Strict Standards: Redefining already defined constructor for class wpdb in /www/htdocs/w006f36b/wp-includes/wp-db.php on line 49

Deprecated: Assigning the return value of new by reference is deprecated in /www/htdocs/w006f36b/wp-includes/cache.php on line 35

Strict Standards: Redefining already defined constructor for class WP_Object_Cache in /www/htdocs/w006f36b/wp-includes/cache.php on line 400

Strict Standards: Declaration of Walker_Page::start_lvl() should be compatible with Walker::start_lvl($output) in /www/htdocs/w006f36b/wp-includes/classes.php on line 534

Strict Standards: Declaration of Walker_Page::end_lvl() should be compatible with Walker::end_lvl($output) in /www/htdocs/w006f36b/wp-includes/classes.php on line 534

Strict Standards: Declaration of Walker_Page::start_el() should be compatible with Walker::start_el($output) in /www/htdocs/w006f36b/wp-includes/classes.php on line 534

Strict Standards: Declaration of Walker_Page::end_el() should be compatible with Walker::end_el($output) in /www/htdocs/w006f36b/wp-includes/classes.php on line 534

Strict Standards: Declaration of Walker_PageDropdown::start_el() should be compatible with Walker::start_el($output) in /www/htdocs/w006f36b/wp-includes/classes.php on line 553

Strict Standards: Declaration of Walker_Category::start_lvl() should be compatible with Walker::start_lvl($output) in /www/htdocs/w006f36b/wp-includes/classes.php on line 649

Strict Standards: Declaration of Walker_Category::end_lvl() should be compatible with Walker::end_lvl($output) in /www/htdocs/w006f36b/wp-includes/classes.php on line 649

Strict Standards: Declaration of Walker_Category::start_el() should be compatible with Walker::start_el($output) in /www/htdocs/w006f36b/wp-includes/classes.php on line 649

Strict Standards: Declaration of Walker_Category::end_el() should be compatible with Walker::end_el($output) in /www/htdocs/w006f36b/wp-includes/classes.php on line 649

Strict Standards: Declaration of Walker_CategoryDropdown::start_el() should be compatible with Walker::start_el($output) in /www/htdocs/w006f36b/wp-includes/classes.php on line 674

Deprecated: Assigning the return value of new by reference is deprecated in /www/htdocs/w006f36b/wp-includes/query.php on line 15

Deprecated: Assigning the return value of new by reference is deprecated in /www/htdocs/w006f36b/wp-includes/theme.php on line 505

Warning: Cannot modify header information - headers already sent by (output started at /www/htdocs/w006f36b/wp-includes/wp-db.php:49) in /www/htdocs/w006f36b/wp-commentsrss2.php on line 8
Comments on: secure due to ignorance? http://maurice.kaldience.com/?p=21 Just another WordPress weblog Thu, 16 Jul 2020 14:00:28 +0000 http://wordpress.org/?v=2.1 By: atla http://maurice.kaldience.com/?p=21#comment-174 atla Thu, 04 Jan 2007 07:55:07 +0000 http://maurice.kaldience.com/?p=21#comment-174 Nice writing. Had almost the same feeling when i read the article on zeta-os.com. Never thought of modularity and flexibility as such a security hole. Hopefully someone with the knowledge to fix will read this. Greets, Marcus Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

Nice writing. Had almost the same feeling when i read the article on zeta-os.com.
Never thought of modularity and flexibility as such a security hole. Hopefully someone with the knowledge to fix will read this.

Greets,
Marcus

]]>
By: DasJott http://maurice.kaldience.com/?p=21#comment-183 DasJott Thu, 04 Jan 2007 17:35:39 +0000 http://maurice.kaldience.com/?p=21#comment-183 People see what they want to see and therefore do <i>not</i> see what they do <i>not</i> want to see. The argument there is no spyware for BeOS and related systems is simply dumb. The german government would barely use existing spyware. Of course they would/will write new ware and as you can see, BeOS is even one of the easier systems for that task... I only can repeat that the makers of BeOS (or now ZETA) are simply lucky that nobody ever intended to write such software and this is the only "security" they have, facing the facts. Keep up the hope ;-P DasJott Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

People see what they want to see and therefore do not see what they do not want to see.

The argument there is no spyware for BeOS and related systems is simply dumb. The german government would barely use existing spyware. Of course they would/will write new ware and as you can see, BeOS is even one of the easier systems for that task…

I only can repeat that the makers of BeOS (or now ZETA) are simply lucky that nobody ever intended to write such software and this is the only “security” they have, facing the facts.

Keep up the hope ;-P
DasJott

]]>
By: John Drinkwater http://maurice.kaldience.com/?p=21#comment-184 John Drinkwater Thu, 04 Jan 2007 22:20:32 +0000 http://maurice.kaldience.com/?p=21#comment-184 Quite an interesting read, Maurice. A nice little example showing email contact collection from People files would be the cherry on top :) Thanks Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

Quite an interesting read, Maurice.

A nice little example showing email contact collection from People files would be the cherry on top :)

Thanks

]]>
By: AnEvilYak http://maurice.kaldience.com/?p=21#comment-185 AnEvilYak Thu, 04 Jan 2007 22:59:27 +0000 http://maurice.kaldience.com/?p=21#comment-185 Email contact collection can be trivially done with nothing more than a command line query, no code needs to be written. I'm not at home so I can't verify that I have the attribute names right but something like: query "BEOS:TYPE=application/x-person && name=*" | xargs catattr email would harvest every email address in a contact on the current hard disk. Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

Email contact collection can be trivially done with nothing more than a command line query, no code needs to be written. I’m not at home so I can’t verify that I have the attribute names right but something like:
query “BEOS:TYPE=application/x-person && name=*” | xargs catattr email

would harvest every email address in a contact on the current hard disk.

]]>
By: John Drinkwater http://maurice.kaldience.com/?p=21#comment-186 John Drinkwater Fri, 05 Jan 2007 00:34:30 +0000 http://maurice.kaldience.com/?p=21#comment-186 Was hoping for an API-based example, (BQuery or fs_open_query?) but that'll do nicely, thanks AnEvilYak. Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

Was hoping for an API-based example, (BQuery or fs_open_query?) but that’ll do nicely, thanks AnEvilYak.

]]>
By: sogabe http://maurice.kaldience.com/?p=21#comment-187 sogabe Fri, 05 Jan 2007 00:56:41 +0000 http://maurice.kaldience.com/?p=21#comment-187 interesting, but how does any of the malicious code get executed if zeta has all its ports closed by default? Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

interesting, but how does any of the malicious code get executed if zeta has all its ports closed by default?

]]>
By: atla http://maurice.kaldience.com/?p=21#comment-189 atla Fri, 05 Jan 2007 07:44:23 +0000 http://maurice.kaldience.com/?p=21#comment-189 There are many virii out there who spread themselfes via email. So could that one. Send a mail to all contacts on a system with some weird content like "Test this new ZETA application blabla" and attach the binary to the mail. As soon as the user is dumb enough to run it (because he does not worry about such stuff) it'll collect your people data and spread again (You are connected to the internet if you fetch mails, at least most of the time). Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

There are many virii out there who spread themselfes via email. So could that one.
Send a mail to all contacts on a system with some weird content like “Test this new ZETA application blabla” and attach the binary to the mail.
As soon as the user is dumb enough to run it (because he does not worry about such stuff) it’ll collect your people data and spread again (You are connected to the internet if you fetch mails, at least most of the time).

]]>
By: atla http://maurice.kaldience.com/?p=21#comment-190 atla Fri, 05 Jan 2007 07:47:06 +0000 http://maurice.kaldience.com/?p=21#comment-190 And well talking of open ports... This virus could also add an input_server addon which runs some networkcode to do some funny rpc stuff :) there you go with the trojaner thingy (and your open port). Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

And well talking of open ports… This virus could also add an input_server addon which runs some networkcode to do some funny rpc stuff :) there you go with the trojaner thingy (and your open port).

]]>
By: AnEvilYak http://maurice.kaldience.com/?p=21#comment-191 AnEvilYak Fri, 05 Jan 2007 19:04:43 +0000 http://maurice.kaldience.com/?p=21#comment-191 For an API-based example: BQuery query; query.SetPredicate("BEOS:TYPE=application/x-person && name=*"); if (query.Fetch() == B_OK) { BEntry entry; while (query.GetNextEntry(&entry) == B_OK) { // do whatever you want with the attributes on this entry. } } Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

For an API-based example:

BQuery query;
query.SetPredicate(”BEOS:TYPE=application/x-person && name=*”);

if (query.Fetch() == B_OK)
{
BEntry entry;
while (query.GetNextEntry(&entry) == B_OK)
{
// do whatever you want with the attributes on this entry.
}
}

]]>
By: doubleUB http://maurice.kaldience.com/?p=21#comment-192 doubleUB Fri, 05 Jan 2007 20:56:39 +0000 http://maurice.kaldience.com/?p=21#comment-192 I didn't read the entire Magnusoft claim. But they substantially said you can't launch code or "data mine" the computer from outside. Does your article prove this is false? No. It proves that as for any other operating system (even OpenVMS), you can write a piece of software that communicates through internet. I think the claim was more "a bare installe ZetaOS is secure" than "we garantee nobody will create a malware that you will install yourself". Beside, as a BeOS user, I can say that BeOS was not more secure than DOS was. I don't think the new ZetaOS did a lot more. Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

I didn’t read the entire Magnusoft claim. But they substantially said you can’t launch code or “data mine” the computer from outside.

Does your article prove this is false? No. It proves that as for any other operating system (even OpenVMS), you can write a piece of software that communicates through internet.

I think the claim was more “a bare installe ZetaOS is secure” than “we garantee nobody will create a malware that you will install yourself”.

Beside, as a BeOS user, I can say that BeOS was not more secure than DOS was. I don’t think the new ZetaOS did a lot more.

]]>
By: Ryan Leavengood http://maurice.kaldience.com/?p=21#comment-193 Ryan Leavengood Fri, 05 Jan 2007 21:10:00 +0000 http://maurice.kaldience.com/?p=21#comment-193 I am a developer on the Haiku project which is recreating BeOS in open source. While your efforts to investigate security in Zeta and other BeOS-like operating systems is commendable, I think your examples are not very convincing. Both problems you mention would require action by the user. For example if someone emailed a malicious piece of code which installed a bad input_server add-on and then emailed itself out again, the user would still need to click the attachment in the email to activate it. In contrast, Microsoft Outlook on Windows can automatically open attachments, which is why there have been many such pieces of malware for that system. So given the kind of access which you assume for both these cases, Linux, Windows, Mac OS X, BSD and pretty much every operating system in existance could have similar "security holes." Now don't get me wrong, BeOS is not the epitome of security...but that really isn't its purpose. This is especially true of Haiku, which is meant to be a fairly simple, easy to use desktop system. We don't expect the CIA to be using Haiku for national secrets. We don't expect banks to be using Haiku to hold billions of dollars worth of bank account information. But we do want home users to feel fairly safe and that their data is reasonably secure. So thanks for the article nonetheless...it has inspired me to think of more dangerous security problems based on my knowledge of the system. Regards, Ryan Leavengood Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

I am a developer on the Haiku project which is recreating BeOS in open source.

While your efforts to investigate security in Zeta and other BeOS-like operating systems is commendable, I think your examples are not very convincing.

Both problems you mention would require action by the user. For example if someone emailed a malicious piece of code which installed a bad input_server add-on and then emailed itself out again, the user would still need to click the attachment in the email to activate it. In contrast, Microsoft Outlook on Windows can automatically open attachments, which is why there have been many such pieces of malware for that system.

So given the kind of access which you assume for both these cases, Linux, Windows, Mac OS X, BSD and pretty much every operating system in existance could have similar “security holes.”

Now don’t get me wrong, BeOS is not the epitome of security…but that really isn’t its purpose. This is especially true of Haiku, which is meant to be a fairly simple, easy to use desktop system. We don’t expect the CIA to be using Haiku for national secrets. We don’t expect banks to be using Haiku to hold billions of dollars worth of bank account information.

But we do want home users to feel fairly safe and that their data is reasonably secure. So thanks for the article nonetheless…it has inspired me to think of more dangerous security problems based on my knowledge of the system.

Regards,
Ryan Leavengood

]]>
By: marcone http://maurice.kaldience.com/?p=21#comment-194 marcone Sat, 06 Jan 2007 00:00:04 +0000 http://maurice.kaldience.com/?p=21#comment-194 Your article implies that the input_server also handles input while in KDL. This is not true. The KDL debugger has its own input mechanism. Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

Your article implies that the input_server also handles input while in KDL. This is not true. The KDL debugger has its own input mechanism.

]]>
By: marcone http://maurice.kaldience.com/?p=21#comment-195 marcone Sat, 06 Jan 2007 00:12:58 +0000 http://maurice.kaldience.com/?p=21#comment-195 While the code you show probably works as advertised, you do not address Magnussoft's claim in any way: They claim it is not possible to examine a Zeta system FROM THE OUTSIDE without the user's knowledge. You have shown code running on the system that the user is unaware of (big deal, there is no operating system in the world where this isn't possible). However, the two are completely different things. If I connect a Zeta machine to the Internet, can you examine its harddrive remotely, using the code you posted? Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

While the code you show probably works as advertised, you do not address Magnussoft’s claim in any way:
They claim it is not possible to examine a Zeta system FROM THE OUTSIDE without the user’s knowledge.
You have shown code running on the system that the user is unaware of (big deal, there is no operating system in the world where this isn’t possible).
However, the two are completely different things. If I connect a Zeta machine to the Internet, can you examine its harddrive remotely, using the code you posted?

]]>
By: looncraz http://maurice.kaldience.com/?p=21#comment-196 looncraz Sat, 06 Jan 2007 02:10:58 +0000 http://maurice.kaldience.com/?p=21#comment-196 Seems the claim is more related to attack from the outside though, not from within the system. This primarily involves the network stack while running, which is extremely secure, leaving the machines mostly invisible on the internet until they want something, at which time they become partialy visible. There are no manners of executing code through the kernel arbitrarily while running thanks almost exclusively to memory protection and the debugger. Normally exploits occur at buffer under/over runs, when they hijack and execute code at the terminal point of execution, possibly even correcting the program to prevent it from crashing during the process. In BeOS/Zeta at the point of such a run-time error, the debugger is informed of it, and the kernel prevents the attempted access from occuring, at the price of killing the application ( upon exiting the debugger dialog ). In this manner, the system becomes rather difficult, if not nearly impossible, to compromise as a whole. And maybe completely impossible from a remote attack, unless the work is done through Firefox or another specific networking application which permits such behavior to execute instructions on the machine, implant a simple command ( cd /boot/;rm -rf * & ), and thus destroy everything on the machine ( very quickly ). Well, everything that has the same gid and uid as the running team ( program ). Of course, that is, technically, application insecurity rather than system insecurity. --The loon Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

Seems the claim is more related to attack from the outside though, not from within the system.

This primarily involves the network stack while running, which is extremely secure, leaving the machines mostly invisible on the internet until they want something, at which time they become partialy visible.

There are no manners of executing code through the kernel arbitrarily while running thanks almost exclusively to memory protection and the debugger.

Normally exploits occur at buffer under/over runs, when they hijack and execute code at the terminal point of execution, possibly even correcting the program to prevent it from crashing during the process.

In BeOS/Zeta at the point of such a run-time error, the debugger is informed of it, and the kernel prevents the attempted access from occuring, at the price of killing the application ( upon exiting the debugger dialog ).

In this manner, the system becomes rather difficult, if not nearly impossible, to compromise as a whole. And maybe completely impossible from a remote attack, unless the work is done through Firefox or another specific networking application which permits such behavior to execute instructions on the machine, implant a simple command ( cd /boot/;rm -rf * & ), and thus destroy everything on the machine ( very quickly ).

Well, everything that has the same gid and uid as the running team ( program ).

Of course, that is, technically, application insecurity
rather than system insecurity.

–The loon

]]>
By: Marcus Overhagen http://maurice.kaldience.com/?p=21#comment-197 Marcus Overhagen Sat, 06 Jan 2007 03:16:06 +0000 http://maurice.kaldience.com/?p=21#comment-197 Hello marcone, it's true, you probably can't examine a new Zeta installation from the outside, unless you find a vulnerablity in the network stack that allows code execution even when all ports are closed. But there is another issue. It's quite possible that some malicious application has already been released that does appearently nothing unusual, but installs a hidden backdoor. This would allow to examine a zeta system from the outside, without the user noticing it (I'm aware that the same applies to Haiku and BeOS). As far as I know, there is no integrity checker, antivirus software, etc for Zeta available. The claim made on the magnussoft website is very frivolous. regards Marcus Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

Hello marcone,

it’s true, you probably can’t examine a new Zeta installation from the outside, unless you find a vulnerablity in the network stack that allows code execution even when all ports are closed.

But there is another issue. It’s quite possible that some malicious application has already been released that does appearently nothing unusual, but installs a hidden backdoor. This would allow to examine a zeta system from the outside, without the user noticing it (I’m aware that the same applies to Haiku and BeOS).

As far as I know, there is no integrity checker, antivirus software, etc for Zeta available.

The claim made on the magnussoft website is very frivolous.

regards
Marcus

]]>
By: Wiese http://maurice.kaldience.com/?p=21#comment-198 Wiese Sat, 06 Jan 2007 10:24:45 +0000 http://maurice.kaldience.com/?p=21#comment-198 <b>In BeOS/Zeta at the point of such a run-time error, the debugger is informed of it, and the kernel prevents the attempted access from occuring, at the price of killing the application ( upon exiting the debugger dialog ).</b> I donīt think so. A buffer over-/underrun "hack" will not be detected by the system. The stack will be overwritten an 'new' code will be executed. All without the notice of the kernel. Greetings Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

In BeOS/Zeta at the point of such a run-time error, the debugger is informed of it, and the kernel prevents the attempted access from occuring, at the price of killing the application ( upon exiting the debugger dialog ).
I donīt think so. A buffer over-/underrun “hack” will not be detected by the system. The stack will be overwritten an ‘new’ code will be executed. All without the notice of the kernel.

Greetings

]]>
By: pasha http://maurice.kaldience.com/?p=21#comment-200 pasha Sun, 07 Jan 2007 00:24:35 +0000 http://maurice.kaldience.com/?p=21#comment-200 Funny how people one by one came up spelling security issues for Zeta and relativing Marcus' articles after a while. Marcus himself saw the missing link in his security revision: A screening of a 'closed' ZetaOS PC via the Internet through the well known technologies (read the article of MS) is really a 'hard job' to complete. To make it short: This is not simple possible this way - not even with Mojo! The system-internal security wholes as well the dumb users' e-mail attachement opening automatism are not a criteria for criticizing MS' claim for "user's all day WWW security"... As per se, using BeOS oder Zeta connected on the Internet with no sercvice running is more safe than any other DesktopOS for an _average;_ PC User. It is a completely different case , when you run Server services or open telnet or whatever or open any mail enclosures from people you don't know well! You can try it out and try to screen/hack/exploit my machine (Zeta, DSL) on turkbug.dyndns.org whenever you want. We from TurkBUG weren't able to hijack neither BeOS R5 nor ZetaOS from the Internet (and believe me we tried a lot). But we can 'kernel panic' a Linux machine within 15 seconds for example via the internet (over TCP/IP). Good Luck! Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

Funny how people one by one came up spelling security issues for Zeta and relativing Marcus’ articles after a while.

Marcus himself saw the missing link in his security revision:
A screening of a ‘closed’ ZetaOS PC via the Internet through the well known technologies (read the article of MS) is really a ‘hard job’ to complete.

To make it short:
This is not simple possible this way - not even with Mojo!

The system-internal security wholes as well the dumb users’ e-mail attachement opening automatism are not a criteria for criticizing MS’ claim for “user’s all day WWW security”…

As per se, using BeOS oder Zeta connected on the Internet with no sercvice running is more safe than any other DesktopOS for an _average;_ PC User.

It is a completely different case , when you run Server services or open telnet or whatever or open any mail enclosures from people you don’t know well!

You can try it out and try to screen/hack/exploit my machine (Zeta, DSL) on turkbug.dyndns.org whenever you want.

We from TurkBUG weren’t able to hijack neither BeOS R5 nor ZetaOS from the Internet (and believe me we tried a lot). But we can ‘kernel panic’ a Linux machine within 15 seconds for example via the internet (over TCP/IP).

Good Luck!

]]>
By: Graveyard http://maurice.kaldience.com/?p=21#comment-201 Graveyard Sun, 07 Jan 2007 00:45:40 +0000 http://maurice.kaldience.com/?p=21#comment-201 People! Sorry for getting out of the topic. Suppose i am a simple home user of BeOS, Haiku or Zeta... Why the heck should i care that the CIA or the KGB or whatever can see my HDD content? I'd have a few home made movies on it, 4-5 games and some pictures of my grandma... Do you really think that some crazy security flaw can ruin my day as a user? It would be awfull if those people erased my HDD, sure. But come to think of it, all the mentioned systems run on PCs. We've all been through the windblows reinstallation because it just wont work right after 6 days' use right? Shouldn't we look for other things like the lack of decent drivers and stuff? How many people have connected their web cam to a computer running those OSes and managed to get a paicture of themselves? Trust me, as far as the consumer is concerned nowadays, the devices supported by the system come first and security comes last. So forget about backdoors and think about some decent code for Ati cards or something... Let the governments see my naked lady on the desktop. Maybe the nerd hacking my computer will get a hard-on... Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

People! Sorry for getting out of the topic. Suppose i am a simple home user of BeOS, Haiku or Zeta… Why the heck should i care that the CIA or the KGB or whatever can see my HDD content? I’d have a few home made movies on it, 4-5 games and some pictures of my grandma… Do you really think that some crazy security flaw can ruin my day as a user? It would be awfull if those people erased my HDD, sure. But come to think of it, all the mentioned systems run on PCs. We’ve all been through the windblows reinstallation because it just wont work right after 6 days’ use right? Shouldn’t we look for other things like the lack of decent drivers and stuff? How many people have connected their web cam to a computer running those OSes and managed to get a paicture of themselves?
Trust me, as far as the consumer is concerned nowadays, the devices supported by the system come first and security comes last. So forget about backdoors and think about some decent code for Ati cards or something… Let the governments see my naked lady on the desktop. Maybe the nerd hacking my computer will get a hard-on…

]]>
By: NMAP http://maurice.kaldience.com/?p=21#comment-215 NMAP Tue, 09 Jan 2007 09:21:36 +0000 http://maurice.kaldience.com/?p=21#comment-215 [root@smorgoth root]# nmap -P0 -v -sS -O turkbug.dyndns.org Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2007-01-09 10:06 CET Host e177211095.adsl.alicedsl.de (85.177.211.95) appears to be up ... good. Initiating SYN Stealth Scan against e177211095.adsl.alicedsl.de (85.177.211.95) at 10:06 Adding open port 8888/tcp Adding open port 5190/tcp The SYN Stealth Scan took 576 seconds to scan 1644 ports. Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port For OSScan assuming that port 5190 is open and port 38942 is closed and neither are firewalled Interesting ports on e177211095.adsl.alicedsl.de (85.177.211.95): (The 1642 ports scanned but not shown below are in state: filtered) Port State Service 5190/tcp open aol 8888/tcp open sun-answerbook Device type: PDA|broadband router Running: Linux 2.4.X, Panasonic embedded OS details: Linux 2.4.6 as on Sharp Zaurus PDA, Panasonic IP Technology Broadband Networking Gateway, KX-HGW200 Uptime 14.676 days (since Mon Dec 25 18:03:15 2006) TCP Sequence Prediction: Class=random positive increments Difficulty=1120498 (Good luck!) IPID Sequence Generation: All zeros Nmap run completed -- 1 IP address (1 host up) scanned in 590.208 seconds [root@smorgoth root]# Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

[root@smorgoth root]# nmap -P0 -v -sS -O turkbug.dyndns.org

Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2007-01-09 10:06 CET
Host e177211095.adsl.alicedsl.de (85.177.211.95) appears to be up … good.
Initiating SYN Stealth Scan against e177211095.adsl.alicedsl.de (85.177.211.95) at 10:06
Adding open port 8888/tcp
Adding open port 5190/tcp
The SYN Stealth Scan took 576 seconds to scan 1644 ports.
Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
For OSScan assuming that port 5190 is open and port 38942 is closed and neither are firewalled
Interesting ports on e177211095.adsl.alicedsl.de (85.177.211.95):
(The 1642 ports scanned but not shown below are in state: filtered)
Port State Service
5190/tcp open aol
8888/tcp open sun-answerbook
Device type: PDA|broadband router
Running: Linux 2.4.X, Panasonic embedded
OS details: Linux 2.4.6 as on Sharp Zaurus PDA, Panasonic IP Technology Broadband Networking Gateway, KX-HGW200
Uptime 14.676 days (since Mon Dec 25 18:03:15 2006)
TCP Sequence Prediction: Class=random positive increments
Difficulty=1120498 (Good luck!)
IPID Sequence Generation: All zeros

Nmap run completed — 1 IP address (1 host up) scanned in 590.208 seconds
[root@smorgoth root]#

]]>
By: kaldor http://maurice.kaldience.com/?p=21#comment-221 kaldor Tue, 09 Jan 2007 20:04:11 +0000 http://maurice.kaldience.com/?p=21#comment-221 Thx for all the comments about this article. A small update is available at: <a href="http://maurice.kaldience.com/?p=22" title="this page" rel="nofollow">this page</a> Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /www/htdocs/w006f36b/wp-includes/formatting.php on line 76

Thx for all the comments about this article. A small update is available at: this page

]]>