Loaves of bread and fishes in Singapore

[Dave Aitel <dave () immunitysec com>]

http://www.ny1.com/ny/TopStories/SubTopic/index.html?topicintid=1&subtopicintid=1&contentintid=35901
" A suspect is under arrest after a deadly shooting at one of the city's 
most famous and exclusive restaurants.

Police say the shooting happened last night at Rao's, an Italian 
restaurant in East Harlem which boasts few tables and a lengthy waiting 
list.

Albert Circelli, 66, was shot in the back and later died at Metropolitan 
Hospital.

Another man was hit in the foot and is listed in stable condition.

Investigators say an argument inside the restaurant sparked the shooting.
Louis Barone, 67, has been arrested

Another man who was picked up with Barone has been released.

Police recovered a .38 caliber revolver at the scene."

This mafia joint is a few feet away from my front door. It's located in 
a burnt out building that is otherwise being destroyed. In fact, as far 
as we knew, this place was closed as well, since eating in a condemned 
building doesn't seem wise. But I guess if you're a "wise-guy" then it's 
more fun to run the risk of getting shot and having the building fall 
down on you while you dine. When was the last time you heard of a murder 
involving a 66 and 67 year old?

This isn't related to security in any way, but I thought it was funny.

I did just get back from that bastion of lawfullness, Singapore, where I 
was teaching and speaking at BlackHat Asia (Aka "The Flying Hacker 
Circus!"). I have to say, the training class went much better than I'd 
expected. The major problem was that no one on earth appears to have a 
laptop powerful enough to run VMWare. I'm trying to resolve this issue 
for the next class, which will be in Seattle at BlackHat Seattle, or in 
a theater near you!

I go to conferences to learn things, and one thing I learned was that 
we're not going to be using "bug" terminology any more. We're going to 
call them "fish." It works well in every way. For example, when you want 
to talk about format strings and buffer overflows, you can call them 
"closely related fishes" (proper english for different species of fish). 
Or you could say "That protocol is overfished." or you could refer to "a 
really big fish" or whatever. It's just better, Ok?

There were also plenty of 0day, including The Grugq's remote elf-loader 
from memory. This is the first public one that I know of. He also went 
over some interesting ways to evade forensics utilities. A common theme 
was "Yes, but upon closer look, that product is a total pile of crap." 
For some products this was a closer look than others.

I actually did the Capture the Flag as well. It was probably the best 
one I've ever seen -

1. It was attack based
2. It had sane scoring
3. It had interesting targets
4. There was a coherent path to success. It wasn't half-baked in any way.

Basically it was a Windows 2000 SP3 Box, fully patched up, running IIS 
with a small web app. There were 2 .asp files, one which would let you 
upload files, and one which would read a database. The trick was to 
upload a trojan .asp file, then use that to upload a real trojan, and 
use that to read all the asp files. One of the ASP files had the 
password to the FOX database, which you could use to read the database 
(as SYSTEM, because FOX runs as system inside IIS, hahahaha). Every so 
often you look at IIS and you go "That runs as SYSTEM? Hahahaha" I think 
even the IIS team does that.

Behind the Windows 2000 box was a solaris box that no one noticed. By 
the time I had hacked the Windows 2000 box (with David Litchfield's 
help, since I don't really know Windows well enough to know that Fox 
runs as System (it's completely counter-intuitive), and I certainly 
don't know ASP), I was about to fall over. The one major drawback to the 
game was that it was done from 7pm to 3am. After teaching the whole day, 
I was about to fall over halfway through.

For the scriptkiddies among us, there was also a remotely SSLable Linux 
box, which was also ptraceable. I didn't even bother. For some reason 
there was a no-Internet rule in the game. I'm not sure why, but if I had 
to do it again, I'd remove that rule.

"SK", one of the other speaker's, won the game. Apparantly he wins a lot 
of these games, but he's quite good, so fair enough. This game had cool 
prizes if you won, such as a camera and a phone. See that attached 
picture. SK is all the way on the right giving a "I won a camera" smile. 
Me in the Marine's tee-shirt, then Grugq and Halvar, Samil Shah, etc. 
Your basic motley crew.

Anyways, Singapore is pretty scary. It's got no real rights or citizen 
protections. The "law" is there to let the cops know which one of them 
can kill you, not whether they can kill you or not. Freaky. And my 
internet connection died midweek. Either due to incompetance, or to some 
sort of anti-interweb porn rule that I wasn't aware of, I wasn't sure. 
But it left me jittery. It's good to be back in the US, where browsing 
the web doesn't get you caned, just sued. (Assuming you aren't locked up 
indefinately waiting for a military tribunal, or whatever the latest 
"war on terrorism" gig is.  I can't wait until the Supreme Court slaps 
all that stuff down.)

My next post will have some cool bugs.

Dave Aitel
Immunity, Inc.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave