Skip Links

Network World

Jimmy Ray Purser

Top 10 Coolest Hacking Moments in 2008

By JimmyRay on Wed, 12/10/08 - 4:08pm.

Ah yes, another year down. Seems like when I find the best fishin' baits; winter hits, the lake freezes over and then I am back at it again. That must be why I love network security so darn much! 'Bout the time I have it figured out, it all changes overnight.

Man, we sure have seen some real interesting things this year in regards to network security. The stats counters are still pluggin' the numbers to see where we actually ended up this year. Without a doubt, the attacks have really been taken to a new level. You know, besides all the drinkin' that normally goes on at the end of the year, one of the best parts of the transition between one year to the next is all of the best/worst of lists that seem to be all over the Internet.

I decided to go back and look in my log books and see which stuff surprised me the most this year and compile my own list.... drum roll please....

Top 10 coolest/suckest hacking moments of 2008

- D.N.S.
Pronounced just like Robb Van Dam says his name. Good ole Dan Kaminsky discovered a major league set of vulns in DNS that had folks scrambling to patch servers all over the place. It gets even better then the CNAME record attack, now I can send a querying name server fake info that can then be used to query other name servers. Now I am not limited to a single cache entry, ALL queries may be forwarded to the attackers name server! Ouch!

- Apple quietly recommends antivirus software for Macs.
Hey, consider it a compliment! Your devices are getting so popular, hackers are taking notice and see the value in Mac-based computing.

- Drive-by attacks with Java.
JavaScript has been used to infect thousands of legitimate web pages to insert a trojan to visitors! Sound like a National Enquirer headline? No way! This attack method has been very successful and nearly transparent to users. This launches a new age in hacking.

- WPA cracked
Elcomsoft has improved it Distributed Password Recovery tool so much that WPAv1-v2 password are cracked tons faster. Many wireless security folks are moving to WPA but wrapping it in a VPN encrypted package. Small story, HUGE news!

- Mac users get a dose of Windows hacks
In January, I got a notice for free-trial antispyware. No surprise except that it was on my Mac! I did a little sandboxing on MacSweeper and sure enough, it was crapware. Of course it found problems that could only be solved by purchasing the full version. PayPal or credit card? And I thought all I had to worry about was OSX.RSPlug.A on my Mac!

- Laptop Lojack!
Laptops are being ripped off at an alarming rate. Two companies plus an open source alternative have introduced tracking packages to track down your hardware and hopeful return it to you or zero out the data. Read about it in this blog post.

- Private Investigator, your next career cert?
An increase in hackers has dramatically lead to an increase in computer forensic analysts. Are you ready for a career change? Not so fast! You may need to be a Private Investigator first. Read about it here.

- Don't like your current security software? Write your own and get Cisco to pay you for it!
The Cisco AXP contest is a chance to show off your coding skills and the chance to win 50K, 30K or 20K USD for your efforts. The best part is Cisco is giving away ISO so you can practice on with out purchasing an actual AXP module. Read more here.

- NMAP 4.75 adds graphic mapping feature!
Not only did NMAP update tons of OS signatures, BUT it added a Zenmap GUI feature. Maps are laid out based upon distance from (hops) the scanning node, different map markers for nodes, network devices, grouping rules. Fyodor must have had an interesting Summer vacation...

- The Last HOPE
For my fellow 2600's out there, I thought this was the last HOPE conference. Come to find out that was just the title. Whatever. 2600 must have got a marketing department. Last one for me, OK most likely not because they are mega cool and I always have a blast!

Have a great New Year Y'all! Thank you so much for reading this blog. I am very grateful for y'all.

Trivia File Transfer Protocol
A very large percentage of the movie budget for Monty Python and the Holy Grail actually came from donations by members of Pink Floyd and Led Zeppelin.

Jimmy Ray Purser

Does anyone edit this stuff?

0
By Anon (not verified) on Thu, 12/11/2008 - 3:50pm.

Does anyone edit this stuff? Many misspelled words... at least in the context in which they are being used. Spell check isn't a substitute for an editor. Geez...

Edit?

0
By JimmyRay on Thu, 12/11/2008 - 3:55pm.

Come on man! It's all sure enough this be jus da way 2 too wrote now!

Thank you for the feedback. My degree is in engineering and my passion is to butcher the English language!

Jimmy Ray

gtfo of the IT field if

0
By You're a turd (not verified) on Fri, 12/12/2008 - 10:35am.

gtfo of the IT field if you're obsessed with spelling and grammar. You think you're "holier than thou" because you never make errors? People like you disgust me.

Turd Jackassery, Lazy Tool

0
By Anakin (not verified) on Fri, 12/19/2008 - 11:35am.

What does it take for someone to run a spell check? I mean really, just because Turd is an illiterate doesn't mean everyone else is.

If you're going to run a column, the least you can do is make sure it doesn't look like it was written by a monkey. It's a disgrace that no one takes just a little bit of time to do these things. You have an BSEE and you're going for a MSEE. That's great and it probably says something about your intelligence. I have a BSEE, BSCS and MSE from a Big Ten school as well. I know you're required to take technical writing courses, so it's got nothing to do with you being an engineer. You're just lazy.

Get it together son. Your writing is SHAMEFUL.

Turd, STFU.

Thank you for the feedback

0
By JimmyRay on Fri, 12/19/2008 - 12:39pm.

Thank you for the feedback. No need to call names, I am grateful for your participation. I write blogs lose and fast, just to share info, not like a technical manual or Masters thesis. That type of writin' bores me and truthfully is really not who I am. However, I am always looking for folks to proof read my papers and publications...interested? it is classified as grammatical hazardous duty!

Thank you for reading and posting.

Have a Great Christmas

Jimmy Ray

I love it!

0
By Will Platt (not verified) on Thu, 12/11/2008 - 6:21pm.

Great list! Some of these I have never heard of. Not sure what that says about me as a security person. Really enjoy the blog and please do not go thru an editor, your free form writing is what true blogging is all about. Save the editing for books.

Enjoyed the article. The

0
By Pete (not verified) on Fri, 12/12/2008 - 8:23pm.

Enjoyed the article. The person that posted the first comment "does anyone edit this tuff" must have voted for Hussein Obama and is probably on the unemployment line. The author Jimmy Ray Purser has a very impressive biography and the content of the article is great

cool and hacking in the same sentence?

0
By Schratboy on Sat, 12/13/2008 - 10:50am.

Only if you're a hacker...

note to the spelling nazis

0
By Schratboy on Sat, 12/13/2008 - 10:51am.

chill grammar police!

Elcomsoft ?!

0
By Sid (not verified) on Mon, 12/15/2008 - 2:42am.

Elcomsoft has improved it Distributed Password Recovery tool so much that WPAv1-v2 password are cracked tons faster.

Actually not. They are even slower then other existing tools.
Get a clue on this one. That's not a hack. That's a BS PR campaign...

123next ›last »

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Welcome, visitor. Register Log in
About Networking Geek to Geek

Jimmy Ray Purser is the technical co-host for Cisco's TechWise and BizWise TV. Jimmy Ray also conducts advanced training for engineers across North America and Europe and regularly speaks at industry conferences such as VON, CeBIT, N+I, and Networkers. As a field engineer, Jimmy Ray experiences networking first hand behind the console or in the rack. He is an active member in the IEEE and the Ethernet Alliance and has designed, installed and tested numerous networks for Fortune 500 companies, the United States military and other institutions worldwide. He holds 3 U.S. patents for Ethernet security algorithms with two others pending and one defensive publication, as well as numerous other vendor certifications in networking and security.

Purser holds a Bachelor of Science degree in electrical engineering from Southern Illinois University is currently pursuing a master of science degree in electrical engineering.