It Said, "Go forth and seek; further up,
you will find glory."
MORAL OF THE STORY: Always be well informed in your job; or, you might miss great opportunities!
CORPORATE LESSON #3
Usually the junior executives and staff of the company generally
play football; the middle level managers are more interested in tennis
and the top management usually has a preference for Golf.
MORAL OF THE STORY: As you go up the corporate ladder, the balls reduce in size.
CORPORATE LESSON # 4
A young executive was leaving the office at 6 PM when he found the
CEO standing in front of a shredder with a piece of paper in his hand.
"Listen," said the CEO, "this is a very sensitive and important
document and my secretary has left. Can you make this thing work?"
"Certainly, Sir" said the young executive. He turned the machine on,
inserted the paper, and pressed the start button. "Excellent,
excellent!" said the CEO as his paper disappeared inside the machine.
"I just need one copy."
MORAL OF THE STORY- Never, never assume that your BOSS knows everything.
CORPORATE LESSON # 5
There were these 4 guys, Russian President Putin, Germany's
Chancellor Kohl, America's Dictator Bush and French Premiere Chirac who
found this small genie bottle. When they rubbed the bottle, a genie
appears. Thankful that the 4 guys had released him out of the bottle,
he said, "Next to you all are 4 swimming pools, I will give each of you
a wish. When you run towards the pool and jump, you shout what you want
the pool of water to become, then your wish will come true." The French
Premiere Chirac wanted to start. He ran towards the pool, jumped and
shouted WINE". The pool immediately changed into a pool of wine. The
Frenchman was so happy swimming and drinking from the pool. Next is the
Russian President Putin turn, he did the same and shouted, "VODKA" and
immersed himself into a pool of vodka. The German was next and he
jumped and shouted, "BEER". He was so contented with his beer pool. The
last is American's Randy. He was running towards the pool when suddenly
he steps on a banana peel. He slipped towards the pool and shouted,
"SHIT!!!!!!!........."
MORAL OF THE STORY: Mind your language, you never know what it will land you in.
Einstein dies and goes to heaven. At the Pearly Gates, Saint Peter tells him, “You look like Einstein, but you have NO idea the lengths that some people will go to sneak into Heaven. Can you prove who you really are?”
Einstein ponders for a few seconds and asks, “Could I have a blackboard and some chalk?”
Saint Peter snaps his fingers and a blackboard and chalk instantly appear. Einstein proceeds to describe with arcane mathematics and symbols his theory of relativity.
Saint Peter is suitably impressed. “You really ARE Einstein!” he says. “Welcome to heaven!”
The next to arrive is Picasso. Once again, Saint Peter asks for credentials.
Picasso asks, “Mind if I use that blackboard and chalk?”
