The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Archive for September, 2007

Interview With A Convicted Hacker: Robert Moore Tells How He Broke Into Routers And Stole VoIP Services

Posted by Xavier Ashe on September 30, 2007

Convicted hacker Robert Moore, who is set to go to federal prison this
week, says breaking into 15 telecommunications companies and hundreds
of businesses worldwide was incredibly easy because simple IT mistakes
left gaping technical holes.

Moore, 23, of Spokane, Wash., pleaded guilty to conspiracy to
commit computer fraud and is slated to begin his two-year sentence on
Thursday for his part in a scheme to steal voice over IP services
and sell them through a separate company. While prosecutors call
co-conspirator Edwin Pena the mastermind of the operation, Moore acted
as the hacker, admittedly scanning and breaking into telecom companies
and other corporations around the world.

“It's so easy. It's so easy a caveman can do it,” Moore told InformationWeek, laughing. “When you've got that many computers at your fingertips, you'd be surprised how many are insecure.”

Ha… these Cavemen folks are getting a bad rap these days.

Moore said what made the hacking job so easy was that 70% of all the
companies he scanned were insecure, and 45% to 50% of VoIP providers
were insecure. The biggest insecurity? Default passwords.

“I'd say 85% of them were misconfigured routers. They had the default
passwords on them,” said Moore. “You would not believe the number of
routers that had 'admin' or 'Cisco0' as passwords on them. We could get
full access to a Cisco box with enabled access so you can do whatever you want to the box. …
We also targeted Mera, a Web-based switch. It turns any computer
basically into a switch so you could do the calls through it. We found
the default password for it. We would take that and I'd write a scanner
for Mera boxes and we'd run the password against it to try to log in,
and basically we could get in almost every time. Then we'd have all
sorts of information, basically the whole database, right at our

Yup, I agree.  A caveman could do that. Read the full article at Information Week.


Posted in Security | Leave a Comment »

iPhone 1.1.1 to 1.0.2 downgrade instructions released!

Posted by Xavier Ashe on September 30, 2007

Well would you look at that, instructions are now available for
downgrading your iPhone from 1.1.1 to 1.0.2. It won't downgrade your
baseband, meaning so far you can't re-unlock an iPhone that's been
1.1.1-ified, but it's still 1.0.2 in all its third-party application
glory. The iPhone Dev Team folks are working on a way to downgrade the
new firmware to let people unlock their phones again, but for now
AT&T users sitting pretty, and non-AT&T folks can at least do
the WiFi thing. There's a video tutorial after the break.

Read – iPhone Dev Wiki instructions
Read – Hackint0sh thread where the magic happened

From Engadget.

Posted in Other Technology | Leave a Comment »

Pirate Bay finds gold in MediaDefender emails

Posted by Xavier Ashe on September 22, 2007

Thanks to the email-leakage from MediaDefender-Defenders we now have
proof of the things we've been suspecting for a long time; the big
record and movie labels are paying professional hackers, saboteurs and
ddosers to destroy our trackers.

While browsing through the email we identified the companies that
are also active in Sweden and we have tonight reported these incidents
to the police. The charges are infrastructural sabotage, denial of
service attacks, hacking and spamming, all of these on a commercial

The companies that are being reported are the following:

  • Twentieth Century Fox, Sweden AB
  • Emi Music Sweden AB
  • Universal Music Group Sweden AB
  • Universal Pictures Nordic AB
  • Paramount Home Entertainment (Sweden) AB
  • Atari Nordic AB
  • Activision Nordic Filial Till Activision (Uk) Ltd
  • Ubisoft Sweden AB
  • Sony Bmg Music Entertainment (Sweden) AB
  • Sony Pictures Home Entertainment Nordic AB

Stay tuned for updates.

Original Post.

Posted in Privacy | Leave a Comment »


Posted by Xavier Ashe on September 18, 2007

The whole mail database was converted to HTML by Forrest F. (JRWR), and is hosted by the nicest guy on the planet.

note that this is not the official MediaDefender-Defenders website,
just a browseable copy of the e-mail leak that snowballed. We're also
not the guys that acquired these e-mails, we just nabbed them off of
BitTorrent and converted them.

We got pulled offline by, who seemed to take offense and took offline. You can now find us here at
However, as the world really should learn – whenever you take one site down, twelve new ones will spring online.

Update: We moved to the domain which.. one of the IRC guys got, and recieved our first C&D letter. More soon.

Feel free to come meet us at #MediaDefender-Defenders @ EFNet, and some new site features will be coming shortly.

I'm not sure why I find all this so entertaining, but I do. Go read some emails:

Posted in Privacy | Leave a Comment »

MediaDefender Damage Control: Cease and Desist!

Posted by Xavier Ashe on September 18, 2007

After the big leak of last week, today mediadefender is desperately trying to establish some
level of damage control. This morning we received an email from their lawyers
stating that the domain registrar should hand over our personal information. So here is an open letter to MediaDefender.

Dearest little asstunnels,

Let me start of by thanking you for your pittyfull attempt to have your
emails removed from the entire internet (the thing that says www.).
In no way we feel obligated to fulfill your request, as a matter of
fact any organisation that tries to harm this site and the bittorrent
user in general can expect nothing more from us but a big fuck you!

In case you havent noticed, this site is located in europe (I hope you
can point it out on a map) were your stupid copyright claims have no
base. But fair is fair you guys did suffer over the past week so here's
bit of advice to you guys:

The the full email sent by Markus at Meganova.  It gets rather colorful.

Posted in Privacy | Leave a Comment »

MediaDefender Internal Emails Go Public

Posted by Xavier Ashe on September 17, 2007

Unfortunately for Media Defender – a company dedicated to mitigating
the effects of internet leaks – they can do nothing about being the
subject of the biggest BitTorrent leak of all time. Over 700mb of their
own internal emails, dating back over 6 months have been leaked to the
internet in what will be a devastating blow to the company. Many are
very recent, having September 2007 dates and the majority involve the
most senior people in the company. Apparently this is not the first
time that a MediaDefender email leaked onto the Internet.

According to the .nfo file posted with the Mbox file the emails were
obtained by a group called “MediaDefender-Defenders”. It states: “By
releasing these emails we hope to secure the privacy and personal
integrity of all peer-to-peer users. The emails contains information
about the various tactics and technical solutions for tracking p2p
users, and disrupt p2p services,” and “A special thanks to Jay Maris,
for circumventing there entire email-security by forwarding all your
emails to your gmail account”

Note: The mbox
formatted file is circulating publicly on BitTorrent, completely
unedited. However, for publication here we have removed the username
and password logins for Media Defender’s servers, and replaced them
with asterisks and avoided publishing emails of a personal nature, e.g
pay negotiations etc. We believe that the emails are the real deal and
all the info posted here serves the public interest.

Read the whole post on TorrentFreak.

Posted in Privacy | Leave a Comment »

How to Download iTunes Store Previews and Use Them As Ringtones – UPDATED AND WORKING

Posted by Xavier Ashe on September 10, 2007

Ok, so we know how to use your own ripped CD’s as ringtones on your iPhone but here is an updated way to download and use iTS previews with your iPhone – AKA FREE RINGTONES of your favorite songs.

Now, this isn’t for the feint of heart. It requires command-line access and Perl and only works on OS X.

Go on over to UNEASYsilence to get the instructions.

Posted in Other Technology | Leave a Comment »

IBM Tivoli in Gartner's Leader Quadrant for User Provisioning

Posted by Xavier Ashe on September 7, 2007

IBM (NYSE: IBM) today announced that Gartner,
Inc. has positioned IBM in the Leader Quadrant of its latest Magic Quadrant
for user provisioning (1).

User provisioning is a subset of identity management that addresses an
enterprise's need to create, modify, disable and delete user accounts and
entitlements across a heterogeneous IT system infrastructure, including
operating systems, databases, directories, business applications and
security systems.

IBM is positioned in the Leaders Quadrant of Gartner's Magic Quadrant
update for the second half of 2007 based in part on a measurement of
product capability, market performance, customer experience and overall
vision, according to Gartner.

“While IBM provides the industry's strongest identity and access management
solutions, with software such as Tivoli Identity Manager and Tivoli Access
Manager, customers are finding even greater value in IBM security
management software as we continue to expand and integrate the industry's
broadest portfolio,” said Al Zollar, general manager, IBM Tivoli Software.
“IBM's growth in security management is driven by customer needs for IT
governance and risk management solutions and well-integrated software that
spans automated identity and access management, security information and
event management, and security audit and compliance.”

Yay for us!  I am diving more and more into the TIM and TAM products, but still focus most my energy on TSOM and TCIM.  That keeps me busy enough.  Read the full article at CNN, Yahoo, TMCnet, Excite, and about 50 other sites.

Posted in Security | Leave a Comment »

This is why I work for IBM

Posted by Xavier Ashe on September 7, 2007

It’s every worker’s dream: take as much vacation time as
you want, on short notice, and don’t worry about your boss calling you
on it. Cut out early, make it a long weekend, string two weeks together
— as you like. No need to call in sick on a Friday so you can disappear
for a fishing trip. Just go; nobody’s keeping track.

That is essentially what goes on at I.B.M.,
one of the cornerstones of corporate America, where each of the 355,000
workers is entitled to three or more weeks of vacation. The company
does not keep track of who takes how much time or when, does not dole
out choice vacation times by seniority and does not let people carry
days off from year to year.

Instead, for the past few years,
employees at all levels have made informal arrangements with their
direct supervisors, guided mainly by their ability to get their work
done on time. Many people post their vacation plans on electronic
calendars that colleagues can view online, and they leave word about
how they can be reached in a pinch.

Well, one of the main reasons at least.  It worth the little bit of travel time my current position demands.  Read the full article at NY Times.

Posted in Main Page | Leave a Comment »


Posted by Xavier Ashe on September 4, 2007

NSA@home is a fast FPGA-based SHA-1 and MD5 bruteforce cracker. It is capable
of searching the full 8-character keyspace (from a 64-character set) in about a day in
the current configuration for 800 hashes concurrently.

The cracker is built out of surplus Grass Valley
HD video transform boards, scrapped by GV because of defects.
A useful tool was developed to assist the board reverse-engineering effort.

The chip design consists of a pattern generator, a hash algorithm
and a lookup engine in each FPGA. The FPGAs are connected to smaller “switch FPGAs”, which
distribute data to and gather results from them. Those switches link to each other and
ultimately to an USB port (which had to be added).

A dedicated PC box communicates with the boards through an USB hub. The
software running on it post-processes hit indications from the FPGA
boards and prepares inputs for them.

A web interface to the cracker will be available and will accept a small
number of submissions after the system is fully on-line.


Posted in Security | Leave a Comment »

Hacker Challenge

Posted by Xavier Ashe on September 4, 2007


We are a U.S. company performing security testing and security
metric research. The purpose of this challenge is to evaluate the
effectiveness of software protections. The results of this effort
will be used to improve our protection measures.

Contest Overview

There will be three distinct, yet related, phases to this contest. The first phase
will be a hacker challenge, for which anyone can register to participate.
The second stage of the contest will be a market (based on the Phase 1 challenge).
Participation in this second phase will be by invitation only, based on performance
in the first phase. The third phase of the contest will be a more challenging hacker
challenge; this phase may or may not be invitation-only. There are opportunities to
earn money in all three phases of the contest. Read on for more details.
All file downloads and uploads necessary for the contest will be possible after the
participant has logged in.
The market will also be visible, at the appropriate time, after logging in.

Get all the details on  Better hurry!  Phase one ends on September 10th.

Posted in Security | Leave a Comment »

%d bloggers like this: