Sunday, August 21, 2011

Reminiscing the Hacker’s Manifesto


Have you guys heard of the Hacker’s Manifesto?

Probably some of you may say yes and some may say no. But for those of you who haven’t heard of it, it’s an essay written by Loyd Blankenship (a.k.a. The Mentor, stylized as +++The Mentor+++).

It’s also known as the “The Conscience of a Hacker” which was written on January 8, 1986 which followed after the arrest of Loyd and was published in an underground ezine (online magazine) Phrack.

So who is Loyd Blankenship a.k.a The Mentor? He is a well known American computer hacker and writer since the 80’s and was a member of the hacker groups, “Extasyy Elite” and “Legion of Doom”. He also wrote the game “Cyberpunk” which was seized by the Secret Service.

It is believed that the “Hacker’s Manifesto” is the cornerstone and the foundation of the hacker culture and the article also gave some insight into the psychology of early hackers.

The Manifesto states that hackers hack out of curiosity and that they want to learn more.

Hackers don’t learn to hack, they hack to learn.

The article reflects the attitude and the personality of the hackers in the early 80’s and 90’s. During these days, being a script kiddie was moderately cool, packet wars were in and lame DOS attacks like WinNUKE and the ath0++ modem drop were cool.

Phreaking also became a mainstream during these days and that sharing of knowledge like cracking, cryptography, programming (C++, VB, Delphi, C, Pascal, Assembly, Python, PERL, Bash and so on), network security, Linux, Windows, UNIX, etc. became the main topics in IRC.

The essay of Loyd was also quoted in the 1995 Movie entitled “Hackers”. Mentor received a credit from this movie. Also a poster about the said article appears in the movie "The Social Network" on the wall of Mark Zuckerberg's dorm room.

Below is the complete essay of +++The Mentor+++:

Loyd Blankenship a.k.a +++The Mentor+++


The Hacker’s Manifesto

Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime
Scandal", "Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?

I am a hacker, enter my world...

Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...

Damn underachiever. They're all alike.

I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."

Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here...

Damn kid. All he does is play games. They're all alike.

And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...

Damn kid. Tying up the phone line again. They're all alike...

You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered
for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.



About the Contributor:

Shipcode is an InfoSec enthusiast from Cebu. During his high school days he was just an ordinary script kiddie. He loves to search for web exploits and other issues concerning network / wireless security.



ROOTCON is managed by like minded InfoSec professionals across the Philippines.
All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.

Read More

Friday, August 19, 2011

NodeZero supports ROOTCON 5

We are glad that we have NodeZero as Media Partner for ROOTCON 5.


As a brief introduction, NodeZero is Ubuntu based linux designed as a complete system which can also be used for penetration testing.
NodeZero uses Ubuntu repositories so your system will be always up to date.

NodeZero is packaged with around 300 tools for penetration testing and set of basic services which are needed in penetration testing.

This is a good tool you ought not to miss!

Proof of their support for ROOTCON 5:

Follow our friend at http://netinfinity.org/


Grab a copy on September 9 and 10, 2011 at Parklane International Hotel, Cebu City, Philippines.

About the Contributor:
A self-confessed blogger minus the coffee. He maximizes his skills in consultancy, project management, professional networking, social media campaigns and very active in conceptualizing things. To date he already conducted several IT / Information Security events as his passion since 2007. Currently he's working as a Technical Support Specialist in a local company.



ROOTCON is managed by like minded InfoSec professionals across the Philippines.
All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.

Read More

Thursday, August 18, 2011

Cool Ubuntu Shell Account


Good news for Ubuntu fans and shell enthusiasts out there. Nvita.org is offering a Ubuntu shell account that provides users with access to softwares and services like GCC (GNU Compiler Collection), IRC access, Irrsi, background processes, FTP (File Transfer Protocol), and text editors (like nano and vi) for free.

Yes! You are not dreaming, this is true and not only that, the shell account could also be used for tunneling. Honestly, I do love their service because I love free stuffs. This kind of project really conforms to the philosophy of Richard Stallman about Open Source and Free Software. This is the power of Linux and the GNU Project!


NVITA (Northern Virginia Information Technology Association) deserves recognition for their excellent shell project which has the latest Ubuntu 11.04 as its Operating System (Linux Ubuntu 2.6.35-22-generic-pae #33-Ubuntu SMP Build Server). Unlike other shell providers, NVITA also allows users to install packages with their permission.

But there are some flaws in their project because they allow too much background which could possibly be used for illegal activities. We could not deny the fact that some users may tend to abuse their privileges as a user like using it for udpflooding, tcpflooding, hosting botnets, scanning SSH, etc. because of allowing too much background processes. Maybe next time they should put some limit to prevent abuses in their server.

But in the long run, NVITA is still one of the best shell account providers for allowing us to connect to their server with good services despite the said flaws. NVITA offered free shells which are not meant to be abused but meant for a purpose thus we should use it ethically. It’s now up to the user where he wants to use it as long as it does not violate the ethical laws of Internet and computers.



About the Contributor:

Shipcode is an InfoSec enthusiast from Cebu. During his high school days he was just an ordinary script kiddie. He loves to search for web exploits and other issues concerning network / wireless security.



ROOTCON is managed by like minded InfoSec professionals across the Philippines.
All rights reserved.Designated trademarks, brands and articles are the property of their respective owners.

Read More

Tuesday, August 16, 2011

Thoughts on the Operation Shady Rat



Let it be known that the year 2011 is best described as the Year of the Hackers. And I know, one way or another you will agree or disagree with me. But hey! The media publicized these sophisticated security attacks targeting CIA, US Senate, Sony, PBS, Philippine Congress and the list continues. All of these attacks are attributed to hacker groups such as AntiSec, Anonymous and LulzSec.
What is very surprising from these groups is that most of their members are teens just like Topiary who recently posted on bail.
These attacks and media whoring already existed in the past but it’s only now that it has been the center of attention and worst it gained a lot of followers on what will be their next target as most of them have their own social network page on Facebook and Twitter.
In other news, Dmitri Alperovitch, Vice President of Threat Research at the Cyber-Security Firm of McAfee recently posted a blog entitled “Revealed: Operation Shady Rat” which demystified a five year hacking campaign which infiltrated the computer systems of national governments, global corporations, oil companies, and other profit and non-profit organizations. The campaign which took down 72 targets, making it perhaps the largest concerted hacking attempt in history, McAfee said. Government agencies in India, South Korea, Taiwan, and the U.S. were also attacked, plus high-profile targets like the International Olympic Committee.

I have been quiet for a couple of days because of constant research of this unprecedented cyber-espionage campaign which was discovered in the year 2006 because of the logs which was discovered by McAfee. In fact, some people blame China and Russia behind this espionage but it should be noted that McAfee disclaimed that China or Russia is responsible for this and that they also declined to reveal the source where the “Shady RAT” came from.

I’m not really sure who suggested that China should be blamed for this but I think they blamed some of the Chinese hackers because of the recent information gathering they made. It is said that in the past years, they have stolen highly confidential information that is kept secret in supercomputers in the US. But the Chinese government denied its involvement of the said campaign.

Some people may also say that it’s the Russian government because of the unforgotten Cold War between the US but then again it is really unfair to point our fingers to Russia and China because of insufficient evidence against them. All countries are innocent until proven guilty.

I guess McAfee has unleashed a new media storm because of their discovery since 2006. Their rival company, Symantec also posted its own analysis of the campaign and was skeptical of its impact. "Is the attack described in Operation Shady RAT a truly advanced persistent threat? I would contend that it isn’t, especially when you consider the errors made in configuring the servers and the relatively non-sophisticated malware and techniques used in this case," Symantec's Hon Lau wrote in a blog post.

"Sure the people behind it are persistent but no more than the myriad of other malware groups out there such as Zeus, Tidserv, and others like them," said Lau.

Although, it is highly controversial and questionable why McAfee discovered this campaign before any antivirus company or government agency; but could it be possibly an excuse to put blame on China? That I’m not sure of and I lay my hands off regarding this case.

To our valuable readers, I’ll give you a room for your opinions and views regarding this campaign. If you ask me, I have 60% trusts on this revelation. Whether this is true or not, there are questions that will cloud up our minds. So are we ready for this cyber espionage and cyber terrorism?
Philippines is not included in the list but who knows?





About the Contributor:
Shipcode is an InfoSec enthusiast from Cebu. During his high school days he was just an ordinary script kiddie. He loves to search for web exploits and other issues concerning network / wireless security.

ROOTCON is managed by like minded InfoSec professionals across the Philippines.
All rights reserved.Designated trademarks, brands and articles are the property of their respective owners.
Read More

Monday, August 15, 2011

Do You Need Snort for Intrusion Detection?


If you haven't heard of Snort, you may be surprised at how much this system has to offer for FREE!

Snort has a proven track record, excellent performance and accuracy that will surely be around for a long term.

There are many products out there and some of them are rather expensive. Snort is an open source IDS (intrusion detection system) which is just as powerful and popular as any commercial product.

However, the big down side is that you don't have a customer support to help you out and you have to teach yourself on how to install, configure and maintain your IDS.

I know a former colleague of mine who has a good experience in using Snort. I'm not sure if he's available for an invitation to give a talk.

Well, if you're one of the good guys out there who loves to share your knowledge, then by all means contact us at info[at]rootcon[dot]org. We can have an informal meet-ups. After all, we are here to share and be part of ROOTCON community.

Stay Safe!


About the Contributor:
A self-confessed blogger minus the coffee. He maximizes his skills in consultancy, project management, professional networking, social media campaigns and very active in conceptualizing things. To date he already conducted several IT / Information Security events as his passion since 2007. Currently he's working as a Technical Support Specialist in a local company.

ROOTCON is managed by like minded InfoSec professionals across the Philippines.
All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.

Read More

Real-time PC Security Protection

There are many security tools out there, but most of them only scan your system when you tell them to, allowing attacks or changes to your system to take place.

WinPatrol is a nice little program that will alert you when there is any change to your system without your permission, allowing you to detect many security related issues in real-time.

This program is created by a Studio founder and industry insider named Bill Pytlovany.

These days Bill is better known for his contribution in helping increase the
performance and security of hundreds of thousand of computers.

If you don't know him that much, direct your mouse and click his website at www.winpatrol.com/download.html.

Do you want to be our Guest Blogger?

ROOTCON Blog section is open for anybody who wish to be our guest blogger. Feel free to contact us at info[at]rootcon[dot]org.

Stay safe!



About the Contributor:
A self-confessed blogger minus the coffee. He maximizes his skills in consultancy, project management, professional networking, social media campaigns and very active in conceptualizing things. To date he already conducted several IT / Information Security events as his passion since 2007. Currently he's working as a Technical Support Specialist in a local company.


ROOTCON is managed by like minded InfoSec professionals across the Philippines.
All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.

Read More

Saturday, August 13, 2011

Vatican Library Uses Linux and UNIX


So the Vatican Library uses Linux and UNIX? Who would have thought
about it? You heard me right! The keepers of the 15th century Vatican Apostolic Library uses Linux and UNIX to keep their invaluable collection intact.


The Vatican Library's Website
revealed that
The Information Technology Center (C.E.D.) of the Vatican Library uses Red Hat. C.E.D.’s networks “are protected internally by two first-level firewalls in a Linux Red Hat environment”. But that’s not all. It is also revealed that of the 27 servers the IT Center uses, 19 are in a SUSE and Red Hat environment. The rest are running in a UNIX AIX environment and in a Microsoft environment (virtualized on Linux systems with VMware).


It all began in 1985 wherein the system “uses a Geac 8000/F system with about ten terminals in serial connection at 9,600 bps. The birth of the URBS network, five years later, brought about a substantial upgrade of the system, and the number of terminals was increased to about fifty, of which fifteen have a baseband connection to the relevant remote access points at 9,600 bps.


As a Catholic Linux enthusiast and an ex-seminarian, it’s a good thing that the Vatican sees the Free and Open Source Movement as beneficial to the Catholic Church. Open source is better than a closed source which is costly. According to
Fr. Stephen Cuyos, MSC (A Filipino Priest who blogs about Linux and Free/Open Source Software), “The philosophy of Free and Open Source Software (FOSS) is based on cooperation, common good and mutual benefit, and is in many ways consistent with the Catholic Church’s preferential option for the poor.”


It should also be noted that Richard Stallman and Linus Torvalds totally rock!



About the Contributor:

Shipcode is an InfoSec enthusiast from Cebu. During his high school days he was just an ordinary script kiddie. He loves to search for web exploits and other issues concerning network / wireless security.



ROOTCON is managed by like minded InfoSec professionals across the Philippines.
All rights reserved.Designated trademarks, brands and articles are the property of their respective owners.

Read More