I wouldn't call it a flame war, either. There's a difference between flame and good old heat :) either way, very constructive.
On 19 July 2012 17:56, sanga collins <[email protected]> wrote: > LOL, thats why i called this a "good" flame war as opposed to average or > below average debate about Linux vs Windows :). Definitely more informative > and thought provoking that the average discussions about app store vs > google play as well > > > On Thu, Jul 19, 2012 at 4:13 AM, Bernard Wanyama > <[email protected]>wrote: > >> But Sanga, you are just adding firewood to the fire ;-) >> >> This kind of stuff is much better than the "Windows is better than >> Linux" debates. >> >> I admire Phillip's technical creativity and knowledge. My friend Davis >> on the other hand is also a worthy adversary. >> Bravo guys! >> >> Kind regards, >> Bernard >> On 19 July 2012 00:26, sanga collins <[email protected]> wrote: >> > I love a good flame war ... Encore! >> > >> > >> > On Wednesday, July 18, 2012, Phillip Simbwa wrote: >> >> >> >> Hmmm, thats interesting. >> >> >> >> Do you run a network with any of the stuff you mentioned or do you >> >> access to corporate client with all or a good part of the stuff you >> >> mentioned? >> >> >> >> Reason I ask, is; for knowledge's sake (like you mentioned), i could >> >> show up and we tease & poke that network and we see how both you and >> >> me can stretch those controls to their limits. >> >> And if your client is ok with us discussing our findings on a mailing >> >> list like this one, everyone benefits. >> >> >> >> My charge: 2 litres of coke, Chips & chicken. (That's close to pro >> >> bono, for an intensive pen testing exercise). What do you think? >> >> >> >> I just need your calendar to compare with mine and we find some free >> >> time to see warrup! >> >> >> >> Cheers, >> >> >> >> >> >> On 7/18/12, [email protected] >> >> <[email protected]> wrote: >> >> > :) Hey Phillip, your attack (whether on the Bank or a corporate; >> wonder >> >> > if >> >> > attacking the corporate and not the Bank makes it any better evil) >> >> > without >> >> > those or other certain lines of defense being in place, will >> definitely >> >> > succeed especially when coupled with social engineering techniques: >> (its >> >> > clear that in the battle between cryptanalysts and cryptographers, >> the >> >> > former always win: recall the knapsack algorithm, rc4/WEP, gsm >> security >> >> > and the rest). There are so many techniques you can leverage for >> attack: >> >> > from power/timing analysis to covert channels, to collusion, even the >> >> > biometrics at nuc substations is subject to false accept rates (FAR), >> >> > etc, >> >> > etc. BTW in some countries, certain products are even installed at >> all >> >> > ISPs so they can filter email looking for keywords that can serve as >> a >> >> > basis for investigation. >> >> > >> >> > :)My interest in posing those lines of defense to you, was actually >> to >> >> > try >> >> > and explore possible weaknesses in them for the interested parties >> so we >> >> > can go to the next lines of defense, had you replied directly to each >> >> > question and not let others speak for you. Your mentioned bank may >> not >> >> > be >> >> > the only one with security problems, coz we have even read about >> bigger >> >> > ones that have been hiding their debts, fixing >> inter-banking/overnight >> >> > rates, and you never know the worst may come in when its realized >> that >> >> > one >> >> > of the leading global economies have (their reserve bank) been hiding >> >> > and >> >> > telling lies about their debt (and u know what, boom, another global >> >> > credit crunch) >> >> > >> >> > Thanks. >> >> > >> >> >> Peter, don't sweat it. Its clear from the excerpts below that the >> >> >> authors >> >> >> didn't read everything i wrote or they just don't know what they are >> >> >> talking about (could have just concentrated on googling counter >> >> >> responses). >> >> >> First i thought it was me but even after you clearly stating it that >> >> >> the >> >> >> victim IS NOT THE BANK; its still not clear enough for some >> people!!!! >> >> >> (Sigh, sigh, cough, cough). >> >> >> Alternatively, you could use gimp to do a nice picture of the >> attack >> >> >> to >> >> >> save yourself 1000 words (i think the message will be clearer then). >> >> >> >> >> >> But let me give it one more try. THE VICTIM IS A CORPORATE COMPANY >> NOT >> >> >> THE >> >> >> BANK. >> >> >> >> >> >> ++++++++++++++++ I remember point that out clearly +++++++++++++++++ >> >> >> >> >> >> My target is the local DNS server on the company LAN. I wouldn't >> sweat >> >> >> it trying to knock out the bank unless when push comes to shove and >> >> >> even so, it would be my very last option (am a lazy dude, with no >> jail >> >> >> wish and love succeeding while sipping a soda). >> >> >> >> >> >> +++++++++++++ End +++++++++++++++++++++++++++++++ >> >> >> >> >> >> >> >> >> Just a little secret though, I have run a similar attack before >> >> >> (ofcourse >> >> >> with the blessing of the client) to demonstrate something. And the >> only >> >> >> difference was that i wasn't using the exploit that this thread >> stemmed >> >> >> from. >> >> >> >> >> >> And yes -- i was only hypothesizing on a few things but mostly (esp. >> >> >> the >> >> >> tech stuff); stating facts! >> >> >> >> >> >> >> >> >> >> >> >> ==================== Excerpts begin Here >> ============================== >> >> >> >> >> >>> But even then, are u sure, there is a Bank that will allow the use >> of >> >> >>> unsecured DNS? You know something, you could be playing about with >> >> >>> their >> >> >>> honey pots..... Can you let an unknown host join the network, run >> in >> >> >>> promiscuous mode, have access to other segments and services of the >> >> >>> corporate network, etc? Some corporates even go the extent of >> saying >> >> >>> for >> >> >>> example (just an example): traffic from IBM should not pass through >> >> >>> certain Microsoft routers even if they are the best path available, >> >> >>> let >> >> >>> alone that from Iraq passing via Pentagon routers... >> >> >> >> >> >> >> >> >>> Goodness. If every bank in this part of the world has equally >> dismal >> >> >>> security policies, I will seriously reconsider opening an account >> >> >>> here. >> >> >> >> >> >>> Why is it like this? It is perfectly possible to achieve good >> security >> >> >> with >> >> >>> free software and free information. Why do some security admins >> insist >> >> >>> on >> >> >>> sucking at what they are doing? >> >> >> >> >> >>> Note that Phi>> 鄭occdrnig to rscheearch at an Elingsh uinervtisy, >> it >> >> >>> deosn't mttaer in >> >> >> >> >> waht >> >> >> oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht >> the >> >> >> frist >> >> >> and lsat ltteer are in the rghit pclae. >> >> >> The rset can be a toatl mses and >> >> >> you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not >> raed >> >> >> ervey lteter by it slef but the wrod as a wlohe and the biran >> fguiers >> >> >> it >> >> >> out aynawy." >> >> >> >> >> > >> >> > >> >> > >> >> >> >> >> >> -- >> >> - Phillip. >> >> >> >> “Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in >> >> waht >> >> oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the >> >> frist >> >> and lsat ltteer are in the rghit pclae. >> >> The rset can be a toatl mses and >> >> you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed >> >> ervey lteter by it slef but the wrod as a wlohe and the biran fguiers >> it >> >> out aynawy." >> >> _______________________________________________ >> >> The Uganda Linux User Group: http://linux.or.ug >> >> >> >> Send messages to this mailing list by addressing e-mails to: >> >> [email protected] >> >> Mailing list archives: http://www.mail-archive.com/[email protected]/ >> >> Mailing list settings: http://kym.net/mailman/listinfo/lug >> >> To unsubscribe: http://kym.net/mailman/options/lug >> >> >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: >> >> http://www.infocom.co.ug/ >> >> >> >> The above comments and data are owned by whoever posted them (including >> >> attachments if any). The mailing list host is not responsible for them >> in >> >> any way. >> > >> > >> > >> > -- >> > Sanga M. Collins >> > Network Engineering >> > ~~~~~~~~~~~~~~~~~~~~~~~ >> > Google Voice: (954) 324-1365 >> > E- fax: (435) 578 7411 >> > >> > _______________________________________________ >> > The Uganda Linux User Group: http://linux.or.ug >> > >> > Send messages to this mailing list by addressing e-mails to: >> [email protected] >> > Mailing list archives: http://www.mail-archive.com/[email protected]/ >> > Mailing list settings: http://kym.net/mailman/listinfo/lug >> > To unsubscribe: http://kym.net/mailman/options/lug >> > >> > The Uganda LUG mailing list is generously hosted by INFOCOM: >> > http://www.infocom.co.ug/ >> > >> > The above comments and data are owned by whoever posted them (including >> > attachments if any). The mailing list host is not responsible for them >> in >> > any way. >> >> >> >> -- >> Bernard Wanyama >> Technical Manager >> SYNTECH ASSOCIATES Ltd >> Kampala, Uganda >> Cell: +256 712 193979 >> Fixed: +256 414 251591 >> Web: www.syntechug.com >> Email: [email protected] >> _______________________________________________ >> The Uganda Linux User Group: http://linux.or.ug >> >> Send messages to this mailing list by addressing e-mails to: >> [email protected] >> Mailing list archives: http://www.mail-archive.com/[email protected]/ >> Mailing list settings: http://kym.net/mailman/listinfo/lug >> To unsubscribe: http://kym.net/mailman/options/lug >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: >> http://www.infocom.co.ug/ >> >> The above comments and data are owned by whoever posted them (including >> attachments if any). The mailing list host is not responsible for them in >> any way. >> > > > > -- > Sanga M. Collins > Network Engineering > ~~~~~~~~~~~~~~~~~~~~~~~ > Google Voice: (954) 324-1365 > E- fax: (435) 578 7411 > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. >
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
