HAHAHA eu sou fã desse cara!!!
Archive for November, 2007
30 Nov
Bjork – It’s Oh So Quiet
Shhhh, Shhhh
It’s, oh, so quiet shh,shh
It’s, oh, so still shh,shh
You’re all alone shh, shh
And so peaceful until…
You fall in love
Zing boom
The sky up above
Zing boom
Is caving in
Wow bam
You’ve never been so nuts about a guy
You wanna laugh you wanna cry
You cross your heart and hope to die
‘Til it’s over and then
Shhh, Shhh
It’s nice and quiet
Shhh, Shhh
But soon again
Shhh, Shhh
Starts another big riot
You blow a fuse, zing boom
The devil cuts loose, zing boom
So what’s the use, wow bam
Of falling in love
It’s, oh, so quiet
It’s, oh, so still
You’re all alone
And so peaceful until…
You ring the bell, bim bam
You shout and you yell, hi ho ho
You broke the spell
Gee, this is swell you almost have a fit
This guy is “gorge” and I got hit
There’s no mistake this is it
‘Til it’s over and then
It’s nice and quiet
Shhh, Shhh
But soon again
Shhh, Shhh
Starts another big riot
You blow a fuse
Zing boom
The devil cuts loose
Zing boom
So what’s the use
Wow bam
Of falling in love
The sky caves in
The devil cuts loose
You blow blow blow blow blow your fuse ahhh
When you’ve fallen in love
Ssshhhhhh…
28 Nov
Ich bin ein GummyBeaaar
Hey which of these langs. do you prefer??
ENGLISH
GERMAN
FRENCH
HUNGARIAN [[[WTF!! LOL]]]
SWEDISH
SPANISH Oh nooooo!!
28 Nov
Help me give this site the look you want
Hey fellaz, I’ve been creating some stuff on The Gimp for this blog and I wonder if you would like to contribute to give this full-of-nothing-blog a better look, images are 700×225. Well then.. there you go:
28 Nov
There goes the past
I’m really really really pissed off today. Last night I was told they’re going to demolish our so famous stadium because they find it better to build a new one instead of fixing the old one. Here’s my 2 cents… I think brazilians have no respect to their country, they’d rather see a new building over one within its own history. There’s been an accident recently which got around 8 people dead and some more wounded. The accident took place during a game in Fonte Nova stadium, our local and most famous stadium at Salvador – Bahia.
Now I was told they’re going to demolish such a beauty and build a new one – their excuse being that it would cost the same thing to either repair or build an all new stadium. It’s not a matter of price, in my opinion, the real value of that stadium consists of its history. Great soccer players (ie, Pelé) have played there and now our government’s about to destroy part of our history.
Funny that my friends actually laughed at me when i compared the stadium to landmarks such as Cristo Redentor in Rio de Janeiro, or the Copan Building in São Paulo, or even our so loved Barra Lighthouse. They have no love for a thing that’s just there in front of their eyes, and being demolished soon! I mean, why would they give so much love to Cristo Redentor when they can’t even recognize how beautiful OUR patrimony is? And their love towards a landmark outside our state, is it of any worth at all? I don’t really think so. You must love yourself before you even think of starting to love other people. Love your house before loving your neighbor’s. That’s what I think.
I would really like that people in this country had a little more respect towards the country itself. Sometimes it feels like we’re here for nothing. So please, SAVE OUR HISTORY! Keep things as beauty (or even odd) as they are! Lets make things better, not new! I’d like to get older and see that stadium and be able to tell my children (which I ain’t got so far! lol) that stadium is like 100 years old. I would love telling them it was one of the things that stole my heart the first time I’d been in this city. It won’t happen, people won’t rememeber though. From now on Brazil has no long-term memory… It has never had anyway…
As usual, talking never works out, people will always forget and we’ll forever keep on walking at the same backwards pace we’ve been on since colonization times… Sad? Yes. True? Perhaps it depends on your point of view.
26 Nov
A Hackeagem do Ano
Em Agosto, um hacker sueco, Dan Egerstad, ganhou acesso à informações confidenciais presentes em emails de embaixadas e contas corporativas. Elas foram capturadas de grupos hackers ? Ou foram utilizadas por espiões ? Patrick Gray investiga a hackeagem mais sensacional do ano de 2007.
NÃO era pra ser tão fácil. O hacker sueco Dan Egerstad infiltrou-se numa rede global de comunicações que continha informaçoes geralmente importantes de várias embaixadas espalhadas por todo o mundo. Foram necessários apenas alguns minutos, utilizando ferramentas livremente disponíveis para download na internet.
Ele diz que não infringiu nenhuma lei.
Em tempo, Egerstad obteve acesso a 1000 contas de email de alto valor. Ele futuramente postaria um conjunto de 100 emails confidenciais, logins e senhas; na internet, para criminosos, espiões ou apenas adolescentes curiosos por emails corporativos e governamentais.
A pergunta de todos era: como ele consegui isso ? A resposta veio mais de uma semana depois. O consultor de segurança sueco de 22 anos meramente instalou softwares de codigo fonte aberto – chamado de Tor = em cinco computadores de seu data center em torno do mundo e os monitorou. Ironicamente, o Tor foi desenhado para previnir que serviços de inteligência, corporações e hackers de todo o mundo determinem a localizaçao física e virtual da pessoa que o utiliza.
“Utilizar o Tor é como ter um bloqueador de chamadas para seu endereço da internet” diz Shava Nerald, diretor de desenvolvimento do projeto Tor. “Tudo que ele faz é esconder de onde você está se comunicando.”
O Tor foi desenvolvido pela marinha americana para permitir que seus funcionários escondessem sua localização das páginas da web e servições online quando eles estivessem fora do país. Ao baixar o simples programa, os funcionarios poderiam esconder seu endereço de internet de seus computadores – o numero que permite que páginas da web e serviços de inteligência determinem a localização do usuário.
Então a marinha percebeu que o Tor deveria ser levado além das forças armadas. “O problema é, se você torna o Tor uma ferramenta apenas utilizada pelos militares, seu uso indicaria que a pessoa é um militar”, diz Nerad.
Então o Tor foi levado à domínio público. Ele agora é mantido e distribuido por uma caridade registrada como ferramenta de código fonte aberto que qualquer um pode livremente baixar e instalar. Centenas de milhares de usuários da internet já instalaram o Tor, de acordo com o website do projeto.
Na maioria são funcionários que querem navegar por sites pornográficos anonimamente. “Se você analizar o tráfego, é apenas pornô” disse Egerstad à Next por telefone. “É meio triste”.
No entanto, Dmitri Vitaliev, um profissional de segurança nascido na Rússia e educado na Austrália, e que agora vive no Canadá, diz que o Tor e uma ferramenta vital para lutar pela democracia. Vitaliev treina ativistas de direitos humanos como manterem-se seguros dos regimes opressivos online. “É incrivelmente importante”, ele diz em um chat por Skype, de um estado desconhecido chamado Transnistria, uma região da Moldovia onde ele assiste grupos locais contra o tráfico de mulheres. “A anonimidade é uma grande vantagem em países que vigiam ativistas.”
Ele é também utilizado para burlar a censura de páginas da web em mais de 20 países que restringem o acesso a páginas de cunho político e de direitos humanos, ele diz.
O Tor funciona conectando as requisições de sues usuários de modo aleatório à nós da rede Tor. Qualquer pessoa pode rodar um nó do Tor, o qual passa o tráfego do usuário para outros nós como dados encriptados que não podem ser interceptados.
Quando os dados do usuário atingem a ponta da rede tor, após passarem por vários nós, estes aparecem no outro lado já desencriptados, em modo legível. Egerstad conseguiu por as mãos em informações confidenciais ao rodar um nó de saída do Tor e monitorar o tráfego que passava por ele.
O problema, de acordo com Vitaliev, é que alguns usuários do Tor acreditam que seus dados estão protegidos de ponta a ponta. “Como em muitas outras tecnologias da internet, suas vulnerabilidades não são tão bem compreendidas por quem as mais utiliza e necessita.”, diz ele.
… é isso galera, caso vocês queiram saber mais leiam o artigo original, em inglês (no post anterior: The Hack of the Year)
26 Nov
The Hack of the Year
This article’s been taken from: http://www.smh.com.au/technology/
In August, Swedish hacker Dan Egerstad gained access to sensitive embassy, NGO and corporate email accounts. Were they captured from the clutches of hackers? Or were they being used by spies? Patrick Gray investigates the most sensational hack of 2007.
IT WASN’T supposed to be this easy. Swedish hacker Dan Egerstad had infiltrated a global communications network carrying the often-sensitive emails of scores of embassies scattered throughout the world. It had taken him just minutes, using tools freely available for download on the internet.
He says he broke no laws.
In time, Egerstad gained access to 1000 high-value email accounts. He would later post 100 sets of sensitive email logins and passwords on the internet for criminals, spies or just curious teenagers to use to snoop on inter-governmental, NGO and high-value corporate email.
The question on everybody’s lips was: how did he do it? The answer came more than a week later and was somewhat anti-climactic. The 22-year-old Swedish security consultant had merely installed free, open-source software – called Tor – on five computers in data centres around the globe and monitored it. Ironically, Tor is designed to prevent intelligence agencies, corporations and computer hackers from determining the virtual – and physical – location of the people who use it.
“Tor is like having caller ID blocking for your internet address,” says Shava Nerad, development director with the Tor Project. “All it does is hide where you’re communicating from.”
Tor was developed by the US Navy to allow personnel to conceal their locations from websites and online services they would access while overseas. By downloading the simple software, personnel could hide the internet protocol address of their computers – the tell-tale number that allows website operators or intelligence services to determine a user’s location.
Eventually the navy realised it must take Tor beyond the armed forces. “The problem is, if you make Tor a tool that’s only used by the military . . . by using Tor you’re advertising that you’re military,” Nerad says.
So Tor was cast into the public domain. It is now maintained and distributed by a registered charity as an open-source tool that anyone can freely download and install. Hundreds of thousands of internet users have installed Tor, according to the project’s website.
Mostly it is workers who want to browse pornographic websites anonymously. “If you analyse the traffic, it’s just porn,” Egerstad told Next by phone from Sweden. “It’s kind of sad.”
However, Dmitri Vitaliev, a Russian-born, Australian-educated computer security professional who lives in Canada, says Tor is a vital tool in the fight for democracy. Vitaliev trains human-rights campaigners on how to stay safe when online in oppressive regimes. “It’s incredibly important,” he said in a Skype chat from the unrecognised state of Transnistria, a breakaway region in Moldova where he’s assisting a local group working to stop the trafficking of women. “Anonymity is a high advantage in countries that perform targeted surveillance on activists.”
It’s also used to bypass website censorship in more than 20 countries that censor political and human rights sites, he says.
Tor works by connecting its users’ internet requests, randomly, to volunteer-run Tor network nodes. Anyone can run a Tor node, which relays the user’s traffic through other nodes as encrypted data that can’t be intercepted.
When the user’s data reaches the edge of the Tor network, after bouncing through several nodes, it pops out the other side as unencrypted, readable data. Egerstad was able to get his mitts on sensitive information by running an exit node and monitoring the traffic that passed through it.
The problem, says Vitaliev, is some Tor users assume their data is protected from end to end. “As in pretty much any other internet technology, its vulnerabilities are not well understood by those who use it (and) need it most,” he says.
The discovery that sensitive, government emails were passing through Tor exit nodes as unencrypted, readable data was only mildly surprising to Egerstad. It made sense – because Tor documentation mentions “encryption”, many users assume they’re safe from all snooping, he says.
“People think they’re protected just because they use Tor. Not only do they think it’s encrypted, but they also think ‘no one can find me’,” Egerstad says. “But if you’ve configured your computer wrong, which probably more than 50 per cent of the people using Tor have, you can still find the person (on) the other side.”
Initially it seemed that government, embassy, NGO and corporate staffers were using Tor but had misconfigured their systems, allowing Egerstad to sniff sensitive information off the wire. After Egerstad posted the passwords, blame for the embarrassing breach was initially placed on the owners of the passwords he had intercepted.
However, Egerstad now believes the victims of his experiment may not have been using Tor. It’s quite possible he stumbled on an underground intelligence gathering exercise, carried out by parties unknown.
“The whole point of the story that has been forgotten, and I haven’t said much about it, (is that) many of these accounts had been compromised,” he says. “The logins I caught were not legit users but actual hackers who’d been reading these accounts.”
In other words, the people using Tor to access embassy email accounts may not have been embassy staff at all. Egerstad says they were computer hackers using Tor to hide their origins from their victims.
The cloaking nature of Tor is appealing in the extreme to computer hackers of all persuasions – criminal, recreational and government sponsored.
If it weren’t for the “last-hop” exit node issue Egerstad exposed in such a spectacular way, parties unknown would still be rifling the inboxes of embassies belonging to dozens of countries. Diplomatic memos, sensitive emails and the itineraries of government staffers were all up for grabs.
After a couple of months sniffing and capturing information, Egerstad was faced with a moral dilemma: what to do with all the intercepted passwords and emails.
If he turned his findings over to the Swedish authorities, his experiment might be used by his country’s intelligence services to continue monitoring the compromised accounts. That was a little too close to espionage for his liking.
So Egerstad set about notifying the affected governments. He approached a few, but the only one to respond was Iran. “They wanted to know everything I knew,” he says. “That’s the only response I got, except a couple of calls from the Swedish security police, but that was pretty much all the response I got from any authority.”
Frustrated by the lack of a response, Egerstad’s next step caused high anxiety for government staffers – and perhaps intelligence services – across the globe. He posted 100 email log-ins and passwords on his blog, DEranged Security. “I just ended up (saying) ‘Screw it, I’m just going to put it online and see what happens’.”
The news hit the internet like a tonne of bricks, despite some initial scepticism. The email logins were quickly and officially acknowledged by some countries as genuine, while others were independently verified.
US-based security consultant – and Tor user – Sam Stover says he has mixed feelings about Egerstad’s actions. “People all of a sudden (said) ‘maybe Tor isn’t the silver bullet that we thought it was’,” Stover says. “However, I’m not sure I condone the mechanism by which that sort of information had to be exposed in order to do that.”
Stover admits that he, too, once set up a Tor exit node. “It’s pretty easy . . . I set it up once real quick just to make sure that I could see other people’s traffic and, sure enough, you can,” he says. “(But) I’m not interested in that sort of intelligence gathering.”
While there’s no direct evidence, it’s possible Egerstad’s actions shut down an active intelligence-gathering exercise. Wired.com journalist Kim Zetter blogged the claims of an Indian Express reporter that he was able to access the email account for the Indian ambassador in China and download a transcript of a meeting between the Chinese foreign minister and an Indian official. In addition to hackers using Tor to hide their origins, it’s plausible that intelligence services had set up rogue exit nodes to sniff data from the Tor network.
“Domestic, or international . . . if you want to do intelligence gathering, there’s definitely data to be had there,” says Stover. “(When using Tor) you have no idea if some guy in China is watching all your traffic, or some guy in Germany, or a guy in Illinois. You don’t know.”
Egerstad is circumspect about the possible subversion of Tor by intelligence agencies. “If you actually look in to where these Tor nodes are hosted and how big they are, some of these nodes cost thousands of dollars each month just to host because they’re using lots of bandwidth, they’re heavy-duty servers and so on,” Egerstad says. “Who would pay for this and be anonymous?”
While Stover regards Tor as a useful tool, he says its value is greatly overestimated by those who promote and use it. “I would not use or recommend the tool to hide from people between you and your endpoint. It’s really purely a tool to hide from the endpoint,” he says.
As a trained security professional, Stover has the nous to understand its limitations, he says. Most people don’t.
The lesson remains but the data Egerstad captured is gone, the Swedish hacker insists. He’s now focusing on his career as a freelance security consultant. “I deleted everything I had because the information I had was belonging to so many countries that no single person should have this information so I actually deleted it and the hard drives are long gone,” he says.
Patrick Gray’s interviews with Dan Egerstad and Sam Stover can be heard in his podcast from http://ITRadio.com.au/security.
Recent Comments