Life, and a bit of computer security

Case-Study of Malware drop servers

2008-12-18T08:02:00.000-08:00

Hey,

Here's a document I've just read.

As for me, only the "result" part is worth reading.

Anyway, this is just another study where computer security researchers are playing with the black/white hat barrier. What will happen when the drop server will be a compromised machine from a botnet, without any open directory, and belonging to Mr. John Doe ?

Will they hack it too ?

Probably.

New SSH bruteforce attacks ?

2008-12-09T14:17:00.000-08:00

This is actually a shitty title, because it is *NOTHING NEW*.

I see some people around yelling like looserz : "oh my goooooooood the bad guys are now using different IPs when trying to bruteforce some SSH server !"

Can you tell me, what is new in this ? Hell, botnets have been used for years already, for any kind of purposes : DDoS, malware propagation, spam, phishing, even distributed calculating, so WHY THE FUCK wouldn't it be used for something as TRIVIAL as SSH bruteforcing ?

Sometimes security researchers are making me laugh out loud. (Strange to see a "lol" written down, ain't it ?)

Link here some of the crap.

Monica

2008-11-17T14:25:00.000-08:00

She looks perfect.
I love the perfume of her hair, of her skin, of her.
I have never been falling so much and so fast under a girl's charm.
Everything in her is beauty, charm, sensuality.
I love her laugh, and her smile.
I kissed every part of her skin, and enjoyed it so much...
We made love.
In this art, she was perfect too.
It's been unbelievably good.
I won't ever see her again.
Life sucks.

McColo down

2008-11-16T08:35:00.001-08:00

A great victory for all actors fighting cybercrime each day : the fraudulent hosting company McColo has been taken down.

While the whole anti-cybercrime community can be proud of it, is it really making things get better ?

Well it does...For two or three days. A week in the best case. Less spam, less malware, less childporn on the net... But the bad guys are moving. They're probably already somewhere else, pushing their malicious activities on the net once more.

The problem is only going somewhere else, nothing changes.

And while researchers are shutting things down, what are Law Enforcement dudes doing ? Blaming international laws. So silly...

Picking up chicks - SUIT UP !

2008-11-16T08:24:00.000-08:00

Well there are at least two different schools related to picking up girls. The "Mystery" and the Venusian methods, and the "Barney Stinson" method.
While the first one is really well documented on Internet, maybe even too much, the second one is a bit less known, except for people like me who love watching "How I met your Mother".

Mystery would say that you don't need to dress too classy, or so. He'd say that you need to show you take care of yourself (DHV) but that you should be original, even using crazy stuff like strange hats or flashy clothes...
Barney believes girls are basing their first impression only by their perception of the "look" of the potential lover. That's why Barney *always* dresses in suits. Nice costume, great tie, he looks perfect, and therefore he manages to get laid in almost every episode of the serie.

I tried it. And while I'm sometimes a bit too shy with the Mystery methods, last night proved me Barney's point of view is interesting enough to re-experiment this : I got to talk with a 7 only because I was suited up. She tried to get in contact at first, she did the work, I had nothing to do. But while she was getting closer to me, it was interesting to still have Mystery's ideas in mind : her body language was quite readable.
A nice evening in disco, suited up, even if I didn't get laid this time. :-)

Tired of apocalypse

2008-11-12T14:32:00.001-08:00

Hell yeah, I'm dead tired of hearing security researchers claiming they found a new vulnerability in blahblah protocol that could lead to the end of this fucking world, would it be used by cybercriminals...
This is not new. But lately it turned into becoming a silly habit. Dan Kaminski DNS stuff was still quite ok, but then, the fuss about the new TCP state table manipulation vulnerabilities was nothing but shit. Louis & Lee announced they would give infos at T2, but what the hell ? They didn't say anything !
What's the point in announcing weeks before that you found something, when you're finally not releasing your discovery ?
Drives me mad...
Or hilarious. So fucking stoopid.
*shhhhh* EOF

ROCK !

2008-11-08T03:20:00.000-08:00

I hear you brave young Jaybles,
You are hungry for the rock.
But to learn the ancient method,
Sacred doors you must unlock...
To find your fame and fortune,
Through the valley you must walk.
You will face your inner demons.
Now go my son and rock!"

Welcome strangers

2008-11-08T03:09:00.000-08:00

Welcome strangers. (just to be polite, I actually don't give a fuck)

This blog is not meant to be a wide read public blog. If you fall here by accident, you should rather see it as a place of "stress releasing" for me.

My main interests in life are my life, mainly having phun with friends. A big part of my life is about my job, as a computer security dude. You don't need to know more.