Author Archive

scanner at the airport

Wednesday, December 24th, 2014

A posting in german about my experiences with bodyscanners at the cologne airport can be found at

http://verzaell.uss.koeln/?p=67

 

Merry Christmas everyone!

…and there it is again :-)

Sunday, November 9th, 2014

Did not take too long this time.. Silk Road 3.0 is on its way..

 

  1. — SilkRoad3.0 —
  2. http://reloadedudjtjvxr.onion
  3. —SilkRoad3.0 Forums —
  4. http://b6bubdh43n6l6p72.onion

 http://pastebin.com/rJTmzwvM

 

Hidden services closed

Thursday, November 6th, 2014

A lot of the hidden services I mentioned in previous posts have been closed
by Law Enforcement yesterday and today. The famous “silk road 2.0” just like
other marketplaces:

  • Silk Road
  • Silk Road Forum
  • Cloud9
  • BlueSky
  • TheHub
  • Hydra
  • Onionshop
  • Alpaca
  • Pandora

Under Codename “Onymous” several Law Enforcement Agencies (FBI/Europol) the operator of
Silk Road 2.0 Blake Benthall (Defcon) has been arrested in San Francisco yesterday.

 

Looks like the FBI had an undercover agent in SR 2.0 right from the start

The complete story:

https://pdf.yt/d/RpyX9_xmapTkhmkb

 

Facebook now in TOR

Friday, October 31st, 2014

If you ever wanted to use Facebook via TOR you you are no longer forced to use an exit node from TOR. Facebook is now present as a hidden service in TOR at the

URL: https://facebookcorewwwi.onion (only reachable with a TOR-enabled browser of course)
and http://facebookcorewwwi.onion/

They even use a SSL-Cert for the server..
Here is what Roger Dingledine (from the TOR-project) says about the finding of the new URL:

https://lists.torproject.org/pipermail/tor-talk/2014-October/035412.html

 

Deep Web

Sunday, October 19th, 2014

..and while we are at it; A kill from a contract killer can be ordered for 6500$ in US/Canada and

7000$ in Europe.  I wonder if additional costs like travelling is included 🙂 Probably a big fake..

DDoS – cheaper than I thought..

Monday, September 29th, 2014

Recently I fell about an advertisement for a DDoS – Attack Service in the tor-network – it was way cheaper than I thought.

25 minutes of 150 Gbps costs only 15$; a silver paket for 1 hour is available for 20$ and a whole week with a hour/day downtime can be bought in a gold-paket for only 60$.  These darknets are really dark these days…

chinese linux-rootkit

Friday, July 18th, 2014

Once in a while I take a look in the downloaded files from the ssh-honeypot.

Lately I saw a download of “linux-2.6.27.el6” which made we wonder.

If you are interested: There are more files available for  download at http://222.186.15.13:8520/

..-probably all trojans and rootkits..

The known protocols of that kit include even gopher 🙂

gopher
http
https
file
news
mailto
socks

A short “string” on that file showed a lot of chinese ip-addresses, plus some replaced commands (netstat, ps, lsof) and a few additional options:

11CAttackBase
13CPacketAttack
10CAttackUdp
10CAttackSyn
11CAttackIcmp
10CAttackDns
10CAttackAmp
10CAttackPrx
15CAttackCompress
10CTcpAttack
9CAttackCc
10CAttackTns
9CAttackIe
7CSerial

short excerpt: (maybe these addresses are known elsewhere?

203.142.100.21
203.186.94.20
203.186.94.241
221.7.1.20
61.128.114.133
61.128.114.166
218.202.152.130
61.166.150.123
202.203.128.33
211.98.72.7
211.139.29.68
211.139.29.150
211.139.29.170
221.3.131.11
222.172.200.68
61.166.150.101
61.166.150.139
202.203.144.33
202.203.160.33
202.203.192.33
202.203.208.33
202.203.224.33….and so on..

CleanIT close off

Tuesday, May 6th, 2014

The anti-abuse working group of RIPE has reported that the controversial european project “CleanIT”

has closed off:

“The project was closed in March, [..]  mentioned that the document explicitly states that they do not believe that filtering and blocking is a way to deal with on-line terrorism and the promotion of terrorist activities that the project was trying to solve. “

Sounds like good news..

 

Warning from the BSI

Tuesday, April 8th, 2014

Warning: there is an openssl-bug floating around – but don’t tell anyone without explicit permission.

.. says the the german BSI, totally ignoring the fact that the exploit for this bug is public available, including the announcement on bugtraq and full disclosure…

 

 

 

Good Bye, Full Disclosure

Wednesday, March 19th, 2014

The famous mailing list “full disclosure” closes its doors – John Cartwright, the Founder and maintainer

of the list announced the closing of the lis today.

 

<cite>

I’m not willing to fight this fight any longer. It’s getting harder to operate an open forum in today’s legal climate, let alone a

security-related one. There is no honour amongst hackers any more.

There is no real community. There is precious little skill. The

entire security game is becoming more and more regulated. This is all

a sign of things to come, and a reflection on the sad state of an

industry that should never have become an industry.

I’m suspending service indefinitely. Thanks for playing.

</cite>

Sad, but true .. I will miss this valuable source of information.