inspired by grissom – brain::dump https://mla.apob.net Wed, 04 Jan 2006 09:23:21 +0000 de hourly 1 https://wordpress.org/?v=6.7.2 How To Get Your Network Hacked in 10 Easy Steps https://mla.apob.net/2006/01/04/how-to-get-your-network-hacked-in-10-easy-steps/ Wed, 04 Jan 2006 09:23:21 +0000 http://mla.apob.net/blog/archives/2006/01/04/how-to-get-your-network-hacked-in-10-easy-steps/ While browsing through some website content I found a TechEd 2005 presentation which contained the following slide:

How To Get Your Network Hacked in 10 Easy Steps

1. Don’t patch anything
2. Run unhardened applications
3. Use one admin account, everywhere
4. Open lots of holes in the firewall
5. Allow unrestricted internal traffic
6. Allow all outbound traffic
7. Don’t harden servers
8. Reuse your passwords
9. Use high-level service accounts, in multiple places
10. Assume everything is OK

Go ahead, make my day!

]]> Attn: SPAMMERS https://mla.apob.net/2005/01/19/attn-spammers/ Wed, 19 Jan 2005 07:20:32 +0000 http://mla.apob.net/blog/archives/2005/01/19/attn-spammers/ Hello you naughty spammer,

I’m very sorry but you won’t be able to spam me again. Never.

I wonder what use this kind of spam has. What’s the use of spam anyway? Ahhh… I see, to generate nice stats graphs. 😉

Good Day Mr Spammer.

]]> Knack den Code! https://mla.apob.net/2004/12/22/knack-den-code/ Wed, 22 Dec 2004 16:23:48 +0000 http://mla.apob.net/blog/archives/2004/12/22/knack-den-code/ Der Ingenieur Rolf Jentzsch glaubt ein unknackbares Chiffrierverfahren entwickelt zu haben. Im Rahmen eines Wettbewerbes hat er einen Preis von 10.000 Euro für denjenigen ausgelobt, dem es als ersten gelingt, eine damit verschlüsselte Datei zu entschlüsseln. Der Wettbewerb läuft noch bis zum 31.12.2005, bietet also noch ausreichend Zeit, die Datei einer Analyse zu unterziehen. Allerdings gibt es keine näheren Angaben zu dem Verfahren — es wird auch nicht offengelegt. Die Teilnehmer müssen sich darauf verlassen, dass alles mit rechten Dingen zugeht und nicht etwa ein One-Time-Pad-Verfahren dahinter steckt.

Jentzsch hat sein Verfahren nach eigenen Angaben während des Kalten Krieges in der ehemaligen DDR erfunden, um mit Freunden und Bekannten zu kommunizieren und ihre Privatsphäre zu schützen. Der Autor ist zwar Ingenieur, in Bezug auf Kryptologie aber ein Autodidakt. In der Vergangenheit waren derartige Entwicklungen im Selbststudium selten von Erfolg gekrönt. Weitere Einzelheiten und Teilnahmebedingungen des Wettbewerbs hält die Technische Universität Darmstadt auf ihren CrypTool-Seiten bereit: Krypto-Wettbewerb — Jentzsch’s Verschlüsselungsaufgabe.

zZqSfyrX84hZ?9Njtueu2s4DuyLGuEOwFGjbvzfbWyPLHPkfabqrgUeQfnqbjsja
cljSyIuAlz8LhHjyAI6vKvwcjfOcJT3vwouLwgvrwgssJOemwDhMWH4DBDhsfw1P
WaLKYIjDjMbn6yjI6aeQcMhbw98PeQJH3T3DhwgEhzAmeraswrbrxlisaQiE0qfL
wfwD31tk6auLmEAmqU0yPXdeqoKvwUNA6v5GLH4D0aqifshv5LP8yPK0LLaz8mdz
Pvs2PPKu0qhvZcKT1yyD0rqvbrnwGT3I1vdbyL0r10jHhD3HxnHKunJKdKbqeUMg
rEuDhrGugU0ilmZCkawE1v3vKKWHfLPG0CTLwnZDywgE5m4rZLKvjm0yPvgEhM3D
tDZQajYWatnNSfX8KXvb0KtyizvjPLwrhU0KashE1myEjr1yvBvyiE0LtefjpcvD
3LfQwILc3r1miI5syLqa0y7X0aWTJPLK7HmzzbgsyILvjbjGhLaCiv0qPLgswEuj
vIvaykOswEeD3H01faMIKHxlU43Dxbb8yKsA8CkzyjiEhrHHeCPuvEhFvraC1r3r
fK3Lqj1oqy1H4PHT3THJKIjMfu0GKA4rfCfz5DmCOE3LwvdaXalzvK1LyAmqwQXL
JvXGvGxsaLK1YcwnWD3D1yyfJuhfisJu7CLvXEhzLLZHejjE5mg2lrxjvGuy5a1o
qruq0LuucIey4H5HuV3rqC3vgQgEunvTzbwxaIfs3Ls./
bH!34iqWIIwHZPVL0ynEhLayPvhZrbXKHvWqteisxb8ifs5y5czoqayQGKPTqs0G
LK0DeyLuJH3D1mhnzkfvGvxf3D5T3LsAPXaq1DPWZmgpGv1qwMQ9yahw4vzeBoae
3rPvty4I6CjChvcI0HP2fD4vhb1CeGhs2gdLhbkHxl1iLLGunwZmcsKHkuasMdaD
0vdzQv1svyiv3HjM?Ztivu9eeb5HBaGvyUGHjC3cumdvwwtgayLLzEhMitwIhn3H
PGhzvHyLgwGv1mWaWHmmjqqDiMJ05C4QMExbkiPLBPMcfvZTYsuzPGizQFvahR3D
jyPLdazzCmwr6qKHSKhE3D3DewJE4DhLG/…/

Quelle: Heise Online vom 22.12.2004 (direkt zum Artikel)

]]> what Freud said about sex https://mla.apob.net/2004/10/07/what-freud-said-about-sex/ Thu, 07 Oct 2004 18:15:53 +0000 http://mla.apob.net/blog/archives/2004/10/07/what-freud-said-about-sex/

Freud said that the only unusual sexual behavior was not to have any at all. After that, it was only a matter of opportunity and preference.

I’m just wondering why so little people know about this as everybody seems to like citing Freud.
For myself I would like an opportunity satisfying my preference, just once in a while. Or an opportunity. No preference.

Okay, that’s not true. I DO have a preference. See: crush.

]]> SHA-1 Break Rumored https://mla.apob.net/2004/08/18/sha-1-break-rumored/ Wed, 18 Aug 2004 11:32:36 +0000 http://mla.apob.net/blog/archives/2004/08/18/sha-1-break-rumored/ There’s a rumor circulating at the Crypto conference, which is being held this week in Santa Barbara, that somebody is about to announce a partial break of the SHA-1 cryptographic hashfunction. If true, this will have a big impact, as I’ll describe below. And if it’s not true, it will have helped me trick you into learning a little bit about cryptography. So read on….

SHA-1 is the most popular cryptographic hashfunction (CHF). A CHF is a mathematical operation which, roughly speaking, takes a pile of data and computes a fixed size „digest“ of that data. To be cryptographically sound, a CHF should have two main properties. (1) Given a digest, it must be essentially impossible to figure out what data generated that digest. (2) It must be essentially impossible to find find a „collision“, that is, to find two different data values that have the same digest.

CHFs are used all over the place. They’re used in most popular cryptographic protocols, including the ones used to secure email and secure web connections. They appear in digital signature protocols that are used in e-commerce applications. Since SHA-1 is the most popular CHF, and the other popular ones are weaker cousins of SHA-1, a break of SHA-1 would be pretty troublesome. For example, it would cast doubt on digital signatures, since it might allow an adversary to cut somebody’s signature off one document and paste it (undetectably) onto another document.

At the Crypto conference, Biham and Chen have a paper showing how to find near-collisions in SHA-0, a slightly less secure variant of SHA-1. On Thursday, Antoine Joux announced an actual collision for SHA-0. And now the rumor is that somebody has extended Joux’s method to find a collision in SHA-1. If true, this would mean that the SHA-1 function, which is widely used, does not have the cryptographic properties that it is supposed to have.

The finding of a single collision in SHA-1 would not, by itself, cause much trouble, since one arbitrary collision won’t do an attacker much good in practice. But history tells us that such discoveries are usually followed by a series of bigger discoveries that widen the breach, to the point that the broken primitive becomes unusable. A collision in SHA-1 would cast doubt over the future viability of any system that relies on SHA-1; and as I’ve explained, that’s a lot of systems. If SHA-1 is completely broken, the result would be significant confusion, reengineering of many systems, and incompatibility between new (patched) systems and old.

We’ll probably know within a few days whether the rumor of the finding a collision in SHA-1 is correct.

]]> while thinking about the world i live in… https://mla.apob.net/2004/08/17/while-thinking-about-the-world-i-live-in/ Tue, 17 Aug 2004 20:28:37 +0000 http://mla.apob.net/blog/archives/2004/08/17/while-thinking-about-the-world-i-live-in/
„There is no spoon!“

]]> This could be a real Grissom! https://mla.apob.net/2004/07/27/this-could-be-a-real-grissom/ Tue, 27 Jul 2004 19:23:27 +0000 http://mla.apob.net/blog/archives/2004/07/27/this-could-be-a-real-grissom/ An nì a thig leis a’ghaoith, falbhaidh e leis an uisge.
What comes with the wind will go with the water.

]]> https://mla.apob.net/2004/07/19/4743/ Mon, 19 Jul 2004 19:14:45 +0000 http://mla.apob.net/blog/archives/2004/07/19//

„If you chase two rabbits, you lose them both.“

Gil Grissom

]]>