SOLDIERX.COM Nobody Can Stop Information Insemination

Not sure if this is Chrome being a fucktard, like normal it seems but i just tried to access the SART thread in Windows Software and got this:

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http...

-- START --

Advisory provided by
Safe Browsing
Diagnostic page for www.decal-orations.com

What is the current listing status for www.decal-orations.com?
Site is listed as suspicious - visiting this website may harm your computer.

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

What happened when Google visited this site?

As part of what I would call my "intelligent discussion series", here is another paper for you guys to read. As with my previous attempts, I would like to launch an intelligent discussion on topics such as this one. Please read the paper located at http://www.cl.cam.ac.uk/~rja14/wcf.html and then post your thoughts. Please don't be shy!

If you keep up with these posts and read the papers, it should help to get you in the right mindset to enjoy my exploitation tutorials (coming soon to a soldierx near you).

Previous paper posts are as follows:
1) https://www.soldierx.com/bbs/201104/Side-Channel-Attacks
2) https://www.soldierx.com/bbs/TOR#comment-10499

I look forward to some replies

For those not in the know, there was an interesting talk called "Stackjacking Your Way to grsecurity/PaX Bypass" about "bypassing" a grsecurity/PaX Linux kernel that was presented at both HES and Infiltrate. The confusing thing about the talk was that it's using a vulnerability type that has been mentioned by PaX Team and Spender many times (as not being protected against). In other words, I don't see it bypassing any of the features of grsecurity/PaX - but rather just using an attack that wasn't protected against. Spender gave a very interesting response which includes both a brief discussion and some fancy new features.

Hey, for everyone that doesn't know me, I'm Lambeau.

That's it for the introduction, now to the nitty gritty.

As of last night, I had no virus attacks on my computer for almost 4 months. Then, as soon as I got on the internet today when I got home, I had 5 attacks in the first 3 minutes, and then another 30 in the 20 minutes that followed. I haven't gone to any site i normally wouldn't go to. Facebook, ZI, Hollywoodundead.com, Gmail, Hotmail, etc. and I haven't installed any new software in about 5 months, but each time I went to a new page it would detect at least 1 virus attack on my computer. My firewall and AV stopped it, luckily, but I'm still uneasy. What can I do to protect myself better?

Ok so my buddy has an older IBM r50e and he says he can't figure out the bios password. He's not much of a techie so he's going to bring it over next weekend (maybe cause he forgets things). So from what I've read on forums and blogs, the claim is that IBM considers it unhackable (according to the forum). I also read that removing the CMOS does nothing since there is a specified chip on the motherboard that stores the non volatile password. So I understand that replacing the chip should fix the issue but my question is: is there an easier way? Would any of the bios password removal CDs work? Any ideas or heads up would be helpful. Thanks!

I wanted to open up a discussion for side-channel attacks. What does everybody think of them? How big of a risk do you think they pose?

For those unfamiliar, here are a few examples:

Timing Analysis of Keystrokes and Timing Attacks on SSH
Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow
The Mathematics of Side-Channel Attacks (video)

Please read the papers if you're not familiar with side-channel attack and then comment. This is kind of a new idea at SX, but I think having discussions on various aspects of hacking/security is important

If there is enough interest, I will dig up and post some more papers on the topic - such as recovering speech from Skype despite it being encrypted

Have seen a couple of security/privacy related programs and just wondered if they really do what they claim to do effectively - anyone had any experience?

- KeyScrambler, claims to encrypt what you type into browser

- HDShredder, claims to delete sensitive files etc beyond the reach of data recovery

Thanks

I was wondering if I could use any old antivirus scanner on my android phone via the usb cable or do I need a specific one? My phone is CLEARLY infected with something since it's freaking out but when I scan it with Avast (from my PC) it doesn't find anything. I installed the common and free AVG scanner on my droid and it said it found stuff but it didn't successfully remove that stuff.

Is there any scanners that could scan and remove viruses/malware from my droid via a PC scanner?

http://www.verisign.com/ssl/buy-ssl-certificates/index.html

$400 for an SSL certificate? For a year?! WHAT THE CHRIST IS THIS HORSE SHIT?

I'm an elite hacker. Not the CEO of a Fortune 500 company. I can't afford shit like this. Who do I look like, Steve Jobs? Jesus FUCK!

Anyway, I'm not just here to rant; I do actually have a question. I need SSL, and I'm obviously closed to the idea of paying that much money for it. So, what do you you all think of OpenSSL? Has anyone here set it up and used it? Are they any major pros and cons to it?

I need to secure the most elite hacking site on the entire internets (mine) for certain things before I can release v 2.0. Any feedback would be appreciated.

--schiz0id

I could be doing anything at all on my computer, watching a movie I downloaded or sweeping for malware and I'll hear it...the ever so annoying and slightly alerting sound of the Internet Explorer clicking. There is just one problem, I do not use IE. Any thoughts on what could be causing me to hear what sounds exactly like the IE clicking noises when I don't even use IE? I'm slightly concerned about my security now.

Could it be my XFire? I think it might use the same or similar protocols to access web interactions. I have XFire to keep in touch with a friend and I realize how it's used and an information gathering program but I sort of need it. Do you think it's XFire or should I be more concerned here?