Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sunday sunday sunday!

From: "Steven J. Greenwald" <sjg6 () gate net>
Date: Sun, 01 Feb 2009 17:03:41 -0500
Hello all,

I've never commented on this list before but have enjoyed lurking.

I hate the Superbowl and football by the way. I recall going to a 
convenience store once during a Superbowl and expressing my non-interest 
and ignorance to the clerk who said, "Aren't you an American?" This 
really underscores Mr. Aitel's point.

Regarding the really excellent point of the pair of dice, I recall 
(circa 2004) a friend/colleague working on her Ph.D. on IDS and her 
adviser (another colleague/friend) showing me a dataset of a real 
intrusion at an interesting place that they had sifted, manipulated, 
etc. (my feeling on IDS: I pity them, but good luck to them). Right 
away, just eyeballing the data I noticed that a PRNG got involved in 
terms of timing (my intuition paid off: a linear-congruential algorithm 
with a modulus of 2^16 - in fact, D.H. Lehmer's straight out of Knuth!). 
Sophisticated in the sense that it took its time (weeks) to run a period 
(I admire that), but pathetic in terms of the PRNG itself (an example of 
the right mindset at an amateur level I suppose, although my friends 
asserted a major government supported it). I thought that interesting, 
and they later confirmed its automated nature (and of course, a new, 
very easy, way to detect that stuff).

Of course, for true finesse you could go the other way: use an 
old-fashioned PRNG (like linear-congruential) and make the other side 
underestimate you. :)


--Steve


Dave Aitel wrote:

If we were in Unethical Hacking class today I'd be pointing out that
tomorrow night is a good time to hack, because no "American" would be
hacking during the super bowl, surely!

When you hack, it's always the same way on your end. You've got three
major windows. The top left is your plan of action (aka, a script).
The top right is output. The top middle is input (Get two screens!).
The bottom is network dump (ideally colorized but tcpdump -n will do
in a pinch, no?). But you never hack on a schedule. In this regards a
simple pair of dice can be your most powerful weapon against both
automated and manual correlation and analysis. Going active? Let the
dice pick when, and from which IP's you're attacking from.

Of course, if it happens to be during the Super Bowl, so much the
better. It's called a Discipline for a reason. :>

-dave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave



_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: