When I did my first Unix system administration back in 1996 or so, I immediately did have a lot of respect for the beauty of Unix and system adminstrators who know, eat, sleep and dream Unix. Shortly after I got my first root prompt, there was this buzz, there was an option to bring down any Unix (and every other BSD TCP/IP stack) system with just one simple "ping command".

This was later knowns as the Ping of Death. This was an attack against the network layer of the OSI stack. Soon followed by even easier Denial of Service attacks like flood, smurf and the likes.

A couple of years later, attacks moved to a higher level, all the lower stuff was less easy to "hack". So we saw a lot of "buffer overlow" attacks in the late 90ies. This kind of attack is still happening, but most attention is now focussed to once again a higher level. So a couple of years back, we saw a lot of attacks on the application level.

For webservices, Cross Site Scripting (XSS) was the most used one. Most CMS-es, including better ones like Drupal did have these vulnabilities in them. And still, there are some Drupal modules that still have this kind of potential abuse in them. So when you do coding, it is not so hard to make code that can do what is should; match the functional requirements thet you or your customer defined. It is hard to make code that wont do what you dont want. Most customers are very good in describing what they want; to come up with a functional design. But nearly all of them fail to define what shouldnt be possible.

And sure enough, people reacted like "so you can display an alertbox or a cooke. Whats the big deal?" For some, it took me some time to show the dangers. But now I have this extreme cool detailed XSS howto on
informit regarding "XSS, Cookies, and Session ID Authentication – Three Ingredients for a Successful Hack > The XSS Vulnerability. Reading that, anyone can understand the potential / aka danger of XSS

Cross site scripting (XSS) errors are generally considered nothing more than a nuisance — most people do not realize the inherent danger these types of bugs create. In this article Seth Fogie looks at a real life XSS attack and how it was used to bypass the authentication scheme of an online web application, leading to "shell" access to the web server.

Seven detailed pages.

Hacking Exposed VoIP Voice over IP Security Secrets and Solutions by David Endler and Mark Collier.

Here you can donload the security tools mentioned in the book. I have some books from this serie and think I might buy this one as well.

Though most of the reviews on Amazon are not positive. El Reg has some notes on it as well. (Yes I know that the picture isnt the right one for the cover of the book, but I could find the right one)

MSFT site gedefaced. Standaard nieuws. Zeldzaam nieuws, een massa medium dat hacker en cracker niet verward: nu.nl/internet

Een Turkse cracker is erin geslaagd een website van Microsoft Frankrijk te bekladden.

+

+

Just an idea for an cool hardware mash-up (an "hack" in oldspeak)

Wouldn't be great(in any case very Brazil)to

• take an old type writer
• insert a sheet of electronic paper in the roll
• add an USB interface to the keyboard.
• Disable necessary mechanical bits
• add a small form cpu
• record a great "ding"

And create a typewriter with electronic paper output..and finally a decent spellchecker. An nice addition to Mobile Rotary Dial phones

And the changes for the monkeys would improve significantly.