Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop — it’s a learning tool for security students.
DVL is a live CD available as a 150MB ISO. It’s based on the popular mini-Linux distribution Damn Small Linux (DSL), not only for its minimal size, but also for the fact that DSL uses a 2.4 kernel, which makes it easier to offer vulnerable elements that might not work under the 2.6 kernel. It contains older, easily breakable versions of Apache, MySQL, PHP, and FTP and SSH daemons, as well as several tools available to help you compile, debug, and break applications running on these services, including GCC, GDB, NASM, strace, ELF Shell, DDD, LDasm, LIDa, and more.
A modified Nintendo Wii boots a backup of Red Steel. There is no modchip in the Wii, there is a parallel port cable soldered to the drive board. The cable costs under 3 dollars to make.
Textb00k
You will need a male parallel port and a couple diodes, both parts available at Radioshack for under 3 bucks. Follow Erant’s instructions on soldering in the cable, then use Syndicate or WAB’s “ISO Loader” or “WABModCheap” programs to temporarily patch the drive firwmare to allow backups to load. Not as feasabile as a modchip for the reason that you have to use a PC every time, but for 3 bucks and the chance to get it done right then, it was worth it for me.
Cable Instructions:
In order to make the datacable, you need only a few basic items. A DB-25 connector, two diodes, and some cable. Connect the diodes in reverse (so, PC —|< --- Wii) to the DB-25 connector, to pins 1 and 14. Just connect some wires to pins 18 and 11, these will be the GND and output wires. The other two dioded wires are clock and input. Now, open your Wii, remove the DVD drive, and turn it over. Look for the following pattern near IC3001 (http://wiire.org/Wii/console/disc_drive):
- 1 -
2 3 4
- 5 6
3 is SBO1 (Output)
4 is SBT1 (CLK)
6 is SBI1 (Input)
With the numbers being pads, and - being nothing. Now, solder the wire from pin 1 to pad 4 (CLK line). Pin 14 goes to pad 6, and pin 11 goes to pad 3. Just find a suitable place to attach the wire from pin 18, which is GND. (Placing the board so you can read the writing on IC3001, look at connector P3001, the rightmost pad is GND and the third from the right is GND). Check your solder connections with a multimeter, then close up your Wii, and issue the ./dvdtool -r 0x8000 command in root mode. If you see hexadecimal numbers, congratulations! If you don't, check the proper functioning of your cable, wether or not you're in root mode, and if the parport0 and ppdev drivers are properly installed.
This was posted moments ago on Security Focus’ BugTraq list and looks like a follow-up to the anonymous 23C3 Hacker Congress presentation held end december. Looks like some huge news (Unsigned Code Execution in Hypervisor Mode) even if it’s already patched by Microsoft in the latest kernel release:
[QUOTE]
Security Advisory: Xbox 360 Hypervisor Privilege Escalation Vulnerability
Release Date:: February 28, 2007
Author: Anonymous Hacker
Timeline:
* Oct 31, 2006 – release of 4532 kernel, which is the first version
containing the bug
* Nov 16, 2006 – proof of concept completed; unsigned code running in
hypervisor context
* Nov 30, 2006 – release of 4548 kernel, bug still not fixed
* Dec 15, 2006 – first attempt to contact vendor to report bug
* Dec 30, 2006 – public demonstration
* Jan 03, 2007 – vendor contact established, full details disclosed
* Jan 09, 2007 – vendor releases patch
* Feb 28, 2007 – full public release
Patch Development Time (In Days): 6
Severity: Critical (Unsigned Code Execution in Hypervisor Mode)
Vendor: Microsoft
Systems Affected: All Xbox 360 systems with a kernel version of 4532 (released Oct 31, 2006) and 4548 (released Nov 30, 2006). Versions prior to 4532 are not affected. Bug was fixed in version 4552 (released Jan 09, 2007 – not a Patch Tuesday).
Overview:
We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access.
So you’ve installed a flavor of Linux such as Ubuntu or you have shell access to a Linux system and you want to start doing some damage. The admins at LXPages.com compiled 10 commands that every Newbie Linux user should definitely know to start being effective.
Its now nearly March 2007 and time for a new State of the Homebrew Scene for 2007.
Because we are the only dedicated Homebrew Network on the web covering just about all scenes (and if not then we will ) i feel its a good time to give a low down on each scene and some pointers about where they are going from my point of view.
First off though lets remind all that Homebrew is not the same as warez.
Also I would like to point out that each scene owes its life to the many hardware and software hackers who discover the exploits we come to enjoy so much today, they are then followed by the many worldwide coders who make the homebrew scene a free and enjoyable place to hang out and make friends etc.
From WAB
AloneTrio From Wab is Proud to bring you the code of the WIINJA (DMS/D2A)
This code was easily ripped from a logic analyzer
Here it is the concept : The wiinja is composed in two parts. 1st is a kind of loader injected to the drive chipset via serial and executed. This part provide a modified serial support and a decrypter fonction (simple XOR). The second part is the main modchip code ( encoded )
In this release you will find the disassembled code of the loader and decrypter part and the disassembled decrypted main winja code.
The RIAA is asking for additional cooperation from ISPs in getting customers targeted by the RIAA’s file-sharing sting to cooperate, according to a letter recently leaked to P2P attorney Ray Beckerman. In it, the RIAA lays out its vision for how it would like ISPs to cooperate with its efforts to identify and sue those accused of sharing music over P2P networks. This includes communicating a standing offer of a $1,000 settlement discount should the subscriber settle before a lawsuit is filed against him or her. The letter also discloses plans for a settlement web site that will launch later this year.
MediaSentry, the RIAA’s investigative arm, typically identifies suspected copyright infringers by IP address. One of the record labels whose music was discovered in a shared folder then becomes the lead plaintiff in a John Doe lawsuit. Via the discovery process, the ISP is then forced to turn over the name and address of the account owner who was using the IP address at the time of the alleged infringement. At that point, the John Doe case is discontinued and the label sues the individual fingered by the ISP.
Bypassing the courts
The RIAA wants to do an end run around this process, getting ISPs to start the collection agency work by sending out letters to the owners of IP addresses allegedly used for infringement. If the recipient of a such a letter contacts the RIAA, the labels get their positive ID and the chance to extract a sizable settlement without having to resort to the legal system.
In its letter (which has all information that would identify the recipient blacked out), the RIAA outlines how it would like ISPs’ help in its continued attacks against suspected file sharers. One of the big problems from the RIAA’s perspective is that of the ISPs’ communications. “Whether in a notice to a subscriber at the preservation or Doe stage, or in subsequent communication with subscribers,” the RIAA writes, “it is vital that you avoid providing incorrect or misleading information.” Instead, ISPs should use a model letter written by the RIAA to let subscribers know what’s going on.
< > has received a notice from the Recording Industry Association of America (”RIAA”) requesting that we preserve documents regarding your identity. The RIAA has indicated that it intends to file a lawsuit and seek leave to serve a subpoena upon < > requiring disclosure of documents that identify the user located at an IP address that our files indicate was assigned to you at the time identified by the RIAA.
If you have an questions regarding why the RIAA is interested in your account, please contact the record companies’ representatives by phone at (913) 234-8181, by facsimile at (913) 234-81812, or by email at info@SettlementInformationLine.com
Please be advised that if the RIAA follows this notice with a subpoena, we will forward a copy of that subpoena to you but we will be legally obligated to provide the requested information.
Our purpose in sending you this letter is to provide you with advance notice of the RIAA’s request. < > is not taking any action against you, and there is no need for you to communicate with us regarding this issue.
ISPs are cautioned against letting their customer service staff provide misinformation to subscribers. They are told to “refrain from issuing opinions about the validity of the copyright claims.” The RIAA also asks to be promptly notified if an ISP believes it has mistakenly identified a customer in an attempt to avoid further embarrassments.
Call now! Operators are standing by!
The RIAA will also be providing the ISPs with another letter they can send to their subscribers, this one notifying them of the possibility of an early, out-of-court settlement. “We have heard repeatedly from targets that they want the ability to settle as early as possible at the lowest amount possible,” according to the letter. “To accommodate this request, we are instituting a new Pre-Doe settlement option that will allow infringers to settle at a discounted rate if they do so prior to our filing a Doe suit.”
There’s a catch: in order to be eligible for the Pre-Doe settlement option and $1,000 savings, ISPs will have to hold on to its log files for at least 180 days. This gives the RIAA ample time to pursue a lawsuit and subpoena if the suspected infringer elects not to enter a settlement.
The letter also outlines what exactly the RIAA wants in response to a subpoena, should a lawsuit become necessary. First, the music labels want an ISP to examine its log files “as completely and carefully as possible” before responding. The labels also want the most up-to-date contact information, as well as the log files used to identify the subscriber.
Ill communication
The last request contains a troubling admission by the RIAA: “We are taking this step to address the occasional problem we have had where an ISP does not maintain the log files and cannot later exculpate a subscriber who claims to have been misidentified.” In other words, the RIAA has targeted the wrong people in the past due to its heavy reliance on US ISPs to accurately identify people with shared music folders on Kazaa or other P2P networks.
Later this year, the RIAA will launch a new web site intended to “facilitate” early settlements. Once www.p2plawsuits.com—which was just registered on January 23—comes online, it will provide consumers with information about the RIAA’s lawsuits and how to enter into a costly settlement in order to avoid litigation.
We contacted the RIAA to determine if the letter was indeed authentic and they declined to comment. If nothing else, the letter illustrates the degree to which the RIAA wants to be able to get settlements from its targets without having to resort to even a John Doe lawsuit. The RIAA also anticipates stepping up the pace of its lawsuits against suspected file sharers, telling ISPs that the labels will soon resume sending them “early preservation notices” that are precursors to a lawsuit.
Wiip is a hardware mod for the Wii system that allows you to boot backup discs. This mod works by utilizing a cheap and simple microcontroller that communicates with the serial port of the Wii’s hybrid DVD drive and overrides certain parts of the media’s data stream. Allowing you to do all sorts of wonderful things (like boot backup discs).
The most important part of this project, is that it is open source! In addition to releasing the Wiip chip, on this page you will soon be able to download the PCB schematics, Wiip firmware and documentation! We hope by creating this project, other users will make modifications to our code for newer updates in the future (if needed).
The current features of Wiip are:
* Actually upgradeable! Device is bundled with an easy to use programming cable.
* 20 MHz AVR microcontroller with 2KB of EEPROM (SMD type)
* Customizable (via open source code)
* Boots Wii games (DVD R / DVD-R media)
* Boots GC games and homebrew
* AudioFix (naturally)
* On board DIP switch (enable/disable mod, enable/disable stealth)
* Works on DMS / D2A chipsets (sorry, we haven’t worked on D2B yet)
The Wiip is going to be available for a mere $20 retail (and that includes shipping!) and will appear shortly in our online shop. Or the schematics, code, and software will be available so you can make one for less than $10! How is that for freedom?
Tired of the Low speed, Small capacity 2.5inch hard disk in your Mac Mini? Check out this non-destructive method of connecting a full speed 3.5inch Sata drive to your Mac Mini.
Basically, I hacked up a NewerTech MiniStack enclosure to hold a 250gb SATA drive, which is connected directly to the internal SATA connector in the Mac Mini.
Pre-requisites: Need to be able to handle a soldering iron without burning down your house, wield a hobby knife without cutting off your fingers, mad hot glue-gun skills are a plus, and the desire to increase the speed and capacity of your Mac Mini – all while keeping your warrantyrelatively intact- If that kind of thing is important to you.
The Windows Vista BootScreen is pointless, but Microsoft decided to hide a more visually appealing boot screen that can easily be enabled with very little trouble. I’m not sure why they didn’t make the boot screen better.
All you have to do is type msconfig into the start menu search box, and hit enter.
Click the Boot tab, and then check the “No GUI boot†checkbox.
Hit OK and reboot the computer. You should see the new boot screen immediately.
