The Observer On: Storm Worm

22 10 2007

 Looks like someones just as worried about the “gathering” power of the Storm Worm as I have been.

I’ve posted previously on this topic:

Here’s a small excerpt from a recent article in The Observer:

In millions of Windows, the perfect Storm is gathering
John Naughton
Sunday October 21, 2007
The Observer

A spectre is haunting the net but, outside of techie circles, nobody seems to be talking about it. The threat it represents to our security and wellbeing may be less dramatic than anything posed by global terrorism, but it has the potential to wreak much more havoc. And so far, nobody has come up with a good idea on how to counter it.

It’s called the Storm worm.

The article goes on to say pretty much what I have been saying since July of 06!!

Anyway, hope somebody is starting to get the whole scope of the situation that is only continuing to grow.

In other words, HAAAALP!!11!!1!!!!11!!





AllUc.org – THE Place To Watch All Your Favorite TV Shows & Movies. FREE!!

22 10 2007

If you haven’t heard of it yet, you will. allUc.org is THE place to find all your favorite TV Shows, Cartoons, Movies, Music Videos, Sports Videos and more for FREE!! Just imagine, no more fiddleing with bittorrent or usenet, all your video needs are just a click away where you can watch anything online completely free of charge AND free from the long arm of the law.

Take a look at a little sample of their links:

Cartoons Shows Anime Movies Music Sport Docu
Southpark Friends Yu Gi Ho 13 going on 30 Eminem High Stakes Poke.. Ross Kemp on gan..
Family Guy America\’s Next .. Pokemon Blow Justin Timberlake WrestleMania 23 Episodes
Simpsons, The Sex Guide (Must .. Naruto Simpsons Movie, .. Christina Aguile.. High Stakes Poke.. HBO: Thin (2006)
Justice League Prison Break Yu Gi Ho GX Talladega Knights Pussy Cat Dolls Slam Dunk Contest Dark Side of Por..
Futurama Peep Show FullMetal Alchem.. A walk to rememb.. Cascada Funny Moments Skinheads USA: S..
Banned Cartoons Scrubs Dragon Ball Z Number 23, The Beyonce World Series Of .. 2012 – The Futur..
X-Men Evolution CSI Yu Yu Hakusho Superbad Linkin Park Greatest Fights Secret Societies

And that’s just the tip of the iceberg. AllUc.org aggregates ALL this video content (copyright or not) via members submitting links. Its quite a novel idea because AllUc is at least twice removed from any liability for any of those pesky legal issues related to posting copyrighted material on the net. They sum this up best in their disclaimer:

Disclaimer

The author is not responsible for any contents linked or referred to from his pages – If any damage occurs by the use of information presented there, only the author of the respective pages might be liable, not the one who has linked to these pages.
Allfg.org and Alluc.org doesn’t host any content

All Allfg.org/Alluc.org does is linking to content that was uploaded to popular Online Video hosting sites like dailymmotion.com/Youtube. All youtube/dailymotion users signed a contract with the sites when they set up their accounts wich forces them not to upload illegal content. By clicking on any Links to videos while surfing on Allfg.org you leave Allfg.org, Allfg.org cant take the responsibility for any content hosted on other sites.

Its brilliant!! Now go there and watch some free anything.

Big ups to the peeps over at allUc.org and their generous members.





File This Under, “I Wish I Thought Of That First”

12 10 2007

Just a quickie:

Security vuln auction site pulls in research | The Register
A controversial marketplace for security exploits and vulnerabilities said it has exceeded expectations with the submission of more than 150 vulnerabilities in its first two months of operations.

WabiSabiLabi encourages security researchers to sell their findings to vetted buyers. Herman Zampariolo, chief exec of WSLabi which runs the WabiSabiLabi marketplace, said that the quality of the submitted vulnerabilities is as important as their quantity.

Damn, that site is going to make some big money.  At the same time those vulnerabilities and exploits might actually never be used with malicious intent.  Especially if the big tech companies are the ones buying.

This is straight from their website:

WabiSabiLabi is aiming to a single moving target: to bring the world closer to zero risk.
If the world must become a safer place, the first part of the recipe is simple: to provide a better rewarding for the security researchers, organising an efficient and transparent marketplace, here to maximise the results of their efforts.

Damn I wish I had thought of that first.





How To: Avoid Being “Tracked 100% of The Time” When Using P2P and Bittorent (Noob Friendly)

12 10 2007

According to researchers at UC Riverside, “use a blocklist or you will be tracked… 100% of the time“. That’s an awful statistic. It comes from an article found on Ars Technica, so you know its pretty darn reputable information. I recommend you read the whole article (already linked up there). However, here is a small excerpt:

Title: P2P researchers: use a blocklist or you will be tracked… 100% of the time
The old cliché “You’re not paranoid if they really are out to get you” turns out to apply quite nicely to the world of P2P file-sharing. A trio of intrepid researchers from the University of California-Riverside decided to see just how often a P2P user might be tracked by content owners. Their startling conclusion: “naive” users will exchange data with such “fake users” 100 percent of the time.

Sources: ARS TECHNICA via HACK THE PLANET rss

Basically, at the very least, you need to use a blocklist or you are gonna get ThomASS’d (aka sued). I can just imagine many users out there thinking, “What’s a blocklist? Where do I get one? How do I use it? OMG, OMFG, WTF DO I DO?”

CALM DOWN!!! JUST TAKE A DEEP BREATH, TMBBITW is here to help. And by help we mean, offer up some information. Below we will lay out some resources, links and downloads that, when used, will ease you worries.

Now, a blocklist in and of itself is simple, its a list. A list of IP addresses, and some IP ranges, that are known to be essentially bad. By “bad” we mean that those IP’s are people or machines that are either tracking what you are doing or passing data to you that you do not want. An application on your computer uses a blocklist to stop those IP’s from connecting to your computer. Are you getting that warm fuzzy feeling of being informed yet? Well, keep reading.

Here are the most basic blocklist/P2P safety resources:

  • P2PNet: The original daily p2p and digital news site. Always First!
  • Slyck: Great site to learn how to use P2P services safely.
  • PhoenixLabs: These guys have been creating blocklists since forever and they also run blocklist.org.
    • Created (Windows/Mac Only): Peerguardian (app that keeps your blocklists updated and integrates with your P2P app)
  • Blocklist Manager : A free utility to download, merge, sort, and export IP lists in a variety of formats.
  • Protowall: A free utility that blocks undesired connections, to and from your computer via blocklist.
  • Protowall Mods: Cleric’s Protowall Mods

Now you’re wondering what P2P or BitTorent clients should I use. See below:

  • Azureus: BT Client that can update its own blocklists.
  • uTorrent: Small fast BT client with great traffic encryption.
  • BitCommet: BT app, written in C++, best for people behind a school firewall. Encrypts packet headers. This is for those that can not use port forwarding.
  • LimeWire: P2P app using the Gnutella network, that is great for small files. However you will need Peerguardian or Protowall, because it does not natively support any ipfilter or blocklist.
  • FrostWire: Based on LimeWire Pro, a free open source app that comes with some linux distributions. Still need Peerguardian or Protowall.

At the very least, those two lists above contain all you need. Something to go all P2P with, and a way to use a blocklist. You can use peerguardian and uTorrent, or Azureus and set up its IPfiltering option, or if you’re all Gnutella is good BT is hard… you can use FrostWire and peerguardian. As you can see there are lots of options.

For the sake of speed: You will probably need to open a port, via your firewall application or router software, in order for uTorrent or Azureas to let connections in using DHT (distributed hash tables, google it). This WILL speed everything up alot.

So you’re all done, you can go out and not ever be tracked, right? Well, sort of. You are pretty safe. However, there are some applications that you can use to actually try and mask your real IP address. Its an extra measure of security instead of just keeping the bad IPs out. These are the best, free, anonymity apps out there:

  • TOR: The Onion Router – Can help to hide your IP.
  • Privoxy: Helps to secure TOR even more.
  • Putty: Telnet/SSH client that can be used to secure your traffic going out to a Tor node.
    • NOTE: Using Putty and Tor together is a pretty complicated process, so you may want to skip this. If you’re up to it, read this tutorial.
    • Thanks to dBlackshell here are two more links on proxies from InsaneSecurity: one and two
  • JAP: Java based anonymity app. Some like it better than TOR some don’t.

In order for the above applications to work, you need to configure your P2P or BT client to connect to the internet THROUGH them. Tor has great instructions for this on their site. You can also configure your browser to go through those anonymity apps. The big drawback here is loss of speed. Any proxy based application will slow down your internets. Its a trade off that’s totally up to you.

You MUST know by now that you will eventually need more information, but you are afraid. Why? Because search engines like google and yahoo keep tabs on what you are searching for. For anonymous searching use:

As one can see, there are alot of resources out there to TRY and make your P2P life safe from being tracked. However, as with anything you do on the net, you will never be 100% anonymous. Its like having sex, sure there’s no 100% effective safe sex, but a condom is damn close enough to let you go at it. Just remember to keep your lists updated as well as your software. Now go be safe.

Got questions? Post them in the comments. (Note: This needs some Major editing, cause it was late and I got too tired to finish polishing it up)

*TMBBITW does not condone or support illegal file sharing in any form. In fact, TMBBITW and its writers promote, and fully support, Free Open Source Software, legal DRM-free music, Open Music and all sorts of nice legal things. Things that keep programmers employed and running your internets and creating games and all that good stuff.




RNC Got FARKED!! (Pix)

11 10 2007

A friend passed this one to me and I just couldn’t resist passing it on:

[via] Fark Logo
The Republicans unveiled their new national convention logo. Design something better in five minutes.
KellyLockhart [TotalFark]

The ‘O’fficial design

THEN THE FUN STARTS!!  Here are my favorites so far.

 200 yrs of tradition by Godscrack

WWRJD? by butthold

And those are just two of many many entries that all deserve to win.  Go see them all here: 

http://forums.fark.com/cgi/fark/comments.pl?IDLink=3112814

nJoy L8s





Storm Worm Update: I Hate To Say I Told You So…

8 10 2007

Anyone remember this article I wrote back in July:  STORM WORM: LARGEST ATTACK IN TWO YEARS, BUT WHY?
Well, it looks like I was correct in being concerned that the Storm Worm and its resulting botnets could become even more of a problem even though the code was so old.  Now this nasty little trojan has a bran new bag:

Storm Worm Descends on Blogspot
It seems like spammers, scammers, phishers and now malware authors are starting to leverage blogs more and more, especially Blogger/Blogspot as Google tend to be quite slow in responding and sometimes don’t respond at all.

This makes it an ideal platform for dodgy behaviour as the crooks have adequate lead time to con/infect people before they get shut down.

In this case Blogspot was used as the platform to propagate malcious messages by the Storm worm, people clicking these messages were liable to infection.

Source – Darknet – The Darkside

Notice what I underlined there.  Darknet sees a growing threat from Splogs.  I see that threat mixed with Storm Worm, and I say, “I knew Storm Worm would only become a larger problem”.  I still don’t know why though, beyond the basic malicious crap people do.

There are probably millions of undetectable variants of the Storm Worm trojan.  I am sure that the growing power of the extremely slippery botnets, that Storm Worm is used to create, will eventually do something very big and very naughty.  I don’t know how or why or what will happen, but if unchecked, something really BIG is going to come crashing down on some rather large target, maybe even a government.

I know it seems like I keep saying “THE SKY IS FALLING”, but I’m not.  I am only saying that there is the potential for “the sky to fall” if security companies and professionals don’t create a fool proof definition to stop all the Storm Worm variants and the botnets it creates.

Just in case you were wondering; No, I do not have the knowledge to create this “fool proof definition”, nor do I know how much work or how possible it could be.

Keep your eye’s open, and don’t click on random crap.





Ha.ckers.org on: De-anonymizing Tor, or any HTTP Proxy

8 10 2007

Just a heads up for all you peeps seeking anonymity and or privacy on the net. I saw this article on Ha.ckers.org – De-anonymizing Tor and Detecting Proxies

This code (it takes a several seconds to load) uses a piece of JavaScript to instantiate a Java socket call back to the origin site. In doing so it bypasses the proxy settings of the browser, allowing you to de-anonymize people using proxies. It works great for Tor or just about any HTTP proxy that I can think of. Cool stuff.

Source – ha.ckers.org web application security lab

Daaaaaaamn!!  That’s some scary shit for those of us just trying to keep a bit of privacy on the net.  Some of us just want to look at some titties without the whole net following us around.  Some of us want to study some information perceived clandestine by our governments. (Note: Germany just made posting penetration testing tools illegal!! See Darknet)

There’s alot of information to cover here and some of it just plain confused me at first, so I summarized what I saw as potential  bullet points in the article.

Follow the jump to read the rest: Read the rest of this entry »








Follow

Get every new post delivered to your Inbox.

Join 45 other followers