Hacker Typer
Ever wanted to type like a hacker?
Just go bang away on your keyboard then >> hackertyper.net
Clients From Hell
Ran across this site the other day. /clientsfromhell.net
CLIENT: We have looked at your PHP source code and I am a little upset.
ME: Why is that? What’s wrong?
CLIENT: You have used die(); everywhere, do you secretly want me to die?
-
“Thanks for sending the files over, I was able to download them, but my computer is not MP3-able. My computer is a Sony Vaio, so could you please send them over in VAIO format? Thanks.”
Sourceforge Attacked – Full Report
I dont know who the fuck would want to hack sourceforge, when they have been helping the open source community for ever!! go hack something useful
As we’ve previously announced, SourceForge.net has been the target of a directed attack. We have completed the first round of analysis, and have a much more solid picture of what happened, the extent of the impact, our plan to reduce future risk of attack. We’re still working hard on fixing things, but we wanted to share what we know with the community.
We discovered the attack on Wednesday, and have been working hard to get things back in order since then. While several boxes were compromised we believe we caught things before the attack escalated beyond its first stages.
Our early assessment of which services and hosts were impacted, and the choice to disable CVS, ishell, file uploads, and project web updates appears to have prevented any further escalation of the attack or any data corruption activities.
We expect to continue work on validating data through the weekend, and begin restoring services early next week. There is a lot of data to be validated and these tests will take some time to run. We’ll provide more timeline information as we have more information.
We recognize that we could get services back online faster if we cut corners on data validtion. We know downtime causes serious inconveniences for some of you. But given the negative consequences of corrupted data, we feel it’s vital to take the time to validate everything that could potentially have been touched.
Attack Description
The general course of the attack was pretty standard. There was a root privilege escalation on one of our platforms which permitted exposure of credentials that were then used to access machines with externally-facing SSH. Our network partitioning prevented escalation to other zones of our network.
This is the point where we found the attack, locked down servers, and began work on analysis and response.
Immediate Response
Our first action response included many of the standard steps:
* analysis of the attack and log files on the compromised servers
* methodically checking all other services and servers for exploits
* further network lockdown and updating of server credentials
Service shutdown
Once we knew the attack was present, we locked down the impacted hosts, so that we could reduce the risk of escalation, from those servers to other hosts, and prevent possible data gathering activities.
This strategy resulted in service downtime for:
* CVS Hosting
* ViewVC
* New Release upload capability
* ProjectWeb/shell
Password invalidation
Our analysis uncovered (among other things) a hacked SSH daemon, which was modified to do password capture. We don’t have reason to the attacker was successful in collecting passwords. But, the presence of this daemon and server level access to one-way hashed, and encrypted, password data led us to take the precautionary measure of invalidating all SourceForge user account passwords. Users have been asked to recover account access by email.
Data Validation
It’s better to be safe than sorry, so we’ve decided to perform a comprehensive validation of project data from file releases, to SCM commits. We will compare data agains pre-attack backups, and will identify changed and added. We will review that data, and will will also refer anything suspicious to individual project teams for further assessment as needed.
The validation work is a precaution, because while we don’t have evidence of any data tampering, we’d much prefer to burn a bunch of CPU cycles verifying everything than to discover later that some extra special trickery lead to some undetected badness.
Service Restoration
Now that most of the analysis is done, we’ve started the next stage of our efforts, which includes the obvious work of restoring compromised boxes from bare metal, and implementing a number of new controls to reduce likelihood of future attack.
We will of course also be updating the credentials which reside on these hosts and performed quite a few steps to further lock down access to these machines.
We are in process of bringing services back one by one, as data validation is completed, and we get the newly configured hosts online. We expect that data validation will progress through the weekend, and we’ll really start getting swinging on service restoration early next week.
File Release Services
Many folks have suggested that the most likely motivation for an attack against sourceforge would be to corrupt project releases.
We’ve found no evidence of this, but are taking extrodinary care to make sure that we don’t somehow distribute corrupted release files.
We are performing validation of data against stored hashes, backups, and additional data copies.
We expect to restore these services first, as soon as data validation is completed.
Project Web
One attack vector that impacts our services directly is the shared project web space. So, let’s talk about that in a bit more detail.
Sourceforge.net has been around a long time, and security decisions made a decade ago are now being reassessed. In most cases past decisions were made around the general principle that we trust open source developers to work together, play nice, and generally do the right thing. Services were rolled out based on widespread trust for the developer community. And that philosophy served us well.
But in the years since then, we’ve evolved from hundreds of sf.net users to millions, and in many cases it’s time to re-asses the balance between widespread trust and security. Project Web is a prime example of this, and we’ve been working at a deliberate pace to isolate project web space, and have begun rolling out the new “secure project web” service to many of our projects.
This new secure project web includes a new security model that moves us away from shared hosting while preserving the scalability we need for mass hosting.
Because of this attack we’ll be accelerating the rollout of Secure Project Web services as part of the process of bringing the project web service back online. This will allow us to provide both improved functionality, and better secruity.
CVS
CVS service is one of SourceForge.net’s oldest services and, due to limitations in CVS itself, cannot readily live on our scalable network storage solution. Validation of this data is going to require several days and we anticipate that this service will be restored sometime in the later part of week.
We are also considering the end-of-life of the CVS service and hope to have user support in migrating CVS users to Subversion in coming months. Subversion generally provides parity to CVS commands, and many of our users have made this transition successfully in the past.
From SVN, projects can move to Git if desired.
Looking forward
We are very much committed to the ongoing process of improving our security, and we will continue making behind the scenes improvements to our infrastructure on a regular basis. This isn’t a one time event, it’s a process, and we’re going to stay fully engaged over the long term.
I’d like to end with a more personal note, I’ve been working with our Ops team a lot this week, and I think we can all say that the patience and support that we’ve received from the community has been the best part of a very bad week.
Thanks again for all the support and encouragement.
US plans internet kill switch
In what has to be the ultimate irony or simply bad timing, the United States is in the midst of revisiting the creation of an internet kill switch to defend against cyber warfare just as Egypt on Friday moved to block internet access to stem free speech.
The legislation, which is being led by US Republican Senator Susan Collins, is ostensibly designed to create presidential powers to shut off the internet to protect against significant cyber crime threats to national security.
It is designed to create a mechanism where the US government can work with the private sector in the event of a ‘true cyber emergency.’
While Collins says the legislation is not designed to give any US president the same power that oppressive Middle East regimes such as that of Egypt’s Hosni Mubarak, the timing of the bill could not be worse.
On Friday, Egypt instigated a crackdown on the internet and mobile phones to prevent images and reports emerging, particularly via email, Facebook and Twitter, and to prevent rallies taking place.
Free speech and the internet
The role of the internet and social media in shedding light on the harsh realities of regimes such as those in Tunisia, Iran and most recently Egypt, cannot be underestimated.
However, the notion of a kill switch or powers to shut down the internet cast a sinister light and could be a thorn in the side for US President Barack Obama’s government.
In the free world, you have to struggle to imagine such a kill switch ever being activated and again you have to wonder can cyber attacks manifest to such a level that they do threaten national security of any nation?
Russia’s alleged cyber attack on Estonia over the removal of a war memorial succeeded in shutting down banks and freezing internet access in that country in 2009 and there have been recent examples of Israel’s cyber war experts devising the Stuxnet worm to cripple Iran’s nuclear programme.
Despite this, some experts claim that cyber warfare may not threaten global security. According to anOECD/Symantec report on cyber warfare by independent experts Dr Peter Sommer from the London School of Economics and Dr Ian Brown from Oxford University, few cyber-related events have the capacity to cause a global shock. Nevertheless, they say, governments need to have detailed plans in place to withstand and recover from unwanted cyber events.
In light of the Estonian incidents and the Stuxnet worm, it would be naive to suggest cyber warfare is not a threat and the US like any country needs to protect itself.
However, in the event of any crisis it is the internet itself that could prove vital in ensuring people know what is going on, can find refuge and reunite with loved ones.
The concept of a kill switch is therefore chilling and in light of the turmoil in Egypt communicates a sinister message.
The fact that the kill switch legislation sailed through the US Homeland Security Committee and was only stopped because of the expiry of Congress, is also a concern because it doesn’t seem to have attracted significant debate among the public.
Egypt’s shutdown of its well-developed internet infrastructure, consisting copper, fibre, satellite, cellular and more, didn’t happen at the press of a single button. Most likely various service providers were told to shut their services individually in a move obviously designed move to curb freedom of speech.
So right now, there is no giant red button. Most likely, if the US did enact such legislation, shutting down internet services would have to happen in partnership with private enterprises.
Then again if cyber warfare in the form of worms and viruses did present a threat to networks, who’s to say military strategists and researchers aren’t working on technology to close down networks in one fell swoop?
The internet, though born out of the Cold War, should represent the opportunity for a bright, transparent, safe and exciting future for many. However, its use as a tool of oppression and the ever-flaring battles over privacy suggest a long and rocky road ahead.
John Kennedy
Google overtakes Nokia as top smartphone platform maker
After passing Apple's iPhone on its way up, Google's Android has now passed up Nokia's Symbian to take the top spot among smartphone platforms, ending Nokia's 10 year reign on top of the global smartphone industry, according to one research firm.
Research firm Canalys revealed Monday that the 32.9 million handsets running a Google platform, which includes Android, OMS and Tapas, sold last quarter were enough to topple Nokia's Symbian, which had sales of 31 million, from the number one place,Reuters reports.
Google saw 615 percent growth year over year, compared to Nokia's 30 percent growth. Apple came in third with 16.2 million iPhones sold, giving it 16 percent of the global smartphone market. Research in Motion and Microsoft rounded out the list with 14 percent and 3 percent of the market respectively.
Though Nokia still maintains a sizable lead as the largest handset maker in the world, it has lost significant ground in the smartphone market in recent years. Former CEO Olli-Pekka Kallasvuo admitted last year that the Finnish handset maker had failed to make a splash in the U.S. smartphone market.
In September, Nokia went through a major management shakeup. The company first announced it would change CEOs, bringing in Microsoft executive Stephen Elop, in hopes of reenergizing the company's smartphone offerings. The company's smartphone chief announced his resignation several days later, then Nokia Chairman Jorma Ollila declared his intention to step down.
Nokia's flagship N8 smartphone saw numerous delays on its way to market. The company even went through a lost prototype debacle similar to the leak of an Apple iPhone 4 prototype that made headlines last year. Though sales of the N8 reportedly reached around 4 million units in the fourth quarter of 2010, the figures have been viewed as too little too late for Nokia.
Google's Android has seen its fair share of controversy on the way to the top. Reports emerged last year that Apple Chief Executive Steve Jobs felt betrayed by Google after the search giant followed his company into the smartphone business.
"We did not enter the search business. They entered the phone business," Jobs allegedly said during a company meeting. "Make no mistake; Google wants to kill the iPhone. We won't let them."
While Apple has yet to pursue direct legal action against Google, the iPhone maker has filed infringement complaints against several prominent Android handset manufacturers. The Cupertino, Calif., company sued HTC in March of last year over alleged infringement of patents related to the iPhone user interface, architecture and hardware. HTC responded with a countersuit.
Apple and Motorola are also locked in a legal dispute. In October, Motorola accused Apple of violating a number of its patents, citing the company's "late entry into the telecommunications market." Apple responded in kind, eventually adding to the suit the same patents it was accusing HTC of violating after Motorola attempted to have them invalidated.
Quarterly sales of Android passed up the iPhone in May of last year. Earlier this month, research firm comScore reported that total subscribers of Google Android in the U.S. have passed the iPhone.
In the third quarter of 2010, Apple broke into the top 5 global cell phone makers, passing RIM to place fourth. According to IDC data released last week, Apple slipped to fifth in the fourth quarter.
W3C HTML 5 logo unveiled
You're excited about HTML5; we are too. You've not just been enjoying the HTML5-powered web already — you're building it! As adoption and inspiration spreads, the web community will find creative ways to apply HTML5 technologies, spark trends, and capture best practices. As momentum builds, we hope you bring this logo along for the ride and paint the world orange.
World Airline Traffic (24-Hour Time Lapse)
This is a 24 hour observation of all of the large aircraft flights in the world, condensed down to 1:11. From space we look like a bee hive of activity. What you will see, is a video showing air traffic around the world for 24 hours, taken from a satellite. The yellow dots are airplanes in the sky during a 24 hour period. Stay with the picture. You will see the light of the day moving from the east to the west, as the Earth spins on its axis. Also you will see the aircraft flow of traffic leaving the North American continent and traveling at night to arrive in the UK in the morning. Then you will see the flow changing, leaving the UK in the morning and flying to the American continent in daylight. This is something that everyone should see. For us old-timers it is really fascinating. For our children/grandchildren it provides a superb learning moment and an opportunity to open up what could be a very interesting discussion. This is one of the coolest things I have ever seen. There are lots of people in the sky at any given moment. You can tell it was spring time in the north by the sun's foot print over the planet. You could see that it didn't set for long in the
extreme north and it didn't quite rise in the extreme south. I have never seen this before. We are taught about the earth's tilt and how it causes summer and winter and we have had to imagine just what is going on. With this 24 hour observation of aircraft travel on the earth's surface we get to see the daylight pattern move as well. Remember; watch the day to night... Day is over in Australia when it starts.
Apple – You Know What’s Cool? $300 Billion
Last night, the Internet was set ablaze by the news that Facebook was taking more money at a valuation of a cool $50 billion. That’s massive. But it’s actually only 1/6th of the value of another closely-watched company in the tech space: Apple.
Apple hit the $300 billion market cap milestone today after their stock surged 2 percent to open 2011. That makes them only the second public company with such a high value, the other is Exxon Mobil.
Apple, obviously, had a very impressive 2010. A year ago, they were the fifth most valuable public company at “only” a $213 billion market cap. At the time, they were still over $40 billionbehind rival Microsoft in the tech space. That changed in May when Apple zoomed ahead for the first time since the early days of the companies. Since then, Apple has padded their lead, and they’re now $60 billion ahead of Microsoft — now the second most valuable tech company.
So can Apple take the top spot? Well barring any (god forbid) sort of oil incident, it would take at least as good of a year as they had this year — and maybe better. Exxon is currently valued at $375 billion. Their stock has surged over the past 6 months adding something like $100 billion to their market cap.
At the current volume, Apple’s stock would need to be trading at about $410-a-share for them to pass Exxon. The stock is currently at just under $330-a-share. But a year ago it was around $210-a-share, so another killer year could do it. But again, Exxon’s stock shows no sign of slowing down either. So it may take Apple at $500-a-share to do the trick. That’s probably too tall of an order for this year, even with the iPad 2 and Verizon iPhone on the horizon.
Shifting back to Facebook, obviously it’s not fair to compare a private with a public one. But it is interesting to see their assumed value in the perspective of their tech peers. At $50 billion, Facebook is already worth more than Yahoo and eBay, both of which are public. They’re behind Amazon, Google, Microsoft, and Apple. But if and when it’s determined that they should IPO (or if that’s determined for them by the SEC), that value should change quickly.
Of course, Facebook’s revenues for 2010 are expected (at the high end) to be around $2 billion. For some perspective, Apple’s revenues were $20 billion just last quarter. They’ll be even higher for the quarter closing in a few days. Apple could be approaching $100 billion in revenue each year, up from $50 billion (again, Facebook’s overall value) a year ago.
For some better perspective, as of last quarter, Apple had $51 billion in cash (and cash equivalents) in the bank.
Not everything is epic, shitheads
The word "epic" is one of the most misused and overused filler words in the English language. Here are examples of its misuse