spoonfork

Hacktivism:

Hacktivism is the fusion of hacking and activism; politics and technology. More specifically, hacktivism is described as hacking for a political cause. In this context, the term hacker is used in reference to its original meaning. As defined in the New Hacker's Dictionary, a hacker is "a person who enjoys exploring the details of programmable systems and how to stretch their capabilities" and one who is capable of "creatively overcoming or circumventing limitations". (1) Activism is defined as "a policy of taking direct and militant action to achieve a political or social goal". (2) Therefore, a clinical definition of hacktivism is:

Hacktivism: a policy of hacking, phreaking or creating technology to achieve a political or social goal.(3)

However, both hacking and activism, and thus hacktivism, are loaded words ripe for a variety of interpretation. Therefore it is preferable not to clinically define hacktivism but rather to describe the spirit of hacktivism. Hacktivism is root. It is the use of one's collective or individual ingenuity to circumvent limitations, to hack clever solutions to complex problems using computer and Internet technology. Hacktivism is a continually evolving and open process; its tactics and methodology are not static. In this sense no one owns hacktivism - it has no prophet, no gospel and no canonized literature. Hacktivism is a rhizomic, open-source phenomenon.

So a bunch of local sites were hacked and defaced into today. Show me, please, something new other than defacements and alteration of prices. This is too lame, but regardless, it has to be taken seriously by the relevant authorities. Come on, asking for the log files from the victims aren't gonna help. What is more important now? Tracking the perpetrators or building a defensible network? You figure.

Anyways, like I say, defacements are boring. Show me something more, something along the lines of Hong Kong Blondes. This article is from last century, but it is interesting nevertheless.

For those who doubt Blondie Wong's legions and capabilities, the group, as if to prove itself, temporarily disabled a key People's Liberation Army military satellite.

5 - 0? Re-defaced does not count, since it means that the server has been hacked and re-defaced is just a matter of gaining access via a backdoor (cmdasp.asp, or netcat, or wotever).

• USM, defaced on Monday, 7th March. Accounts: tskheng, mackzufilkli, jeffooi. defaced site.


• MCMC, defaced on Tuesday, 8th March. Accounts: jeffooi. defaced mirror.


• Suhakam, defaced on 8th March. Account: jeffooi. preserve it before its gone, and this one too.


• JKR. defaced on Tuesday, 8th March. Account: jeffooi. defaced mirror.


• Ministry of Energy, Water and Communications. defaced on 8th March. Accounts: jeffooi.

JKR and USM was defaced twice. Heh. Let's check what NISER has got to say... ummm... nothing on their page. Nothing on MyCERT either. Oh well, I guess cough*all*cough* the gomen people cough*are*cough preparing themselves cough*cough for cyberwar.

You know what's will happen next? Just one or two defacements in the next two days, then mass defacements during the weekend. This might happen if all the Indonesian defacers are united (carrying the same message does not mean that they belong to the same group).

Listening to: DJ Shadow - Lost & Found

You could say 3 - 0. But then again, no one is certain that the perpetrators were Indonesian hackers. Maybe there were done by Indonesian hackers, but until an investigation is carried out and evidence are collected, we can never be sure. Talking about Indonesian hackers, there's a funny story I want to tell. The first was prior to HITBSecConf2004. One of the events that we had was the Capture the Flag competition, basically a hacking competition. About a month or so before the event, I got word that a hacker in Indonesia was calling for sponsorships because "they want to bring the best of best Indonesian hackers to compete in the event". I could not, however, confirm this stories since I was bloody busy. However, there was a registration by a team from Indonesia - but they never showed up for the event.

Talking again about the Indonesian hackers, and the fact that they've defaced USM and MCMC, of course there's the word cyberwarfare coming up. But then again, I don't really bother. In fact, I know a couple of Indonesian hackers, and they are damn good - and we'll be hanging out at Bellua Cyber Security 2005. The HITB crew and I will be organizing the CtF for them.

Again, talking about the defacements - where is NISER and MyCERT in all this? Aren't they the one that is supposed to take care of national ICT security, or am I wrong? Why aren't they educating the public sector that security is not all about having firewalls and patched servers? Are they investingating the defacements now? Or are they still figuring out the ones before this?

I mean, just look at the JKR website. It's been hacked and rehacked so many times within a day. Amat mensiasukan.

To the administrators/managers of the websites that have been defaced - DO NOT ask yourself why this happened even though you've spent so much on firewalls, IDS, competent admins, etc. Instead, ask yourself, what haven't you done to secure your IT infrastructure. You are dead wrong if your answer is "I've done enough, waaaattt."

The answer is simple: security is about process, not about products.

Listening to : Adam Freeland - Burn the Clock

Wrote a quick short update to sql-foo, a script to enumerate tables/columns from database via SQL injection vulnerabilities. The updates enables you to query a combination of values from two columns. For example, if you want to enumerate the columns username and password for their values from the table usertable, this script will do it for you. All you need to do is specify the initial query in the info file (such as %2bconvert(varchar,(select top 1 username from usertable))--, and the script will continue from there. Also, results from the enumeration will be written to a file.

The command line options now looks like (for the example above):
sql-foo.pl file.txt results.log password,username usertable

Take note: If you plan to retrieve a table with thousands of records using this, don't. You won't get all of them due to limitation in the size of HTTP's GET request. Focus on the low hanging fruits instead. If there's a separate table for administrators, query that table instead - it's faster, easier, and you won't be generating hundreds of log records which can easily alarm the target's sysadmins. Trust me, in some of the pen-tests that I have done, I was told to specifically avoid detection by the Network & Sysadmin team. So as always, go for the LHFs and the quick kills. Get it here. Look at the source codes - some stuff needs to be edited

We are proud to announce the immediate availability of the Hack In The Box Security Conference 2004 videos [Pack-1 and Pack-2]. Held at The Westin Kuala Lumpur in Malaysia from October 4th till the 7th, HITBSecConf2004 saw some of the biggest names in the network security industry down to present their latest research and findings. HITBSecConf2004 was also the first time we had two keynote speakers namely Theo de Raadt, creator and project leader for OpenBSD and OpenSSH and John T. Draper infamously known as Captain Crunch. Other speakers who presented include the grugq, Shreeraj Shah, Fyodor Yarochkin, Emmanuel Gadaix, Adam Gowdiak, Jose Nazario, Meder Kydyraliev and several others.

For a chance to catch up with some of the speakers who presented at last years' conference those in the Asia Pacific region can head on over to Bellua Cyber Security 2005 taking place later this month in Jakarta, Indonesia. If you're in the Middle East or Europe, there's HITBSecConf2005 - Bahrain taking place from April 10th till the 13th in Manama, Bahrain. See you guys there.

(Full News)