Rodney Campbell's Blog

The Biggest Ever BitTorrent Leak: MediaDefender Internal Emails Go Public

The company MediaDefender works with the RIAA and MPAA against piracy, setting up fake torrents and trackers and disrupting p2p traffic. Previously, the TorrentFreak site accused them of setting up a fake internet video download site designed to catch and bust users. MediaDefender denied the entrapment charges. Now 700MB of MediaDefender’s internal emails from the last 6 months have been leaked onto BitTorrent trackers. The emails detail their entire plan, including how they intended to distance themselves from the fake company they set up and future strategies.

Time Running Out for Public Key Encryption

Two research teams have independently made quantum computers that run the prime-number-factorising Shor’s algorithm — a significant step towards breaking public key cryptography.

Exploit code appears for Microsoft Agent bug

Less than 24 hours after Microsoft released September’s security patches, a proof-of-concept JavaScript exploit code that attacks Microsoft Agent was posted online.

Security expert used Tor to collect government e-mail passwords

Last month, Swedish security specialist Dan Egerstad exposed the passwords and login information for 100 e-mail accounts on embassy and government servers. In a blog entry today, Egerstad disclosed his methodology. He collected the information by running a specialized packet sniffer on five Tor exit nodes operated by his organization, Deranged Security.

PIRANA – Exploitation Framework for Email Content Filters

PIRANA is an exploitation framework that tests the security of a email content filter. By means of a vulnerability database, the content filter to be tested will be bombarded by various emails containing a malicious payload intended to compromise the computing platform.

Skype Worm Infects Windows PCs

A worm spreading to Windows PCs through Skype’s IM. The worm is variously called Ramex.a and Pykspa.d.

Independent iPhone Free Software Unlock Achieved

iPhone hackers have released a free software unlock for the iPhone. Apparently there are two solutions – a script based on ieraser, and the other is called iUnlock.

Know Your Enemy: Malicious Web Servers

In this paper, we examine client-side attacks and evaluate methods to defend against client-side attacks on web browsers.

Skype Linux Reads Password and Firefox Profile

Users of Skype for Linux have just found out that it reads the files /etc/passwd, firefox profile, plugins, addons, etc, and many other unnecessary files in /etc.

Student cracks Government’s $84m porn filter

Tom Wood, 16, said it took him just over 30 minutes to bypass the Government’s filter, released on Tuesday.

Point, Click … Eavesdrop – How the FBI Wiretap Net Operates

The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device.

Virtualized rootkits – Part 1 and Part 2

There has been a lot of buzz around the topic of virtualized rootkits. Joanna Rutkowska has been working on a new version of Blue-Pill, her proof of concept invisible rootkit, while a team made by three prominent security experts (Thomas Ptacek, Nate Lawson, Peter Ferrie) challenged her that there is not an “invisible” rootkit.

Nothing new here – Monster.com hacked

1.6 million records with personal info uploaded to remote webserver.

Good Articles on CAPTCHAs

Mark Burnett has a few good articles on the CAPTCHA. Check the articles out here and here. They do a good job at explaining some of the high level problems with CAPTCHAs but don’t be fooled, this is only the tip of the iceburg as I’m sure Matt would agree.

Book Review: Network Warrior

Entry level certifications such as the Cisco Certified Network Associate (CCNA) have become the source of many jokes to people in the industry, largely because of the seemingly inept people that proudly display their certifications. This is made worse by the volume of books geared only to get people through the exam. Network Warrior bills itself as the exact opposite — if the subtitle is to be believed it contains “Everything You Need to Know That Wasn’t on the CCNA Exam”. I actually bought this book the other day but havn’t read it yet – looking forward to it though.

Latest anti-virus and anti-malware products testing results

Veteran tester Andreas Marx has done another major test of 29 anti-virus and anti-malware products, and it’s worth taking a look at — notwithstanding the caveat that it’s only using the on-demand capabilities of the scanner (as opposed to real-time protection, which is another bulwark in an antivirus program’s defense of a system).

Some common misconceptions about ARP cache poisoning

In this article I comment on a few misconceptions about ARP cache poisoning that I come across from time to time, even from people who know what ARP cache poisoning is and (more or less) how it works.

Evil Java Full-Screen PopUp

10 claims that scare security pros

A child with a chocolate-smeared shirt says, “I didn’t do it.” The phone rings, and Mom assures you, “There’s nothing to worry about.” A systems administrator carrying a box of tapes says, “We’ll have everything back up in a few minutes.” Sometimes the first words you hear — despite their distance from the truth — tell you everything you need to know.

Designs for taking on criminals

The UK government has unveiled its latest weapon in the fight against crime – designers. Police are confident that innovative design can help reduce the risk of theft and burglary.