Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Turning Attackers' Tools Against Them

kdawson posted more than 4 years ago | from the back-bearings dept.

Security 75

Tasha26 writes "The BBC has an interesting Web security snippet from the SyScan 2010 security conference in Singapore. In a presentation, security researcher Laurent Oudot released details of bugs found in commonly used attack kits such as Neon, Eleonore, and Sniper. These loopholes could be exploited to get more information about the attackers, perhaps identifying them, stealing their tools and methods, or even following the trail back to their own computer."

Sorry! There are no comments related to the filter you selected.

Time for hacker bounty hunter! (5, Interesting)

maillemaker (924053) | more than 4 years ago | (#32628854)

There should be bounties put on these folks spreading this shit.

Re:Time for hacker bounty hunter! (4, Funny)

tnok85 (1434319) | more than 4 years ago | (#32629018)

In a special two hour edition of Dog the Bounty Hunter, Dog gets his first Macbook and hacks his way to take down his target!

*watches two hours of Dog learning to search for people on FaceBook*

Re:Time for hacker bounty hunter! (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32629052)

In a special two hour DVD of Dog the Bounty Hunter, Dog gets his first Macbook and discovers his latent homosexuality!

*watches two hours of Dog being fucked in the ass while large, mustachioed black men use his mullet for handlebars*

Re:Time for hacker bounty hunter! (1)

jhoegl (638955) | more than 4 years ago | (#32629334)

Macintosh also saves the world from alien attacks.

Re:Time for hacker bounty hunter! (2, Interesting)

Anonymous Coward | more than 4 years ago | (#32629418)

Using a macbook to hack is kinda like using an easy bake oven to cook thanksgiving...

Re:Time for hacker bounty hunter! (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32629438)

Wooosh!

Re:Time for hacker bounty hunter! (1)

Anonymous Coward | more than 4 years ago | (#32629522)

I was making my own joke, so obviously theres a Woosh on your Woosh

Re:Time for hacker bounty hunter! (0)

Anonymous Coward | more than 4 years ago | (#32629942)

I was joking on the fact that few people would get your joke, so there's a Woosh on your Woosh on my Woosh.

Re:Time for hacker bounty hunter! (1, Funny)

Anonymous Coward | more than 4 years ago | (#32630050)

Ahh I except your woosh in that situation.

Re:Time for hacker bounty hunter! (1)

Aranykai (1053846) | more than 4 years ago | (#32630538)

I think you mean "accept". *wooosh*

dang it...

Re:Time for hacker bounty hunter! (0)

Devout_IPUite (1284636) | more than 4 years ago | (#32631182)

Saying "Wooosh!" makes you a loser...

Re:Time for hacker bounty hunter! (0)

Anonymous Coward | more than 4 years ago | (#32631862)

Saying "Wooosh!" makes you a loser...

Oops.

Re:Time for hacker bounty hunter! (0)

Anonymous Coward | more than 4 years ago | (#32631928)

... or a Woooshbag !

Re:Time for hacker bounty hunter! (1)

Ol Olsoc (1175323) | more than 4 years ago | (#32639598)

two things....1 whoosh, 2. you don't know much about Macs, do you? I open a terminal window, and I get mush more geeky goodness than a Windows machine can give me.

Re:Time for hacker bounty hunter! (1)

Sulphur (1548251) | more than 4 years ago | (#32629118)

Bounty is too good for them.

Re:Time for hacker bounty hunter! (3, Insightful)

betterunixthanunix (980855) | more than 4 years ago | (#32629578)

Why? "We connected our mission critical systems to a public communications network, and random people on that network are probing our systems! Waaaaah! Wait, let's probe their systems too!"

THE internet is a wild and dangerous place (1)

For a Free Internet (1594621) | more than 4 years ago | (#32628872)

Humans are frog-like mammals with puny intelligences compared to me, the galactic overlord from Fggrtgtettggttgtstttttstststs. I saw a registered car car car car car car car to the ass-wind. Commander TACO is a small amphibian with a faulty earrrrrrrrrrrrrrrrrrrrrr..;.;;.;.;.;.;.;.;.

Following the trail back to their own computer (2, Insightful)

nurb432 (527695) | more than 4 years ago | (#32628938)

..or to the person they are setting up to go to jail...

Re:Following the trail back to their own computer (2, Insightful)

Anonymous Coward | more than 4 years ago | (#32629450)

..or to the person they are setting up to go to jail...

Yes, and the police shouldn't bother following up on physical evidence either since it usually leads to someone who's being set up to go to jail.

Re:Following the trail back to their own computer (1)

nurb432 (527695) | more than 4 years ago | (#32631488)

If you go to that much trouble to frame someone via a 'code trail', you will be planting more evidence.

Re:Following the trail back to their own computer (2, Interesting)

dbIII (701233) | more than 4 years ago | (#32629780)

Most of these attacks are by the sort of script kiddies that you could confuse by saying "bet you can't hack 127.127.127.127". I've got one machine that will accept ssh from anywhere and it's under almost constant dictionary attack by idiot script kiddies - usually under the username "Administrator" which makes little sense since few very MS systems even have ssh. They don't really have a clue (eg. can't even get in with a password on many ssh systems), they just play with the toys without understanding what they do.
I've seen a couple of hacked systems, and in both cases it was a long chain of embarrassingly STUPID failures by lazy idiots before the script kiddies got in. The nature of the script kiddy tools actually made it easy to see a lot of what they had done (chattr to prevent deletion of their files), but of course you have to dust off and fdisk from orbit - it's the only way to be sure :)

Re:Following the trail back to their own computer (1)

uninformedLuddite (1334899) | more than 4 years ago | (#32637292)

I knew a sysadmin many years ago who wasn't shy about blowing his own trumpet about his 1337 security skillz. His root password was 'aardvark'. Thought you might need a laugh. He had a couple of those MCSE type qualifications and a degree in computer science.

Re:Following the trail back to their own computer (1)

Zapotek (1032314) | more than 4 years ago | (#32630852)

Why was that modded as flamebait? It's quite insighful actually...parent makes a good point.

Re:Following the trail back to their own computer (1)

nurb432 (527695) | more than 4 years ago | (#32631500)

Who knows, people are having a bad day? Or perhaps they are guilty themselves? :)

I was trying to be serious, as it would be a great way to distract attention to yourself ( as the bad guy ) and take down your enemies in the process. A double win.

One would assume that the high end coders doing this stuff would be that smart.

But did he do "responsible disclosure"... (5, Funny)

John Hasler (414242) | more than 4 years ago | (#32629032)

...or did he behave irresponsibly and publish the bugs without giving the vendors time to issue patches?

Ka! Crooks' food-chain (2, Insightful)

oldhack (1037484) | more than 4 years ago | (#32629044)

All that cleverness wasted...

Low hanging fruit (5, Insightful)

retardpicnic (1762292) | more than 4 years ago | (#32629092)

Meh... Thae fact that there are errors and vulnerabilities in web based tools just means that they were written by programmers who largely don't have peer code review, which is why so many computer viruses never get to trigger or release paylod, the only working part of them is the infection mechanism. Perhaps these vulnerabilities would aid n catching a script kiddie who had downloaded a poorly programmed tool and was dumb enough to launch from his own computer. Nobody with brains would launch from "home", they would use bots, which means the police will be storming an old age home with grandparents still using windows 95. I do applaud looking at hacking tools though, I workd for a company that used a stripped down, harmless version of the sub7 trojan to deploy software and it was far superior to commercial deployment solutions at the time.

Re:Low hanging fruit (3, Insightful)

DigitAl56K (805623) | more than 4 years ago | (#32629520)

Thae fact that there are errors and vulnerabilities in web based tools just means that they were written by programmers who largely don't have peer code review

The fact that there are errors in these attack suites in particular is probably more because their purpose is to attack others with no expectation that counter-attacks are likely to happen, at least against these tools themselves.

I workd for a company that used a stripped down, harmless version of the sub7 trojan to deploy software

Funny you bring that up. Older versions used to have a hard coded master password that could be used to steal Sub7 systems, W32/Leaves took over systems that way.

Re:Low hanging fruit (1)

Yvanhoe (564877) | more than 4 years ago | (#32631122)

You may not hit the home of the attacker but neutralizing his/her botnet or relay is a good start.

No Honor Among Thieves (4, Insightful)

IonOtter (629215) | more than 4 years ago | (#32629106)

Do you really think that the creators of these "tools" aren't going to leave SOME way of getting back into them? To prevent them from being used against their own systems?

"Did you really think you could use my own spell against me , Potter?" -Severus Snape "HP: THBP"

Re:No Honor Among Thieves (3, Interesting)

WrongSizeGlass (838941) | more than 4 years ago | (#32629316)

Do you really think that the creators of these "tools" aren't going to leave SOME way of getting back into them? To prevent them from being used against their own systems?

No, of course not ... though they may install a copy of Kaspersky [ca.com] to remove the competition from their latest conquest.

Re:No Honor Among Thieves (1)

mtremsal (1554627) | more than 4 years ago | (#32631514)

This one hasn't been updated for more than 3 years.

I guess its author is still trying to remove Kaspersky from his Botnet...

Remember Alfred Nobel? (1)

Leon Buijs (545859) | more than 4 years ago | (#32632064)

Alfred Nobel 'Price' was killed while using his own invention (dynamite). So you would be the first. Harry Potter is a fiction, remember?

Re:Remember Alfred Nobel? (1)

hoboroadie (1726896) | more than 4 years ago | (#32632262)

WTF?

Re:No Honor Among Thieves (1)

uninformedLuddite (1334899) | more than 4 years ago | (#32637318)

You just had to bring up Harry Potter didn't you. I am only just getting over my major major crush on Bellatrix Lestrange (IMHO one of the hottest chicks(with personality to match) to ever feature on the silver screen)

In other news... (4, Funny)

nacturation (646836) | more than 4 years ago | (#32629162)

In other news, researchers learn that script kiddies tend not to be very good software developers.

Re:In other news... (5, Insightful)

Gadget_Guy (627405) | more than 4 years ago | (#32629240)

In other news, researchers learn that script kiddies tend not to be very good software developers.

Surely the very definition of a script kiddie is someone who doesn't write hacking software, but uses software built by others.

I think this shows that the hacking community can be a bit arrogant, and they think that hackers won't go after one of their own.

Re:In other news... (1)

betterunixthanunix (980855) | more than 4 years ago | (#32629502)

Or that the people who write these packages are not necessarily great hackers themselves, but people who read reports on others' work and write tools to perform the attacks.

Re:In other news... (1)

Bert64 (520050) | more than 4 years ago | (#32630858)

Or they just don't care...
The people who write these tools are not the same people who run them, script kiddies run the tools because they aren't smart enough to write their own and nor are they smart enough to verify that the code isn't broken or even full of blatant backdoors. Nor do they care at all since the machines they will be running the tools on are compromised systems which were obviously vulnerable to something else already.

Re:In other news... (0)

Anonymous Coward | more than 4 years ago | (#32630562)

I think this shows that the hacking community can be a bit arrogant, and they think that hackers won't go after one of their own.

Not so by any means, haven't you seen the start of Hackers, where Zero Cool gets thrown out of the TV system by Acid Burn?!!!

On a more serious note, what do you think the easiest ways to create a botnet is? It's not by brute forcing SSH by hammering every IP on the Internet or by injecting banner ads that take out IE with the latest 0 day. It's by nicking someone elses botnet, which is actually a hilarious game and more fun than scrabalicious ;)

Re:In other news... (2, Insightful)

RobDude (1123541) | more than 4 years ago | (#32629594)

Eh, I'm not sure I agree.

It's one thing to have the ability to find a exploit and take advantage of it. It's an entirely different thing to personally go through all of the code running on your machine and remove all exploits.

walled garden version for the rest of us? (1, Troll)

AmazinglySmooth (1668735) | more than 4 years ago | (#32629200)

I propose that MS create a walled-garden version of Windows that will work for 85% (my estimate) of users. Only approved apps can be installed. Could it work?

Re:walled garden version for the rest of us? (0)

Anonymous Coward | more than 4 years ago | (#32629302)

I propose that MS create a walled-garden version of Windows that will work for 85% (my estimate) of users. Only approved apps can be installed. Could it work?

Yeah, it's called the iPhone and it was actually developed by Apple. lmao

Re:walled garden version for the rest of us? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32629336)

I propose that you stick the shotgun in your mouth and pull the trigger, retard.

Re:walled garden version for the rest of us? (1, Insightful)

MadnessASAP (1052274) | more than 4 years ago | (#32629346)

Microsoft would gladly make a walled garden OS for EVERYONE to use if they thought they could get away with it.

Re:walled garden version for the rest of us? (4, Insightful)

ArghBlarg (79067) | more than 4 years ago | (#32629884)

Haven't they already taken the first step with compulsory driver signing in their 64-bit OSes? I hear there's a registry hack to disable it... for now. But MS would -love- it to be mandatory, they've been laying the foundations since the original "Trusted Computing Platform Alliance" days haven't they? I don't keep up to date on all this stuff so maybe it's not so true anymore.

Re:walled garden version for the rest of us? (0, Troll)

Z34107 (925136) | more than 4 years ago | (#32630512)

They just upped the logo requirements - to get logo certification, you have to have 64 bit versions of drivers as well. Which is great, because 32bit blows chunks.

As for having to get them signed, that is kind of a pain. On the plus side, it means your signed driver went over some basic "are you likely to freeze the computer" tests and it discourages companies with shitty programmers from doing unnecessary stuff in kernelspace.

I for one applaud this tiny effort to improve Windows stability.

Re:walled garden version for the rest of us? (1)

Bert64 (520050) | more than 4 years ago | (#32630868)

Maybe someone can encourage MS not to do unnecessary stuff in kernel space? IIS is a prime offender for this...

Re:walled garden version for the rest of us? (0)

Anonymous Coward | more than 4 years ago | (#32631170)

They just upped the logo requirements - to get logo certification, you have to have 64 bit versions of drivers as well.

That's great but why even bother releasing drivers for usb devices as ms auto installs its' own driver. You have to jump through fucking hoops to install the one that came with the device. I realize there's probably a way to turn this off but it's very presumptuous of ms to assume that people want this. Oh wait I get it now. Its part of the USER EXPERIENCE. Lets cripple your device by loading our own drivers before you get a chance to load yours. Fuck ms.

Re:walled garden version for the rest of us? (1)

riscthis (597073) | more than 4 years ago | (#32631074)

Haven't they already taken the first step with compulsory driver signing in their 64-bit OSes?

IIRC, one of the reasons for requiring driver signing was not for the logo certification part (which I thought remained optional, but I may be wrong on that) but actually to help with Microsoft's crash analysis efforts.

With a signed driver it's much easier to identify the vendor of a buggy driver, get in contact and ask them to fix their code, and even offer to push out an update via the Microsoft Update tool.

Re:walled garden version for the rest of us? (1)

RoFLKOPTr (1294290) | more than 4 years ago | (#32629890)

Microsoft would gladly make a walled garden OS for EVERYONE to use if they thought they could get away with it.

Companies do what makes good business sense. If Microsoft could get away with making a walled-garden OS and they thought it would be more successful than their current product, then of course they would. But they would lose me as a customer, and they would probably lose much of the rest of their current customer base, so they wouldn't. What's your point?

Now go back to using your Windows: Linux Edition (sorry, I mean Ubuntu) and stop turning every thread you can into a baseless battle of the OSes.

Re:walled garden version for the rest of us? (1)

janrinok (846318) | more than 4 years ago | (#32631446)

"Now go back to using your Windows: Linux Edition (sorry, I mean Ubuntu) and stop turning every thread you can into a baseless battle of the OSes."

Why have YOU turned this into a battle of OSes? There is nothing intrinsically wrong with Ubuntu. It might not be your distro of choice but for many thousands of people, it is exactly that. The fact that it is user friendly and works out-of-the-box makes it more popular but no less of an OS than whatever you might choose to use.

Re:walled garden version for the rest of us? (1)

RoFLKOPTr (1294290) | more than 4 years ago | (#32632918)

"Now go back to using your Windows: Linux Edition (sorry, I mean Ubuntu) and stop turning every thread you can into a baseless battle of the OSes."

Why have YOU turned this into a battle of OSes? There is nothing intrinsically wrong with Ubuntu. It might not be your distro of choice but for many thousands of people, it is exactly that. The fact that it is user friendly and works out-of-the-box makes it more popular but no less of an OS than whatever you might choose to use.

It's just that it's typically Ubuntu users that start the OS battles. And those people only use Linux so they can fit in with their hacker friends, dis micro$haft and feel all epix leatsauce, but they use Ubuntu so they don't actually have to know anything.

And you know it's true.

Re:walled garden version for the rest of us? (0, Redundant)

RoFLKOPTr (1294290) | more than 4 years ago | (#32632932)

By the way, I have nothing against Linux. I love Linux. I wouldn't use anything else for running a server (I have 3 that run on Gentoo)... it's the people that use it just to fit in that I can't stand.

Re:walled garden version for the rest of us? (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32636744)

Eww, gentoo is so... Generation 2. All the cool kids are on Arch now.

Re:walled garden version for the rest of us? (1)

betterunixthanunix (980855) | more than 4 years ago | (#32629546)

I propose that MS create a walled-garden version of Windows that will work for 85% (my estimate) of home users.

FTFY.

Re:walled garden version for the rest of us? (1)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#32633704)

It already exists(though not in "home" versions), it just isn't turned on by default.

In anything XP or later, not sure about 2000, you can use software restriction policies to control the execution of programs and the loading of dlls by location, name, hash, or signature. Or some combination.

It's kind of a pain to use, which is why you don't see it too much; but it is there.

Firbst (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32629226)

That so8ded,

Illegal in many jurisdiction (4, Interesting)

Isao (153092) | more than 4 years ago | (#32629442)

This is great intel, no doubt. There's a bit of irony in reporting vulnerabilities in malware - can I get a CVE for that? Counter-attack has a bunch of potential issues, though. The primary one is attack attribution, and the other primary one is that it's not legal in many places (including the United States) to counter-attack your attacker. If you execute code or access a system without the permission of the system-owner, you're in the same crime category as the original miscreant.

Re:Illegal in many jurisdiction (2, Insightful)

Anonymous Coward | more than 4 years ago | (#32629590)

Not so. Try a "self defense" defense.

If an attacker originates an attack on you,
you are welcome to use ENOUGH force to stop it.

I think a requisite measure of restraint would be
proven, and any subsequent culpability waived.

Re:Illegal in many jurisdiction (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32630444)

Not so. Try a "self defense" defense.

If an attacker originates an attack on you,
you are welcome to use ENOUGH force to stop it.

I think a requisite measure of restraint would be
proven, and any subsequent culpability waived.

Stop it?
iptables .... -j DROP

Retaliation against the attackets system, which just happens to be a rooted box at MegaCorp ? Year, real smart idea - their lawyers will surely see the sanity of what you did and not sue..

drug dealers can't report theft of drugs (3, Insightful)

circletimessquare (444983) | more than 4 years ago | (#32629630)

likewise, what hacker is going to report that someone reverse engineered his hack?

Re:drug dealers can't report theft of drugs (1)

laffer1 (701823) | more than 4 years ago | (#32634504)

What if the attacker is using another system they already exploited? You're then hacking into someone else's computer and they very well could press charges.

your view of ethics is odd (1)

circletimessquare (444983) | more than 4 years ago | (#32639082)

i think you are trying to say that going after hackers is unethical. you are of course right. but that doesn't mean you can't go after them, just that you can't wrap yourself in the cloak of ethics when you enter their shadowland

in other words, to catch a criminal, you should abide by good conduct, but you may have to get a little dirty yourself

it is not possible to fight crime completely straightjacketed by the highest standards of good behavior. as long as you yourself don't become a criminal in your pursuit of them, its ok to bend the rules

please don't read this as an acceptance of murder to fight shoplifting. my words are more an acceptance of jaywalking to fight drug dealing. i am proposing its ok to bend the rules slightly, not excuse vile crimes in the punishment of smaller ones. for example: its perfectly legal to lie to suspects when interrogating them. do you consider this unethical? maybe a goody two shoes does. but then a goody two shoes will never catch a criminal. you need to understand exactly what you are dealing with, and be prepared to bend the rules a bit

its a tough game. who ever said catching criminals was easy and trouble free? your notion of ethics should not preclude the vigorous pursuit of criminals. then its not ethics at all, for without the vigorous pursuit of crime, you only reward those who don't follow ethics at all, and therefore undermine the reason for anyone in society to act ethical. the reward for good ethics should be greater than the reward for being unethical. make sure of that

Re:Illegal in many jurisdiction (1)

Securityemo (1407943) | more than 4 years ago | (#32630874)

If I do it in secret, what do I care if it's legal or not? If done competently, the chance of getting caught is hardly even worth considering.

Re:Illegal in many jurisdiction (1)

lennier (44736) | more than 4 years ago | (#32635674)

There's a bit of irony in reporting vulnerabilities in malware - can I get a CVE for that?

I nominate 'There's a CVE for that!' as the new 'There's an app for that'.

creators tiring of unprecedented evile's attacks.. (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32629510)

against us. it's not like we haven't been given many opportunities to make it right/defend ourselves. butt, as we (not so) slowly fade into bad history, it's good to know that there's still some genuine assistance available in spite of our lackadaisical attitude towards our gifts. see you there?

meanwhile (meaning possibly quite a while); the corepirate nazi illuminati is always hunting that patch of red on almost everyones' neck. if they cannot find yours (greed, fear ego etc...) then you can go starve. that's their 'platform' now.

never a better time to consult with/trust in our creators. the lights are coming up rapidly all over now. see you there?

greed, fear & ego (in any order) are unprecedented evile's primary weapons. those, along with deception & coercion, helps most of us remain (unwittingly?) dependent on its' life0cidal hired goons' agenda. most of our dwindling resources are being squandered on the 'wars', & continuation of the billionerrors stock markup FraUD/pyramid schemes. nobody ever mentions the real long term costs of those debacles in both life & any notion of prosperity for us, or our children. not to mention the abuse of the consciences of those of us who still have one, & the terminal damage to our atmosphere (see also: manufactured 'weather', hot etc...). see you on the other side of it? the lights are coming up all over now. the fairytail is winding down now. let your conscience be your guide. you can be more helpful than you might have imagined. we now have some choices. meanwhile; don't forget to get a little more oxygen on your brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.

"The current rate of extinction is around 10 to 100 times the usual background level, and has been elevated above the background level since the Pleistocene. The current extinction rate is more rapid than in any other extinction event in earth history, and 50% of species could be extinct by the end of this century. While the role of humans is unclear in the longer-term extinction pattern, it is clear that factors such as deforestation, habitat destruction, hunting, the introduction of non-native species, pollution and climate change have reduced biodiversity profoundly.' (wiki)

"I think the bottom line is, what kind of a world do you want to leave for your children," Andrew Smith, a professor in the Arizona State University School of Life Sciences, said in a telephone interview. "How impoverished we would be if we lost 25 percent of the world's mammals," said Smith, one of more than 100 co-authors of the report. "Within our lifetime hundreds of species could be lost as a result of our own actions, a frightening sign of what is happening to the ecosystems where they live," added Julia Marton-Lefevre, IUCN director general. "We must now set clear targets for the future to reverse this trend to ensure that our enduring legacy is not to wipe out many of our closest relatives."--

"The wealth of the universe is for me. Every thing is explicable and practical for me .... I am defeated all the time; yet to victory I am born." --emerson

no need to confuse 'religion' with being a spiritual being. our soul purpose here is to care for one another. failing that, we're simply passing through (excess baggage) being distracted/consumed by the guaranteed to fail illusionary trappings of man'kind'. & recently (about 10,000 years ago) it was determined that hoarding & excess by a few, resulted in negative consequences for all.

consult with/trust in your creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land." )one does not need to agree whois in charge to grasp the notion that there may be some assistance available to us(

boeing, boeing, gone.

sounds fun, but you could still go to jail (1)

bl8n8r (649187) | more than 4 years ago | (#32629778)

Connecting to someone's computer with the intent to cause damage could still get you in legal trouble; the law doesn't care who the victim is. What's more, the cracker you are trying to crack may just have a whole botnet to turn on your IP space, so you may want to think about that before unleashing your m4d l33t sk11z on their intertubes.

Re:sounds fun, but you could still go to jail (0)

Anonymous Coward | more than 4 years ago | (#32629908)

It's not all about counter attacking. It's about discovery of the perps. Also, I think that maybe, I dunno, the POLICE could use this information?? They used to be hopeless about computer crime but some of the forces now have some decent capability in this area.

You FAIL it (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32629872)

big deal. Death marke7 share. Red

Why not just build in counter-attack tools (2, Interesting)

Orion Blastar (457579) | more than 4 years ago | (#32630340)

in the OS or have an option of and OS update that includes tools to detect attacks and then counter them.

I remember having a Fedora 9 Web Server and all kinds of foreign IP addresses tried to crack passwords and guess user names. I read the logs as root showing me failed attempts using some dictionary attack of English/American first names and passwords from a dictionary list. Now I don't use first names but handles and pen names that are hard to guess and run as a user account and only use root when I need to do something.

A friend of mine told me they will keep trying and cannot be stopped because my Linux server has no defense system to counter attack their hacking attempts and when they send a DoS attack my system does not send one back.

But I was never able to find such programs for Linux that would counter-attack such things and stopped hosting my web site at home and moved it to a web hosting services and let their admins monitor it 24/7. I recall they used an exploit in Apache 2.X and PHP during Halloween when I was taking my wife and son out for collecting candy. I come back home and found that trolls from Kuro5hin hacked my web server and took control and added insulting and untrue stuff about me. Later on they did the same thing to Net Money Chat that used Scoop like Kuro5hin but the admin fixed it to work with Apache 2.X and mod_perl for Apache 2.0, he submitted the code changes to Rusty, but Rusty never did anything about them. Then the Kuro5hin trolls hacked Net Money Chat and make it so it never served web pages and sabotaged the system so no part of it would work.

I would like to see such things available or built into Linux and other operating systems or be part of a security update or some free or open source software that can be gotten by people or small businesses that run web sites and need some way to force hackers and attackers to stay away from their web servers or at least collect enough evidence to submit to the FBI or some other group to hunt down the hackers and crackers by generating an ODF or PDF or whatever file that contains copies of the logs and a list of IP addresses doing the hacking and cracking attempts and attacks and then lists what they did. If needed a court can examine the Linux logs to see the whole history if they want to as well.

Re:Why not just build in counter-attack tools (1)

laffer1 (701823) | more than 4 years ago | (#32634528)

False positives. In order for this to be effective, one would have to come up with fingerprints of attacks. If someone's normal activity happened to be similar and triggered it, then their system gets attacked by yours.

The other problem is that there are new attacks everyday and it would get harder and harder to have effective counter attacks. Pretty soon every mail server on the internet will be attacking each other. It's just silly.

Re:Why not just build in counter-attack tools (1)

uninformedLuddite (1334899) | more than 4 years ago | (#32637366)

I haven't used psad [cipherdyne.com] for a long time but if i recall correctly it had an option to execute a program/script of your choice if a portscan reached a specific threshold.

The presentation: well hidden (2, Informative)

GeneralSunTzu (1163223) | more than 4 years ago | (#32630540)

This is to save the energies of the various suckers, who, like me, wanted to read either the presentation (will do even Powerpoint, if really really desperate) or the notes or whatever he had.
These conferences, unlike BlackHat® conferences, seem to publish zilch, and on his company web site there is nothing, in any language, except for a news item in Inspector Clouseau's English (Pink Panther, remember?) on this same matter, hardly more informative that the OP comment.
To shake him, please e-mail him in any language, asking him to publish his presentation.
I am confident that by the 3.000.000th e-mail, he might get it...
Am going to mail him in idiomatic, begging, French to begin with.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?