Full Disclosure mailing list archives
Re: NSA tracking open source security tools
From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Mon, 6 Feb 2006 16:24:09 -0000
Fyodor wrote:
Ethereal, Cain & Abel, and Kismet. Nifty. For those without the magazine, I have posted a pic at: http://www.insecure.org/nmap/nmap_inthenews.html#bush Maybe open source software really will take over the world :).
Even better, all you need to do is break into the uk2.net server on which securitywizardry.com is hosted, replace the file "Dgclock.class" with any arbitrary java trojan exploiting your favourite ByteVerifier vulnerability, and SH4z4m! YoU jU5t pwn3d teh NSA!! [ ...snip... ] <applet code="Dgclock.class" width=98 height=30> <param name="TZ" value="GMT-0800"> <param name="ShowDate" value="yes"> <param name="ShowFrame" value="no"> <param name="fg" value="c0c0c0"> <param name="bg" value="black"> </applet></font></td> [ ...snip... ] Or you might be able to haxx0r securityfocus or prognosisx if uk2.net's security is too good. Either way I would have thought that breaking into the NSA's internal net was usually pretty difficult, but if they will *insist* on inviting insecure mobile code inside the cordon, well, that kind of makes a mockery of their border defences, dunnit? [ ...snip... ] <applet CODE="yavs.class" CODEBASE="http://news.securitytracker.com/" WIDTH="215" HEIGHT="220"> <param NAME="MSGTEXT" VALUE="http://news.securitytracker.com/server/affiliate?BE51CB69F83FF017"> [ ...snip... ] <applet codebase="http://www.prognosisx.com/infosyssec/" code="yavs.class" width=215 height=220> <param name="MSGTEXT" value="http://www.prognosisx.com/infosyssec/announce.txt"> [ ...snip... ] LOL, it woulda been *amazing* fun to have done that while the photo-op was taking place: just imagine it, there's Bush and all those spooks standing there in front of the Talisker radar, trying to look all serious and competent... suddenly the whole display board lights up, red alarms flash, alerts start appearing, the defcon scale goes off the counter.... suddenly lots of little nukes start exploding and the whole thing turns into a game of missile command and flashes up "THE END" in big strobing letters as Dubya and co. dive for cover under the tables.... Heh. What a historical missed opportunity for the prank of the century. TRMC must be spinning in their graves.[*] cheers, DaveK [*] well, any of them that are dead might be. -- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: NSA tracking open source security tools, (continued)
- Re: NSA tracking open source security tools Jim Popovitch (Feb 04)
- Re: NSA tracking open source security tools Slythers Bro (Feb 04)
- Re: NSA tracking open source security tools TheGesus (Feb 04)
- Re: NSA tracking open source security tools Arias Hung (Feb 06)
- Re: NSA tracking open source security tools TheGesus (Feb 08)
- Re: NSA tracking open source security tools Paul Schmehl (Feb 04)
- Re: NSA tracking open source security tools Leif Ericksen (Feb 05)
- Re: NSA tracking open source security tools Jason Coombs (Feb 04)
- Re: NSA tracking open source security tools Mike Hoye (Feb 04)
- RE: NSA tracking open source security tools Mike (Feb 04)
- Re: NSA tracking open source security tools Dave Korn (Feb 06)
- RE: Re: NSA tracking open source security tools Very Unprivate (Feb 06)
- Re: Re: NSA tracking open source security tools Dave Korn (Feb 06)
- RE: Re: NSA tracking open source security tools Very Unprivate (Feb 06)