Feeds

Attrition performs defacement mirror autopsy

And excoriates Wired 'cyberwar' journo

  • alert
  • submit to reddit

Seven Steps to Software Security

We owe the wittiest and most enjoyable presentation at Blackhat to attrition.org members Jericho and McIntyre, who offered a retrospective on the benefits, aggravations and pitfalls of maintaining a defacement mirror, now that they've ceased updating theirs.

In a nutshell, running a mirror is a major pain in the balls, and not everyone need apply. Those clearly unfit for the job include active defacers ('hackers' in mainstream-press parlance), security-service companies who profit from selling solutions to the holes being exploited, and anyone without an immense reserve of patience and indulgence.

And if that's insufficient discouragement, anyone inclined to maintain one should be prepared to suffer defacement attempts and DoS attacks from kiddiots who aren't getting enough attention; find reams of mail referring to the same item; weed through laughably insignificant defacements ("d00d, i like totally hacked this Geocities 'meet-the-Smiths' page"); receive individual notifications of complete subnets defaced at a stroke; receive legally-inconvenient advance notice of attacks ("check out www.r00tarded_lusers.mil in like twenty minutes d00d"); be perceived as a criminal by the FBI; disappoint twit Feds eager to know what you know in spite of legal due process whilst receiving subpoenas from slicker ones; and get investigated for the hell of it.

Nevertheless, data thus obtained can be useful enough to make it all worth the hassle. Questions remain, for example, on the relationship between the publication of a particular exploit and the number of defacements accomplished with it. For that one needs a long-term running total, of course, but data representing other trends as well.

Both attrition members cautioned that the spikes in defacements which appear to correspond to exploit releases and hole discoveries on their stats page may not be as directly representative as they appear. Since they will continue to maintain defacement stats, they plan to apply a more sophisticated interpretation, now that they've freed themselves from the drudgery of maintaining the mirror, as we reported here.

The group's commentary will also increase now that the mirror is static, and indeed it already has. During the presentation we were treated to a scathing commentary about Michelle Delio, which we found a very pleasant surprise.

Wagging the Delio

Who is Michelle Delio, and why is she a clueless dunderhead? The answer to part two is anyone's guess. The answer to part one is, she's a journo feeding words to Wired News, who invented a cyberwar between the USA and China and later denied its existence when it became painfully clear to everyone and his dog that she'd been talking bollocks from day one.

In a nutshell, Delio got word from some IRC kiddie claiming that the Chinese hacking underground was mobilizing for a massive attack against US sites in celebration of May Day and in protest of the spy-plane incident. Further evidence, such as random racist and anti-American comments on a couple of Chinese BBS persuaded the reporter that her source was solid.

She then rushed to break this 'exclusive story', no doubt flushed with pride and excitement, and in so doing persuaded a lot of American IRC kiddies that Chinese hackers were in fact bombarding the US, though in reality there had been only a few, minor incidents. The US side decided to 'retaliate' against the outrage and really did kick into gear against Chinese sites. The Chinese naturally retaliated against that, and the rest, as they say, is history.

Until, that is, Delio decided to announce that the 'cyberwar' which she inadvertently started had never occurred.

The written attrition commentary which details Delio's hacker hype has been published for some time; the new and delightful thing here was the live Jericho's dry, sacrastic delivery of the account, sweet enough to make a Reg hack well up with pride. Of course you had to be there; and of course we wish you had been. ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.