OMG OMG OMG my theme was hacked!
For fun I was checking out my statistics and discovered that my theme got hacked: the footer and header were replaced, inserting spammy URLs into the outputted page, together with some Google Adsense code.
Yay.
As a result I am now delisted from Google’s index.
Apparently, this has been going on for a couple of months, [...]
Keylogging in Javascript (or “Why the fsck does a password field send the keypress value?”)
Disclaimer: The information in here is purely educational, yada yada yada.
And… it’s not people that abuse things who harm people — it’s the people that put those things there without thinking.
An explaination: I have always been intrigued by HTML forms. As a paranoid person, I have always wondered whether companies or websites are logging [...]
MC Frontalot — Secrets From The Future
 by in Arts & Poetry, Conspiracies, Freedom & Repression, Interesting Links, Internet & Technology, Media, Religion & Politics, Music, Security & Privacy |
Hey again! Long time no post, I know…. busy, life, et cetera, but this I just needed to share.
I was just reading Bruce Schneier’s CRYPTO-GRAM and he linked to this suprisingly good track (direct link to MP3) by MC Frontalot, called Secrets From The Future (direct link to the lyrics).
To quote the chorus:
You can’t [...]
Recording an end-user’s movements on a website — copyright infringement?
This post on Slashdot got me thinking of something that I’ve been thinking about a couple of years ago.
Who says that websites aren’t already recording your movements?
I mean — earlier in this century I was thinking that, when you are a big corporation, and you have some ‘comments, complaints & suggestions‘ section on [...]
Sure, blame some ‘hacker’…
…while actually the system itself is vulnerable as fuck.
It’s not funny when the feds come around to take all your hardware for exposing a three year old hole (which could’ve been abused all along). ‘Taking down’ this guy doesn’t really solve any problems caused by this poor system.
Technology is mankinds Achilles-heel, I tell [...]
If they can’t even protect their ‘most valuable good’…
Reading about that ATM hack again today I was thinking this:
If they can’t even protect their ‘most valuable good’, how can we expect voting machines to tell the truth?
Not having anything to hide; rather fearing other peoples interpretation of the facts…
| by in Computers & Hardware, Conspiracies, Freedom & Repression, Media, Religion & Politics, Security & Privacy, Software, Visions |
The title of this post has always been my biggest fear about Big Brother watching everybody’s move, registering everything they buy, et cetera.
See, I really have nothing to hide. I fear that ‘The Man’ only wrongly interprets the information and I get Red Flagged for nothing.
People always thought I was kidding when I said that, [...]
Give up your PIN-code to some criminal holding you at gun-point?
| by in Belegana, Freedom & Repression, Health, Ideas & Concepts, Media, Religion & Politics, Random Rantings, Security & Privacy, The Netherlands, Visions |
Well, go to jail already! In the Netherlands, the police will label anybody that hands over their PIN-code, as a ’suspect of a criminal act’. Of course, there are things to be said against, and pro…. But, of course, I’m more leaning towards against: I didn’t fucking ask for a fucking banking-card that is protected [...]
The irony: Windows broken before shipped…
| by in Conspiracies, Freedom & Repression, Humour, Interesting Links, Music Industry & DRM, Random Rantings, Security & Privacy |
So, while a Microsoft spokesman was trying to relay its wet-dream to listeners (i.e. was intellectually masturbating) on the security in Window Vista, a Polish female researcher was demonstrating how the ’security’ can be bypassed, thus resulting in exactly the same unsafe situation as with earlier Windows variants.
Real funny, that.
Safe computing is impossible if the [...]
BlackHat conference demoes US citizen-only targetting smart-bomb, triggered by RFID chip on their passport
| by in Freedom & Repression, Interesting Links, Media, Religion & Politics, Random Rantings, Security & Privacy |
Just read that, at the BlackHat conference in Las Vegas, some folks demoed a bomb that will explode if an American passport is in its vicinity — a scenario not that hard to imagine.
Basically, RFID passports do not guarantee the safety and security they were invented for in the first place.
Now, I am not [...]
They said the technology wouldn’t be abused in such a way — but …. it is.
| by in Conspiracies, Freedom & Repression, Media, Religion & Politics, Random Rantings, Security & Privacy |
Okay so I read this stuff here (Dutch) which tells about how surveillance camera’s (put there to increase public safety) are now being abused to give parking-tickets.
Of course they say ‘these wrongly parked cars are hindering the ambulances‘. Although that may be true, that sure is hell isn’t the real reason they’re doing this. It’s [...]
WordPress 2.0.4 security release available
If you haven’t already — please upgrade WordPress to version 2.0.4. According to the developers, over 50 bugs have been fixed and the issue with the ‘Anyone can register‘-thing has now been addressed.
Spread the Word, Press..
WordPress, Blogs, Vulnerability, Security
Blow-up doll for insecure female drivers
So some company is marketing a blow-up doll for women who are insecure about driving at night, alone. Apparently, the presence of what appears to other people as a real person, gives them enough security to drive around town.
Now, I wonder — do women over-estimate the blow-up dolls’ size, too?
However sexist the whole concept [...]
Verichip RFID clonable (thus totally unsafe), despite the company’s promises
I just heard from somebody that on HOPE, a presentation was given how easily the Verichip RFID chip implant can be cloned (thus identities stolen, people posing as other people getting easier because nowadays, somehow, everything must be digital or something.
Basically, the work is done by this device, called the proxmark3, that;
[it] can do almost [...]
On voice recognition to access bank-account information…
Bright idea, voice recognition (Dutch article) to access bank account information.
A user can authenticate themselves to the bank, using their voice as their passport. Anyone that remember the film Sneakers will remember that, basically, you could record and playback somebody’s bank-account number after you’ve snooped from them. “My voice is my passport”…
That said, [...]
McKinnon to be extradited to America after all
| by in Computers & Hardware, Freedom & Repression, Internet & Technology, Media, Religion & Politics, Sad Stuff, Security & Privacy |
Seems like the pleads didn’t help Gary McKinnon at all. Because of a dumb extradition treaty he’ll be extradited to the US. For, according to the media,
[..] the “biggest military hack of all time” [..]
Which in itself is absolute bullshit because the ‘biggest military hack’, at least strategically, is the forced usage of Microsoft Windows [...]
On Bluecasting…
I read this article about a Dutch shop that sends messages to Bluetooth enabled devices. Apparently — this is not spam. Because, by its definition, spamming is only spam if you are abusing some ’service’. As Bluetooth is not a communication-service, i.e. one doesn’t have to subscribe or pay to use it, you can spam [...]
MySpace sued after assault on minor, but what is this really about?
I just read that parents sued MySpace for $ 14 milion in damages after their child got assaulted in real life after having her profile publicly posted on a social networking site.
The lawyer stated that:
MySpace is more concerned about making money than protecting children online.
Of course, parents can’t hardly be blamed for neglecting their kids [...]
On the Belgium kidnapping…
| by in Health, Security & Privacy |
So, a couple of days ago, a couple of young girls went missing in Belgium. Immediately, it was all over the media that some pedophile or whatever may have taken them.
The moment I heard that I was thinking: and they jump to this conclusion because… ? The guy’s missing? Cellular phone data implicated him in [...]
New ‘cybercrime’ laws in effect…
| by in Freedom & Repression, Internet & Technology, Media, Religion & Politics, Random Rantings, Security & Privacy, The Netherlands |
Well, in the Netherlands anyway.
Today, parliament decided to accept 2 new laws in order to make it easier to repress, suppress and oppress.
See, this new law has some things in it that could effectively send anyone to Gbay, or at least some jail.
Now it is made illegal to intrude a computer system.
No matter [...]
The broken laptop Amir sold…
A colleague pointed me to this site about a guy that bought a laptop over the internet through eBay, finally received a broken laptop.
The fun thing is, although broken, the laptop contains a gem of personal information. Information that this new owner now has happily posted on the internet as a form of pay-back.
The seems [...]
The obvious flaw in Biometrics…
I just discovered this advisory on the Full-Disclosure mailing-list which warns for one of the many obvious flaws in those biometric authentication schemes that everybody wants to roll out, everywhere.
Yeah it’s funny.
And yeah — it’s oh-so true…
Biometrics, Vulnerability, Security
Ayaan: the ‘plot’ continues…
| by in Freedom & Repression, General, Media, Religion & Politics, Random Rantings, Security & Privacy, The Netherlands |
Now it’s mentioned on the news that she believes that the Dutch government should protect her, even when she’s in the US.
She says that the governments responsibility doesn’t end at the border. Well, last time I checked the Dutch law I read that is only applicable on Dutch territory.
Yeah yeah, so she wants us [...]
Just when I was thinking `One must be a real idiot to believe the WTC went down because of two mere planes”
| by in Conspiracies, Freedom & Repression, General, Media, Religion & Politics, Random Rantings, Security & Privacy |
….I peruse the Full-Disclosure mailing-list to read that some of the guys there think Loose Change is complete bullshit.
That obviously proves there’s too many idiots in the IT security business too.
We’ve been blinded with ‘expert opinions’ on the whole WTC collapse but hell, you have to be a real moron to think that it wasn’t [...]
New (search) kid on the block: ‘Clusty’
Forgive my ignorance if you have already heard about this, but while reading the most recent 2600 issue — a reader mentioned the Clusty search-engine which I had never heard about until then.
Although this search-engine also makes money from advertisements, this one isn’t as intrusive as Google’s services (from a privacy point-of-view that is).
I have [...]
Weird McAfee ‘uvscan’ issue (solved though)
So, the mail-server is scanning incoming and outgoing email for virusses using the McAfee command line virus scanner for Linux.
Today I found out I was getting loads of reports in my email, though:
Scanning could not be performed due to the following error:
Missing or invalid DAT
WTF? The file’s there and looks OK. Re-downloading it didn’t seem [...]
ISC banking site survey
The Internet Storm Center asked readers to send in links to their banking sites, in order to find out whether they use SSL and other characteristics.
The results of this survey can be found on page here. It’s quite interesting to note that there seem only a few banks confirmed to require SSL and Two Factor [...]
Deniable filesystems
Bruce Schneier, on his blog, mentions the project Rubberhose that implements a ‘Deniable Filesystem‘.
The whole idea about these ‘deniable’ filesystems is, that, and I quote Bruce here:
The basic idea was the fact that the existence of ciphertext can in itself be incriminating, regardless of whether or not anyone can decrypt it. I wanted to create [...]
Suspicious Walmart scanning system
Tony Herrera, last Tuesday, blogged about Walmart having this weird scanning system, a story which I just need to share:
This story involving Glenn Harcsar an English Teacher and his eight-months pregnant wife while they were shopping at a Sam’s Club in Monroeville, PA.
“You’ve been identified by our scanning system. You’re not going to be allowed [...]
IRLB WTF?
| by in Conspiracies, Freedom & Repression, Internet & Technology, Media, Religion & Politics, Random Rantings, Security & Privacy |
On this page on Ebaumsworld I read the next insane thing the US will attempt to do in order to take away even more of our freedoms:
Washington D.C. – (March 28, 2006) – The Internet Regulations and Legislation Bureau, better known as the IRLB, is the newest United States governmental agency. The IRLB is [...]
Freedom: the net slowly closes in…
| by in Conspiracies, Freedom & Repression, Media, Religion & Politics, Random Rantings, Security & Privacy, The Netherlands |
In the Netherlands, there’s this new law that ‘the man‘ wants introduced. Of course, it’s one of those repressive laws that get introduced because of this so-called “War On Terror” — which, logically, cannot ever end.
Do we all want to be lead to the slaughters into the war that nobody can win?
Yeah, the [...]
Another day, another trojan — yet not so usual
The Register reports on Deutsche Bank and the (Dutch) Postbank being targeted by a new piece of spyware.
This one, dubbed Trojan-Spy.Win32.Bancos.pw reportedly intercepts HTTPS traffic and captures so-called TAN tokens. These tokens are pieces of information that should identify a banks real customer to finalise a banking transaction.
If infected by this piece of malware, and [...]
RFID tags can be infected by virii
The Register reports that RFID tags can be infected by virii:
Dutch researchers have warned that RFID tags – small microchips, which can be used to tag products or animals - can be infected with computer viruses.
A group under the guidance of Andrew Tanenbaum at the Amsterdam Free University made the world’s RFID “malware” publicly available. [...]
Schneier: Data Mining For Terrorists
I just received Schneier’s latest CRYPTOGRAM which has quite an interesting articled entitled Data Mining for Terrorists.
To quote the intro (emphasis mine):
In the post 9/11 world, there’s much focus on connecting the dots. Many believe that data mining is the crystal ball that will enable us to uncover future terrorist plots. But even in the [...]
Several vulnerabilities in Microsoft Office software
| by in Computers & Hardware, Media, Religion & Politics, Random Rantings, Security & Privacy, Software |
More specifically, the piece of shit they dare call ‘Excel’. Yes, it excells in fucking up documents. But I slightly digress.
Let’s look at the timeline that this vulnerability was reported:
Yesterday, ZDI reported:
2006.01.24 – Vulnerability reported to vendor
2006.02.21 – Digital Vaccine released to TippingPoint customers
2006.03.13 – Vulnerability information provided to ZDI security partners
2006.03.14 – Coordinated public release of advisory
Ah, so Microsoft knew about this [...]
Ten best security live cd distro’s
Yesterday, an article on 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) was posted on Darknet.
Live CD’s are the type of operating systems that fit on a CD, can boot almost any hardware, and allow you to use the machine to quite a large extent. The distro’s mentioned in the article are not [...]
WordPress 2.0.2 Security Update
In case you did not know already (like I did), a security heads-up if you use WordPress 2.x:
An important security issue has been brought to the attention of the WordPress team and we have worked diligently to bring you a new stable release that addresses it. Our latest version 2.0.2 contains several bugfixes and security [...]
GNU Privacy Guard vulnerability discovered
According to this post on the GPG mailing-list, GPG doesn’t detect the injection of unsigned data. That is rather a serious issue, so upgrading to the latest version is advised:
In the aftermath of the false positive signature verfication bug
(announced 2006-02-15) more thorough testing of the fix has been done
and another vulnerability has been detected.
This new [...]
Post-Mortem Data Destruction
I just posted my first article on Darknet about `Post-Mortem Data Destruction‘. This article roughly details a system for detecting the event of your death and destroying all your private information when this happens.
Post Mortem Data Destruction, Darknet, Navaho Gunleg
Florida Voting Machine Logs Reveal Anomalies
| by in Conspiracies, Freedom & Repression, Interesting Links, Media, Religion & Politics, On The Road..., Security & Privacy |
I knew it, the rest of the world knew it, and now it seems the 95 percent naive American fucks that decide the US’s future are slowly waking up to the truth as well.
According to this posting on Slashdot,
“Having ’successfully sued former Palm Beach County (FL) Supervisor of Elections Theresa LePore to get the [...]
On more reason to use open source software.. And why they don’t want you to use it.
All you Microsoft users in the UK, be warned. The BBC reports that the UK government wants a backdoor in Microsoft Vista:
Windows Vista is due to be rolled out later this year. Cambridge academic Ross Anderson told MPs it would mean more computer files being encrypted.
He urged the government to look at establishing “back door” [...]
New watermarking technology for music
I was just reading this article here about a new watermarking technology from the Fraunhofer Institute (the guys that made piracy, errrr, music compression possible).
Researchers at the Fraunhofer Integrated Publication and Information Systems Institute have successfully tested a software system, based on the group’s own digital watermarking technology, for tracking pirated audio files in P2P [...]
Darknet relaunch
Darknet is being relaunched:
Darknet is currently undergoing a relaunch, it has been rebuilt from scratch in a new style using a powerful and extensible open source CMS called Wordpress.
We are looking for people to write articles about anything to do with Hacking, Cracking or Information Security.
Topics such as tutorials, discussions, news, exploits, tool releases, coding [...]
Firefox users surf safer
According to Yahoo! News, two University of Washington professors went out to investigate looking for spyware on the Internet during 2005:
“We can’t say whether Firefox is a safer browser or not,” said Henry Levy, one of the two University of Washington professors who, along with a pair of graduate students, created Web crawlers to scour [...]
Google Desktop privacy concerns
Hot from the EFF’s site:
“Coming on the heels of serious consumer concern about government snooping into Google’s search logs, it’s shocking that Google expects its users to now trust it with the contents of their personal computers,” said EFF Staff Attorney Kevin Bankston. “Unless you configure Google Desktop very carefully, and few people will, Google [...]
Still write checks? Beware of check-washing!
A post on Schneiers’ weblog pointed me to this article about Check Washing:
Using a process known as check washing, mail snatchers erase the ink on a check with chemicals found in common household cleaning products or on the shelves of your local Walmart and then rewrite the checks to themselves, increasing the amount payable by [...]
Microsoft’s AV software will be expensive
Just read an article which states Microsoft’s new AV ’service’ will cost about 50 dollars per year.
Knowing Microsoft’s track-record regarding ’security software’ and their carefully constructed End-User Licence Agreements, I find it highly probable that it ain’t worth a fucking dime.
Yeh yeh — I know they’ll say they’ll use that money to make more [...]
WinAmp exploit in the wild — better upgrade…
For you Windows-users out there, ISC reports that, apart WinAmp 5.12 being vulnerable to some exploit that allows for remote code execution, that also an exploit has been discovered in the wild.
Also, WinAmp 5.13 is already available, so you better upgrade as soon as possible.
Threats, Security
RFID passports ‘cracked’…
| by in Freedom & Repression, Media, Religion & Politics, Random Rantings, Security & Privacy, The Netherlands |
Fear the Dutch — according to The Register, face and fingerprints swiped in Dutch biometric passport crack:
Dutch TV programme Nieuwslicht (Newslight) is claiming that the security of the Dutch biometric passport has already been cracked. As the programme reports here, the passport was read remotely and then the security cracked using flaws built into the [...]