Jump to content

The Nonsense thread

Overtime

By Overtime
in Channel Zero

 Share

Recommended Posts

This forum is supported by the 12ozProphet Shop, so go buy a shirt and help support!
This forum is brought to you by the 12ozProphet Shop.
This forum is brought to you by the 12oz Shop.
  • Replies 73.8k
  • Created
  • Last Reply

Top Posters In This Topic

  • RIPS

    3638

  • Inappropriate_Responder

    2945

  • Drue_Down

    2301

  • MOOGLE?

    2250

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Kults
Kults
crackalackin
crackalackin

Glad to see this shits still here. Logging in for the first time in a minute on this account I made in high school cuz I'm fuckin 30, I'm broke, my fuckin years long relationship is burning, I'm fucki

Drue_Down
Drue_Down

Posted Images

Schnitzel

Schnitzel

Posted
Posted

Way in my brain, no cocaine

I don't wanna, I don't wanna go insane

Way in my brain, no cocaine

I don't wanna, I don't wanna go insane

 

Because-a inna me eyes there is red like blood

and I been moving around like a human flood

Smoke out of me mouth and outa me nose

I blow it in the air 'a mek de smoke expose

 

In Westmoreland a where the sense a-come from

put it in a crocus bag pon the mini van

tek de seed an me mek de 'ash oil

an me put in de barrel 'ca me know it no spoil

 

I said me smoke it and me pass it thru de windah

an me give it to my nex door neighba

Me said me smoke it and me pass it thru de windah

an me give it to my nex door neighba

Link to comment
Share on other sites
MOOGLE?

MOOGLE?

Posted
Posted

RkBJA.gif

 

BREAKING: HALF OF TOR SITES COMPROMISED, INCLUDING TORMAIL

 

The founder of Freedom Hosting has been arrested in Ireland and is awaiting extradition to USA.

 

In a crackdown that FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network has been compromised, including the e-mail counterpart of TOR deep web, TORmail.

 

http://www.independent.ie/irish-news/courts/fbi-bids-to-extradite-largest-childporn-dealer-on-planet-29469402.html

 

This is undoubtedly a big blow to the TOR community, Crypto Anarchists, and more generally, to Internet anonymity. All of this happening during DEFCON.

 

If you happen to use and account name and or password combinations that you have re used in the TOR deep web, change them NOW.

 

Eric Eoin Marques who was arrested runs a company called Host Ultra Limited.

 

http://www.solocheck.ie/Irish-Company/Host-Ultra-Limited-399806

http://www.hostultra.com/

 

He has an account at WebHosting Talk forums.

 

http://www.webhostingtalk.com/showthread.php?t=157698

 

A few days ago there were mass outages of Tor hidden services that predominantly effected Freedom Hosting websites.

 

http://postimg.org/image/ltj1j1j6v/

 

"Down for Maintenance

Sorry, This server is currently offline for maintenance. Please try again in a few hours."

 

If you saw this while browsing Tor you went to an onion hosted by Freedom Hosting. The javascript exploit was injected into your browser if you had javascript enabled.

 

What the exploit does:

 

The JavaScript zero-day exploit that creates a unique cookie and sends a request to a random server that basically fingerprints your browser in some way, which is probably then correlated somewhere else since the cookie doesn't get deleted. Presumably it reports the victim's IP back to the FBI.

 

An iframe is injected into FH-hosted sites:

 

TOR/FREEDOM HOST COMPORMISED

By: a guest on Aug 3rd, 2013

http://pastebin.com/pmGEj9bV

 

Which leads to this obfuscated code:

 

Javascript Mozilla Pastebin

Posted by Anonymous on Sun 4th Aug 02:52

http://pastebin.mozilla.org/2776374

 

FH STILL COMPROMISED

By: a guest on Aug 3rd, 2013

http://pastebin.com/K61QZpzb

 

FBI Hidden Service in connection with the JavaScript exploit:

7ydnpplko5lbgfx5

 

Who's affected Time scales:

 

Anyone who accessed an FH site in the past two days with JavaScript enabled. Eric Eoin Marques was arrested on Sunday so that's the earliest possible date.

 

"In this paper we expose flaws both in the design and implementation of Tor’s hidden services that allow an attacker to measure the popularity of arbitrary hidden services, take down hidden services and deanonymize hidden services

Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization"

 

http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf

 

The FBI Ran a Child Porn Site for Two Whole Weeks

http://gizmodo.com/why-the-fbi-ran-a-child-porn-site-for-two-whole-weeks-510247728

 

http://postimg.org/image/o4qaep8pz/

 

On any other day one would say these sick perverts got what they deserved. Unfortunately the Feds are stepping far beyond just pedophiles in this latest issue.

 

The js inserted at Freedom Hosting? Nothing really, just an iframe inject script with a UUID embedded server-side.

 

The iframe then delivers an exploit kit that appears to be a JavaScript 0day leading to...something. It only attempts to exploit Firefox (17 and up) on Windows NT. There's definitely some heap spraying and some possible shell code. The suspect shell code block contains some strings that look to formulate an HTTP request, but I haven't been able to collect the final payload yet. The shell code also contains the UUID with which the exploit was delivered. Any UUID will work to get this part of the exploit.

 

I'm still pulling this little bundle of malware apart. So far, I've got that the attack is split across three separate files, each loaded into an iframe. Calls are made between the frames to further obfuscate the control flow. The 'content_2.html' and 'content_3.html' files are only served up if the request "looks like" Firefox and has a correct Referer header. The 'content_2.html' is loaded from the main exploit iframe and in turn loads 'content_3.html'.

 

Short version. Preliminary analysis: This little thing probably CAN reach out without going through Tor. It appears to be exploiting the JavaScript runtime in Firefox to download something.

 

UPDATE: The exploit only affects Firefox 17 and involves several JS heap-sprays. Note that the current Extended Support Release is Firefox 17, so this may also affect some large organizations using Firefox ESR.

 

http://pastebin.mozilla.org/2777139

 

The script will only attempt the exploit on Firefox 17, so I'm no longer worried about it being some new 0day. Enough of the "Critical" MFSAs are for various sorts of memory corruption that I don't have the time to find out if this is actually a new exploit or something seen before.

 

http://postimg.org/image/mb66vvjsh/

 

Logical outcomes from this?

 

1. FBI/NSA just shut down the #1 biggest hosting site and #1 most wanted person on Tor

 

2. Silkroad is next on their list, being the #2 most wanted (#1 was Child Porn, #2 is drugs)

 

3. Bitcoin and all crypto currenecies set to absolutely CRASH as a result since the feds can not completely control this currency as they please.

 

I don't always call the Feds agenda transparent, but when i do, I say they can be trying harder.

 

,,,,,,,,,,,,,,,,,,,,,,,,,,,

 

 

 

 

 

 

 

 

 

 

A vulnerability mostly affecting older versions of Google's Android operating system may make it possible for attackers to execute malicious code on end-user smartphones that use a wide variety of apps, researchers said.

 

The weakness resides in a widely used programming interface known as WebView, which allows developers to embed Web-based content into apps used for banking, entertainment, and other purposes. Many apps available on the official Google Play market don't properly secure the connection between the WebView component on a phone and the Web content being downloaded, researchers from UK-based MWR Labs recently warned. That makes it possible for attackers who are on the same open Wi-Fi network as a vulnerable user to hijack the connection and inject malicious code that can be executed by the phone.

 

"The lowest impact attack would be downloading contents of the SD card and the exploited application's data directory," the researchers wrote in an advisory published earlier this week. "However, depending on the device that was exploited this could extend to obtaining root privileges, retrieving other sensitive user data from the device or causing the user monetary loss."

 

Researchers from several other security firms said they are also aware of the weakness, which can affect apps that run on Android versions 4.1 and earlier and don't make proper use of the secure sockets layer (SSL) encryption protocol. Elad Shapira, a researcher with antivirus provider AVG recently demonstrated how an app that has already been given permission to access SMS capabilities (a common setting with many legitimate apps) could be hijacked by malicious JavaScript code that sends expensive text messages to premium services.

 

Google representatives declined to comment for this story.

 

Cross-device attacks

 

Einar Otto Stangvik, a security consultant with Indev.no, said he has identified Android banking apps used in Norway that are also open to remote-code attacks that make users more susceptible to phishing attacks. He theorized that attackers might exploit the weakness by planting malware on a target's PC that hijacks a smartphone when both devices are connected to the same network.

 

"I am confident that we'll soon see many more cross-device attacks, where a compromised computer starts targeting cell phones on the internal network," he wrote in an e-mail to Ars. "That is what makes the JavaScript interface leak scary, along with the amount of poor uses of SSL, or worse still: no SSL at all."

 

The vulnerability stems from JavaScript-based programming interfaces exposed in many Android apps. The interfaces are the code equivalent of a highly restricted bridge that links sensitive parts of Android's Dalvik virtual machine to the Web. If the interface isn't fully contained inside an SSL connection, it's possible for hackers to mimic the legitimate website and, in effect, gain unauthorized access to the bridge. From there, an attacker can inject malicious JavaScript into the app. MWR Labs researchers reverse engineered the 100 most popular apps on Google Play and found 62 of them that are "potentially vulnerable" to the exploit. Potentially vulnerable apps as defined by the researchers were those apps that were developed using libraries or programming interfaces known to expose unprotected JavaScript commands to a variety of third-party ad networks under many but not all circumstances.

 

The reports of the weak apps come almost a year after two academic reports uncovered wide-ranging deficiencies in the cryptographic protections in smartphone software. One found that Android apps used by as many as 185 million people contained holes that leaked login credentials and other sensitive data even though they were supposed to be protected by SSL. The other revealed a variety of apps running on Android and PCs that were fooled by fraudulent SSL certificates. It's possible that similar defects could fail to protect code exposed in WebView objects even when developers think they're properly contained inside an SSL channel.

 

The good news

 

While the vulnerability is potentially serious, there are several limitations that minimize the damage attackers can do when exploiting vulnerable apps. Chief among them is the fact that Android's permissions and sandboxing mechanisms prevent most Android apps from installing other apps without explicit permission from the end user. That will probably prevent the technique from being used to install malicious apps in most cases. As a backup, the "Verify Apps" setting available in all versions of Android could also be updated to stop malicious installations should attackers find a way to bypass the permissions and sandbox protections.

 

What's more, Tim Wyatt, director of security engineering at smartphone security provider Lookout, said some researchers may be exaggerating the threat of attackers obtaining root privileges unless they can exploit a second, unknown vulnerability in Android's permissions and sandbox protections.

 

Another mitigating factor: beginning with version 4.2 of Android, Google added new security enhancements that among other things introduced something called the @JavascriptInterface annotation. The function makes it easier for a developer to restrict the methods that can be called on a scriptable object. Unfortunately, it requires the developer to take explicit action to do so. If the developer fails to heed that advice, the app will remain vulnerable.

 

Still, while the weakness can largely be prevented in Android 4.2, users are protected only if developers of each app follow best practices. Additionally, the vast majority of users remain locked into carrier contracts that prevent them from upgrading. That means it's up to app developers to follow best practices such as limiting the functionality exposed in JavaScript and securing communications channels for any WebView-exposing scriptable objects using SSL or its sister protocol, known as transport layer security (TLS). And as the MWR Labs researchers discovered, many widely used apps can't be trusted to practice those common-sense guidelines.

 

"Exploiting this would require getting access to an exposed JavaScript object, and so in most cases, that would require hijacking content delivered by a server," Tim Wyatt of Lookout told Ars. "It is therefore pretty critical that developers using JavaScript callbacks secure the delivery channels properly (e.g. using TLS with a proper certificate chain to prevent man-in-the-middle attacks)."

y5g952xh-1380154142.jpg

A magnitude 7.7 earthquake hit south-central Pakistan on Tuesday this week. Reports of hundreds of casualties highlight the awful scale of the tragedy, made more difficult for rescuers by the remote location of the quake, 270km north of Karachi.

 

The quake was caused by movement of the Earth on a fault in the crust at rather shallow depth, around 15km below the surface. The movement at the fracture was a rupturing, as the oceanic crust of the Arabian tectonic plate is dragged down, or “subducted”, beneath the Eurasian continental plate at Pakistan. It is part of what geologists term the “Makran subduction zone”, which extends parallel to the Indian Ocean coast south of Pakistan and Iran.

 

Earlier this year, the Makran subduction zone was shown as a potential lurking tsunami threat. It has history. A tsunami of occurred there on November 28, 1945. Caused by a magnitude 8.1 earthquake, it triggered a landslide under the ocean that generated a 15m high tsunami, resulting in the deaths of more than 4000 people along the Makran coast. It was the second worst tsunami event in the Indian Ocean, after the more recent 2004 Boxing Day Sumatra earthquake.

 

Part of the reason for the tsunami threat at Makran is the build up of huge piles of submarine sediments. As the Arabian oceanic plate is being subducted beneath the Eurasian continental plate, moving northward towards Iran and Pakistan, ocean floor sediment rocks get scraped off the top of the oceanic crust and stuck onto sea floor at the base of the coast. Over geological time, it has created one of the largest wedges of sediments on Earth, more than 7km thick in places. Earthquakes can make landslips in the wedge, but bizarrely sometimes they can cause islands too.

 

Tuesday’s earthquake shook those offshore sediments to the south of Pakistan. They are mainly muds and sands, rich in the rotted remains of dead sea life that have fallen into the sediments over the millennia, decomposed to gases like methane. When shaken up on Tuesday, these sediments seem to have erupted in a “mud volcano”, driven by the ease of burping methane from the depths. An island of mud rose above the sea, emitting gas that could be set light. In fact, locals who tried this had difficulty quenching the flame.

 

 

New island in the Arabian sea. Jesse Allen and Robert Simmon, EO-1/NASA

Mud volcanoes have been seen at the Makran subduction zone many times before. The 1945 earthquake triggered a number of mud volcanoes and offshore islands formed in the same region. More recently, one formed off Pakistan in November 2010. They all disappeared soon after, washed away by the oceans waves and storms. It is likely that this week’s new island will only make a temporary appearance, subsiding beneath the waves as the Earth settles back to another period of temporary quiescence. In the meantime, an opportunity remains to really find out more about the nature of these ephemeral islands, that pass like ships in the night.5yksyrvx-1380154002.jpg

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...