Re: NSA tracking open source security tools

["Dave Korn" <davek_throwaway () hotmail com>]

Fyodor wrote:

> Ethereal, Cain & Abel, and Kismet.  Nifty.  For those
> without the magazine, I have posted a pic at:
>
> http://www.insecure.org/nmap/nmap_inthenews.html#bush
>
> Maybe open source software really will take over the world :).

  Even better, all you need to do is break into the uk2.net server on which
securitywizardry.com is hosted, replace the file "Dgclock.class" with any
arbitrary java trojan exploiting your favourite ByteVerifier vulnerability,
and SH4z4m! YoU jU5t pwn3d teh NSA!!

[ ...snip... ]
     <applet code="Dgclock.class" width=98 height=30>
   <param name="TZ" value="GMT-0800">
    <param name="ShowDate" value="yes">
    <param name="ShowFrame" value="no">
    <param name="fg" value="c0c0c0">
    <param name="bg" value="black">
    </applet></font></td>

[ ...snip... ]

  Or you might be able to haxx0r securityfocus or prognosisx if uk2.net's 
security is too good.  Either way I would have thought that breaking into 
the NSA's internal net was usually pretty difficult, but if they will 
*insist* on inviting insecure mobile code inside the cordon, well, that kind 
of makes a mockery of their border defences, dunnit?

[ ...snip... ]
 <applet CODE="yavs.class" CODEBASE="http://news.securitytracker.com/";
WIDTH="215" HEIGHT="220">
 <param NAME="MSGTEXT"
VALUE="http://news.securitytracker.com/server/affiliate?BE51CB69F83FF017";>
[ ...snip... ]
<applet codebase="http://www.prognosisx.com/infosyssec/"; code="yavs.class" 
width=215 height=220>
<param name="MSGTEXT" 
value="http://www.prognosisx.com/infosyssec/announce.txt";>

[ ...snip... ]


  LOL, it woulda been *amazing* fun to have done that while the photo-op was 
taking place: just imagine it, there's Bush and all those spooks standing 
there in front of the Talisker radar, trying to look all serious and 
competent... suddenly the whole display board lights up, red alarms flash, 
alerts start appearing, the defcon scale goes off the counter.... suddenly 
lots of little nukes start exploding and the whole thing turns into a game 
of missile command and flashes up "THE END" in big strobing letters as Dubya 
and co. dive for cover under the tables....

  Heh.  What a historical missed opportunity for the prank of the century. 
TRMC must be spinning in their graves.[*]

    cheers,
      DaveK

[*] well, any of them that are dead might be.
-- 
Can't think of a witty .sigline today....



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/