«
Expand/Collapse
748 items tagged "internet"
Related tags:
taiwan [+],
service vulnerability [+],
security [+],
download [+],
china taiwan [+],
cbutton [+],
explorer [+],
hacks [+],
censorship [+],
based buffer overflow [+],
microsoft [+],
memory [+],
cve [+],
code [+],
china [+],
overflow vulnerability [+],
mobile [+],
manager [+],
execution code [+],
cross [+],
bugtraq [+],
buffer overflow vulnerability [+],
buffer overflow exploit [+],
voting [+],
tunisia [+],
internet voting [+],
internet explorer 7 [+],
information [+],
image arrays [+],
heap [+],
execcommand [+],
internet explorer [+],
system [+],
syria [+],
stack overflow [+],
safer use [+],
privilege escalation vulnerability [+],
overflow error [+],
object memory [+],
novell groupwise internet agent [+],
iran [+],
internet explorer object [+],
internet authors [+],
huawei [+],
groupwise [+],
general purpose computer [+],
exchange [+],
amsterdam internet exchange [+],
amsterdam [+],
code execution [+],
zero [+],
xss [+],
virtual keyboards [+],
vietnam [+],
video [+],
unexpected manner [+],
u.s. [+],
trendnet [+],
timed interactive multimedia extensions [+],
time implementation [+],
tarvi [+],
talk [+],
silc [+],
service microsoft [+],
securview [+],
secure [+],
sebastian wolfgarten [+],
scripting [+],
saudi arabia [+],
property [+],
peter vreugdenhil [+],
peter [+],
panda internet security [+],
panda [+],
p event [+],
msxml [+],
mouse [+],
mountain internet [+],
mountain [+],
mole2 [+],
memory layout [+],
manager seh [+],
john perry barlow [+],
jens ohlig [+],
irssi [+],
internet visionaries [+],
internet explorer window [+],
internet explorer user [+],
internet chile [+],
internet censorship in china [+],
internet banking [+],
injection sites [+],
freedom [+],
frank becker [+],
exec function [+],
exception handler [+],
europe [+],
estonia [+],
escalation [+],
emergent [+],
election event [+],
diseno [+],
denial [+],
day [+],
david gthberg [+],
david [+],
computer [+],
comodo [+],
col [+],
cms [+],
circumventing internet censorship [+],
christian horchert [+],
chile [+],
chaos communication camp [+],
central servers [+],
canopus [+],
buffer overflow condition [+],
buffer [+],
blue screen of death [+],
bind request [+],
banking [+],
audio [+],
arduino [+],
agent [+],
activex control [+],
Software [+],
32b [+],
vulnerability [+],
chaos communication congress [+],
windows xp sp3 [+],
webapps [+],
washington [+],
viruses [+],
use [+],
usa [+],
u.s. secret [+],
turkey [+],
time element [+],
terrorism event [+],
terrorism [+],
steven j. murdoch tags [+],
state [+],
sql injection [+],
seda grses [+],
sarah gordon tags [+],
sarah gordon [+],
pseudonymously [+],
privacy event [+],
poc [+],
pilot project [+],
overflow [+],
nicholas merrill [+],
new york city [+],
microsoft office documents [+],
microcontrollers [+],
maximillian dornseif [+],
marco gercke [+],
lync [+],
legislative approaches [+],
kele [+],
john doe [+],
istanbul [+],
internet video camera [+],
internet cryptography [+],
internet censorship [+],
information disclosure vulnerability [+],
image manipulation software [+],
image [+],
ian goldberg [+],
home [+],
hackers [+],
government [+],
goldberg [+],
g ptz [+],
egypt [+],
dns [+],
development [+],
democracy [+],
daniel j. bernstein [+],
dan kaminsky [+],
d.c. [+],
cryptography [+],
black ops [+],
approach [+],
america [+],
alternative [+],
ali [+],
acorn [+],
absentee voters [+],
Hardware [+],
zero day [+],
zdi [+],
wvc [+],
wunderkind [+],
wirelessly [+],
wireless transceiver [+],
wireless doorbell [+],
wireless bridge [+],
western propaganda [+],
weigh [+],
weeks [+],
wants [+],
verisign [+],
usb network [+],
u.n. takeover [+],
twitter [+],
turning [+],
trust [+],
trend micro internet security [+],
trend [+],
treaty talks [+],
treaty [+],
touchit [+],
theresa may [+],
texas [+],
takeover [+],
switch [+],
supports [+],
stopped [+],
stop [+],
spoiled milk [+],
splurges [+],
sophos [+],
snooping hq [+],
slides [+],
sign [+],
security privilege [+],
script [+],
scary [+],
router [+],
robot [+],
rick [+],
retro [+],
reporters without borders [+],
reporters [+],
remote [+],
regulation [+],
refuse [+],
real world [+],
read [+],
radio case [+],
radio [+],
ptz [+],
psion 5mx [+],
protocols [+],
propaganda [+],
project [+],
program [+],
private thoughts [+],
poker [+],
playerpt [+],
philosophy [+],
part [+],
paper [+],
operator [+],
operating [+],
openwrt [+],
online confessional [+],
old radio [+],
old computers [+],
old [+],
object [+],
novell [+],
novel features [+],
news [+],
new [+],
network hack [+],
ms internet [+],
milk [+],
microsoft internet explorer 7 [+],
microsoft internet explorer 6 [+],
microcontroller [+],
micro internet [+],
micro [+],
martin [+],
mains power [+],
linksys wvc200 [+],
legislation [+],
latest version of internet explorer [+],
lars [+],
kindle [+],
jose nazario [+],
jose [+],
john [+],
jeremy [+],
javascript onload [+],
iran claims [+],
internet watch foundation [+],
internet use [+],
internet trust [+],
internet treaty [+],
internet traffic [+],
internet regulation [+],
internet operator [+],
internet mobile [+],
internet explorer vulnerability [+],
internet experts [+],
internet dns [+],
internet bridge [+],
internet address [+],
interactivity [+],
integer overflow vulnerability [+],
india [+],
imp [+],
imagination [+],
images [+],
human opponents [+],
hits [+],
hassle [+],
greek city states [+],
google [+],
fraud [+],
fortune 500 companies [+],
florian amrhein [+],
filter [+],
fabulously [+],
experts [+],
exec [+],
excelangue [+],
evaluation [+],
ethiopia [+],
entire world [+],
enemies [+],
electric [+],
election issue [+],
elderwood [+],
edition [+],
ebay [+],
dubai [+],
doorbell [+],
dont secure [+],
dont be [+],
dom object [+],
dock [+],
dll module [+],
disappears [+],
digital [+],
diffie [+],
desk lamp [+],
depressed robot [+],
denounces [+],
crime [+],
creating [+],
country [+],
contrary to popular belief [+],
connected systems [+],
coalesce [+],
classic [+],
clamps [+],
claims [+],
civil liberties groups [+],
civil [+],
cisco wireless [+],
cisco linksys [+],
chris [+],
child abusers [+],
challenge [+],
cctv systems [+],
case [+],
canada [+],
camera [+],
bypass [+],
bruce [+],
british internet [+],
borders [+],
board [+],
becomes [+],
backend [+],
arduinos [+],
appliances [+],
anonymous [+],
andrew hull [+],
ancient greek city [+],
amazon kindle [+],
amazon [+],
ahnlab [+],
adam obeng [+],
adam [+],
Skype [+],
ExploitsVulnerabilities [+],
10m [+],
network [+],
tor [+],
virtual tunnels [+],
tor virtual [+],
privacy [+],
local internet service providers [+],
instant messaging services [+],
exploits [+],
memory corruption [+],
internet explorer versions [+],
internet explorer 8 [+],
arbitrary code execution [+],
vulnerability research [+],
critical vulnerability [+],
denial of service [+],
youtube,
year in review,
year,
xbox 360,
x exploits,
world scenarios,
workshop,
wiretap laws,
wiretap,
winhlp32,
winhlp,
windows internet name service,
windows,
will,
wikipedia,
wifi,
whitepaper,
what is net neutrality,
wep keys,
webserver setup,
webserver,
web server directory,
web page versions,
web page internet,
web,
weather station data,
weather,
way,
warning,
war,
vulnerable version,
vulnerabilities,
vulnerabilidad,
vpn,
vows,
vmware workstation,
vmware tools,
vmware,
vml,
virtual private network,
virtual box,
video computer,
vgx,
verizon,
vbdevkit,
using internet,
users,
use of internet,
usb,
urlmon,
url validation,
url,
uri validation,
uri handler,
uri,
upheaval,
unprecedented losses,
unix,
universal service fund,
uninitialized,
understanding,
u.n. report,
txt,
trip,
traffic prioritization,
tool,
tom cross,
tinc,
time2,
threat,
thomas pototschnig,
tetris,
test sequences,
technical weaknesses,
technical infrastructures,
targets,
targeted,
target network,
target code,
tar gz,
table layout,
table element,
table chess,
table,
survey,
surveillance capabilities,
surveillance,
suite,
style object,
storm,
stack buffer,
ssl tls,
ssl,
sql,
spying,
spoof,
spam,
something simple,
software version,
social engineer,
smile,
signup wizard,
side,
shuts,
shut,
shockwave flash object,
shift jis,
setup web,
setup,
service,
server capability,
security version,
security technologies,
security practices,
security law,
security event,
security authors,
secure private network,
secunia,
scratch,
scanning,
satellite,
sat,
sap,
sanitizing,
san francisco,
sam,
safety,
safe,
safari,
s system,
ryan permeh,
rusty nail,
robots,
robotic arm,
robert clark tags,
rob carter tags,
rob carter,
reveal,
retired,
resident,
researchers,
researcher,
research internet,
research,
remote exploit,
remote buffer overflow,
releases,
relax,
regulator,
redes de internet,
receiver module,
rebuilt,
real time communications,
rare occurrence,
radio empire,
radio dial,
quot,
question,
quantified,
pwn,
public computers,
proxy software,
proxy,
protocol igmp,
protocol handler,
protected,
proof of concept,
problem,
probes,
private network,
privacy bill,
privacy act,
pre,
pool overflow,
policy,
pointer,
player,
persistent,
peripherals,
per,
pdf,
payload,
patrick chambet,
pass,
page internet explorer,
p.s. vboxguestadditions,
option element,
opera browsers,
open source initiative,
online,
object tag,
numitron,
null pointer,
nsfocus,
novell netware,
nokia internet,
nokia,
nmap,
nico waisman,
new computer,
neutrality,
networked clusters,
net neutrality legislation,
net neutrality,
net,
neighborhood cable,
needs,
nathan mcfeters,
nat,
music,
multitudinous,
multitouch,
multiplayer functionality,
msie,
mshtml,
ms10,
ms internet explorer 6,
mp martijn van dam,
mood,
monitoring,
module,
modem,
misc,
mirror,
mini pci card,
mill,
microsoft internet connection,
microsoft corp,
microsoft clip organizer,
microcontroller project,
mhtml,
metasploit,
meta tag,
meta,
meps,
memory pool,
memory effects,
medina tags,
mcdonald,
maurizio,
masses,
marvin ammori,
martijn van dam,
mariano nunez,
manager module,
malware,
malicious software,
malicious code,
major,
luis alvarez,
lucky day,
long trip,
london,
local memory,
local,
libya,
lego pieces,
legal,
leak,
layout grid,
laws,
law,
lan,
kong,
kernel mode,
kernel,
kaspersky,
julius genachowski,
jorge luis alvarez,
john heasman,
jockey,
jeff thompson tags,
jeff thompson,
javascript event handler,
jake von slatt,
jake,
ivan ristic,
isp industry,
isp,
iso,
inventor tv,
inventor,
internet worms,
internet wiretap,
internet wireless,
internet users,
internet transaction server,
internet surveillance systems,
internet signal,
internet services,
internet security suite,
internet security,
internet search,
internet satellite,
internet safety,
internet role,
internet radio player,
internet radio,
internet question,
internet privacy laws,
internet privacy,
internet opponent,
internet name service,
internet music,
internet group management protocol,
internet group management,
internet government,
internet freedom,
internet fraud,
internet filtering,
internet file sharing,
internet explorer problems,
internet explorer link,
internet explorer frame,
internet explorer code,
internet explorer browser,
internet explorer 6 sp2,
internet explorer 5,
internet crimes,
internet creations,
internet crackdown,
internet controls,
internet connection wizard,
internet communication,
internet censorship law,
internet cafes,
internet cafe software,
internet cafe,
internet browser,
internet blackout,
internet access,
international internet,
international,
internal antenna,
interface port,
interface,
intercept,
intellectual property theft,
infrared remote control,
informtico,
information leak,
information disclosure,
independent inventor,
img tag,
iedvtool,
idefense security advisory,
hxxp,
html time,
html object,
html element,
how,
hong,
hollywood,
holland,
history information,
hijacking,
hijack,
high profile companies,
hhd,
hey,
heart of the matter,
hdtvs,
harrison pham,
handhelds,
hand gestures,
hacker,
group,
graphic calculator,
global,
gile,
georgia institute of technology,
fyodor tags,
fyodor,
future of internet,
future,
fundamental right,
fundamental,
ftc,
frontal attacks,
free memory,
free error,
fm radio receiver,
flaw,
firefox,
finished board,
filtering,
filter internet,
file,
features of internet explorer,
fcc website,
fcc enforcement,
fbi,
farfisa organ,
face,
f secure internet security,
f secure,
external antenna,
explotando,
explorer telnet,
explorer 6 internet,
explorer 6 0,
exploiting,
exploit,
exact model,
event handlers,
event,
ethernet,
epidemic proportions,
entertainment,
element code,
eduardo vela,
ease,
e.u. pushes,
e. street,
dynamic,
dutch isp,
dumb idea,
drag and drop,
dos vulnerability,
dos,
domain registrars,
domain information,
dom modification,
dom editing,
dom,
dll windows,
dll,
disruptions,
directory traversal vulnerability,
differential treatment,
di croce,
dhcp,
dhclient,
developer tools,
defends,
default gateway,
decoding,
declares,
death,
david lindsay,
david barton,
datacredito,
data security,
data,
darknet,
daniel burnham,
dangling pointer,
dale coddington,
cyclope,
cybraphon,
cyber criminals,
cyber attacks,
customer confidence,
custom internet,
css,
criticises,
crimen,
crash,
crackdown,
correct reference,
corporate networks,
core,
cookie file,
controversial internet,
controversial,
control,
contests,
content,
consumer,
connection wizard,
connection,
connect,
condemns,
computer study,
communication settings,
communication,
command execution,
command,
code internet,
cloud,
clinton urges,
client,
clayrose,
cisco security advisory,
cisco security,
cisco ios,
cigar boxes,
chunk,
christopher mitchell,
christiane ruetten,
chrater,
china orders,
chess table,
chess,
chavez,
cellphones,
cds,
causes,
cat5 cables,
card,
cameras,
calcnet,
cafes,
cafe,
cable tv service,
bypassing,
building,
bt4,
bruce schneier,
browser,
broadband internet service,
bridgeport mill,
bridgeport,
bridge connection,
border property,
bof,
block,
black hat,
bill,
beta,
bar,
background job,
avg,
avast,
authors,
aussies,
aurora,
attackers,
attack patterns,
assessment methodology,
aslr,
antique wardrobe,
anti virus,
antenna,
antamedia,
animation behaviors,
andrew fried,
analyzation,
agent request,
advisory,
advanced,
adduser,
address,
active x control,
active x,
access security,
access,
accelerator,
abu dhabi,
Wireless,
Videos,
Support,
Pentesting,
Newbie,
Issues,
Howto,
General,
Final,
FCC,
Discussion,
Discusion,
BackTrack,
Area,
ARM
-
-
12:26
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
12:26
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
12:26
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
-
19:17
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
19:17
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
19:17
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
19:17
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
19:17
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
19:17
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
16:00
»
SecuriTeam
AhnLab V3 Internet Security 8.0
-
16:00
»
SecuriTeam
Microsoft Internet Explorer prone to remote code execution vulnerability
-
-
16:00
»
SecuriTeam
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.
-
-
7:41
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-193 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles repeated calls to insertAdjacentText. When the size of the element reaches a certain threshold Internet Explorer fails to correctly relocate key elements. An initialized variable in one of the function can cause memory corruption. This can lead to remote code execution under the context of the program.
-
7:41
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-193 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles repeated calls to insertAdjacentText. When the size of the element reaches a certain threshold Internet Explorer fails to correctly relocate key elements. An initialized variable in one of the function can cause memory corruption. This can lead to remote code execution under the context of the program.
-
7:41
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-193 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles repeated calls to insertAdjacentText. When the size of the element reaches a certain threshold Internet Explorer fails to correctly relocate key elements. An initialized variable in one of the function can cause memory corruption. This can lead to remote code execution under the context of the program.
-
-
15:04
»
Packet Storm Security Exploits
A security vulnerability in Internet Explorer, versions 6 through 10, allows your mouse cursor to be tracked anywhere on the screen, even if the Internet Explorer window is inactive, unfocused or minimized. The vulnerability is notable because it compromises the security of virtual keyboards and virtual keypads.
-
15:04
»
Packet Storm Security Recent Files
A security vulnerability in Internet Explorer, versions 6 through 10, allows your mouse cursor to be tracked anywhere on the screen, even if the Internet Explorer window is inactive, unfocused or minimized. The vulnerability is notable because it compromises the security of virtual keyboards and virtual keypads.
-
15:04
»
Packet Storm Security Misc. Files
A security vulnerability in Internet Explorer, versions 6 through 10, allows your mouse cursor to be tracked anywhere on the screen, even if the Internet Explorer window is inactive, unfocused or minimized. The vulnerability is notable because it compromises the security of virtual keyboards and virtual keypads.
-
-
11:01
»
Hack a Day
[Florian Amrhein] made use of some old hardware to build his own internet radio in a 1930′s radio case. The original hardware is a tube-amplified radio which he picked up on eBay. There’s tons of room in there once he removed the original electronics and that’s a good thing because he crammed a lot of [...]
-
-
11:22
»
Packet Storm Security Recent Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
11:22
»
Packet Storm Security Tools
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
11:22
»
Packet Storm Security Misc. Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
-
15:39
»
Packet Storm Security Exploits
Sites design by Diseno Internet Chile suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
-
15:39
»
Packet Storm Security Recent Files
Sites design by Diseno Internet Chile suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
-
15:39
»
Packet Storm Security Misc. Files
Sites design by Diseno Internet Chile suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
-
-
16:00
»
SecuriTeam
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.
-
-
16:00
»
SecuriTeam
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.
-
-
15:28
»
Packet Storm Security Exploits
An overflow error occurs in GroupWise Internet Agent (gwia.exe) when the LDAP service process receives an overly long BIND Request. Successful exploitation may allow execution of arbitrary code. Versions 8.0.2 HP3 and 2012 are affected. Proof of concept code included.
-
15:28
»
Packet Storm Security Recent Files
An overflow error occurs in GroupWise Internet Agent (gwia.exe) when the LDAP service process receives an overly long BIND Request. Successful exploitation may allow execution of arbitrary code. Versions 8.0.2 HP3 and 2012 are affected. Proof of concept code included.
-
15:28
»
Packet Storm Security Misc. Files
An overflow error occurs in GroupWise Internet Agent (gwia.exe) when the LDAP service process receives an overly long BIND Request. Successful exploitation may allow execution of arbitrary code. Versions 8.0.2 HP3 and 2012 are affected. Proof of concept code included.
-
-
16:45
»
Packet Storm Security Advisories
The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Microsoft Internet Explorer versions 8 and 9. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing certain "onMove" events, which could allow remote attackers the ability to execute arbitrary code via a specially crafted web page.
-
16:45
»
Packet Storm Security Recent Files
The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Microsoft Internet Explorer versions 8 and 9. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing certain "onMove" events, which could allow remote attackers the ability to execute arbitrary code via a specially crafted web page.
-
16:45
»
Packet Storm Security Misc. Files
The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Microsoft Internet Explorer versions 8 and 9. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing certain "onMove" events, which could allow remote attackers the ability to execute arbitrary code via a specially crafted web page.
-
16:44
»
Packet Storm Security Exploits
The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Microsoft Internet Explorer versions 8 and 9. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing certain "scrollIntoView" events, which could allow remote attackers the ability to execute arbitrary code via a specially crafted web page.
-
16:44
»
Packet Storm Security Recent Files
The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Microsoft Internet Explorer versions 8 and 9. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing certain "scrollIntoView" events, which could allow remote attackers the ability to execute arbitrary code via a specially crafted web page.
-
16:44
»
Packet Storm Security Misc. Files
The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Microsoft Internet Explorer versions 8 and 9. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing certain "scrollIntoView" events, which could allow remote attackers the ability to execute arbitrary code via a specially crafted web page.
-
-
6:01
»
Hack a Day
It’s time for another update chronicling the adventures and misadventures of getting really old computers to load our retro edition! First up is [Andrew Hull] and his brilliant use of a Raspberry Pi to get an old Psion 5mx PDA on the Internet. The Raspi served as a wireless bridge, taking in Internet from a WiFi dongle [...]
-
-
21:56
»
SecDocs
Authors:
Christian Horchert Frank Becker Tags:
cryptography Event:
Chaos Communication Congress 20th (20C3) 2003 Abstract: The SILC Project develops the Secure Internet Live Conferencing protocol (SILC), which is designed to provide most rich featured conferencing services and high security. In short, it's irc done right. To kick off the presentation we walk quickly through the features of SILC demonstrating the silc-Irssi. Afterwards we are going to look at the silc network and the silc protocols.
-
21:56
»
SecDocs
Authors:
Christian Horchert Frank Becker Tags:
cryptography Event:
Chaos Communication Congress 20th (20C3) 2003 Abstract: The SILC Project develops the Secure Internet Live Conferencing protocol (SILC), which is designed to provide most rich featured conferencing services and high security. In short, it's irc done right. To kick off the presentation we walk quickly through the features of SILC demonstrating the silc-Irssi. Afterwards we are going to look at the silc network and the silc protocols.
-
21:56
»
SecDocs
Authors:
Christian Horchert Frank Becker Tags:
cryptography Event:
Chaos Communication Congress 20th (20C3) 2003 Abstract: The SILC Project develops the Secure Internet Live Conferencing protocol (SILC), which is designed to provide most rich featured conferencing services and high security. In short, it's irc done right. To kick off the presentation we walk quickly through the features of SILC demonstrating the silc-Irssi. Afterwards we are going to look at the silc network and the silc protocols.
-
-
14:00
»
Hack a Day
[John] from MIT is working on a project to bring a little bit of interactivity to the hacks he does. Because his hacks receive much more attention on the Internet than in real life, [John] made it so clicking a button in your browser can change something in the real world. He calls his creation [...]
-
-
9:59
»
SecDocs
Authors:
Dan Kaminsky Tags:
DNS Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: DNS is best known for translating domain names into the numerical addresses the Internet can route. But it's capable of so much more. Ultimately, DNS is a globally deployed, routing, caching overlay network deployed across the entire Internet, both public and private. From traversing firewalls to the mass duplication of audio streams, we will demonstrate some unexpected features of this ancient system. The Domain Name System is a powerful, flexible, and integral part of the Internet. DNS's most common use is to translate names -- such as www.blackhat.com -- to addresses -- 216.231.63.34. But behind this deceptively simple operation lies a complex and interesting system, distributed widely but with a deeply centralized core. Though most commonly used to execute simple translations of the sort mentioned earlier, three aspects of the machinery lend themselves to more creative exploits. By creatively abusing the heirarchal, recursive, and cache-oriented nature of the multi-million-node DNS architecture, we can effect a range of unexpected functionality, including firewall penetration, bidirectional anonymous communication, large scale data transmission, and even "Voice over DNS".
-
9:59
»
SecDocs
Authors:
Dan Kaminsky Tags:
DNS Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: DNS is best known for translating domain names into the numerical addresses the Internet can route. But it's capable of so much more. Ultimately, DNS is a globally deployed, routing, caching overlay network deployed across the entire Internet, both public and private. From traversing firewalls to the mass duplication of audio streams, we will demonstrate some unexpected features of this ancient system. The Domain Name System is a powerful, flexible, and integral part of the Internet. DNS's most common use is to translate names -- such as www.blackhat.com -- to addresses -- 216.231.63.34. But behind this deceptively simple operation lies a complex and interesting system, distributed widely but with a deeply centralized core. Though most commonly used to execute simple translations of the sort mentioned earlier, three aspects of the machinery lend themselves to more creative exploits. By creatively abusing the heirarchal, recursive, and cache-oriented nature of the multi-million-node DNS architecture, we can effect a range of unexpected functionality, including firewall penetration, bidirectional anonymous communication, large scale data transmission, and even "Voice over DNS".
-
-
21:51
»
SecDocs
Authors:
Jens Ohlig Tags:
privacy Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: A look at the technical, political and cultural backgound of the Great Firewall of China. Practical tips for travellers to China on how to circumvent censorship and ideas on how Chinese cyber-culture may be different. The most populous country in the world, the People's Republic of China, is both an exciting and emerging cyber-society as well as a nation with harsh restrictions imposed by the government. Crackdowns against dissidents are prevalent and censorship of online content is ubiquitous. In this presentation, we shall try to give a general survey on Internet censorship in the "Middle Kingdom". Using data gathered by independant NGOs such as Amnesty International, we'll look at the human rights situation with a focus on Freedom of Speech, Freedom of the Press, and Internet Freedom. On a more technical side, we'll see how the "Great Firewall of China" is implemented. Finally, we'll discuss means of circumventing Internet censorship using methods found in the literature (proxies, onion routing) and through our own research.
-
21:51
»
SecDocs
Authors:
Jens Ohlig Tags:
privacy Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: A look at the technical, political and cultural backgound of the Great Firewall of China. Practical tips for travellers to China on how to circumvent censorship and ideas on how Chinese cyber-culture may be different. The most populous country in the world, the People's Republic of China, is both an exciting and emerging cyber-society as well as a nation with harsh restrictions imposed by the government. Crackdowns against dissidents are prevalent and censorship of online content is ubiquitous. In this presentation, we shall try to give a general survey on Internet censorship in the "Middle Kingdom". Using data gathered by independant NGOs such as Amnesty International, we'll look at the human rights situation with a focus on Freedom of Speech, Freedom of the Press, and Internet Freedom. On a more technical side, we'll see how the "Great Firewall of China" is implemented. Finally, we'll discuss means of circumventing Internet censorship using methods found in the literature (proxies, onion routing) and through our own research.
-
21:51
»
SecDocs
Authors:
Jens Ohlig Tags:
privacy Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: A look at the technical, political and cultural backgound of the Great Firewall of China. Practical tips for travellers to China on how to circumvent censorship and ideas on how Chinese cyber-culture may be different. The most populous country in the world, the People's Republic of China, is both an exciting and emerging cyber-society as well as a nation with harsh restrictions imposed by the government. Crackdowns against dissidents are prevalent and censorship of online content is ubiquitous. In this presentation, we shall try to give a general survey on Internet censorship in the "Middle Kingdom". Using data gathered by independant NGOs such as Amnesty International, we'll look at the human rights situation with a focus on Freedom of Speech, Freedom of the Press, and Internet Freedom. On a more technical side, we'll see how the "Great Firewall of China" is implemented. Finally, we'll discuss means of circumventing Internet censorship using methods found in the literature (proxies, onion routing) and through our own research.
-
-
21:28
»
SecDocs
Authors:
Joi Ito Tags:
social Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Since I started my first web site 10 years ago, we've moved from a vision of cyber-utopia to the lust of the bubble, to bust and back to a cautious optimism. Two years after writing my somewhat optimistic paper on Emergent Democracy we've seen blogs challenge the mass media, Wikipedia challenge the authority of encyclopedias and an American election heavily influenced by the Internet. I will speak about the impact that blogging and other social software is having on politics and free speech, and will discuss the US elections in this context. At the dawn of the Internet, visionaries such as John Perry Barlow wrote about cyberspace challenging the sovereignty of the nation-state. We envisioned a kind of cyber-utopia which, to begin with, we thought we were making real. In a mad rush people flowed into the Internet, but the money they brought with them corrupted its open and collaborative nature. After the bubble burst, the money left and many people revisted the open, peer-to-peer nature of the Internet. (Indeed, some had never left.) Many of the original dreams of the Internet were naïve, but with the benefit of hindsight, the maturing of open standards and the increased penetration of the Internet, a new generation of social software such as wikis and blogs are creating the conversations and dialog that we had hoped for 10 years ago. On the other hand, as the Internet becomes an increasingly critical part of the economy, governments feel that they must become involved in its governance in order to protect the public interest. The age of mass media has crushed diversity and created a shallow culture. In particular, the focus of politics has been on voting, not deliberation or debate. As the Internet begins to provide people with a way to reach a wider community, it becomes increasingly clear that having a voice is more important than having a vote. People tend to over-estimate the short-term potential of new technologies and under-estimate the long-term potential. I will argue that although we are at risk of the Internet turning into yet another regulated channel, we have the ability to both prevent that and reverse the damage on culture and politics caused by monopolistic media.
-
21:28
»
SecDocs
Authors:
Joi Ito Tags:
social Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Since I started my first web site 10 years ago, we've moved from a vision of cyber-utopia to the lust of the bubble, to bust and back to a cautious optimism. Two years after writing my somewhat optimistic paper on Emergent Democracy we've seen blogs challenge the mass media, Wikipedia challenge the authority of encyclopedias and an American election heavily influenced by the Internet. I will speak about the impact that blogging and other social software is having on politics and free speech, and will discuss the US elections in this context. At the dawn of the Internet, visionaries such as John Perry Barlow wrote about cyberspace challenging the sovereignty of the nation-state. We envisioned a kind of cyber-utopia which, to begin with, we thought we were making real. In a mad rush people flowed into the Internet, but the money they brought with them corrupted its open and collaborative nature. After the bubble burst, the money left and many people revisted the open, peer-to-peer nature of the Internet. (Indeed, some had never left.) Many of the original dreams of the Internet were naïve, but with the benefit of hindsight, the maturing of open standards and the increased penetration of the Internet, a new generation of social software such as wikis and blogs are creating the conversations and dialog that we had hoped for 10 years ago. On the other hand, as the Internet becomes an increasingly critical part of the economy, governments feel that they must become involved in its governance in order to protect the public interest. The age of mass media has crushed diversity and created a shallow culture. In particular, the focus of politics has been on voting, not deliberation or debate. As the Internet begins to provide people with a way to reach a wider community, it becomes increasingly clear that having a voice is more important than having a vote. People tend to over-estimate the short-term potential of new technologies and under-estimate the long-term potential. I will argue that although we are at risk of the Internet turning into yet another regulated channel, we have the ability to both prevent that and reverse the damage on culture and politics caused by monopolistic media.
-
21:28
»
SecDocs
Authors:
Joi Ito Tags:
social Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Since I started my first web site 10 years ago, we've moved from a vision of cyber-utopia to the lust of the bubble, to bust and back to a cautious optimism. Two years after writing my somewhat optimistic paper on Emergent Democracy we've seen blogs challenge the mass media, Wikipedia challenge the authority of encyclopedias and an American election heavily influenced by the Internet. I will speak about the impact that blogging and other social software is having on politics and free speech, and will discuss the US elections in this context. At the dawn of the Internet, visionaries such as John Perry Barlow wrote about cyberspace challenging the sovereignty of the nation-state. We envisioned a kind of cyber-utopia which, to begin with, we thought we were making real. In a mad rush people flowed into the Internet, but the money they brought with them corrupted its open and collaborative nature. After the bubble burst, the money left and many people revisted the open, peer-to-peer nature of the Internet. (Indeed, some had never left.) Many of the original dreams of the Internet were naïve, but with the benefit of hindsight, the maturing of open standards and the increased penetration of the Internet, a new generation of social software such as wikis and blogs are creating the conversations and dialog that we had hoped for 10 years ago. On the other hand, as the Internet becomes an increasingly critical part of the economy, governments feel that they must become involved in its governance in order to protect the public interest. The age of mass media has crushed diversity and created a shallow culture. In particular, the focus of politics has been on voting, not deliberation or debate. As the Internet begins to provide people with a way to reach a wider community, it becomes increasingly clear that having a voice is more important than having a vote. People tend to over-estimate the short-term potential of new technologies and under-estimate the long-term potential. I will argue that although we are at risk of the Internet turning into yet another regulated channel, we have the ability to both prevent that and reverse the damage on culture and politics caused by monopolistic media.
-
-
10:32
»
SecDocs
Authors:
Maximillian Dornseif Steven J. Murdoch Tags:
covert channel Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Many files are being published on the Internet which hold unexpected (and potentially embarrassing) data. We examine different cases of hidden data in file formats (including Word, PDF and JPEG) and show examples of these from a crawl of the Internet. There is a growing trend to publish information on the Internet, rather than more conventional paper based distribution system. While this brings many benefits, complex document formats increase the risk of unintended document disclosure. A reasonably well known example is hidden information in Microsoft Office documents, in particular Word. These contain several items of potentially compromising hidden data. For example the GUID (Globally Unique IDentifier) allows different documents to be linked together, and allows the Ethernet address of the author to be derived. The revision history shows previous edits and links them to a name. Also even if revision tracking is turned off, the undo history can provide similar data. Likewise PDF documents contain metadata on the author and software used. Also since PDF can contain vector-based graphics, information not shown on the screen because it is obscured by a different object, may still exist in the file. This is a particular problem with redaction, where confidential information is covered with a black rectangle. If the redaction is performed in the PDF producer rather than editing the original image or text, then the redacted material remains in the file. While it will not be shown, the PDF file can be modified to reveal the data, or tools could be written to extract the data directly. Another potential leak of data is EXIF thumbnails in JPEG images. These are typically created by digital cameras or image manipulation software, but not all graphics programs will update them along with the main image. This results in edited images retaining the original version of the image in the thumbnail. In some cases this may only be inconvenient, such as rotated images showing the unrotated preview, but in other cases this could be a significant information leak. We performed an experiment of crawling the Internet for JPEG images and automated the process of identifying those whose thumbnail was significantly different from the main image. Our result was that almost 1% of JPEG had an incorrect EXIF thumbnail. While many were simple cropping, some were considerably more embarrassing. For example image manipulation was exposed since the thumbnail showed the original unmodified version, the source of a image could be seen despite the copyright notice being cropped out, a supposedly anonymised image showed the identity of the subject and in some cases by looking at the thumbnail, a partially nude photograph revealed more of the subject than originally intended. Our presentation will cover the issues with these formats and show real world incidents of compromising information leakage.
-
-
21:49
»
SecDocs
Authors:
Maximillian Dornseif Steven J. Murdoch Tags:
covert channel Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Many files are being published on the Internet which hold unexpected (and potentially embarrassing) data. We examine different cases of hidden data in file formats (including Word, PDF and JPEG) and show examples of these from a crawl of the Internet. There is a growing trend to publish information on the Internet, rather than more conventional paper based distribution system. While this brings many benefits, complex document formats increase the risk of unintended document disclosure. A reasonably well known example is hidden information in Microsoft Office documents, in particular Word. These contain several items of potentially compromising hidden data. For example the GUID (Globally Unique IDentifier) allows different documents to be linked together, and allows the Ethernet address of the author to be derived. The revision history shows previous edits and links them to a name. Also even if revision tracking is turned off, the undo history can provide similar data. Likewise PDF documents contain metadata on the author and software used. Also since PDF can contain vector-based graphics, information not shown on the screen because it is obscured by a different object, may still exist in the file. This is a particular problem with redaction, where confidential information is covered with a black rectangle. If the redaction is performed in the PDF producer rather than editing the original image or text, then the redacted material remains in the file. While it will not be shown, the PDF file can be modified to reveal the data, or tools could be written to extract the data directly. Another potential leak of data is EXIF thumbnails in JPEG images. These are typically created by digital cameras or image manipulation software, but not all graphics programs will update them along with the main image. This results in edited images retaining the original version of the image in the thumbnail. In some cases this may only be inconvenient, such as rotated images showing the unrotated preview, but in other cases this could be a significant information leak. We performed an experiment of crawling the Internet for JPEG images and automated the process of identifying those whose thumbnail was significantly different from the main image. Our result was that almost 1% of JPEG had an incorrect EXIF thumbnail. While many were simple cropping, some were considerably more embarrassing. For example image manipulation was exposed since the thumbnail showed the original unmodified version, the source of a image could be seen despite the copyright notice being cropped out, a supposedly anonymised image showed the identity of the subject and in some cases by looking at the thumbnail, a partially nude photograph revealed more of the subject than originally intended. Our presentation will cover the issues with these formats and show real world incidents of compromising information leakage.
-
5:01
»
Hack a Day
This wireless doorbell hack can send a text message when someone rings. Adding the hardware to the chime unit turned out to be quite simple. It shows potential for a slew of other applications. [Martin] started the project with a breakout board he had designed for an RFM12B wireless transceiver board. This board is popular [...]
-
1:22
»
Packet Storm Security Recent Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
1:22
»
Packet Storm Security Tools
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
1:22
»
Packet Storm Security Misc. Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
12:41
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec() function, leading to a use-after-free condition. Please note that this vulnerability has been exploited in the wild since Sep 14 2012, and there is currently no official patch for it.
-
12:41
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec() function, leading to a use-after-free condition. Please note that this vulnerability has been exploited in the wild since Sep 14 2012, and there is currently no official patch for it.
-
12:41
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec() function, leading to a use-after-free condition. Please note that this vulnerability has been exploited in the wild since Sep 14 2012, and there is currently no official patch for it.
-
9:12
»
SecDocs
Authors:
Yosuke Hasegawa Tags:
Internet Explorer Event:
AVTokyo 2010 Abstract: Internet Explorer 6 (IE6) is, as Microsoft themselves admit, already an outdated 'spoiled milk' web browser. Actually IE6 has loads of vulnerabilities and security flaws left untouched for years. It is, however, true of a little newer Internet Explorer 7 as well. In this session, I would explain such 'spoiled milk' browsers' vulnerabilities related to Web Applications and improper implementations which were spotted ages ago and still have not been effectively addressed. It will also include demonstrations of some exploits. In today's web-oriented world where web browsers are released and updated one after another, users tend to leap at their novel features. Yet on the other hand, there are considerable number of users loyal to classic browsers. For those old browsers, even ones still within vender maintenance period, relatively 'minor' flaws are often left unfixed for a long time. Why is it so dangerous to continue using such old browsers? To find a specific answer to this question, we must dig out the issues which are currently buried deep under ignorance.
-
5:23
»
SecDocs
Authors:
Sarbjit Sembhi Tags:
embedded Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Embedded devices are set to take centre stage in the coming internet connected revolution where anything and everything will be connected to the internet. But are the Devices, Operating Systems, Protocols and Services mature enough for what the future holds for them? This session looks at the requirements of an internet connected embedded device and the necessary protocols and services required and available, then, it goes into some implications of the currently known vulnerabilities. This lecture is based on my work in compiling a database of embedded devices, their models with operating systems (and versions), with protocols (and versions), and services (and their versions) together with vulnerabilities and the current known research on them. I will use Networked CCTV Systems as an example of network connected systems and how they can be used inappropriately to gain access.
-
-
21:28
»
SecDocs
Authors:
David Göthberg Tags:
P2P Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: About p2p-algorithms for fully distributed, totally serverless, fully scalable peer-to-peer systems. Not about specific p2p-softwares. This will only be a very brief overview of p2p-algorithms. This talk is about p2p-algorithms for fully distributed, totally serverless, fully scalable, globally searchable, robust, efficient peer-to-peer systems. These algorithms make it possible to make millions or even billions of computers work together in an organised manner without any central servers, without any computer being a boss over the others. We can now make applications such as filesharing, chat, instant messaging, Internet telephoning, radio and TV (sent from a single home user computer to a billion nodes), distributed calculation systems and many more applications. Since this talk is rather short we will not talk about specific p2p-softwares, encryption, stealth or anonymity. But we will mention some never before published stuff. The talk will be held by David Göthberg who has researched p2p-algorithms since 1997 and full time since the year 2000. Before that he used to work with Internet communication and computer security in embedded systems. (Internet in cars and other machinery.) David has now finished his research and is now working on building a p2p-programming library. So that other programmers can build advanced p2p applications easily, without having to spend years on research first. David's p2p-programming library will be available free of charge for anyone making free software. If you want more information from David before or after the congress take a look at www.pjort.com/projects/ or chat with "Mole2" in the channel #p2p-hackers on the IRC-network irc.freenode.net.
-
6:48
»
SecDocs
Authors:
David Göthberg Tags:
P2P Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: About p2p-algorithms for fully distributed, totally serverless, fully scalable peer-to-peer systems. Not about specific p2p-softwares. This will only be a very brief overview of p2p-algorithms. This talk is about p2p-algorithms for fully distributed, totally serverless, fully scalable, globally searchable, robust, efficient peer-to-peer systems. These algorithms make it possible to make millions or even billions of computers work together in an organised manner without any central servers, without any computer being a boss over the others. We can now make applications such as filesharing, chat, instant messaging, Internet telephoning, radio and TV (sent from a single home user computer to a billion nodes), distributed calculation systems and many more applications. Since this talk is rather short we will not talk about specific p2p-softwares, encryption, stealth or anonymity. But we will mention some never before published stuff. The talk will be held by David Göthberg who has researched p2p-algorithms since 1997 and full time since the year 2000. Before that he used to work with Internet communication and computer security in embedded systems. (Internet in cars and other machinery.) David has now finished his research and is now working on building a p2p-programming library. So that other programmers can build advanced p2p applications easily, without having to spend years on research first. David's p2p-programming library will be available free of charge for anyone making free software. If you want more information from David before or after the congress take a look at www.pjort.com/projects/ or chat with "Mole2" in the channel #p2p-hackers on the IRC-network irc.freenode.net.
-
6:48
»
SecDocs
Authors:
David Göthberg Tags:
P2P Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: About p2p-algorithms for fully distributed, totally serverless, fully scalable peer-to-peer systems. Not about specific p2p-softwares. This will only be a very brief overview of p2p-algorithms. This talk is about p2p-algorithms for fully distributed, totally serverless, fully scalable, globally searchable, robust, efficient peer-to-peer systems. These algorithms make it possible to make millions or even billions of computers work together in an organised manner without any central servers, without any computer being a boss over the others. We can now make applications such as filesharing, chat, instant messaging, Internet telephoning, radio and TV (sent from a single home user computer to a billion nodes), distributed calculation systems and many more applications. Since this talk is rather short we will not talk about specific p2p-softwares, encryption, stealth or anonymity. But we will mention some never before published stuff. The talk will be held by David Göthberg who has researched p2p-algorithms since 1997 and full time since the year 2000. Before that he used to work with Internet communication and computer security in embedded systems. (Internet in cars and other machinery.) David has now finished his research and is now working on building a p2p-programming library. So that other programmers can build advanced p2p applications easily, without having to spend years on research first. David's p2p-programming library will be available free of charge for anyone making free software. If you want more information from David before or after the congress take a look at www.pjort.com/projects/ or chat with "Mole2" in the channel #p2p-hackers on the IRC-network irc.freenode.net.
-
6:58
»
SecDocs
Authors:
Marco Gercke Tags:
terrorism Event:
Chaos Communication Camp 2007 Abstract: A number of legislative approaches that are regulating the use of the internet have two things in common: The cut back civil liberties and justify this with the fight against terrorism. But is it sufficient to justify such intensive measures with vague topics? The presentations highlights those areas where terrorists make use of the internet, analysis the potential of some of the measures that are currently on the wish list of law makers worldwide and compares both aspects.
-
6:52
»
SecDocs
Authors:
Marco Gercke Tags:
terrorism Event:
Chaos Communication Camp 2007 Abstract: A number of legislative approaches that are regulating the use of the internet have two things in common: The cut back civil liberties and justify this with the fight against terrorism. But is it sufficient to justify such intensive measures with vague topics? The presentations highlights those areas where terrorists make use of the internet, analysis the potential of some of the measures that are currently on the wish list of law makers worldwide and compares both aspects.
-
-
21:33
»
SecDocs
Authors:
Arien Vijn Tags:
network sniffer Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Capturing network packets is a valuable technique for troubleshooting network problems. Capturing at network speeds less, or up to one gigabit per second is feasible with a fast general purpose computer hardware. But that hardware is to slow for Ten gigabit per second ethernet (10GE). Hence, special hardware is required. This topic describes the modification of a commercially available 10GE networks security system, into a network analyser. Who can you trust? - Nobody, when it come to trouble-shooting network issues at an internet exchange point. An Internet Exchange (IX) operates by definition in-between different network providers. These providers are often competitors, each with their cultural and technical differences. Troubleshooting network issues at an IX involves at least three parties. Namely, the internet exchange operator and two or more ISPs. Each with its own systems, knowhow, procedures and culture. Such an environment is very different from networks were operators have control over the network components. Therefore an internet exchange operator must be able to identify and isolate network problems, without relying too much on the other parties involved, while the exchange stays in full operation. For this, the technique of passive monitoring - watching the traffic as it passes by - has proven to be extremely valuable. Passive monitoring for speeds less than 1 Gbps is possible with a fast general purpose computer and generic NICs. Numerous open source applications have been made for this. Ten gigabit per second ethernet (10GE) is another game. Special hardware is required to achieve that. The Amsterdam Internet Exchange (AMS-IX) modified Force10's P10 system to monitor 10GE connections. This system was originally designed for security applications at 10GE wire speeds. But since it is build around programmable logic, it is possible to adapt it to a useful trouble-shooting tool.
-
21:33
»
SecDocs
Authors:
Arien Vijn Tags:
network sniffer Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Capturing network packets is a valuable technique for troubleshooting network problems. Capturing at network speeds less, or up to one gigabit per second is feasible with a fast general purpose computer hardware. But that hardware is to slow for Ten gigabit per second ethernet (10GE). Hence, special hardware is required. This topic describes the modification of a commercially available 10GE networks security system, into a network analyser. Who can you trust? - Nobody, when it come to trouble-shooting network issues at an internet exchange point. An Internet Exchange (IX) operates by definition in-between different network providers. These providers are often competitors, each with their cultural and technical differences. Troubleshooting network issues at an IX involves at least three parties. Namely, the internet exchange operator and two or more ISPs. Each with its own systems, knowhow, procedures and culture. Such an environment is very different from networks were operators have control over the network components. Therefore an internet exchange operator must be able to identify and isolate network problems, without relying too much on the other parties involved, while the exchange stays in full operation. For this, the technique of passive monitoring - watching the traffic as it passes by - has proven to be extremely valuable. Passive monitoring for speeds less than 1 Gbps is possible with a fast general purpose computer and generic NICs. Numerous open source applications have been made for this. Ten gigabit per second ethernet (10GE) is another game. Special hardware is required to achieve that. The Amsterdam Internet Exchange (AMS-IX) modified Force10's P10 system to monitor 10GE connections. This system was originally designed for security applications at 10GE wire speeds. But since it is build around programmable logic, it is possible to adapt it to a useful trouble-shooting tool.
-
17:39
»
Packet Storm Security Recent Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
17:39
»
Packet Storm Security Tools
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
17:39
»
Packet Storm Security Misc. Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
-
21:44
»
SecDocs
Authors:
Arien Vijn Tags:
network sniffer Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Capturing network packets is a valuable technique for troubleshooting network problems. Capturing at network speeds less, or up to one gigabit per second is feasible with a fast general purpose computer hardware. But that hardware is to slow for Ten gigabit per second ethernet (10GE). Hence, special hardware is required. This topic describes the modification of a commercially available 10GE networks security system, into a network analyser. Who can you trust? - Nobody, when it come to trouble-shooting network issues at an internet exchange point. An Internet Exchange (IX) operates by definition in-between different network providers. These providers are often competitors, each with their cultural and technical differences. Troubleshooting network issues at an IX involves at least three parties. Namely, the internet exchange operator and two or more ISPs. Each with its own systems, knowhow, procedures and culture. Such an environment is very different from networks were operators have control over the network components. Therefore an internet exchange operator must be able to identify and isolate network problems, without relying too much on the other parties involved, while the exchange stays in full operation. For this, the technique of passive monitoring - watching the traffic as it passes by - has proven to be extremely valuable. Passive monitoring for speeds less than 1 Gbps is possible with a fast general purpose computer and generic NICs. Numerous open source applications have been made for this. Ten gigabit per second ethernet (10GE) is another game. Special hardware is required to achieve that. The Amsterdam Internet Exchange (AMS-IX) modified Force10's P10 system to monitor 10GE connections. This system was originally designed for security applications at 10GE wire speeds. But since it is build around programmable logic, it is possible to adapt it to a useful trouble-shooting tool.
-
21:44
»
SecDocs
Authors:
Arien Vijn Tags:
network sniffer Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Capturing network packets is a valuable technique for troubleshooting network problems. Capturing at network speeds less, or up to one gigabit per second is feasible with a fast general purpose computer hardware. But that hardware is to slow for Ten gigabit per second ethernet (10GE). Hence, special hardware is required. This topic describes the modification of a commercially available 10GE networks security system, into a network analyser. Who can you trust? - Nobody, when it come to trouble-shooting network issues at an internet exchange point. An Internet Exchange (IX) operates by definition in-between different network providers. These providers are often competitors, each with their cultural and technical differences. Troubleshooting network issues at an IX involves at least three parties. Namely, the internet exchange operator and two or more ISPs. Each with its own systems, knowhow, procedures and culture. Such an environment is very different from networks were operators have control over the network components. Therefore an internet exchange operator must be able to identify and isolate network problems, without relying too much on the other parties involved, while the exchange stays in full operation. For this, the technique of passive monitoring - watching the traffic as it passes by - has proven to be extremely valuable. Passive monitoring for speeds less than 1 Gbps is possible with a fast general purpose computer and generic NICs. Numerous open source applications have been made for this. Ten gigabit per second ethernet (10GE) is another game. Special hardware is required to achieve that. The Amsterdam Internet Exchange (AMS-IX) modified Force10's P10 system to monitor 10GE connections. This system was originally designed for security applications at 10GE wire speeds. But since it is build around programmable logic, it is possible to adapt it to a useful trouble-shooting tool.
-
-
17:00
»
SecuriTeam
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.
-
-
19:52
»
Packet Storm Security Exploits
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized or is deleted, aka "Time Element Memory Corruption Vulnerability." This is an exploit for the vulnerability noted in MS11-050.
-
19:52
»
Packet Storm Security Recent Files
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized or is deleted, aka "Time Element Memory Corruption Vulnerability." This is an exploit for the vulnerability noted in MS11-050.
-
19:52
»
Packet Storm Security Misc. Files
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized or is deleted, aka "Time Element Memory Corruption Vulnerability." This is an exploit for the vulnerability noted in MS11-050.
-
-
21:43
»
SecDocs
Authors:
Sebastian Wolfgarten Tags:
privacy Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: This talk analyzes large-scale, countrywide Internet content filtering from a technical point of view and investigates the current situation in the People’s Republic of China. Additionally it discusses techniques to effectively defeat censorship and based on various tests conducted by the author, comments on their applicability in the Chinese part of the Internet. Nowadays the Internet has become an essential element of the world’s media landscape and our everyday lives. Thus for many people sending and receiving emails, chatting with friends, researching information or even purchasing goods online is almost as common as watching TV or listening to the radio. Interestingly without being further challenged it is generally taken for granted in the Western world that based on human rights, constitutions, legal systems and moral values, access to the Internet is provided freely, unlimited and most importantly unfiltered. But in reality the situation for millions of users world-wide is completely different: "Chat rooms monitored. Blogs deleted. Websites blocked. Search engines restricted. People imprisoned for simply posting and sharing information" [1]. In an attempt to create virtual frontiers in cyberspace countries such as China, Vietnam, Tunisia, Iran, Saudi Arabia and Syria [1] have installed a multiplicity of technical and non-technical controls to censor the Internet and prevent their citizens from accessing or publishing information the government regards as illegal. Therewith these countries are denying essential human rights to their citizens and specifically violate article 19 of the Universal Declaration of Human Rights which states that "everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers" [2]. In order to gain a further understanding of the functionality and the extent of such censorship, this talk investigates large-scale, countrywide Internet content filtering from a technical point of view. Therefore at first it discusses various means of filtering a government might enforce to perform censoring. Next it investigates the current situation of Internet filtering in the People's Republic of China and presents the implications for Chinese users by providing concrete examples. Finally this presentation particularly highlights techniques to circumvent Internet censorship focusing on practical and easy to use solutions that are applicable in China.
-
21:43
»
SecDocs
Authors:
Sebastian Wolfgarten Tags:
privacy Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: This talk analyzes large-scale, countrywide Internet content filtering from a technical point of view and investigates the current situation in the People’s Republic of China. Additionally it discusses techniques to effectively defeat censorship and based on various tests conducted by the author, comments on their applicability in the Chinese part of the Internet. Nowadays the Internet has become an essential element of the world’s media landscape and our everyday lives. Thus for many people sending and receiving emails, chatting with friends, researching information or even purchasing goods online is almost as common as watching TV or listening to the radio. Interestingly without being further challenged it is generally taken for granted in the Western world that based on human rights, constitutions, legal systems and moral values, access to the Internet is provided freely, unlimited and most importantly unfiltered. But in reality the situation for millions of users world-wide is completely different: "Chat rooms monitored. Blogs deleted. Websites blocked. Search engines restricted. People imprisoned for simply posting and sharing information" [1]. In an attempt to create virtual frontiers in cyberspace countries such as China, Vietnam, Tunisia, Iran, Saudi Arabia and Syria [1] have installed a multiplicity of technical and non-technical controls to censor the Internet and prevent their citizens from accessing or publishing information the government regards as illegal. Therewith these countries are denying essential human rights to their citizens and specifically violate article 19 of the Universal Declaration of Human Rights which states that "everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers" [2]. In order to gain a further understanding of the functionality and the extent of such censorship, this talk investigates large-scale, countrywide Internet content filtering from a technical point of view. Therefore at first it discusses various means of filtering a government might enforce to perform censoring. Next it investigates the current situation of Internet filtering in the People's Republic of China and presents the implications for Chinese users by providing concrete examples. Finally this presentation particularly highlights techniques to circumvent Internet censorship focusing on practical and easy to use solutions that are applicable in China.
-
21:43
»
SecDocs
Authors:
Sebastian Wolfgarten Tags:
privacy Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: This talk analyzes large-scale, countrywide Internet content filtering from a technical point of view and investigates the current situation in the People’s Republic of China. Additionally it discusses techniques to effectively defeat censorship and based on various tests conducted by the author, comments on their applicability in the Chinese part of the Internet. Nowadays the Internet has become an essential element of the world’s media landscape and our everyday lives. Thus for many people sending and receiving emails, chatting with friends, researching information or even purchasing goods online is almost as common as watching TV or listening to the radio. Interestingly without being further challenged it is generally taken for granted in the Western world that based on human rights, constitutions, legal systems and moral values, access to the Internet is provided freely, unlimited and most importantly unfiltered. But in reality the situation for millions of users world-wide is completely different: "Chat rooms monitored. Blogs deleted. Websites blocked. Search engines restricted. People imprisoned for simply posting and sharing information" [1]. In an attempt to create virtual frontiers in cyberspace countries such as China, Vietnam, Tunisia, Iran, Saudi Arabia and Syria [1] have installed a multiplicity of technical and non-technical controls to censor the Internet and prevent their citizens from accessing or publishing information the government regards as illegal. Therewith these countries are denying essential human rights to their citizens and specifically violate article 19 of the Universal Declaration of Human Rights which states that "everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers" [2]. In order to gain a further understanding of the functionality and the extent of such censorship, this talk investigates large-scale, countrywide Internet content filtering from a technical point of view. Therefore at first it discusses various means of filtering a government might enforce to perform censoring. Next it investigates the current situation of Internet filtering in the People's Republic of China and presents the implications for Chinese users by providing concrete examples. Finally this presentation particularly highlights techniques to circumvent Internet censorship focusing on practical and easy to use solutions that are applicable in China.
-
-
17:27
»
Packet Storm Security Exploits
This Metasploit module exploits a heap overflow vulnerability in Internet Explorer caused by an incorrect handling of the span attribute for col elements from a fixed table, when they are modified dynamically by javascript code.
-
17:27
»
Packet Storm Security Recent Files
This Metasploit module exploits a heap overflow vulnerability in Internet Explorer caused by an incorrect handling of the span attribute for col elements from a fixed table, when they are modified dynamically by javascript code.
-
17:27
»
Packet Storm Security Misc. Files
This Metasploit module exploits a heap overflow vulnerability in Internet Explorer caused by an incorrect handling of the span attribute for col elements from a fixed table, when they are modified dynamically by javascript code.
-
-
12:02
»
Hack a Day
Have you ever wondered what a Tumblr written by a psychotic robot would look like? Wonder no more, because [Lars] has that all figured out. A few years ago, [Lars] stumbled across lowbrow.com (now defunct, but mirrored here), an online confessional and bathroom wall meant to host people’s most private thoughts and actions anonymously. [Lars] wrote [...]
-
4:44
»
Packet Storm Security Exploits
Internet Mobile suffers from a denial of service vulnerability that triggers an exception handler. Post exploitation the program must be reinstalled.
-
4:44
»
Packet Storm Security Recent Files
Internet Mobile suffers from a denial of service vulnerability that triggers an exception handler. Post exploitation the program must be reinstalled.
-
4:44
»
Packet Storm Security Misc. Files
Internet Mobile suffers from a denial of service vulnerability that triggers an exception handler. Post exploitation the program must be reinstalled.
-
-
22:03
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a heap overflow error in the mshtml.dll module when processing "Col" elements, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.
-
21:57
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll module when processing CollectionCache objects, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.
-
-
7:01
»
Hack a Day
Like many hackers of late, [Rick] has been experimenting with connecting Arduinos to the Internet with a disused WiFi router and an installation of OpenWRT. Unlike his fellow makers, [Rick] thought it would be wasteful to dedicate a single router to one Arduino project, so he used a small, low power wireless module to connect [...]
-
-
15:17
»
Packet Storm Security Recent Files
This Metasploit module exploits a memory corruption flaw in Internet Explorer 8 when handling objects with the same ID property. At the moment this module targets IE8 over Windows XP SP3 through the heap massaging plus heap spray as exploited in the wild.
-
15:17
»
Packet Storm Security Misc. Files
This Metasploit module exploits a memory corruption flaw in Internet Explorer 8 when handling objects with the same ID property. At the moment this module targets IE8 over Windows XP SP3 through the heap massaging plus heap spray as exploited in the wild.
-
-
18:28
»
Packet Storm Security Recent Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
18:28
»
Packet Storm Security Tools
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
18:28
»
Packet Storm Security Misc. Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
18:25
»
Packet Storm Security Advisories
Code Audit Labs has discovered that Microsoft Internet Explorer versions 8 and 9 suffer from a use-after-free vulnerability in the developer toolbar.
-
18:25
»
Packet Storm Security Recent Files
Code Audit Labs has discovered that Microsoft Internet Explorer versions 8 and 9 suffer from a use-after-free vulnerability in the developer toolbar.
-
18:25
»
Packet Storm Security Misc. Files
Code Audit Labs has discovered that Microsoft Internet Explorer versions 8 and 9 suffer from a use-after-free vulnerability in the developer toolbar.
-
18:23
»
Packet Storm Security Advisories
Code Audit Labs has discovered a remote code execution vulnerability in Microsoft Internet Explorer 8 due to a use-after-free issue having to do with property ids.
-
18:23
»
Packet Storm Security Recent Files
Code Audit Labs has discovered a remote code execution vulnerability in Microsoft Internet Explorer 8 due to a use-after-free issue having to do with property ids.
-
18:23
»
Packet Storm Security Misc. Files
Code Audit Labs has discovered a remote code execution vulnerability in Microsoft Internet Explorer 8 due to a use-after-free issue having to do with property ids.
-
-
17:50
»
Packet Storm Security Recent Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
17:50
»
Packet Storm Security Tools
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
17:50
»
Packet Storm Security Misc. Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
-
21:47
»
SecDocs
Authors:
Torbjörn Lofterud Tags:
games Event:
Chaos Communication Camp 2011 Abstract: For a few years I was part of a team that developed and ran autonomous poker playing robots on commercial Internet poker sites; playing poker with real money against real people in real time. The project failed... At first glance, Texas hold'em poker does seem like a fairly simple game. Developing poker playing software can be done and has been done, and there are rumors on the Internet about poker playing robots winning millions online. There are even some commercial poker playing software available on the Internet. But building a functional poker bot have two major parts; firstly integration with the online poker site, and secondly developing software capable of winning against human opponents in Texas hold'em poker. Contrary to popular belief, the first part is easy and the second part is hard. Texas hold'em provides a programming challenge extraordinaire because its an imperfect information game paired with lots of randomness and psychology. Only small pieces of information is available at a given time, and the available information is biased and often deceptive. The complete game-tree Texas hold'em poker is so large that its infeasible to calculate even offline, and impossible to do in real-time, a feat necessary for online game-play.
-
12:01
»
Hack a Day
[Adam] and [Jeremy] took on the challenge of designing a system that would make it easy to control appliances from the Internet. We’ve seen the concept many times before; it involves some method of switching mains power and connecting that mechanism to the Internet. This design is both well planned and nicely executed. We’re always [...]
-
-
12:01
»
Hack a Day
If you’re planning a build that communicates wirelessly to that ‘Internet of things’ we’ve been hearing about, you might want to check out the Electric Imp. This tiny little card connects your project to the Internet without all the hassle of configuring an embedded wireless device. Inside the Electric Imp is a good bit of [...]
-
-
21:50
»
SecDocs
Authors:
Adam Obeng Tags:
Tor privacy Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: The Internet began as state-sponsored anarchy, but it is now the tool of first resort for dissidents and propagandists alike. The poster-child project of the Free Software Movement runs on the authority of a single person; the rest clash over the very definition of the word 'free'. A company which pictured itself as smashing Big Brother is now seen as one of the perceived secretive and authoritarian in the industry; and for another, 'Don't Be Evil' is proving to be a challenging motto to live by. This talk aims to present a view of the societies of Internet from the perspective of political philosophy. Political philosophy is not politics, in the same way that computer science is not programming. It's not the politics about the Internet, but the politics *of* the Internet. Even so, events at any particular place or time just provide examples to be studied. Political philosophy is meta-politics, it's about the trends in politics and the theories we use to understand them. Real-world political systems have striking parallels in the evolution of the Internet: there was primitive anarchy before Eternal September, the era of walled gardens resembled that of Ancient Greek city-states, which were succeeded by more-or-less liberal regimes following the geographical territories of real-world governments. Because of its rapid evolution, mass participation, and highly complex human interaction, the Internet should be subjected to the sorts of questions that political philosophers ask. On the Internet, what is freedom? Do we have obligations to those in control? To each other? What rights do we have? What can we own? Once we know the way it is, we can ask how it should be...
-
-
6:01
»
Hack a Day
Because reaching over a few feet to turn off a switch is too much to bear for [Bruce], he connected his desk lamp to the Internet. It’s a pretty cool build that’s the perfect tutorial for connecting just about anything to the internet. For his build, [Bruce] used an Arduino with a relay attached to [...]
-
-
21:39
»
SecDocs
Authors:
Nicholas Merrill Tags:
privacy Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: My name is Nicholas Merrill and I was the plaintiff in a legal case in the US court system where I challenged the FBI’s policy of using a feature of the so-called USA PATRIOT act - what are called “National Security Letters” - to bypass the American Constitution's system of checks and balances and in violation of the United Nations Universal Declaration of Human Rights - in order to obtain protected personal information and to unmask anonymous Internet users. I spent over 6 years not able to speak to anyone (other than my lawyers) about my case - forced to lie to those closest to me due to an FBI gag order that carried a possible 10 year prison sentence for violating it. However the lawsuit resulted in the establishment of two key legal precedents and made changes that affect every Internet worker and Telephone worker in America. I would like to speak to the 27C3 audience in order to tell about my experience and to challenge (and offer my support and assistance to) those individuals who are in a position to challenge government surveillance requests to follow their consciences and do so. People who work at Internet Service Providers and Telephone companies as well as IT workers at Universities and private businesses are increasingly likely to encounter government attempts at surveillance. I would like to speak to the CCC regarding my experiences in resisting a National Security Letter and also a “Grand Jury Subpoena” as well as my experience of being gagged by the FBI for nearly 7 years - unable to speak on the subject or identify myself as the plaintiff in the NSL lawsuit. Nicholas Merrill founded Calyx Internet Access Corporation in 1995. Calyx Internet Access was one of the first commercial Internet service providers operating in New York City. Calyx pursued relationships with and worked with many activist groups on a pro bono or low-cost basis, including the New York Civil Liberties Union, the Independent Media Center (Indymedia.org) and the Drug Policy Foundation. In 2004, after a receiving a “National Security Letter” from the Federal Bureau of Investigation, and a subsequent request from the U.S. Secret Service, Calyx became involved with the ACLU and in using the legal system and the media to resist illegal government requests for information on Internet users. For six and a half years, Merrill and the ACLU tirelessly challenged the orders contained in the letter, resulting in the establishment of two key legal precedents overturning aspects of the national security letter program. Along the way he encountered court proceedings where he could not even be present - where he could not be referred to by name, but instead was referred to in all court documents as "John Doe". He also encountered heavy handed government censorship of court documents under the guise of "National Security" and secret evidence presented to the judge by the FBI that his attorneys were not allowed to see. The merging of Merrill's long interest in advocacy and free speech combined with his experience with the U.S. government inspired him to form a non-govermental organization (NGO) to deal specifically with this issue without being distracted or compromised by the requirements of a for-profit business.
-
21:39
»
SecDocs
Authors:
Nicholas Merrill Tags:
privacy Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: My name is Nicholas Merrill and I was the plaintiff in a legal case in the US court system where I challenged the FBI’s policy of using a feature of the so-called USA PATRIOT act - what are called “National Security Letters” - to bypass the American Constitution's system of checks and balances and in violation of the United Nations Universal Declaration of Human Rights - in order to obtain protected personal information and to unmask anonymous Internet users. I spent over 6 years not able to speak to anyone (other than my lawyers) about my case - forced to lie to those closest to me due to an FBI gag order that carried a possible 10 year prison sentence for violating it. However the lawsuit resulted in the establishment of two key legal precedents and made changes that affect every Internet worker and Telephone worker in America. I would like to speak to the 27C3 audience in order to tell about my experience and to challenge (and offer my support and assistance to) those individuals who are in a position to challenge government surveillance requests to follow their consciences and do so. People who work at Internet Service Providers and Telephone companies as well as IT workers at Universities and private businesses are increasingly likely to encounter government attempts at surveillance. I would like to speak to the CCC regarding my experiences in resisting a National Security Letter and also a “Grand Jury Subpoena” as well as my experience of being gagged by the FBI for nearly 7 years - unable to speak on the subject or identify myself as the plaintiff in the NSL lawsuit. Nicholas Merrill founded Calyx Internet Access Corporation in 1995. Calyx Internet Access was one of the first commercial Internet service providers operating in New York City. Calyx pursued relationships with and worked with many activist groups on a pro bono or low-cost basis, including the New York Civil Liberties Union, the Independent Media Center (Indymedia.org) and the Drug Policy Foundation. In 2004, after a receiving a “National Security Letter” from the Federal Bureau of Investigation, and a subsequent request from the U.S. Secret Service, Calyx became involved with the ACLU and in using the legal system and the media to resist illegal government requests for information on Internet users. For six and a half years, Merrill and the ACLU tirelessly challenged the orders contained in the letter, resulting in the establishment of two key legal precedents overturning aspects of the national security letter program. Along the way he encountered court proceedings where he could not even be present - where he could not be referred to by name, but instead was referred to in all court documents as "John Doe". He also encountered heavy handed government censorship of court documents under the guise of "National Security" and secret evidence presented to the judge by the FBI that his attorneys were not allowed to see. The merging of Merrill's long interest in advocacy and free speech combined with his experience with the U.S. government inspired him to form a non-govermental organization (NGO) to deal specifically with this issue without being distracted or compromised by the requirements of a for-profit business.
-
-
21:38
»
SecDocs
Authors:
Daniel J. Bernstein Tags:
cryptography Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Are you writing a program that sends data through the Internet? Are you sending the data through HTTP, or SMTP, or simply TCP, leaving it vulnerable to espionage, corruption, and sabotage by anyone who owns a machine connected to the same network? You can use SSH and IPsec to protect communication with your own machines, but how do you talk to the rest of the Internet? You can use TCPcrypt to protect yourself against attackers too lazy to forge packets, but how do you protect yourself against serious attackers? You can use HTTPS for low-frequency communication, but how do you handle heavy network traffic, and how do you protect yourself against the security flaws in HTTPS? Today's Internet cryptography is slow, untrustworthy, hard to use, and remarkably unsuccessful as a competitor to good old unprotected TCP. This talk will present a different approach to high-security Internet cryptography. This approach is easy for users, easy for system administrators, and, perhaps most importantly, easy for programmers. The main reason that the approach has not been tried before is that it seems to involve very slow cryptographic operations; this talk will show that the approach is extremely fast when it is done right.
-
21:38
»
SecDocs
Authors:
Daniel J. Bernstein Tags:
cryptography Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Are you writing a program that sends data through the Internet? Are you sending the data through HTTP, or SMTP, or simply TCP, leaving it vulnerable to espionage, corruption, and sabotage by anyone who owns a machine connected to the same network? You can use SSH and IPsec to protect communication with your own machines, but how do you talk to the rest of the Internet? You can use TCPcrypt to protect yourself against attackers too lazy to forge packets, but how do you protect yourself against serious attackers? You can use HTTPS for low-frequency communication, but how do you handle heavy network traffic, and how do you protect yourself against the security flaws in HTTPS? Today's Internet cryptography is slow, untrustworthy, hard to use, and remarkably unsuccessful as a competitor to good old unprotected TCP. This talk will present a different approach to high-security Internet cryptography. This approach is easy for users, easy for system administrators, and, perhaps most importantly, easy for programmers. The main reason that the approach has not been tried before is that it seems to involve very slow cryptographic operations; this talk will show that the approach is extremely fast when it is done right.
-
-
9:43
»
Packet Storm Security Advisories
Comodo Internet Security versions until 5.9 suffered from a blue screen of death denial of service condition on Microsoft Windows 7 x64 if a 32b PE with a kernel ImageBase is executed.
-
9:43
»
Packet Storm Security Recent Files
Comodo Internet Security versions until 5.9 suffered from a blue screen of death denial of service condition on Microsoft Windows 7 x64 if a 32b PE with a kernel ImageBase is executed.
-
9:43
»
Packet Storm Security Misc. Files
Comodo Internet Security versions until 5.9 suffered from a blue screen of death denial of service condition on Microsoft Windows 7 x64 if a 32b PE with a kernel ImageBase is executed.
-
-
15:50
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the "vgx.dll" component when processing certain VML behaviors, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.
-
15:50
»
Packet Storm Security Recent Files
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the "vgx.dll" component when processing certain VML behaviors, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.
-
15:50
»
Packet Storm Security Misc. Files
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the "vgx.dll" component when processing certain VML behaviors, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.
-
-
18:03
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in TRENDnet SecurView Internet Camera's ActiveX control. By supplying a long string of data as the sFilter argument of the OpenFileDlg() function, it is possible to trigger a buffer overflow condition due to WideCharToMultiByte (which converts unicode back to) overwriting the stack more than it should, which results arbitrary code execution under the context of the user.
-
18:03
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in TRENDnet SecurView Internet Camera's ActiveX control. By supplying a long string of data as the sFilter argument of the OpenFileDlg() function, it is possible to trigger a buffer overflow condition due to WideCharToMultiByte (which converts unicode back to) overwriting the stack more than it should, which results arbitrary code execution under the context of the user.
-
18:03
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in TRENDnet SecurView Internet Camera's ActiveX control. By supplying a long string of data as the sFilter argument of the OpenFileDlg() function, it is possible to trigger a buffer overflow condition due to WideCharToMultiByte (which converts unicode back to) overwriting the stack more than it should, which results arbitrary code execution under the context of the user.
-
-
20:59
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.
-
20:59
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.
-
20:59
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.
-
-
21:42
»
SecDocs
Tags:
privacy Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: We are members of Alternatif Bilişim Derneği (Alternative Informatics Association)**, one of many organizations that oppose the ongoing efforts for state-controlled Internet in Turkey. We see that the problems with media control in Turkey and in Europe are increasingly becoming part of a global problem. The governments are working on their own view of a 'secure' Internet, and we have to articulate and suggest an alternative. In our talk we want to give an account of our anti-censorship movement and the challenges we face in Turkey. We will first provide an overview of the political events; sanctions, censorship regulations and attempts of resistance in the country. Then, we will point out the main problems we face in making use of laws and technology against state control. We would also like to use our presentation as an opportunity to meet people at the CCC with similar affinities and to learn from their experience. We see a great need to create global networks and communities to articulate an alternative message; the Internet as the peoples’ media. Ali Rıza Keleş* arkeles@alternatifbilisim.org Ayşe Kaymak aysakaymak@gmail.com Işık Barış Fidaner fidaner@gmail.com Seda Gürses sguerses@esat.kuleuven.be We are members of Alternatif Bilişim Derneği (Alternative Informatics Association)**, one of many organizations that oppose the ongoing efforts for state-controlled Internet in Turkey. We see that the problems with media control in Turkey and in Europe are increasingly becoming part of a global problem. The governments are working on their own view of a 'secure' Internet, and we have to articulate and suggest an alternative. In our talk we want to give an account of our anti-censorship movement and the challenges we face in Turkey. We will first provide an overview of the political events; sanctions, censorship regulations and attempts of resistance in the country. Then, we will point out the main problems we face in making use of laws and technology against state control. We would also like to use our presentation as an opportunity to meet people at the CCC with similar affinities and to learn from their experience. We see a great need to create global networks and communities to articulate an alternative message; the Internet as the peoples’ media. A short history Despite its growing economy, democracy and fundamental rights have always been disputed in Turkey, where the shadow of the 1980 coup and still unresolved Kurdish problem is strongly felt, with the state persistently denying Kurdish citizens’ rights and repressing real political opposition to canalize the people’s consent to the authorized ‘official’ parties in the parliament. The coup in 1980 was mainly used to implement liberal policies, and this process is near completion: most state enterprises have been privatized in the last decade, including Türk Telekom, the phone company and the single ISP that owns the ADSL infrastructure in Turkey. In the same decade, the Internet use became widespread. Yet, the increasing popularity of the Internet has been accompanied by attempts to control it through criminal sanctions. Until 2007, tens of thousands of websites had been blocked by courts as ‘precaution’, including sites like Wordpress and YouTube. After the Law 5651 in 2007, even more websites were censored directly by government administration. As a response to this law, Sansüre Karşı Platform (Platform Against Censorship) was organized. In the first anti-censorship rally in 17 July 2010, nearly 3000 people participated, including Internet youth, political parties, trade unions, etc. Not long after the events in Tunisia and Egypt; the state institution for telecommunication, Bilgi Teknolojileri ve İletişim Kurumu (BTK) made a decision to force ISPs to provide unpaid Internet filters under the headings 'children', 'family' etc. This move created an enormous reaction, the culmination of which led to a nationwide Internet freedom rally in 15 May 2011 that took place in tens of cities. Alone in Istanbul 60 thousand people marched against the imposed censorship measures. What followed was a smearing campaign by controlled media (including state TV) against the protesters, and a pseudo-governance meeting with NGOs by BTK. After the general elections in June, the war with PKK escalated, suppressing the BTK decision out of media attention. Currently, DNS or IP blocking is used mostly for 'obscene' and in some cases for political websites. National security has always functioned as an excuse for the Turkish state to introduce exceptions to a rule or to make the exception the rule itself. An example is 'Ulusal Kripto Yönetmeliği' (National Crypto By-law) that was put in order in 2010. This by-law necessitates ‘official authorization’ for any encrypted communication by any citizen, and also requires the citizens to give away their encryption mechanisms and private keys to BTK for ‘storage’. In conclusion, we have reasons to believe that the government is currently developing infrastructure to utilize methods like deep packet inspection (DPI) as weapons in a 'cyberwar', possibly against its own people. These methods will include monitoring and labeling of Internet users as well as blocking communication. We made use of our 'right to information' to inquire about the plans for employing DPI, but were ‘informed’ that this is 'beyond the limits our right to information'. Problems in using laws & technology against state control The greatest problems with respect to guaranteeing fundamental rights in technology deployment and use currently are with how laws are made and how they are enforced. The lawmaking process is exclusionist, only including a few NGOs that can better be called QUANGOs (quasi-autonomous non-governmental organizations). There are several political parties and trade unions, but even their peaceful protests are occasionally declared ‘unauthorized’ and considered illegal. People in general do not trust the judiciary system, but are simply unorganized and do not believe in their power. The regime bases its legitimacy on ideology and not on lawful justice. Türk Telekom (TT), privatized in 2005, monopolizes the ADSL infrastructure, making Internet services expensive and prone to state control. In 2007, a workers' strike in TT had triggered debates on this monopoly being protected by the government. The company also acts as a service provider in several domains, creating questions about net neutrality. Another problem is with the limitation of how people can relate to technology. Computers, cellphones and other gadgets are aggressively marketed and widely used throughout the country, but the marketed forms of use mostly remain superficial, e.g., these gadgets are depicted as entertainment or as status symbols. We argue that the hegemony of these consumerist cultural connotations do hamper diverse uses of these products for a variety of motivations. A small community of Linux promoters have emerged around universities. These groups could promote alternative approaches to technology. However, under the usual political fears, they only articulate their positions professionally. Their statements usually target Microsoft or other big proprietary software companies. This position is compatible with the officially accepted national pride and national security positions in Turkey, and hence is limited to politics of technology only (see Pardus project). Leftist and Kurdish political organizations are in a position to benefit most from digital communication technologies. However, they still lack the capacity and enthusiasm to use it effectively. Alternative political media initiatives online exist, but they are mostly limited to standard uses and their technical quality reflect the lack of developers in the political community. In Turkey, engineering education is praised and supported by families. Families make up for the lack of a financially strong social system. The society in general also praises technical knowledge. However, a strong barrier separates the 'educated people' who are supposed to know it, from 'regular people' who are only supposed to consume it. Under economic pressure and feeling indebted to their families, most white collar workers dedicate themselves to their work in private companies. There is some space in some universities for shared work and creativity, but such spaces are getting smaller as most universities are being turned into technical schools. Ali Rıza Keleş, Işık Barış Fidaner are software developers, Ayşe Kaymak is a lawyer from Istanbul. Seda Gürses is an Internet researcher from Brussels. ** Alternatif Bilişim is a social network that includes users, developers and researchers of digital technologies, studying and practicing alternative uses of technology. Ultimately, our objective is to diminish the alienation of people to technical knowledge.
-
-
21:55
»
SecDocs
Tags:
privacy Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: We are members of Alternatif Bilişim Derneği (Alternative Informatics Association)**, one of many organizations that oppose the ongoing efforts for state-controlled Internet in Turkey. We see that the problems with media control in Turkey and in Europe are increasingly becoming part of a global problem. The governments are working on their own view of a 'secure' Internet, and we have to articulate and suggest an alternative. In our talk we want to give an account of our anti-censorship movement and the challenges we face in Turkey. We will first provide an overview of the political events; sanctions, censorship regulations and attempts of resistance in the country. Then, we will point out the main problems we face in making use of laws and technology against state control. We would also like to use our presentation as an opportunity to meet people at the CCC with similar affinities and to learn from their experience. We see a great need to create global networks and communities to articulate an alternative message; the Internet as the peoples’ media. Ali Rıza Keleş* arkeles@alternatifbilisim.org Ayşe Kaymak aysakaymak@gmail.com Işık Barış Fidaner fidaner@gmail.com Seda Gürses sguerses@esat.kuleuven.be We are members of Alternatif Bilişim Derneği (Alternative Informatics Association)**, one of many organizations that oppose the ongoing efforts for state-controlled Internet in Turkey. We see that the problems with media control in Turkey and in Europe are increasingly becoming part of a global problem. The governments are working on their own view of a 'secure' Internet, and we have to articulate and suggest an alternative. In our talk we want to give an account of our anti-censorship movement and the challenges we face in Turkey. We will first provide an overview of the political events; sanctions, censorship regulations and attempts of resistance in the country. Then, we will point out the main problems we face in making use of laws and technology against state control. We would also like to use our presentation as an opportunity to meet people at the CCC with similar affinities and to learn from their experience. We see a great need to create global networks and communities to articulate an alternative message; the Internet as the peoples’ media. A short history Despite its growing economy, democracy and fundamental rights have always been disputed in Turkey, where the shadow of the 1980 coup and still unresolved Kurdish problem is strongly felt, with the state persistently denying Kurdish citizens’ rights and repressing real political opposition to canalize the people’s consent to the authorized ‘official’ parties in the parliament. The coup in 1980 was mainly used to implement liberal policies, and this process is near completion: most state enterprises have been privatized in the last decade, including Türk Telekom, the phone company and the single ISP that owns the ADSL infrastructure in Turkey. In the same decade, the Internet use became widespread. Yet, the increasing popularity of the Internet has been accompanied by attempts to control it through criminal sanctions. Until 2007, tens of thousands of websites had been blocked by courts as ‘precaution’, including sites like Wordpress and YouTube. After the Law 5651 in 2007, even more websites were censored directly by government administration. As a response to this law, Sansüre Karşı Platform (Platform Against Censorship) was organized. In the first anti-censorship rally in 17 July 2010, nearly 3000 people participated, including Internet youth, political parties, trade unions, etc. Not long after the events in Tunisia and Egypt; the state institution for telecommunication, Bilgi Teknolojileri ve İletişim Kurumu (BTK) made a decision to force ISPs to provide unpaid Internet filters under the headings 'children', 'family' etc. This move created an enormous reaction, the culmination of which led to a nationwide Internet freedom rally in 15 May 2011 that took place in tens of cities. Alone in Istanbul 60 thousand people marched against the imposed censorship measures. What followed was a smearing campaign by controlled media (including state TV) against the protesters, and a pseudo-governance meeting with NGOs by BTK. After the general elections in June, the war with PKK escalated, suppressing the BTK decision out of media attention. Currently, DNS or IP blocking is used mostly for 'obscene' and in some cases for political websites. National security has always functioned as an excuse for the Turkish state to introduce exceptions to a rule or to make the exception the rule itself. An example is 'Ulusal Kripto Yönetmeliği' (National Crypto By-law) that was put in order in 2010. This by-law necessitates ‘official authorization’ for any encrypted communication by any citizen, and also requires the citizens to give away their encryption mechanisms and private keys to BTK for ‘storage’. In conclusion, we have reasons to believe that the government is currently developing infrastructure to utilize methods like deep packet inspection (DPI) as weapons in a 'cyberwar', possibly against its own people. These methods will include monitoring and labeling of Internet users as well as blocking communication. We made use of our 'right to information' to inquire about the plans for employing DPI, but were ‘informed’ that this is 'beyond the limits our right to information'. Problems in using laws & technology against state control The greatest problems with respect to guaranteeing fundamental rights in technology deployment and use currently are with how laws are made and how they are enforced. The lawmaking process is exclusionist, only including a few NGOs that can better be called QUANGOs (quasi-autonomous non-governmental organizations). There are several political parties and trade unions, but even their peaceful protests are occasionally declared ‘unauthorized’ and considered illegal. People in general do not trust the judiciary system, but are simply unorganized and do not believe in their power. The regime bases its legitimacy on ideology and not on lawful justice. Türk Telekom (TT), privatized in 2005, monopolizes the ADSL infrastructure, making Internet services expensive and prone to state control. In 2007, a workers' strike in TT had triggered debates on this monopoly being protected by the government. The company also acts as a service provider in several domains, creating questions about net neutrality. Another problem is with the limitation of how people can relate to technology. Computers, cellphones and other gadgets are aggressively marketed and widely used throughout the country, but the marketed forms of use mostly remain superficial, e.g., these gadgets are depicted as entertainment or as status symbols. We argue that the hegemony of these consumerist cultural connotations do hamper diverse uses of these products for a variety of motivations. A small community of Linux promoters have emerged around universities. These groups could promote alternative approaches to technology. However, under the usual political fears, they only articulate their positions professionally. Their statements usually target Microsoft or other big proprietary software companies. This position is compatible with the officially accepted national pride and national security positions in Turkey, and hence is limited to politics of technology only (see Pardus project). Leftist and Kurdish political organizations are in a position to benefit most from digital communication technologies. However, they still lack the capacity and enthusiasm to use it effectively. Alternative political media initiatives online exist, but they are mostly limited to standard uses and their technical quality reflect the lack of developers in the political community. In Turkey, engineering education is praised and supported by families. Families make up for the lack of a financially strong social system. The society in general also praises technical knowledge. However, a strong barrier separates the 'educated people' who are supposed to know it, from 'regular people' who are only supposed to consume it. Under economic pressure and feeling indebted to their families, most white collar workers dedicate themselves to their work in private companies. There is some space in some universities for shared work and creativity, but such spaces are getting smaller as most universities are being turned into technical schools. Ali Rıza Keleş, Işık Barış Fidaner are software developers, Ayşe Kaymak is a lawyer from Istanbul. Seda Gürses is an Internet researcher from Brussels. ** Alternatif Bilişim is a social network that includes users, developers and researchers of digital technologies, studying and practicing alternative uses of technology. Ultimately, our objective is to diminish the alienation of people to technical knowledge.
-
-
9:10
»
Packet Storm Security Recent Files
Whitepaper called Attacking the Washington, D.C. Internet Voting System. In 2010, Washington, D.C. developed an Internet voting pilot project that was intended to allow overseas absentee voters to cast their ballots using a website. The authors of this paper participated in a challenge to break the security of the system and in doing so, elected Bender from Futurama to the school board.
-
9:10
»
Packet Storm Security Misc. Files
Whitepaper called Attacking the Washington, D.C. Internet Voting System. In 2010, Washington, D.C. developed an Internet voting pilot project that was intended to allow overseas absentee voters to cast their ballots using a website. The authors of this paper participated in a challenge to break the security of the system and in doing so, elected Bender from Futurama to the school board.
-
-
13:01
»
Hack a Day
If you ever wanted your name out on the Internet, now is your time to shine. [Chris] hooked up an Arduino to the Internet and is streaming the results of combing through Twitter live to the entire world. The SocialBot9000, as [Chris] calls his build, is an Arduino Uno connected to an Ethernet shield and an LCD [...]
-
11:01
»
Hack a Day
[Excelangue] just posted a guide to using the free 3G connection in your Amazon Kindle to browse the Internet on your computer. The hack requires a Kindle Keyboard 3G and the free worldwide Internet access that comes along with the purchase price. After jailbreaking the Kindle and applying a USB network hack, [Excelangue] managed to connect his laptop [...]
-
-
11:36
»
Hack a Day
If you’ve ever wanted to program a microcontroller “in the cloud,” you might want to head over to Inventor Town, an online IDE that allows you to write and compile firmware for the MSP430 series of microcontrollers. After logging in with your Google account, you’re presented with a ‘My Projects’ page. From there, you can [...]
-
-
4:44
»
Hack a Day
It doesn’t take much imagination at all to see what a horrible effect this censorship could have on sites like Hackaday. Please do your part to stop internet censorship. Imagine how many companies would rather us not share with you how our brilliant readers have hacked their hardware to do bigger and better things than [...]
-
-
17:49
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:49
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
1337day (was: Inj3ct0r, 1337db) (710 unread)
OSVDB Vulnerabilities
Exploit-DB (373 unread)
SecurityFocus Vulnerabilities (1649 unread)
Bugtraq
(528 unread)XSSed (3 unread)
Sophos security news
Penetration Testing
(11 unread)BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution