Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Vodafone Femtocells Rooted, Secret Keys Exposed

timothy posted more than 3 years ago | from the password-too-weak-try-another dept.

Security 77

AmiMoJo writes "Hackers have discovered the root password for Vodafone femtocells, devices that provide the user with a mobile phone signal piggybacked onto their home broadband. The root password was 'newsys.' Once root access is obtained, phones can be forced to connect to the cell and private keys captured, allowing the user to spoof the victim's phone and potentially make calls or send texts on their account, not to mention eavesdrop."

cancel ×

77 comments

Sorry! There are no comments related to the filter you selected.

Streisand (0)

gizmod (931775) | more than 3 years ago | (#36772808)

Streisand Launch in 4, 3, 2, 1 ...

Re:Streisand (1)

rbrausse (1319883) | more than 3 years ago | (#36772840)

nope, not Streisand - afaik Vodafone isn't trying to suppress this information.

Re:Streisand (1)

Anonymous Coward | more than 3 years ago | (#36772878)

vodafone guys are on summer vacation, they're not trying to do anything. it's a MASSIVE cock up. you could in theory&practice buy one of those boxes, do a little work on it and go anywhere in the world to steal anyones (who's phone was willing to roam) imsi numbers and call with them as if they were roaming in uk. if they change the authentications they have to replace every friggin femto cell they've sold. and they must do that. and they're fucked as far as knowing who has done this or not.

Re:Streisand (1)

DeathToBill (601486) | more than 3 years ago | (#36772922)

if they change the authentications they have to replace every friggin femto cell they've sold.

Yes, or they could remotely patch the firmware. Which they've done.

You get full marks for logic and grammar.

Re:Streisand (1)

flux (5274) | more than 3 years ago | (#36773490)

This will help, but from the security POV, only the devices which have not been rooted; after that, incoming firmwares could be intercepted and applied either not at all or only partially.

I suppose they could have sign the firmware for the boot loader to check, but given the root password 'newsys', this doen't seem to go with their style..

Re:Streisand (1)

cayenne8 (626475) | more than 3 years ago | (#36776646)

Hmm...might be a good time to go out and buy one of these things....for *ahem* research.

:)

Re:Streisand (1)

Jeremiah Cornelius (137) | more than 3 years ago | (#36777008)

newsys.

Ferchrissake! plaintext, all lowercase. Not even a long, machine generated key!

It looks like the credentials for the dev lab were never updated.

Re:Streisand (1)

postbigbang (761081) | more than 3 years ago | (#36773586)

TFA didn't have any proof of this; is there another link that shows that they did indeed patch the firmware? Can it be remotely updated in a forced push? That would be unusual. Often they're user-driven push routines.

Re:Streisand (1)

cbiltcliffe (186293) | more than 3 years ago | (#36774056)

Yes, or they could remotely patch the firmware. Which they've done.

No, no, no...all you need to do is add a HOSTS file, and everything will be 100% secure until the end of the universe!!

hehehe.

Re:Streisand (1)

RobbieThe1st (1977364) | more than 3 years ago | (#36774834)

_ I've seen enough APK posts to find that funny. :P

RobbieThe1st - R U A sockpuppet of cbiltcliffe's? (0)

Anonymous Coward | more than 3 years ago | (#36778632)

Or what?? Is that comment of yours supposed to upset me? If so, what's your problem with HOSTS files then??

APK

P.S.=> I'd like to hear about it then, go for it... & then, I'll just tear it apart with facts!

(Just like I tore the "wannabe computer security guru" cbiltcliffe apart, step by methodical destroying step this week -> http://slashdot.org/comments.pl?sid=2324770&cid=36776728 [slashdot.org] and here again now in regards to HOSTS file here -> http://slashdot.org/comments.pl?sid=2324770&cid=36777198 [slashdot.org] )

In the 1st link, lol, & in the end he HAD to agree my method for killing the "unkillable rootkit" worked, & his CD was unnecessary... lol!

(Which is WHY he's doing these trolling goadings of myself in "effete retaliation", like pussy's do in real life, instead of owning their screwups like a man instead... he can't handle his own "geek angst" @ being SPANKED by his technical superior in the art & science of computing in myself!)

... apk

Re:RobbieThe1st - R U A sockpuppet of cbiltcliffe' (1)

cbiltcliffe (186293) | more than 3 years ago | (#36780218)

Wow! Watch the spittle fly!!!

Cbiltcliffe's "Greatest-Hits" Part #1 (lol, not) (-1)

Anonymous Coward | more than 3 years ago | (#36776760)

1st of all: Your CD you didn't write the tools for yourself wasn't needed vs. the "indestructible rootkit"!

You also admitted my technique using the Windows Recovery Console PROVEN TOOLS from a read-only media in listsvc, disable, & fixmbr (if not DEL & more for your off topic "theoretical attacks" in desperation) would work to NON-DESTRUCTIVELY REMOVE THE "ALLEGEDLY INDESTRUCTIBLE ROOTKIT" too, lol, which is hilarious!

(AND, that is what setoff your numerous adhominem attacks on myself since you could not get the last word there, and your talking behind my back in your posts now trying to goad me on HOSTS files... this is going right back in your face, now... enjoy!)

Here, I will list your NUMEROUS other fails vs. tech points I show below, quoting yourself, & myself in rebuttal disprovals of your "so-called" easily overturned or disproven "points" (trying to put words in my mouth I never said even, those are in my p.s. below no less as your "2 biggest fails" you ran from in the end... lol!):

Read on folks. this is hilarious, & point-by-point with backing proofs thereof as to my statements now above!

"BTW, my CD will let a tech run the recovery console on a machine remotely, over the Internet" - by cbiltcliffe (186293) on Thursday July 14, @10:10PM (#36771200) Homepage Journal

(Once I was pointed out your CD wasn't needed & obsolete against that rootkit, YOU got pissed off! Too bad, truth is truth... & YOU CAN'T HANDLE THE TRUTH!)

In fact, you admitted it yourself that my technique worked without your CD (thus "your" cd? Unneeded, & obsolete):

"Will it get rid of an MBR rootkit? Yes. Will it get rid of a driver-based rootkit with a discrete .sys file for the driver? Yes." - by cbiltcliffe (186293) on Tuesday July 12, @03:12PM (#36738656) Homepage Journal

And, there you are (literally admitting my technique for removing "the indestructable rootkit" works, non-destructively, from a read-only media using proven tools from Windows RECOVERY CONSOLE).

---

"Whether you want to admit it or not, my statements regarding you implying TCPview could show connections from rootkits are true. You did imply it." - by cbiltcliffe (186293) on Wednesday July 13, @02:27PM (#36752240) Homepage

No, your reading comprehension obviously sucks... or you skimmed, or are just trying to cover your behind trolling & burying my points all shown here and in the exchange they took place in, out of your "geek angst" due to your own numerous failures vs. myself!

Simply because I can show, here, EXACTLY what I said EXPLICITY on this account also where you tried to put words into my mouth I NEVER SAID or even IMPLIED (quoting myself yet again to disprove you):

PERTINENT QUOTE, VERBATIM FROM MYSELF:

"I can watch who/what/when/where/how my system "talks" to other systems online, & if I see one I am NOT talking to? It gets added to my firewall list (by IP address), and the offending unknown interloper malware/botnet gets "BLOWN AWAY" by ProcessExplorer.exe, as I noted in my last post/other post in reply to YOUR last post." - by Anonymous Coward (Myself, APK) on Saturday July 02, @11:35PM (#36644860)

FROM -> http://it.slashdot.org/comments.pl?sid=2282088&cid=36644860 [slashdot.org]

AND, that's ALL I use TcpView for... vs. ring3/rpl3/usermode malwares (botnets running there, virus, spyware, trojans, keyloggers, etc. BUT NOT ROOTKITS!)

---

I also pointed out, after you went off topic & proposed "theoretical rootkits", some layered security methods against it via:

Group Policies (where you can BLOCK unsigned driver installs that rootkits like this use in hello_tt.sys)

http://it.slashdot.org/comments.pl?sid=2282088&cid=36745080 [slashdot.org]

bcdedit commandlines (can be put in a 16/32/64 bit .bat or .cmd file OR logon scripts on a network even)

The fact that Windows & WFP replace them vs. patching even

http://it.slashdot.org/comments.pl?sid=2282088&cid=36745014 [slashdot.org]

That Windows warns you it is in "TEST MODE" (if unsigned drivers are made possible for install & running them) which anyone who's ever coded a driver using a debug symbols loaded Windows install & the DDK knows (I do, obviously, you do not - further illustrating how LIMIITED you are!).

AND, this too (on DNS not being deceived if a rootkits "knocked-off" first in Ring0/RPL0/Kernelmode operations):

http://it.slashdot.org/comments.pl?sid=2282088&cid=36744624 [slashdot.org]

---

HOWEVER, EVEN if something "slips past" those layered defenses that update themselves or can be protected remotely from roaming profiles even?

I have a way to remove even PATCHED .sys files also & you RAN from disproving it (because you couldn't):

Then, guess what saves the day once again?? You guessed it - The Windows install media - it has the original files

OR

You can get latest service packed versions of them by manually extracting out the latest valid models from MS using the switches on Service Pack patch files OR open them with say, WinRAR, then extract them onto another form of media, preferably a CD (read only) & load them from a bootup into Recovery Console, flipping to the copy you have on CD!

(Again - using a CD is preferred because of read-only access AND, by default, unless you change it? RC only allows you to access the Windows ROOT folders %WinDir% & %SystemRoot% iirc)

AND... There you go...

All fixed once again (IF need be too in the case you're proposing!) - because, face it:

There's nothing "the likes of you" can *THINK* of, that I can't fix easily in a second's moment of thought!

SO, as usual for myself, vs. you? This?? This was just "too, Too, TOO EASY - just '2EZ'", lol...

---

You blundered yet again, saying I said you use TcpView &/or ProcessExplorer for rootkit detection (which I never did):

"My issue has always been with your claim that could detect a root kit with Process Explorer and TCPview.." - by cbiltcliffe A FRUSTRATED TROLL (186293) on Tuesday July 12, @06:04AM (#36731236) Homepage

When you were asked to produce a quote of myself stating that verbatim & explicitly?

You RAN or showed reading comprehension issues (but you never did produce me saying that or even IMPLYING IT, per the above & next below too)!

When YOU even further said I use TcpView &/or ProcessExplorer to DETECT ROOTKITS, which you cannot produce a quote of my saying THAT either!

---

Man... U FAIL there and YET AGAIN HERE TOO, & that's all here in my last post to you with backing quotes from yourself & sources of my words too:

http://it.slashdot.org/comments.pl?sid=2282088&cid=36758338 [slashdot.org]

---

That, as well as YOU screwing up after admitting I use RC tools vs. Ring 0/RPL 0/kernel mode portions of this threat in its ROOTKIT portion which you admitted works, & then saying I use ProcessExplorer to kill the rootkit later when I don't @ all (ProcessExplorer's used for malware it hauls in that runs the botnet portion in Ring 3/RPL 3/Usermode):

"Will it get rid of an MBR rootkit? Yes. Will it get rid of a driver-based rootkit with a discrete .sys file for the driver? Yes." - by cbiltcliffe (186293) on Tuesday July 12, @03:12PM (#36738656) Homepage Journal

Where I also only use RC's listsvc, disable, & fixmbr for this rootkit... those are NOT parts of ProcessExplorer! You killed your credibility with that, & trying to put words in my mouth I NEVER ONCE STATED!

---

Fact is, I "preach" layered security, & have since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text [neowin.net]

and even FARTHER BACK with proof thereof, here:

http://it.slashdot.org/comments.pl?sid=2282088&cid=36761268 [slashdot.org]

AND, more currently, the MOST viewed & highly rated one there is for years now since 2008 online:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ [pcpitstop.com] (see January 2008))

Across 15-20 or so sites I posted it on back in 2008...

---

So - Have YOU done better, troll? NO...

Hilarious part on that account is, despite all your "big talk"?

WHEN I ASKED IF YOU HAD? YOU RAN, you outright ran... lol!

"how this one guy left a comment about how he never got malware once he used a hosts file.." - by cbiltcliffe A FRUSTRATED TROLL (186293) on Tuesday July 12, @06:04AM (#36731236) Homepage

That's FAR more than you've been able to produce as testimonials backing YOURSELF now though, & that one guy is TestedDonut, he posts here, ask him yourself in fact!

In fact, what he said's quoted above (testeddonut, /. user no less), & also others of my security guide's results for them for YEARS no less:

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2 [xtremepccentral.com]

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

(Those results are only a SMALL SAMPLING TOO, mind you - I can produce more such results, upon request, from other users & sites online)

SECURITY EFFECTIVENESS OF HOSTS FILES EXAMPLES VIA QUOTED TESTIMONIALS:

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60 [theplanet.com]

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

HOWEVER - There's ONLY 1 WEAKNESS TO IT:

Human beings, & they not being 'disciplined' about the indiscriminate usage of javascript (the main "harbinger of doom" out there today online), OR, what they download for example...

King's Joker above tends to "2nd that motion" (& there is NOTHING I can do about that! Per Dr. Manhattan of "The Watchmen", ala -> "I can change almost anything, but I can't change human nature")

HOWEVER AGAIN - That's where NORTON DNS & other DNSBL filtering DNS servers, helps -> http://nortondns.com/ [nortondns.com]

In layering that one, & also OpenDNS, ScrubIT DNS too in both your DNS settings in your OS, and routers/firewalls too!

(That helps, above & beyond a LOCAL hosts file - Especially for noob/grandma level users who are unaware of how to secure themselves in fact!)

I also do extra "layered security" work above Norton DNS too, in HOSTS files usage, that layer on to that, AND are COMPLETELY under MY personal control as well, for better speed, security, & even "anonymity" to a degree (vs DNSBL of all things) here.. 1.5 million entries worth vs. adbanners (because they have had malicious code in them @ times since 2004), bogus DNS Servers, botnet C&C servers, & known maliciously scripted websites + servers/hosts-domains that are KNOWN to serve up malware.

(I, and my friends + family that use it, along with Norton DNS? Haven't been infected ONCE, since 1996!)

See testimonials above in addition to my own, & I can produce others easily on request from other forums where my guide is (as well as mvps.org & many others that produce HOSTS files), and the above are others from /. & other forums too, no less, testifying to the same!

---

Here is yet another from a respected security guru, @ SecurityFocus.com, in Mr. Oliver Day:

Resurrecting the Killfile

Oliver Day, 2009-02-04

FROM -> http://www.securityfocus.com/columnists/491 [securityfocus.com]

PERINTENT QUOTES/EXCERPTS:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet â" particularly browsing the Web â" is actually faster now."

and

"The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

and

"This is a solution I've seen used in small communities around the Internet. Not application-based killfiles, but diving down through the network stack and blocking things at a lower level using host files. The host file is the first file that applications query when looking for an address on the network. Each of the hosts considered as unwanted guests can be given an entry in the host file pointing to 127.0.0.1, the default loopback address, effectively blocking them."

---

HERE ARE POSTS I WAS MODDED UP FOR REGARDING HOSTS FILES MANY TIMES ON THIS WEBSITE:

HOSTS MOD UP -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608 [slashdot.org]
HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1490078&cid=30555632 [slashdot.org]
HOSTS MOD UP -> http://it.slashdot.org/comments.pl?sid=1869638&cid=34237268 [slashdot.org]
HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1461288&threshold=-1&commentsort=0&mode=thread&cid=30272074 [slashdot.org]
HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1255487&cid=28197285 [slashdot.org]
HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1206409&cid=27661983 [slashdot.org]
HOSTS MOD UP -> http://apple.slashdot.org/comments.pl?sid=1725068&cid=32960808 [slashdot.org]
HOSTS MOD UP -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147274 [slashdot.org]
HOSTS MOD UP -> http://news.slashdot.org/comments.pl?sid=1913212&cid=34576182 [slashdot.org]
HOSTS MOD UP with facebook known bad sites blocked -> http://tech.slashdot.org/comments.pl?sid=1924892&cid=34670128 [slashdot.org]
HOSTS FILE MOD UP FOR ANDROID MALWARE -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952 [slashdot.org]
HOSTS MOD UP ZEUSTRACKER -> http://it.slashdot.org/comments.pl?sid=2059420&cid=35654066 [slashdot.org]
HOSTS MOD UP vs AT&T BANDWIDTH CAP -> http://tech.slashdot.org/comments.pl?sid=2116504&cid=35985584 [slashdot.org]
HOSTS MOD UP CAN DO SAME AS THE "CloudFlare" Server-Side service -> http://it.slashdot.org/comments.pl?sid=2220314&cid=36372850 [slashdot.org]
HOSTS and BGP +5 RATED (BEING HONEST) http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450 [slashdot.org]

* Which is, again & as per your usual, more than you had backing you via the testimonials of others!

(That's more than you could show... lol, by FAR!)

"What you're forgetting is that Norton DNS updates, HOSTS file updates, and everything else you can do to prevent connecting to known malicious domains are all reactive." - by cbiltcliffe (186293) on Saturday July 02, @09:45PM (#36644570) Homepage

I never said they weren't but my security guide is PROACTIVE to supplement them in layered security fashion! Your point was what then? Moot is what.

1st - NOT if I don't haul in things that can do that to me. See my guide on that note, I cut off ALL possible vectors of infestation & practice very, Very, VERY SAFE surfing (as safe as possible).

E.G.-> I don't use javascript or JAVA typically (the main harbingers/disease carriers of doom) & not if I don't allow adbanners (which not only slow you down, but infest you @ times with malware) & far more of what's in my guide (such as patching conscientiously & more, like cutting off all shares or services in a listening state I don't need etc.).

Also/Again/Once more - which you kept trying to "harp on" as you are here, you point on my HOSTS file data being up to date/fresh & comprehensive as possible from 17 respected & reliable data sources for HOSTS data + DNSBL:

My updates to my HOSTS & firewalls rules tables (in software, & in hardware) occur every 15 minutes from 17 reputable sources too... "automagically" by OVERWRITES, from a temp copy of the original, & not by appends, via a Python Script. No chance of poisoning them either.

---

"No. You stated that "if" you were to suck in one of these" - by cbiltcliffe (186293) on Saturday July 02, @09:45PM (#36644570) Homepage

I don't ever GET malware in the 1st place though, ever & as you can see above? If my guides are followed explicitly TO THE LETTER? Neither do others that use their tips/tricks/techniques... ever since I started doing "layered security" back in 1996 in fact to present! Even IF I did? It couldn't talk back to the mothership, because I am updated vs. known bogus DNS servers + botnet C&C servers, by overwrite of my HOSTS, every 15 minutes here, "automagically"!

(NOW, in a theoretical scenario I don't allow? Say, if my brother or nephew infected my system via say, USB (which I don't let them use anyhow, only my router via their laptops & I don't publish ANY shares or services they can get ahold of per my security guide))?

I also know, & have PROVEN to you, without your CD, lol...

That I know how to clear ANYTHING non-destructively, easily (and you even admitted it & even vs. your "theoretical patched driver attacks" I had methods too, & your CD was OBSOLETED right there again!)

"then the update to Norton would prevent it from being able to talk back to it's C&C." - by cbiltcliffe (186293) on Saturday July 02, @09:45PM (#36644570) Homepage

Again -> My updates to my HOSTS & firewalls (in software, & in hardware) occur every 15 minutes from 17 reputable sources too... "automagically" by OVERWRITES, from a temp copy of the original, & not by appends, via a Python Script. No chance of poisoning them either.

And

My DNS servers are rotated, & checked on each week or so here in fact (as well as verified by reverse DNS lookups if needed from my machine & others), & correct everytime by IP Address, not domain-host name (so hosts cannot affect it) & valid correct IP's for them (no fooling THAT either) in both my routers AND my OS IP Stack DNS setup!

I also avoid DNS for my 250 top fav. sites (where I spend 95% of my time online in fact) via HOSTS file hardcodes of their host-domain name TO IP address resolution (far faster than calling out to DNS servers, or ones that might be downed or DNS poisoned/redirected).

"Well, once you've got one, you can't trust the DNS servers that are shown in the NIC config GUI, because you're infected." - by cbiltcliffe (186293) on Saturday July 02, @09:45PM (#36644570) Homepage

First of all, I never GET INFECTED/INFESTED IN THE FIRST PLACE (& neither do others that follow my guide's points to the letter verbatim), & again, I rotate my DNS servers, here are their correct IP Addresses too (they're not done by hosts-domain either in my routers, or in my OS setup (dual layer of defense there too)):

NORTON DNS: 198.153.192.1 & 198.153.194.1

SCRUBIT DNS: 67.138.54.100 & 207.225.209.66

OPEN DNS: 208.67.222.222 & 208.67.220.220

"Meaning someone has to update that list between when the domain begins distributing malware and when you try to hit it." - by cbiltcliffe (186293) on Saturday July 02, @09:45PM (#36644570) Homepage

Try instead HOSTS & firewall rules table data from 17 different reputable & reliable daily updated (some hourly, some every 1/2 hour even) lists that are updated here to a temp copy 1st, by overwrite, not appends, to my HOSTS file, every 15 minutes automatically by a Python script I wrote for it.

(Always fresh, always correct & reliable via an automated system(s) I've been running for almost a decade now, that does so via verified & filtered OVERWRITES of the master original HOSTS file from a temp copy, assuring validity & clean-ness, on all possible accounts!)

"I'm telling you that there are thousands of malware domains registered daily.." - by cbiltcliffe (186293) on Thursday July 14, @06:43AM (#36760610) Homepage

First of all, who are you? Some authority?? Funny, I confronted you on that, & you can't even BEGIN to touch what I accomplished in the art & sciences of computing dozens of times while you were in diapers I suspect...

Most importantly:

CARE TO PRODUCE A LIST OF THOSE FOR ME?

(Anyone can "talk a good game", I'd like proof... because if you can produce SOLID proof of those alleged 1,000's of malware domains? I'd add them to my list... in seconds flat!)

Of course, you won't be able to produce that list, will you? Nope, you NEVER did!

And, JUST who are you, yet again?

Obviously, A defeated trolling "ne'er-do-well" who uses adhominem attacks galore in effete retaliation (see list of those below quoted from you), & whose single "accomplishment" he didn't write the tools for, lol, & tries to "take credit for it" (lmao) & I showed it was UNNEEDED FOR REMOVING THIS ROOTKIT & BOTNET TOTALLY & non-destructively from a read-only media no less WHICH YOU AGREED WORKS as well!

ROTFLMAO!

"You said that it takes 30 seconds to add a new domain to your hosts file." - by cbiltcliffe (186293) on Thursday July 14, @06:43AM (#36760610) Homepage

Where did I say 30 seconds? You don't have a quote of it, & I don't do it manually, & haven't since... oh, 2002 iirc. I wrote a Delphi automator I used for data gather, process, & commit I used 2002-2010, & now in a multiplatform one (better on larger datasets, better dedup algorithms is why) in Python that does it every 15 minutes for me... even when I sleep!

(How about you, Mr. "ne'er-do-well" big talker?)

"That means, as I said, if you wanted to even remotely keep up, you'd have to be adding a new domain to your hosts file every 2 seconds, 24/7/365.." - by cbiltcliffe (186293) on Thursday July 14, @06:43AM (#36760610) Homepage

Again, see above - I automated the process YEARS AGO, coming up on a decade almost, lol!

(I've said this before earlier here too - LEARN TO READ!)

"While you've been reading this post, 43 new malware domains have been registered that you missed putting in your hosts file, because you were reading this post, instead. You're vulnerable. OH NOES!!!!by cbiltcliffe (186293) on Thursday July 14, @06:43AM (#36760610) Homepage Journal

Again, see the above - my systems AUTOMATED & cover most (if not ALL) the major sources for both HOSTS files updates and firewall rules tables updates too, automagically, via a multiplatform system in Python, every 15 minutes from a deduplicated, alphabetically sorted, & verified system that does so via OVERWRITES of the original HOSTS file here (Read only & write protected + ACL protected too) from an ABSOLUTELY CLEAN & regularly updated temp copy, every 15 minutes, "automagically" (created by yours truly, nearly 10 yrs. ago, & better now than ever).

"Obviously, you don't do this, since you also take time to post bullshit on /., so your hosts file is marginally effective against known malware sites, and completely useless against new ones.." - by cbiltcliffe (186293) on Thursday July 14, @06:43AM (#36760610) Homepage

LMAO - man, you are making me LAUGH... read the above, please, & use your "hooked on phonics" training if you have to (and obviously, you HAVE to)... lol!

You are the one wasting your time, being defeated & disproven on EVERY "so-called point" you tried making by myself doing that to you, & you only do that to yourself... & since antivirus/antispyware are the same, reactive in nature & working on data they are given (or using heuristics which are not set "to the max" usually by default AND yield false positives too) - you "layer on" points from my security guide to stop getting malware (which I do not & numerous others testimonials show they do not as well if they follow my guides to the letter also) - then, layered on, rotating & checking 3 reputable filtering DNS systems (Norton DNS, OpenDNS, Scrub It DNS) verifying their IP addy's (shown here too in this reply) takes care of the rest in layered security fashion with IP Address firewall rules to take care of the rest too!

"so your hosts file is marginally effective against known malware sites, and completely useless against new ones." - by cbiltcliffe (186293) on Thursday July 14, @06:43AM (#36760610) Homepage

It, like an antivirus/antispyware system, is effective against the data it has to work with... most security, is. Unless you take proactive measures to supplement them, which my Windows "layered security guide" does tons of:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

AND OBVIOUSLY YOU HAVEN'T DONE A BETTER ONE, and, NUMEROUS TESTIMONIALS that say it's goods stuff from others too!

(That" That's ONLY a tiny FRACTION of what I can actually put out too in favor of my guides efficacy) show clearly otherwise... see above!

(Hence your trolling adhominem attacks out of your own effete rage @ being beaten @ every turn by facts or your own words being your undoing nearly every time, as listed below, which only tell me that you have to resort to that "LAME" tactic, because it's all a "ne'er-do-well" like yourself has @ this point - especially after what's in my p.s. below in your "2 prime blunders" here you RUN from, lol!)

"If you try to hit it before the list is updated, all bets are off." - by cbiltcliffe (186293) on Saturday July 02, @09:45PM (#36644570) Homepage

(Again) I check & rotate my DNS servers, & with correct IP addresses See them above... (I use IP addresses, in my routers AND OS setup too for them, not host-domain names that can be fooled)

Secondly, No, no bets are off...

Especially I haven't been infected by a malware ever since I started doing layered security per my guide's points back in 1996 & others that use my guides show the same!)

Secondly/Again: SO it SINKS IN - I don't get malware, period, & as you can see above, neither do others who follow my guide's points.

"Maybe you don't get malware because, between the ungodly amount of time you must spend updating that hosts file" - by cbiltcliffe (186293) on Wednesday July 13, @10:23PM (#36757884) Homepage

I don't get malware, & neither do others I showed the effectiveness of my security guide to who apply it (posted that here before, only SOME of the testimonials I can produce mind you)...

AND YET AGAIN??

I haven't wasted a second of time other than reboots for Windows updates on my HOSTS file since the day I set my Python version into motion, months ago by a click of the mouse!

It runs here constantly, using a temp copy, sorting/deduplication/filtering & changing the blocking IP address to a smaller/faster 0.0.0.0 blackhole IP address (vs. the larger & slower loopback adapter address) then, committing via OVERWRITE to assure new fresh safe copy too vs. anything that may threaten the original as well!

(That's been for MONTHS now in this latest model too & nearly a decade before it (Delphi model for Win32)... totally "AutoMagic" AND MULTIPLATFORM TOO via Python, by Yours truly, APK!)

---

"How do you propose to detect a rootkit using Process Explorer and TCPview, when the output of these programs cannot be trusted when running in a rootkitted environment?." - by cbiltcliffe A FRUSTRATED TROLL (186293) on Tuesday July 12, @06:04AM (#36731236) Homepage

I didn't state that - again, ProcessExplorer is for mopping up malwares rootkits running in Ring 0/RPL0/Kernel mode can haul in, for use in Ring 3/RPL 3/Usermode operations... & that TcpView can be used to see what your system is communicating with!

Again - I listed rootkit detection tools in my security guide for Windows, with a link to it, that shows you how to DETECT a rootkit's presence!

(Please - either learn to read, stop skimming, OR quit trolling... because you're not good @ any of them obviously!)

HERE IS WHAT I STATED IN FACT, QUOTING MYSELF VERBATIM & WHERE I SAID IT ALSO:

PERTINENT QUOTE, VERBATIM FROM MYSELF:

"I can watch who/what/when/where/how my system "talks" to other systems online, & if I see one I am NOT talking to? It gets added to my firewall list (by IP address), and the offending unknown interloper malware/botnet gets "BLOWN AWAY" by ProcessExplorer.exe, as I noted in my last post/other post in reply to YOUR last post." - by Anonymous Coward on Saturday July 02, @11:35PM (#36644860)

FROM -> http://it.slashdot.org/comments.pl?sid=2282088&cid=36644860 [slashdot.org]

And as to detecting rootkit's presence? I said this

PERTINENT QUOTE, VERBATIM FROM MYSELF:

"& in my guide? I post a NUMBER of reliable tools for rootkit detection:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

(And, there you are - TcpView is only for checking WHERE it communicates back to... as a possible way of seeing that, for adding the bogus C&C server destinations to HOSTS &/or Firewall rules tables - that's all!)" - by Anonymous Coward on Sunday July 03, @03:08PM (#36647626)

FROM -> http://it.slashdot.org/comments.pl?sid=2282088&cid=36647626 [slashdot.org]

Which now after your quoted statement @ the top of my reply here make you look to be either:

1.) ILLITERATE on, or skimming

or

2.) Just "trying to get the last word a week later" like a FOOL would when I said nothing of the KIND as you state!

---

"Yes, you do explicitly state that Process Explorer is a "big gun" for dealing with botnets (or even ROOTKITS)." - by cbiltcliffe (186293) on Wednesday July 13, @07:06PM (#36755834) Homepage

No I did't, & you couldn't produce a quote of my saying what you erroneously inferred (on purpose I suspect, it's that or you have reading or memory problems actually).

Again - The botnet part of it runs in Ring3/RPL3/Usermode, NOT THE ROOTKIT - what have I said I use to kill the rootkit? RC tools (listsvc, disable, fixmbr)...

What have I said I use to kill the malware it hauls in that runs in usermode/ring3/rpl3??

ProcessExplorer!

(But only AFTER you kill the rootkit first, so it cannot deceive ProcessExplorer by API call intercepts)!

What about that is "so difficult for you to understand"? Nothing I suspect...

You are only using it to try to "cover your ass" for putting words in my mouth I never stated once (see my ps below on that account).

"Instead, you choose to go off on irrelevant and off topic rants about how you're an expert because you're an expert" - by cbiltcliffe A FRUSTRATED TROLL (186293) on Tuesday July 12, @06:04AM (#36731236) Homepage

I never stated verbatim "I am an expert" iirc, but I basically am since I have been @ computers since 1982 from mainframes, midranges, Client Server PC networks, & PC's themselves @ most all possible levels but thanks for the compliment. However, I do have actual professional experience in this art & science of computing since 1994 as:

---

1.) Computer Technician
2.) Network Technician
3.) Network Administrator
4.) Programmer/Analyst
5.) Software Engineer
6.) Forensics & Security work
7.) CSC Degrees & an MIS minor
8.) Award winning & internationally published freeware/shareware author 1995-2002 with my code ending up in commercial products too
9.) My work being a FINALIST @ MS-Tech Ed 2000-2002 in its HARDEST CATEGORY, SQLServer Performance Enhancement (both in code AND ideas how to use them)
10.) A list of my partial fav. accomplishments I listed? You couldn't even list a fraction of them, & not as far back in time or more highly acclaimed either (I was doing things you never have, & never will, while YOU were in diapers in the art & science of computing... you couldn't prove otherwise either though fairly challenged to do so)
11.) A CSC degree & MIS minor from respected colleges/U's(s) which you don't have (which I was also an NCAA starter & letter winner in the sport of Lacrosse during too, mind you)
12.) Over 17++ yrs. of professional experience in computer science related work on a VARIED number of grounds (& doing well @ it on my part).

---

* SO - Do you have all of the above & for longer? Have you achieved more in terms of notoriety on your part also (such as commercially sold highly esteemed wares bearing YOUR CODE, & also doing well @ Microsoft Tech-Ed 2000-2002 2 yrs. in a ROW as a finalist in the hardest category there too as I have???)

---

You also blundered on services cutoffs I use from the most widely viewed guide for securing Windows there is (1/2 million or more strong in fact), & most highly rated as well (on the 15 forums it's on, it's always most viewed, top rated, made an essential security guide, you name it (even got me paid)):

"But that's the whole point. It can't function that way. Its function requires network access, which running as LocalService denies. It will not work for it's intended function. Same with telnet. Both services cannot function that way, at all." - by cbiltcliffe (186293) on Thursday July 14, @10:10PM (#36771200) Homepage

Which IS MY POINT - to secure possibly dangerous services, even if "set to manual" (though I use disabled status on them here since I don't use them/allow them on said services), those services cannot be accessed remotely if set to another logon entity (in this case, LocalService).

So once again like usual, your "so-called point"? Moot & nullified, easily...

You then tried to go "off topic" & suggest "theoretical rootkit attacks" & I nullified those easily as well:

http://it.slashdot.org/comments.pl?sid=2282088&cid=36751240 [slashdot.org]

Which you "fell silent on" once more, & your CD? Unneeded - folks already have the tools they need, period (noted in url above).

---

Then the adhominem attacks from you came & you were BLOWN AWAY yet again, by 5-6 orders of magnitude (on places I've worked for vs. your 2):

http://it.slashdot.org/comments.pl?sid=2282088&cid=36758432 [slashdot.org]

HERE WERE SOME OF YOUR INANE "FoAmiNg @ Teh MouTh" raging droolings in fact, quoted verbatim:

"Listen, you arrogant, obnoxious, simple-minded gimp." - by cbiltcliffe (186293) on Tuesday July 12, @06:04AM (#36731236) Homepage Journal

"Go back to updating your host file, little boy." - by cbiltcliffe (186293) on Wednesday July 13, @10:23PM (#36757884) Homepage Journal

(To that I blew you COMPLETELY away & you ran here -> http://it.slashdot.org/comments.pl?sid=2282088&cid=36771636 [slashdot.org] just as I did above in quote of your numerous FAILS vs. myself, time after time!)

"I just read part of your "highly rated security guide" and it's pure comedy gold." by cbiltcliffe (186293) on Thursday July 14, @06:43AM (#36760610) Homepage Journal

That's funny, others actual testimonials shown here say QUITE otherwise (in addition to my own & my family + friends too)... & you tried disproving only 2 points from it and I "shot you down in flames" on each every time, in seconds flat with actual technical proofs that work... why did you do this? Because I proved your "1 hit wonder" CD (that you didn't write the tools for no less & wasn't needed vs. the indestructible rootkit, was obsolete & unneeded because Windows RC from install CD/DVD gives you all you need & folks own it much of the time already too!)

"You're not worth the effort, as you're an ineffectual, intellectually deficient waste of skin." - by cbiltcliffe (186293) on Thursday July 14, @06:43AM (#36760610) Homepage Journal

FUNNY HOW SO MUCH OF THE ABOVE SHOWS CLEARLY OTHERWISE, & that you are speaking for YOURSELF, & "projecting" your own faults onto others in trying to say that to myself directed MY way... U FAIL, too many times, all shown here!

cbiltcliffe then posts as ac "astroturfing" here (& accused me of it later, much much later? Please):

http://it.slashdot.org/comments.pl?sid=2282088&cid=36653498 [slashdot.org]

AND, doing his usual "ad hominem attack" effete retaliation in "geek angst" for being BLOWN AWAY by myself, numerous times, as proven here point-by-point all thru this reply no less using his own words much of the time.

THEN, in some "lunatic like fashion" in your "geek angst rage"? You tried burying my posts you ran from:

(Via doing nonsense posts with 2 words in them too, here tons of times:

http://it.slashdot.org/comments.pl?sid=2282088&cid=36748960 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=2282088&cid=36748982 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=2282088&cid=36749052 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=2282088&cid=36749064 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=2282088&cid=36749144 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=2282088&cid=36749198 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=2282088&cid=36749220 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=2282088&cid=36749310 [slashdot.org]

Pitiful!

"That just shows how desperate you are." - by cbiltcliffe (186293) on Wednesday July 13, @11:22AM (#36748938) Homepage

Speak for yourself after ALL of the above, & you running from points I made, your own technical blunders shown here point by point, and your being utterly defeated by myself on each "so-called point" you TRIED to make (to the point of trying to put words in my mouth I never even said, & that you inferred wrong meanings from (doubtless intentionally trying to "twist things" but your words quoted & mine disproving them shown above, tells the true real story... now don't they? Yes, they do!)

"Run Forrest... RUN!" You only did this, to yourself!

"If you're relying on Norton DNS to prevent such a "beastie" - as you so eloquently put it - from talking to its C&C server, how can you trust the DNS settings on the infected computer?" - by cbiltcliffe (186293) on Tuesday July 12, @10:29PM (#36744054) Homepage

Layered in with a HOSTS file that has 1,493,225++ & growing "automagically" via a Python multiplatform system, & 3 other filtering DNS servers + PROACTIVE MEASURES listed in my highly esteemed security guide as well mind you?

Well - Simple/Again:

Kill it off using my technique that actually works & you EVEN ADMIT IT DOES, to kill this rootkit!

NO problem @ all then, because just like having to do so FIRST, so ProcessExplorer can't be deceived?

Again - You have to knock out the Ring0/RPL0/kernel mode stuff first, so it can't deceive Win32/64 API calls that apps in Ring3/RPL3/Usermode use!

(And, I even suggested to others here http://it.slashdot.org/comments.pl?sid=2306598&cid=36698436 [slashdot.org] that Dr. Mark Russinovich write up a protective driver for the bootsector, & to call it "APKBootSectorProtector.sys" in fact, using the mechanics of this very rootkit to protect against it!)

"I simply did a search for "apk troll" on google, to see how long you'd been pulling this BS. It was both enlightening, and hilarious. Seems you can't get into a conversation at all without pissing off just about everybody around you. Maybe that should tell you something." - by cbiltcliffe (186293) on Thursday July 14, @06:43AM (#36760610) Homepage Journal

It does - because I have done what I did to you (which you only did to yourself in your errors, trying to put words in my mouth I never said (Yes, I have been impersonated many times too online as well in attempts to do that to me, even on /.), that all "wannabes" like yourself have, is adhominem attacks, banning me (when proven wrong with facts), or attacking me behind my back, & more... just as you have been shown here doing many times!

What I personally found VERY hilarious, is, that when you "get the best of a 'wannabe guru'" in computing? They "flip out" & resort to lame tactics, everytime... it's very funny, and you were UTTERLY hilarious (and easy to dispatch everytime on every "so-called point" you tried making (even to the point of trying to say I implied things I never did, or literally stated them - this post proves QUITE otherwise with your own words, many times also).

Funniest part is, you even STATED that my "due diligence" in layered security helps (as well as you admitting I had a way to non-destructively remove the "unkillable rootkit" without your CD - it was obsolete there):

"Admittedly, as you've said, the chances of you getting something is significantly diminished due to your diligence." - by cbiltcliffe (186293) on Saturday July 02, @09:45PM (#36644570) Homepage

---

And, there you are... There WERE TONS MORE TOO, but these are the "main highlights" of a defeated wannabe computer guru, cbiltcliffe...

Thank you!

Yes, I can say that - you made ME LOOK GOOD!

Despite your other mistakes, adhominem attacks, & utter technical blunders shown above, point-by-point & you being dismantled on each "so-called point" you tried to make!

See, I have YOU, all figured out & understand you now:

You're AFRAID of folks being actually secured (see testimonials above)!

Do that?

Your "1 hit wonder" isn't needed (not even a hit & you didn't write its tools yourself either as I do many times since 1995 even in commercial softwares or 29 enterprise class sized systems in the MIS/IS/IT world that run ENTIRE FORTUNE 100-500 COMPANIES LIFEBLOOD ON MANY GROUNDS!) & won't even NEED to be USED, period!

* It reminds me of how the "Corporatocracy" (see Zeitgeist & Zeitgeist addendum online, which "the powers that be" tried to remove online no less) bury the fact Tesla gave us wireless FREE power, vs. us still stuck on fossil fuel dirty polluting usage, & that alternate clean sources exist... because what's the "greatest fear" of those in power? LOSING THAT POWER... power in being able to sucker us by making laws that force you into buying from them & more.

P.S.=> Still, You putting words in others mouth they never said, as you did to myself, which you ran from proving them? Bogus & lame...

That, as well as YOU screwing up after admitting I use RC tools vs. Ring 0/RPL 0/kernel mode portions of this threat in its ROOTKIT portion which you admitted works, & then saying I use ProcessExplorer to kill the rootkit later when I don't @ all (ProcessExplorer's used for malware it hauls in that runs the botnet portion in Ring 3/RPL 3/Usermode)

http://it.slashdot.org/comments.pl?sid=2282088&cid=36757682 [slashdot.org]

via your quoted admission of my technique working to "kill the unkillable rootkit" non-destructively with proven tools from a read-only media with tools most folks already have in the Windows Install media:

"Will it get rid of an MBR rootkit? Yes. Will it get rid of a driver-based rootkit with a discrete .sys file for the driver? Yes." - by cbiltcliffe (186293) on Tuesday July 12, @03:12PM (#36738656) Homepage Journal

Please... lol!

It's as bad as when YOU said I use TcpView &/or ProcessExplorer to DETECT ROOTKITS, which you cannot produce a quote of my saying THAT either!

Man... U FAIL there and YET AGAIN HERE TOO, & that's all here in my last post to you with backing quotes from yourself & sources of my words too:

http://it.slashdot.org/comments.pl?sid=2282088&cid=36758338 [slashdot.org]

"Stop putting words in my mouth, hypocrite." - by cbiltcliffe (186293) on Wednesday July 13, @02:19PM (#36752140) Homepage

Speak for yourself, especially after ALL OF THE ABOVE... See above in your own words captured in quotes where you tried to put words in my mouth I never ONCE STATED EXPLICITY or even IMPLIED!

U FAIL HUGELY THERE ALONE!

This was your BIGGEST MISTAKE & UNDOING IN THOSE 2 POINTS THOUGH - YOUR TRYING TO PUT WORDS IN MY MOUTH THAT I NEVER STATED or even IMPLIED? THAT ISN'T WINNING AN ARGUMENT - IT'S A SIGN OF DESPERATION & LOSING, OR ILLITERACY & SKIMMING ON YOUR PART, PERIOD!

... apk

Re:Cbiltcliffe's "Greatest-Hits" Part #1 (lol, not (1)

WrongSizeGlass (838941) | more than 3 years ago | (#36779976)

Umm, is there a way to modify my HOSTS file so I don't ever have to see your ramblings again? 'Cuz that would be a good reason to modify my HOSTS file.

An application of "ReVeRsE-PsyChoLoGy" (0)

Anonymous Coward | more than 3 years ago | (#36781054)

".elif STSOH ym yfidom ot nosaer doog a eb dluow taht zuC' ?niaga sgnilbmar ruoy ees ot evah reve t'nod I os elif STSOH ym yfidom ot yaw a ereht si ,mmU" - by WrongSizeGlass ANOTHER "ne'er-do-well" /. OFF-TOPIC TROLL on Friday July 15, @04:50PM (#36779976)

"???"

Uhm... Could we get a translation of that off-topic "troll-speak/trolllanguage" of yours, please?

* And, you're an off-topic troll - no questions asked...SEE MY SUBJECT LINE ABOVE!

APK

P.S.=> Yes, it must have just have been another off-topic done nothing of significance with his life troll spewing his off-topic b.s. again & not contributing to the ongoing conversations. Oh well - No biggie!

("ReVeRsE-PsYcHoLoGy", for trolls - Courtesy of this code by "yours truly" in less than 1 second flat):

---

#TrollTalkComReversePsychologyKiller.py (Ver #2 by APK)

def reverse(s):
    try:
        trollstring = ""
        for apksays in s:
        trollstring = apksays + trollstring
    except:
        print("error/abend in reverse function")
    return trollstring

s = ""
print reverse(s)

try:
  s = "Insert whatever 'trollspeak/trolllanguage' gibberish occurs here..."
  s = reverse(s)
  print(s)
except Exception as e:
  print(e)

---

... apk

Produce a quote of my stating that HOSTS (-1)

Anonymous Coward | more than 3 years ago | (#36776972)

Are all you need to be 100% secure - show me explicitly stating that please.

You can't & you know it. Tomhudson, & gmhowell tried that, they both RAN because they could not do that... no, all you have is trying to put words in my mouth I never said...

"No, no, no...all you need to do is add a HOSTS file, and everything will be 100% secure until the end of the universe!! hehehe." - by cbiltcliffe (186293) on Friday July 15, @09:11AM (#36774056) Homepage

* U FAIL, as usual!

Just like your consolidated FAIL list vs. myself here today shows clearly:

http://slashdot.org/comments.pl?sid=2324592&cid=36776760 [slashdot.org]

APK

P.S.=> That's where I let you trash yourself... especially by using your own mistakes, & technical inadequacy/impotency, even when you went off topic & tried putting words in my mouth I never once said!

Also?

Please - Don't tell me you're not trying to get my goat on HOSTS either, because the other repliers to you (probably your pals or sockpuppets) are mentioning my name:

http://slashdot.org/comments.pl?sid=2324592&cid=36774834 [slashdot.org]

and here:

http://slashdot.org/comments.pl?sid=2324770&cid=36774146 [slashdot.org]

(Doubtless more of your sock puppet alternate registered accounts you have, or those of others I have trashed before (cowards like yourself ALWAYS do that in rather "effete retaliation")).

And you did these posts today on HOSTS files here:

MANY times already today... WELL, back it up, prove I say HOSTS are "all you need" for perfect security then!

I'll be waiting... lol, until the "12th of never" & when the clock hand strikes 13, because I never once ever said that OR implied it even! I preach layered security:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

That does far more than just HOSTS files, but they are an excellent layered security measure.

NOW - Just because you ran from where that took place too in the topmost link above? Talking behind my back's the "best you've got" along with adhominem attacks?? LMAO... & on each point noted in the link above, OR you failed vs. trying to disprove them!

(Where you also tried to put words in my mouth about TcpView &/or ProcessExplorer in regards to detecting rookits or removing them using those tools & I never said that once, either you have reading troubles, OR as I suspect, a troll that tries putting words in others' mouths they never said & later behind their backs too, in "effete geek angst" (that's what women do, not men))

... apk

Re:Streisand (2)

rbrausse (1319883) | more than 3 years ago | (#36772926)

according to this press release [vodafone.co.uk] they reacted. Last year. with an update.

even THC's wikipage claims that the project was enden mid-2010 because of "too much fun with other things". This hack is very interesting, but more for historical reasons and not because everyone is now vulnerable

Re:Streisand (1)

migla (1099771) | more than 3 years ago | (#36772918)

nope, not Streisand - afaik Vodafone isn't trying to suppress this information.

That's what they want you to think. They're going for a reverse double anti-streisand. It's a smokescreen. A double-bluff. It's an XK-Red-27 technique.

Femtocells: the next big thing! (1)

MyFirstNameIsPaul (1552283) | more than 3 years ago | (#36772816)

Wait, we're still explaining to people on Slashdot what the function of one is?

Re:Femtocells: the next big thing! (1)

EdIII (1114411) | more than 3 years ago | (#36781804)

Wait, we're still explaining to people on Slashdot what the function of one is?

The function of a femtocell is to expand the cellular range of a provider, while providing revenue to the provider instead of being an expense. Additionally, the bandwidth consumed is not on their network (cellular network), but on the customers bandwidth.

In the US at least this is abhorrent because the people, through government, granted them so many easements and right of ways, financial incentives, tax breaks, etc.

Despite how much has been given to them they continue to raise prices, encourage "mystery fees", enjoy near infinite profit margins on txt messages, etc. and do not contribute nearly enough to their infrastructures. At just what point are the American People (I don't know how this situation relates to EU), going to get compensated or some sort of benefit from all of "help" we gave the carriers to create the infrastructure?

When the bandwidth runs out and starts costing more... then it becomes issues about piracy and other bullshit that gets us all arguing about Net Neutrality.

The reason why Netflix is such a big deal is because not everyone in a neighborhood can actually be using all of their bandwidth at once. Netflix, regardless of CDNs, causes problems for them.

It is related, because it is all related to the costs of bandwidth and infrastructure.

A femtocell explained more simply is a big FUCK YOU to the consumer by the wireless carriers.

I might be more amenable to it if they leased it and gave me a discount for running one on my bandwidth.

Re:Femtocells: the next big thing! (1)

EdIII (1114411) | more than 3 years ago | (#36781868)

Ohhhh, and to add insult to injury in this case the dipshits who configured the femtocells setup a 6 character password.

Seriously?

So now every femtocell they charged a consumer for to get, so they could get better reception and download speeds of their own bandwidth is not only exposing themselves to danger, but the femtocell itself can be used to wreak havoc on the cellular customers in general.

I hate to admit this, but part of me wants to laugh hysterically. The only option is to no longer accept connection from the femtocells and refund all the money, or deliver new femtocells to the existing owners.

Either way, Vodafone is going to get bent over for a jolly good time. They deserve it.

old news (4, Insightful)

shortscruffydave (638529) | more than 3 years ago | (#36772834)

Re:old news (3, Informative)

EdZ (755139) | more than 3 years ago | (#36772916)

They 'fixed' it by changing the default password, not by preventing the devices from sniffing and decrypting data from passers by. Break the new password, and the attack still works as before.

Re:old news (3, Funny)

naranek (1727936) | more than 3 years ago | (#36772938)

So I guess the old root password was 'sys'

Re:old news (1)

Dunbal (464142) | more than 3 years ago | (#36773002)

nope, that was too short. So it was "sys123".

Re:old news (0)

Anonymous Coward | more than 3 years ago | (#36773330)

I've got to change the password on my luggage!

Re:old news (0)

Anonymous Coward | more than 3 years ago | (#36777110)

Sadly, you're probably not far off. The newer password "newsys" is six letters, and, as you've observed, "sys" is apparently the old part... and "system" is six letters too. I'm guessing the old root password was "system."

Re:old news (2)

kyz (225372) | more than 3 years ago | (#36772962)

http://thcorg.blogspot.com/2011/07/vodafone-hacked-root-password-published.html [blogspot.com]

"What we have seen is that Vodafone fixed the way THC gained administrator access to the femto.

This of course does not fix the core of the problem: The femto transfers key material from the core network right down to the femto."

Re:old news (1)

Rich0 (548339) | more than 3 years ago | (#36773286)

This of course does not fix the core of the problem: The femto transfers key material from the core network right down to the femto."

I'd say the core of the problem is that authentication credentials ever leave the phone in the first place. Didn't they ever hear of RSA/etc?

I just don't get it - why doesn't ANYBODY use asymmetric crypto for authentication. And when they do something remotely clever, why don't they ever use a proven off-the-shelf cryptosystem to do it? DRM may be mathematically impossible to achieve, but authentication is something that is completely achievable with the right key infrastructure. And they obviously have the key infrastructure already since symmetric crypto doesn't work without it either...

Re:old news (2)

Timmmm (636430) | more than 3 years ago | (#36773668)

Because authentication is done on the SIM card. When GSM was created I doubt they were capable of public key cryptography.

Re:old news (1)

Rich0 (548339) | more than 3 years ago | (#36785758)

Sure, but there was no reason that this couldn't have been upgraded ages ago. Support both protocols in parallel for a few years until tower software is updated.

Instead, we're going to hit a wall at some point when GSM is completely cracked, and suffer with a ton of issues as a result.

I would say the problem is the market, but even the NPV of a hit that big is large today. The real problem is that nobody holds managers accountable for the real consequences of failing to take action over the long term. Sure, you can fire them, but you can't take back the money you paid them for years beforehand.

Re:old news (0)

Anonymous Coward | more than 3 years ago | (#36786148)

Uh, GSM *is* completely cracked.

Plus quite a few providers run stuff unencrypted anyway - China Telecom for one.
The Apple Beta2 software was interesting in that it would warn you about that, unfortunately beta3 has removed that useful feature..

Is the audiance listening? (0)

Anonymous Coward | more than 3 years ago | (#36772848)

still a good movie.

S.I. preffix's (1)

rossdee (243626) | more than 3 years ago | (#36772852)

Don't you think that the marketing guys are overdoing it with all these S.I. preffix's

You couldn't even see a femtocell (10 to the minus 15) in an electron microscope

zing! (0)

Anonymous Coward | more than 3 years ago | (#36772860)

You couldn't even see a femtocell (10 to the minus 15) in an electron microscope

Just like your wang?

Re:S.I. preffix's (1)

Rich0 (548339) | more than 3 years ago | (#36773306)

The base unit is parsec, you insensitive clod!

Re:S.I. preffix's (1)

Neil Boekend (1854906) | more than 3 years ago | (#36773688)

The base unit should be "distance light travels in vacuum in 1 cycle of radiation corresponding to the transition between two energy levels of the cesium-133 atom"
This is the distance light travels in 1/9,192,631,770 second. Light travels at 299 792 458 m/s, so this is 299,792,458 / 9,192,631,770 = 0.0326122557174941 m (=1.28394708 inch).
That would be a distance that's based on the constants in physics.
However, if we can't convince the USA to switch to the metric system, how can we ever hope to force the complete world to switch?

Re:S.I. preffix's (0)

Anonymous Coward | more than 3 years ago | (#36774080)

That's a bizarre base unit. What's so special about cesium-133? You're picking it arbitrarily because it's the base of the current standard.

Clearly, the units of the future should be based on the Planck units, instead.

Re:S.I. preffix's (1)

Neil Boekend (1854906) | more than 3 years ago | (#36774512)

I stand corrected.
However we should invent new SI prefixes, as the current (yotta = 10^24) isn't going to cut it (Planck length is around 1.616252x10^-35 m). To represent something in human scale we'd need a simple word for 10^11 yotta Planck lengths. Maybe terra-yotta Planck lengths? with 10^36 it should be close enough to fit.

Re:S.I. preffix's (1)

VortexCortex (1117377) | more than 3 years ago | (#36775948)

However, if we can't convince the USA to switch to the metric system, how can we ever hope to force the complete world to switch?

The USA does use the metric system. Their military, scientists and medical practitioners do. (Hint: "Click = Kilometer")

It's only the general populous that is forced into using antiquated and difficult to convert between standards by the USA's school system, and thus parents as well (being that they were taught to use those units too).

FTWA [wikipedia.org]

According to the American Central Intelligence Agency's Factbook, the International System of Units is the official system of measurement for all nations in the world except for Burma, Liberia and the United States.

It seems the USA is deliberately hindering the populous with their obsolete units of measure. Considering that it is the corporations that control Capitalist America via limitless campaign contributions and lobyists, I think it's safe to say they have an interest in keeping the people of America confused; If it was easy to convert between units the people would be better equipped to be more intelligent shoppers -- "This is $3.99 per pound, but the no-name store-brand is $7.89 for 40oz -- I bet the products are made in the same plant; How much of what dollar ounce pound?! [conversion error -- select familiar name brand to continue shopping]"

Note: Tinfoil hats can not be made from Aluminum Foil; They've made fools of us all!

Re:S.I. preffix's (1)

cayenne8 (626475) | more than 3 years ago | (#36777728)

It's only the general populous that is forced into using antiquated and difficult to convert between standards by the USA's school system, and thus parents as well (being that they were taught to use those units too).

I wouldn't term it as forced.

For the most part...the avg US citizen can't really see any major benefit to their day to day lives switching over vs the bit of upheaval and increased monetary costs it would encounter forcing us to change to metric for everything in our ever day lives.

I mean, we're a large country, and the majority of us rarely find need or opportunity to interact with those outside the US that use metric measurements.

I've used metric when I was in college (chemistry, etc)...but honestly, I don't see any benefit it would give me to switch everything over.

At my age..the biggest PITA would be temperature. I know innately how to dress when I hear on the morning weather forecast that the high will be 50F or 90F.

I have no idea without having to look things up on how I'd dress at 20C or 50C.....those values hold no intrinsic meaning to me on how hot or cold things are....just by way of growing up with it and living in a culture with F as the measurement of temperature.

But, no one is forcing us to keep our measurements....we just don't have any compelling reason in every day normal life to want to change. Just be 'be like everyone else' isn't a good enough reason (like jumping off a bridge).

Re:S.I. preffix's (1)

Megane (129182) | more than 3 years ago | (#36773380)

I think they should start using S.I. prefixes on reward points. They could call them "atto-boys".

Vodafone = Bad (3)

improfane (855034) | more than 3 years ago | (#36772858)

I can't say I am surprised.

Vodafone are a terrible company. They are one of the most expensive in the UK. They gouge me. I am changing as soon as I can. They claim to offer unlimited texts but if you send a text that is bigger than 160 characters, they charge you. They also don't pay taxes in the UK, they owe 4.8 billion in taxes but our government decided 'to let it go [guardian.co.uk] '.

Now in the UK we're facing cuts to public services, education, electricity rises. I'm not bitter. Vodafone is a bad business. You should change from them and warn people of the same. Didn't they have something to do with Egypt censorship too?

Their website is also littered with Java exceptions.

Vodafone = Incompetent

Re:Vodafone = Bad (0)

Anonymous Coward | more than 3 years ago | (#36772898)

Offtopic. Replying to the signature.

--
Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,

Have you tried any Stanislaw Lem? It's kind of like Asimov science-wise, but more like real literature literature-wise. Some of it is serious, some is humorous. Try both kinds.

Re:Vodafone = Bad (0)

rbrausse (1319883) | more than 3 years ago | (#36772948)

Lem is great! A good starting point are The Star Diaries [wikimedia.org] , a collection of short stories - they give a good overview of the range of Lem's style(s).

Re:Vodafone = Bad (1)

Inda (580031) | more than 3 years ago | (#36773500)

" if you send a text that is bigger than 160 characters, they charge you."

How does that work?

My phone automatically chops messages up into 160 char parts, one SMS message per part. It's not a modern phone either.

Just curious.

I use Tesco, btw. I can't fault them.

Re:Vodafone = Bad (1)

NJRoadfan (1254248) | more than 3 years ago | (#36773580)

Its likely that the phone is sending the longer messages as MMS or EMS, which is likely NOT covered by the "unlimited text messages" plan.

Re:Vodafone = Bad (1)

Timmmm (636430) | more than 3 years ago | (#36773678)

Yeah Android had (maybe still has) a bug where texts longer than 3*160 are sent as an MMS.

Re:Vodafone = Bad (0)

Anonymous Coward | more than 3 years ago | (#36773750)

Would be hard to call that a bug. Quite a few older handsets can't deal with concatenated SMS messages with more than 3 parts.

Re:Vodafone = Bad (1)

improfane (855034) | more than 3 years ago | (#36773680)

My Nokkia 1661 does not support MMS.

Vodafone treat multipart text messages as separate texts on the server side to rip people off. Especially when you consider that it does not charge if you break up a text manually by yourself.

Re:Vodafone = Bad (1)

mikael_j (106439) | more than 3 years ago | (#36774314)

That seems weird, the common way to do it is to have an ID imbedded in the message so that the receiving device can tell which messages are actually parts of the same longer message.

The biggest problem with this scheme is when a device receives only part of the message, all phones seem to handle this differently. Some show what they got after a while, others simply chuck it, others still will hang on to the data just in case a matching ID shows up later (which can lead to hilarity since the IDs are far from unique).

Re:Vodafone = Bad (1)

improfane (855034) | more than 3 years ago | (#36773656)

My phone chops it up into small messages but the 'unlimited' only applies to the first message. I get charged a for additional texts if my message spans more than one. It's a money grab because if I break the text manually into two separate texts, I do not get charged.

This happens on my old W595 (supports MMS) and my current Nokia 1661 (no MMS, no 3G).

Re:Vodafone = Bad (0)

Anonymous Coward | more than 3 years ago | (#36786220)

You should realize the people developing these devices are not from Vodafone, but from outside. Mobile companies just brand the device, but give the work to others like Huawei, Siemens, etc. You also realize people working in the marketing department(who most likely operate the website) are not the ones that operate the mobile network. The website malfunctioning is just lost public image, the mobile network not functioning is lost revenue in the most explicit form.

Your assessment that Vodafone is incompetent is maybe just a bit hasty.

The root password is "newsys"? (1)

Sparx139 (1460489) | more than 3 years ago | (#36772888)

Isn't that kind of insecure? As in, the sort of thing that you would slap people for setting a root password as?

Slap anyone that sets a root password (1)

GroovinWithMrBloe (832127) | more than 3 years ago | (#36772980)

In embedded devices like these, there is no reason to use a root password. The devices should be locked down completely with a process to update them with signed firmware.

If they need some form of remote access, they should at the very least use SSH PKI.

End-to-end (3, Funny)

bWareiWare.co.uk (660144) | more than 3 years ago | (#36772928)

Why dose having root on any cell, let alone a femtocell give you the ability to impersonate and eavesdrop? They should be simply forwarding the encrypted streams to/from Vodaphone they have no need to interpret or modify them. In fact it would have been trivial to design a phone system where even the operators can't eavesdrop, encrypting each call with the receiver's public key. The first time you rang a new number you would have to trust you were getting the correct public-key, but any abuse would be easy to detect and prove. This would mean that voice-mail etc. was only accessible with the original SIM, but that may not be too much of a compromise! You could still require that any phone connecting to the network submits its private keys to law enforcement.

Re:End-to-end (1)

Anonymous Coward | more than 3 years ago | (#36772950)

Are you crazy? Vodafone is notorious for enabling easy and unquestioned access to law enforcement. Any form of encryption would make it harder for them to hand over your data.

Re:End-to-end (1)

drolli (522659) | more than 3 years ago | (#36772970)

It would not be legally trivial, for a number of reasons.

Re:End-to-end (1)

kyz (225372) | more than 3 years ago | (#36773004)

Cell networks have the same need for time-critical end-to-end delivery as fixed line networks, and thus have a very similar architecture. They don't look anything like IP networks.

Cell sites place calls on behalf of the mobile, and talk with other cell sites to handover calls in progress as the mobile passes through. They have to be trusted to do that.

GSM encryption works on the basis that the company who issued the SIM card also knows the secret keys inside the SIM card. That way, both ends can synchronise encryption/decryption, even if packets are lost and not re-transmitted. Public-key encryption almost invariably uses a block cipher that can't do that. What use is that to a phone network?

Re:End-to-end (2)

bWareiWare.co.uk (660144) | more than 3 years ago | (#36773102)

As you say the cells need to be trusted with the routing and hand-off. Obviously the cell can always block/drop/throttle calls but that don't mean you should trust them with everything.
To place a call on behalf of a mobile should require a time-limited signed token from the mobile's SIM. Once the call is established it makes no difference if you are routing an unencrypted voice codec or some encrypted data.
Public-key encryption could simply be used for the initial A5/1 initialization key, the voice data itself can still use a stream cipher.

Re:End-to-end (1)

Rich0 (548339) | more than 3 years ago | (#36773346)

Mod parent up - either symmetric or public-key encryption requires authentication with some trusted server (is the phone's account activated, etc), and if the central server can hold a copy of a symmetric key it can hold a copy of a public key.

There is also no need to escrow private keys - the network already needs access to the clear voice conversation and dialing info just to complete the call, and that is all the FBI needs. There is no need to be able to clone phones. Plus, if you wanted to clone a phone just assign a new key and have the central server give a positive authentication for either one (ie you manipulate the central database).

As with most things crypto, the GSM creators decided to re-invent the wheel, and the only reason it works is that hackers just haven't quite caught up yet. Once rogue base stations are seeded all over the place, cloned SIM cards will be sold on every street corner in New York, and once again we'll be punching in PINs or whatever to make phone calls as an almost-effective stop gap until the whole system is torn down and replaced.

Re:End-to-end (0)

Anonymous Coward | more than 3 years ago | (#36773962)

Vodaphone's femtocells decrypted the transmission in the femtocell, before re-transmitting it across the IP link. So if you had physical access to the femtocell, you had physical access to the unencrypted data stream.

The concern was that, if you bought a femtocell and tweaked its firmware, you could trick any Vodaphone handset nearby into using your femtocell. Which you control. And which leaves the data stream unencrypted internally.

(Ars has a decent story on this, http://arstechnica.com/security/news/2011/07/insecure-vodafone-femtocells-allow-eavesdropping-call-fraud.ars )

Nice password (1)

popo (107611) | more than 3 years ago | (#36772978)

A 6 digit, all alpha, all lowercase password, made from real words.

While it's entirely possible the password would have been hacked if the password was 16 alpha-numeric-punc chars, it's hard to by sympathetic to Vodaphone when they're this sloppy.

Old news (0)

Anonymous Coward | more than 3 years ago | (#36773000)

This is old news... Yet Slashdot mysteriously won't cover the story about the unredacted Manning/Lamo chat logs [wired.com] that just came out.
In fact, Google has completely censored it from their news/rss aggregators.

Re:Old news (0)

Anonymous Coward | more than 3 years ago | (#36773122)

Has Rupert Murdoch (0)

Anonymous Coward | more than 3 years ago | (#36773374)

heard about this yet?

Oblig (1)

ThatsNotPudding (1045640) | more than 3 years ago | (#36773396)

'Can everyone hear me now?'

Thanks for the shitty blog link, slashdot! (1)

Megaweapon (25185) | more than 3 years ago | (#36773412)

Their blog archive goes all the way back to July 2011!

Password (0)

Anonymous Coward | more than 3 years ago | (#36774124)

GOD

Resurgence of Phreaking (0)

Anonymous Coward | more than 3 years ago | (#36774930)

Now everything has come full circle and hackers can finally return to their roots.

Asset # + Default password (1)

sgt scrub (869860) | more than 3 years ago | (#36775500)

I worked for a company that made a security device with a default password for updates. The password was changed, post build, using the asset (serial) number of the device, a label added to the bottom of the device after install, with the default password added to the end of the string. This ensured that every device had a semi-unique password that required physical access to the device for anyone to figure out the first part of the manufacturer password. Not being a dumb ass company, that was not sufficient for them. Why? Despite the fact that the asset number was alpha numeric, all one needed to do is look at two devices to see the sequence (nn-cc-nnnn-cc-nnnnn). From there, generating nn-cc-nnnn-cc-nnnnn sequences in front of a properly guessed default password would allow brute force attacks. Anyway, the simple answer to the problem is to have a good enough UNIQUE default password then force the buyer to enter a password before the device would work.

Written Design Plan for Femtocell? (1)

BoRegardless (721219) | more than 3 years ago | (#36775756)

How could a major project at a major public company start without addressing security?

Re:Written Design Plan for Femtocell? (0)

Anonymous Coward | more than 3 years ago | (#36777846)

It's more than likely that some of the people responsible for security were simply ignored...

six-character passwords considered harmful (1)

adavies42 (746183) | more than 3 years ago | (#36779166)

why does anyone ship anything with a six-character password? why does any website allow them? eight is barely sufficient given recent gpu-based attacks, and i seriously doubt people who have trouble remembering eight characters have any less trouble with six.

Samsung's Verizon and Sprint offerings are similar (0)

Anonymous Coward | more than 3 years ago | (#36796176)

I've gotten to the boot loader and rooted the Verizon 1x, 3g, and Sprint units. The bootloader password is stored in plain text...in their GPL release. From there, if you can figure out MonteVista linux, the ipsec keys are easily found. Also the web management passwords are easy to find. http://rsaxvc.net/cgi-bin/mt/mt-search.cgi?search=scs&IncludeBlogs=3&limit=20 [rsaxvc.net]
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>