Main Hantam Saja

After Cisco strong-armed Mike Lynn’s employer into forcing him to abandon his planned presentation on vulnerabilities in Cisco routers at the Black Hat conferences, they sent employees down to literally rip Lynn’s presentation out of the program books.

Watching this video reminded me of Fahrenheit 451. If I was the guy with the video camera, I would got their faces in the picture, and stolen a book or 2. But that’s my irrational way of thinking.

I thought Black Hat was supposed to be about independence. Cisco does not own it but when they have court documents, you do as they say or get your ass handed to you in court.

It’s fun to see them actually have to physically remove the pages. I think for fun somebody should add some special effects and stuff to this. Burning books, etc…. and that’s twisted… They really needed armbands and they should have at least all worn the same colour shirt. Maybe Wagner would have been more apropos than the hiphop bit at the end.

If this is Cisco’s reaction to their vulnerabilities, they are a pack of dumb asses, you would think they will learn from this. Perhaps Cisco should have sat through the presentation and learned of the vulnerabilities. They could have spent the thousands of dollars fixing the bugs instead of paying people to rip pages of out a book.

Mike Lynn did the presentation anyway. Cisco could have learned something from his presentation about how their products need to be fixed and where and even maybe how to fix them. The PDF of the presentation is available through the link — “Link to Mike Lynn Defense Fund and mirrors of his presentation.” in the first linkup.

Here are several places you can download the ,PDF file. There’s one on eMule on the censored material, the actual slides in PDF, this one in this blog and the shakedown letter’s version.

There are exploit codes in there. Exploits, especially of this magnitude, should NEVER be shown to the general population and especially not to a group of hackers, do you idiots understand that if this vulnerability gets out there is NO INTERNET until they patch and every company owning Cisco equipment applies said patch, without a viable means of distribution as there will not be an internet. Exploits are usually known by h4x0rs, the only difference is the amount of people learning about it at the exact same time.

But in the anti-monopoly sense, this does show that one company should NOT be relied on for basically all of the traffic of the internet…One exploit and the whole thing is toast rather than needing multiple companies and multiple vulnerabilities. Cisco not only gets a cease and desist order for the presentation, they go the extra mile to protect your security by ripping pages out of the books! Man with a dedicated security team like that how could you go anywhere else!

Now if they only showed such diligence actually in patching their holes they would be doing really good. Honestly this just downright sickens me. There are a lot of clever people on this planet and the weaknesses in question have been in place for years. To think that the cat has been let out of the bag just now is simply naive.

We (not-so-evil hackers) should be self-policing ourselves, otherwise the government will come in and do it for us. If the government does it then no one wins, except the lawyers, and they should never win. I’m sure that he wasn’t the only person to know of the vulnerability, but for him to go and give the vulnerability to a group of hackers and leave the possibility of it reaching an even greater amount of people afterward is totally irresponsible.

Here’s a quick and dirty Deadbolt Lock Picking howtos that’ll give you and your friends some cheap entertainment on a slow weekend afternoon.

A nice writeup, pretty hard to understand the tools he was talking about but the process seemed simple enough. For a more adventurous feats, here’s How To CRACK a Master Lock.

checkout lockpicking101.com.. Don’t really bother with any books or other junk like that… lp101 has all the info you need, there is also info about making your own tools. They’re pretty simple to make if you have some hacksaw blades and a bench grinder or a dremel . Both make it much simpler, do the majority of the work with the bench grinder and the details with the dremel.

a word of caution though, in some areas it may be illegal to carry picks as they can be considered a burglary tool. As if anyone cares.

Here is a nice presentation on sniffing packets in a switched network using ARP cache poisoning. There is a recipe too to hack a switch using Ettercap and Ethereal.

With regards to using FTP and Telnet and prove that our windows admins are idiots because they have used our windows id/passwd for insecure services like POP, web proxy etc.. So our windows passwords are all floating around on the network as easy to read as can be.

Ettercap has always been a personal favorite to some; dsniff too (wish it was still being developed). It truely is scary what’s floating about unprotected out there. I’ve never tried, but I’d be curious what ettercap connected directly to a cable modem could pick up.

Windows users can stick with CAIN&Abel just as easily though, little nicer interface infact, but ya don’t need it.. :p

It’s very easy, but this is not a step by step HOWTO, only a guide to build your own box. To start, you need a small up and running OpenBSD System on an Intel based System.’

Top 75 security tools for *nix and windows.

Nice tools but this survey is out of date.

Most of the tutorials describing how to use the Auditor Security Collection CD-ROM for a specific purpose. Here are some tutorials provided by users.

For Educational purposes ONLY? lol!

Pictures that were found on P2P networks.

The purpose of this site, is to show you what people are sharing on the internet but probably don’t know they are sharing it. Duh. It’s kind interesting. This site is just wierd, it is kind of interesting but really boring at the same time.

Isn’t it very easy to see that your sharing a directory that has private stuff in it?

A nice visual java applet that shows you your download and upload speeds. Also tells you your Quality of Service, Round Trip Time, and Max Pause.

There’s a lot of variation depending on the server being used. I got completely different results from the above test, DSL reports and pcpitstop with multiple tests on each.

A list of links to test your hacking abilities! =D These are great, got through most of them, but they get hard! Have fun!

Looks like a cool place to initiate my plans of taking over the world. Victory is mine!!

A good Bio of the Famous hacker Kevin Mitnick. Just thought I would post this to make sure no one ever forgets how great Kevin is.