Fake Bittorrent Trackers

In a predictable move the MPAA has started hosting fake trackers online through it’s various 3rd party shell corporations/online gangs like MediaEnforcers.

Here is a sample of the latest trackers that are setup to collect IP addresses from anyone who downloads from them.

* I don’t know why wordpress insists on adding break tags to the end of each line…

First pseudo virus

program virus:=

subroutine infect-executable:=
{loop:file = get-random-executable-file;
if first-line-of-file = 1234567 then goto loop;
prepend virus to file;

subroutine do-damage:=
{whatever damage is to be done}

subroutine trigger-pulled:=
{return true if some condition holds}

if trigger-pulled then do-damage;
goto next;}


— http://www.all.net/books/virus/part2.htm…

More interesting javascript exploit code



package org.owasp.webscarab;

* Retrieves the license information for any OWASP source file.
* It prints out the GNU Public License and provides a static
* String that contains the GPL, version 2.
* @since beta 1
* @version beta 1
CVS $Release$ $Author: rogan $
* @author GNU
* @author ingo@ingostruck.de

Data Point on Vulnerability Research

From the Sun Java .gif parsing vulnerability

— Disclosure Timeline:
2006.06.16 – Vulnerability reported to vendor
2006.12.18 – Digital Vaccine released to TippingPoint customers
2007.01.16 – Coordinated public release of advisory

— Credit:
This vulnerability was discovered by an anonymous researcher.

This vulnerability existed on the internet for half a year before a patch was issued. What are the chances that certain sites were serving out this exploit? I recently investigated an adult chat site that used a java client and was flagged for serving out other malware. I’m not making any claims here but throwing out some questions.

Also the credit is interesting to me. In the past credit was very much like academic citations. Researchers didn’t get paid for their work (just like academics don’t get paid to publish in journals) but receive a citation in the advisory. At worst one would create a handle and use that for advisories.

Wikimedia wiki security analysis (session ID)

I realized a few days ago that I have not kept up on web pen testing techniques lately and have been falling behind. I picked up a copy of “The Art of Software Security Testing” and started reading through the chapters. The XSS and SQL injection examples were interesting although a little too basic for my taste. The session ID mapping caught my eye since I don’t have much expierence with visualizing data. After reading through the example I poked around online and found the OWASP WebScarab project had really gone above and beyond where it was a year or two ago. The tool now meets or exceeds the functionality of Webproxy (now disappeared by Symantec). In particular there is a great built in SessionID analyzer which grabs the sessionID and then generates more. A graph is then generated from these results. I decided to take a look at a wikimedia server since I run one. The sessionID are sufficiently complex!

wikimedia sessionID complexity graph

For those not familiar with this technique it involves taking the sessionID values and converting them into numbers then plotting the results. The human eye is fantastic at detecting patterns that computers don’t “see”. Another commercial site I was browsing around on earlier used an internal ID tracker (not the sessionID thankfully) and the values were incremented predictably. The result on the graph was a slanted line pointing up at about 45 degrees.

Update on the Mixtape Mafia

I contacted the Fulton Sheriffs department and was able to speak with a public affairs officer who sent me the following:

Tyree Simmons, AKA DJ Drama, Age 28, Warrant #-256458MC
Donald Cannon, Age 27, Warrant #-256456MC
Fulton County Warrants for R.I.C.O. violations related to copyright infringement (OCGA 16-14-4-RICO).
Prohibited activities
(a) It is unlawful for any person, through a pattern of racketeering activity or proceeds derived therefrom, to acquire or maintain, directly or indirectly, any interest in or control of any enterprise, real property, or personal property of any nature, including money.

(b) It is unlawful for any person employed by or associated with any enterprise to conduct or participate in, directly or indirectly, such enterprise through a pattern of racketeering activity.

(c) It is unlawful for any person to conspire or endeavor to violate any of the provisions of subsection (a) or (b) of this Code section.

I was sent the same information by Major E. A. (Skip) Platt, Commander, Warrant/Service Division SWAT, EOD and Crisis Negotiations. He was very informative and seemed to be aware of the differences between making exact duplications of a copyrighted work and creating transformative works such as a mix tape. I can only hope the prosecutor who winds up with this case will be as insightful. One thing he mentioned has stuck with me. Repeating a crime such as distribution of a copyrighted material more then once can be considered a RICO violation under GA law. I have to wonder if RIAA knew this full well and decided to pursue this particular case because GA was so liberal in procsecuting this. I also have to wonder how many people on the internet are now guilty of RICO violations should they ever step foot in GA.

Mixtape DJs arrested

I suppose this type of thing is bound to happen. RIAA persuaded Fulton County officials into charging a pair of mixtape DJs with charges of racketeering. I don’t have the actual indictment in my hands yet (I have to write a request first) but managed to find out some details by searching for racketeering laws in GA. I found this under the state page defining rackeeting and includes the subsection

(xx) Code Section 16-8-60, relating to unauthorized transfers and reproductions of recorded material;

Ironically the State of GA doesn’t want to maintain an online copy of their own legal code and has given that to the Lexis Nexis company. So I can’t provide you with a direct link to the laws that I found. If you go to this URL you can search for the term “O.C.G.A. § 16-8-60” and see the same thing I did.

I haven’t heard of these two before today but from what I read online they don’t reproduce albums. They are hip-hop artists so they sample instrumentals from other underground and known hip hop albums and rhyme on top of it. Their works are highly transformative and significantly different then the originals. So let’s be clear what the State of GA is doing on behalf of the RIAA and it’s own citizens.

Violation of this Code section is a felony and is punishable upon conviction by a fine of not more than $25,000.00 or by imprisonment for not less than one year nor more than two years, or both fine and imprisonment

For selling mix tapes the laws on the books consider civil death a fair punishment. If you watch the video you will see a ‘psuedo-agent’ from the RIAA anti piracy unit. I noticed that Matthew Kilgo of the RIAA made sure to point out the website (which hints at interstate commerce) and then says CD’s have a 900% markup. The unnamed sheriff (Maj E.A Platt of the Fulton County Sheriffs Department) wearing an FBI academy lanyard tried to hint at drugs or weapons even though none were found. Fox news put the name plate up on the wrong person (ironically over the RIAA psuedo agent) and this is really telling of how the media portrays corporate funded organizations like RIAA. The RIAA is not a police organization although they seem to have a lot of the powers that the police do (investigation and searches) yet none of the contraints.

If you live in Atlanta please contact me or go to the Superior Court and ask for the indictment of case # 07cp62002 and send it to me. There is almost 0 coverage in the mainstream media and most of the information is vague.

HD torrents hit public trackers

This fairly well known tracker is now carrying HD movie torrents. These movies weigh in at over 20GB each. While studios that are supporting HD may start freaking out over the distribution online I will wager that the fact HD can be backed up will actually lead to the success of the format over rival BlueRay

HD Torrents

Beansec 5 is tomorrow

See you there.
image provided by google maps
Enormous Room: 567 Mass Ave, Cambridge 02139