There is a private bulletin community behind this site for discussion of security related issues. Should you feel interested in joining, contact me. You can find my e-mail address through a whois lookup.
The hacking bio-industry19-04-2008

I haven't been too involved in the hacking scene for a few years (see the files on the right :-)). The reasons are mostly personal. The security landscape has changed a lot: it has become like a large-scale illegal bio-industry. Massive bot nets, large scale illegal activity, profits. That is not what hacking has ever been about.

Real hackers can't identify themselves with that. Hacking is about skills, techniques, knowledge, challenge... All those things that make up the true hacking spirit. For those of you who believe in that... where are you?? There is a place for you in our private bulletin board. Let me know.

Solution to the APEG dilemma19-04-2008

You all must have read about the new Automated Patch-based Exploit Generator (http://www.cs.cmu.edu/~dbrumley/pubs/apeg.html). To summarize, when a security patch has been released, it can be used to determine (reverse engineer) what it fixes. That is nothing new, however this can be practically *AUTOMATED* to produce an exploit!

I have been into hacking for quite a few years, and never thought this would practically be possible. It turns out that it is possible. The implication is that, when a patch is distributed for a number of computers, *any* computer that receives it can generate an exploit for all those systems that don't have it yet. The article says for most use cases, this could be done in a matter of seconds or minutes.

I think the solution should be related to protecting the system, or some of its components, prior to the patch being released. I fact this 'protection mode' should also be activated when a 0day exploit has been confirmed. Because, until the patch is *installed*, all systems have had a window of exposure. When automatic exploit generation should become this reliable and wide-spread, even a few hours of exposure is unacceptable.

So I suppose, that as soon as a vulnerability is confirmed, all systems are raised to a higher level of defense. This may be a IPS rule that does not expose detail, or a workaround that hopefully doesn't break operations entirely. Once all systems are at this increased level, patches can be safely applied across all systems.

Is it really that bad??? Well: if no good solution is found, this could really become a nightmare. Imagine the large botnets, monitoring patch distribution across thousands of systems, resulting in a quick exploit generation from one of the nodes. Once the botnet possesses the exploit, it can go attack possibly millions of systems that have not been patched on time. Then it's Game Over.

New website!19-04-2008

New website! Thanks to my friend Twan of http://www.twan-design.nl/, who was so kind to stay late with me after work to design and implement this design at amazing speed.

3 posts
  • mitm.txt

    Practical basics of sniffing on a switched network

  • blackmagic.txt

    Black Magic - How to own using Python and Skapy

  • elf.txt

    ELF libraries and executables explained and attacked

  • bof.pdf

    My take on buffer-overflows for beginners