News

3563 Articles

Brute Force Attack On Twitter

January 7, 2009 by 22 Comments

[youtube=http://www.youtube.com/watch?v=IKNbggNJMVI]

Wired Threat Level has posted an interview with the hacker who recently broke into several high profile twitter accounts, such as Fox News, and Barack Obama. Since we know how much you all love twitter, we thought you might want to learn more about it. Apparently he used a brute force method to get into a member of the support team. The password was “happiness” which was cracked pretty quickly. This might be a good time to review your own strategies to prevent brute force attacks.

Tour ThinkGeek’s Offices

January 7, 2009 by 14 Comments

[youtube=http://www.youtube.com/watch?v=KTOMezmVC-s]

If you’ve ever been curious what it is like to work at ThinkGeek, check out this video. [John Frazier], a purchasing agent, talks about the history of ThinkGeek as well as what daily work is like. Fairly interesting, but the summary is that it’s just like any other job, with more toys. They probably have to test all the products fairly thoroughly, we know we would.

[thanks Yan]

Twitter IRC Server, Tircd

January 5, 2009 by 22 Comments

tircd

tircd is an ircd proxy for talking to the Twitter API. It should work with any standard IRC client. After running the Perl script, you authenticate to the IRC server using your Twitter username as your /nick. Join the room #twitter and the /topic will be set to your last update. Any message you type will update Twitter and the room’s topic. All of the people you are following show up in the room as users and post messages as they tweet. If you private message one of them, it will become a direct message on Twitter. Other commands work too: /whois to get a person’s bio, /invite to start following, and /kick to unfollow. The project is brand new and will be added new features in the future like Search API support. Follow @tircd for updates.

Hacking At Random 2009 Call For Papers

January 4, 2009 by 1 Comment

With the Chaos Communication Congress concluded, it’s time to start looking towards the next massive European hacker event. This means Hacking at Random August 13-16th in the Netherlands. It’s a four day long camp experience that will feature many conference talks, interactive projects, and more.

The team has selected three tracks in their official call for papers: Dealing with data, Decentralization, and People and politics. You can find more details in the post. Deadline is May 1st.

[photo: mark]

The Malware Challenge

January 3, 2009 by 15 Comments

malware

Our own [Anthony Lineberry] has written up his experience participating in the 2008 Malware Challenge as part of his work for Flexilis. The contest involved taking a piece of provided malware, doing a thorough analysis of its behavior, and reporting the results. This wasn’t just to test the chops of the researchers, but also to demonstrate to network/system administrators how they could get into malware analysis themselves.

[Anthony] gives a good overview of how he created his entry (a more detailed PDF is here). First, he unpacked the malware using Ollydbg. Packers are used to obfuscate the actual malware code so that it’s harder for antivirus to pick it up. After taking a good look at the assembly, he executed the code. He used Wireshark to monitor the network traffic and determine what URL the malware was trying to reach. He changed the hostname to point at an IRC server he controlled. Eventually he would be able to issue botnet control commands directly to the malware. We look forward to seeing what next year’s contest will bring.