Beng Hacks: September 2005

Tuesday, September 20, 2005

Anonymity on the Internet

Yawn... blogger fatigue... sianz... schoolwork... projects... yawnz...

BF2! My only motivation for staying awake.

Anyway the arrests and Sedition Act of the 3 bloggers made everyone scared of posting on blogs liao. Some people even ask how it's possible and whether it's legal.

My uncle at a certain ISP tells me yes it is very easy and impossible to escape, as long as you have an internet connection. In fact he tells me even in countries like USA (the freedom nation) and the many countries in EU all have existing laws about how the police can get info from the ISP. It seems USA and EU now have some law that requires all ISPs to keep access logs for a long period of time in case of criminal or terrorist case.

In fact he told me that in EU they have computer systems to do this automatically while in USA it's still police warrant or court order. I think in Singapore we are also still police warrant and he says our ISPs (SingNet, Starhub, etc) all must keep logs for police investigation. So who knows what is being logged?? Maybe access log? Login log? Visit log? HTTP log? Who knows sia could be anything!

In other words no escape. How about proxies? Mmmm I think will depend on what is being logged at the ISP. I think if use anonymous proxy oso cannot siam cuz they can still get u from the DHCP or login logs, meaning they will know when u login and logoff.

For me, the only way is VPN but who here got VPN? LOL...

Wah... stay on your toes people! Basically watch what you say. But to those racists fuckers, my pal X-Fire is malay and on behalf of X-Fire, trinity and gang, FUCK YOU!

Tuesday, September 06, 2005

How anti-virus works and why it's useless against the real hacker

I was wondering one day how an anti-virus program works. The other day I was playing around with the santy worm and my AVG constantly kicked up the virus warning and deleted the file. Fortunately I have backups :) Anyway I got to thinking it's one of two ways:

1) byte signature.
2) behaviour signature.

I suspect 99.999% of AV now use the first one, ie byte signature. In the case of santy worm the main exploit could not be modified significantly enough to bypass AVG. Now that got me thinking, what about viruses or trojans that could be sufficiently modified? What about custom-written ones by good coders? What about viruses in memory? What if the code was encrypted then decrypted in memory then executed?

Then I stumbled upon a few new things (to me at least). The first is Morphine, in simple words it is a way to encrypt a virus or trojan. I haven't tried it out but it seems similar to UPX and I suspect it's gonna be damn effective.

The second is Hacker Defender and the best part about this is there's source. After managing to recompile the damn sucker, I got it to work past my AVG! OMG... This sucker is also able to bypass software personal firewalls because it can mask itself as a known app or hook onto one (eg iexplore.exe).

This proves one thing, AV is only interested in catching or preventing the casual player, but the real deals, the existing shit can't do anything about them. To catch them, AV companies must change their thinking and fight not by bytes but by behaviour. Then again maybe AV knows this and allows it. If not no biz LOL

Anyone who wants a copy of the recompiled version or wants to learn, just drop a line.