Welcome to UK420

Register now to gain access to all of our features. Once registered and logged in, you will be able to contribute to this site by submitting your own content or replying to existing content. You'll be able to customize your profile, receive reputation points as a reward for submitting content, while also communicating with other members via your own private inbox, plus much more!

This message will be removed once you have signed in.


Sign in to follow this  
Followers 0
southlad

Facebook to be killed?

191 posts in this topic

...a deep knowledge of cracking high-end encryption way way beyond the enigma machine or anything else at Blechley Park...

A knowledge as deep as knowing it's not possible to crack and that brute force is pointless?

I would say that kind of knowledge is pretty shallow and ill informed as it goes .. encryption is routinely cracked ..to give two recent well known examples ..sony's encryption being cracked the previous year is thought to be the basis of the attack on the ps3 network ..you know that's a heavily encrypted network right? ...a few days ago BF3 was released at 4:01pm and by 5:16pm EA's install encryption had been cracked ...the cracker described the task afterwards as:

PROTECTION .......: EA/Crap

covering your tracks is another issue ..how to launch an attack on FB without the code leading back to your IP is a task in itself..

The easy way is to use a botnet, or a network of willing footsoldiers/pawns. Some use 'onion routers' and the clever ones tmp edit their entries in various MAC/IP routing tables and logs. Nothing that difficult.

operating at the level of disrupting amazon,sony,fb and getting away clean and untraceable is fairly top end ..especially when you give the heads up to the target/authorities before hand ...telling the world the time and place you intend to attack ...and then carrying out that attack with them watching/monitoring/helpless .. getting away free at the end is no easy feat ..otherwise this kind of thing would be more common..& fb would be down 5 days out of 7 ....saying it's nothing that difficult makes it sound as simple as changing a hoover bag..

serious hacking is of a highly technical nature requiring solid programming skill at hardware level aka byte level coding ..using opcode/asm/c/c+

Serious cracking mostly requires solid disassembler skills. The programming side isn't complex. .

solid diss/ass skills are fairly complex as they require a good knowledge of the underlying hardware...to say it isn't complex is just false ..maybe not complex for you strawberry but for most normal programmers they will never go near this kind of level

..normal code looks like:

#pragma endregion EX

#include <vector>

using namespace std ;

int main()

{

const size_t NDim = 3 ;

double coords[NDim] ;

*coords = 1.5 ;

for( int a = 0; a != NDim; a++ ) {

coords[a] = a;

}

vector<double> v ;

copy( coords, coords + NDim, back_inserter(v) ) ;

vector<double> v2( coords, coords + NDim ) ;

return 0;

}

which is practically in English and requires almost no understanding of the underlying hardware platform.

.unlike this code which is hw specific, which btw if you know asm you should be able to tell me what kind of program this is? ..don't bother with google it only exists on my hd :) ..the answer should be fairly obvious

-------------

Hook Draw Function/End Frame

-------------

#### code ####

00586E00 /$ 51 PUSH ECX

00586E01 |. A1 BC1A7E00 MOV EAX,DWORD PTR DS:[7E1ABC]

00586E06 |. 8378 10 03 CMP DWORD PTR DS:[EAX+10],3

00586E0A |. 7D 0A JGE SHORT iw4mp.00586E16

00586E0C |. 6A 00 PUSH 0

00586E0E |. E8 0D79F8FF CALL iw4mp.0050E720

00586E13 |. 83C4 04 ADD ESP,4

00586E16 |> 8B0D C89B9F00 MOV ECX,DWORD PTR DS:[9F9BC8]

00586E1C |. 8B15 BC1A7E00 MOV EDX,DWORD PTR DS:[7E1ABC]

00586E22 |. D941 14 FLD DWORD PTR DS:[ECX+14]

00586E25 |. 837A 10 00 CMP DWORD PTR DS:[EDX+10],0

00586E29 |. D91C24 FSTP DWORD PTR SS:[ESP]

00586E2C |. 74 15 JE SHORT iw4mp.00586E43

00586E2E |. D90424 FLD DWORD PTR SS:[ESP]

00586E31 |. 51 PUSH ECX

00586E32 |. D91C24 FSTP DWORD PTR SS:[ESP]

00586E35 |. 56 PUSH ESI

00586E36 |. 57 PUSH EDI ; ntdll.7C910228

00586E37 |. E8 5449F7FF CALL iw4mp.004FB790

00586E3C |. D95C24 0C FSTP DWORD PTR SS:[ESP+C]

00586E40 |. 83C4 0C ADD ESP,0C

00586E43 |> A1 BC1A7E00 MOV EAX,DWORD PTR DS:[7E1ABC]

00586E48 |. 8378 10 00 CMP DWORD PTR DS:[EAX+10],0

00586E4C |. 74 15 JE SHORT iw4mp.00586E63

00586E4E |. D90424 FLD DWORD PTR SS:[ESP]

00586E51 |. 51 PUSH ECX

00586E52 |. 8BC6 MOV EAX,ESI

00586E54 |. D91C24 FSTP DWORD PTR SS:[ESP]

00586E57 |. E8 74FCFFFF CALL iw4mp.00586AD0

00586E5C |. D95C24 04 FSTP DWORD PTR SS:[ESP+4]

00586E60 |. 83C4 04 ADD ESP,4

00586E63 |> 8B0D BC1A7E00 MOV ECX,DWORD PTR DS:[7E1ABC]

00586E69 |. 8379 10 00 CMP DWORD PTR DS:[ECX+10],0

00586E6D |. 74 15 JE SHORT iw4mp.00586E84

00586E6F |. D90424 FLD DWORD PTR SS:[ESP]

00586E72 |. 51 PUSH ECX

00586E73 |. 8BC6 MOV EAX,ESI

00586E75 |. D91C24 FSTP DWORD PTR SS:[ESP]

00586E78 |. E8 E3FCFFFF CALL iw4mp.00586B60

00586E7D |. D95C24 04 FSTP DWORD PTR SS:[ESP+4]

00586E81 |. 83C4 04 ADD ESP,4

00586E84 |> 8B15 D40B7F00 MOV EDX,DWORD PTR DS:[7F0BD4]

00586E8A |. 807A 10 00 CMP BYTE PTR DS:[EDX+10],0

00586E8E |. 74 15 JE SHORT iw4mp.00586EA5

00586E90 |. D90424 FLD DWORD PTR SS:[ESP]

00586E93 |. 51 PUSH ECX

00586E94 |. 8BC7 MOV EAX,EDI ; ntdll.7C910228

00586E96 |. D91C24 FSTP DWORD PTR SS:[ESP]

00586E99 |. E8 52FDFFFF CALL iw4mp.00586BF0

00586E9E |. D95C24 04 FSTP DWORD PTR SS:[ESP+4]

00586EA2 |. 83C4 04 ADD ESP,4

00586EA5 |> A1 08047E00 MOV EAX,DWORD PTR DS:[7E0408]

00586EAA |. 8078 10 00 CMP BYTE PTR DS:[EAX+10],0

00586EAE |. 74 13 JE SHORT iw4mp.00586EC3

00586EB0 |. D90424 FLD DWORD PTR SS:[ESP]

00586EB3 |. 51 PUSH ECX

00586EB4 |. 8BC6 MOV EAX,ESI

00586EB6 |. D91C24 FSTP DWORD PTR SS:[ESP]

00586EB9 |. E8 92FEFFFF CALL iw4mp.00586D50

00586EBE |. DDD8 FSTP ST

00586EC0 |. 83C4 04 ADD ESP,4

00586EC3 |> 59 POP ECX ; kernel32.7C817077

insert draw hook here

00586EC4 \. C3 RETN

#### sig ####

But, this is an issue for cracking s/w protection more than cracking websites. Greater awareness of buffer exploits and hotfixes etc has shutdown all but the most stupid/lazy of sites

I was only making the point that there is more to hacking than simple pw guessing..nothing more..maybe you misunderstood the post?

ahh here it is again to refresh your memory

password hacks which in all fairness is the be all and end all of hacking

you be surprised how many different types of hacking there are, pw hacking being just one and would be classed as entry level

What kind of 'hacking' do you think goes on?

I don't think ..it's not a personal fantasy

...or are you suggesting pw guessing is the only type of hacking that exists ...and is indeed the be all and end all of hacking?

Edited by weed_G

Share this post


Link to post

iam on facebook an it was suppost to happenn last month :headpain:

Share this post


Link to post

im on faceache for my sins!!

please annon bring down the second biggest data harvesting site in the world,

it would be funny!

hope its not a ddos tool to flood the server cause fb will repel it in hours.

maybe a server based uber virus, or huge botnet!

we all know fb would only be down of 24 hours tops!

Share this post


Link to post

Who gives a fuck about social networks, lets get these people to attack government sites if they really mean business, the vehicle tax office for a start, and how about the inland revenue? :wassnnme:

2 people like this

Share this post


Link to post

im on faceache for my sins!!

please annon bring down the second biggest data harvesting site in the world,

it would be funny!

hope its not a ddos tool to flood the server cause fb will repel it in hours.

maybe a server based uber virus, or huge botnet!

we all know fb would only be down of 24 hours tops!

Facebook has like 99.9% uptime. Facebook would of had enough time to "beef up" there network security..

Share this post


Link to post

good........

seconded. faceturd should be deleted from everyones conciousness.

you just don't like being poked.

Share this post


Link to post

...a deep knowledge of cracking high-end encryption way way beyond the enigma machine or anything else at Blechley Park...

A knowledge as deep as knowing it's not possible to crack and that brute force is pointless?

I would say that kind of knowledge is pretty shallow and ill informed as it goes .. encryption is routinely cracked ..to give two recent well known examples ..sony's encryption being cracked the previous year is thought to be the basis of the attack on the ps3 network ..you know that's a heavily encrypted network right? ...a few days ago BF3 was released at 4:01pm and by 5:16pm EA's install encryption had been cracked ...the cracker described the task afterwards as:

The examples given used nothing near 'high-end encryption' as you call it. Look up 512bit AES, and even that isn't high end.

What kind of 'hacking' do you think goes on?

I don't think ..it's not a personal fantasy

That doesn't begin to answer the question.

1 person likes this

Share this post


Link to post

Who gives a fuck about social networks, lets get these people to attack government sites if they really mean business, the vehicle tax office for a start, and how about the inland revenue? :wassnnme:

Yeah, why they wasting time attacking shitbook ? Gotta be loadsa better targets ? Seems a bit lame of these uber-hackers :spliff:

Please take out a more substantial target :spliff: Go on, please - IF YOU CAN

- I'd love to see govt and corporations crumbling :punk: Instead I guess shitbook will have to do :<

e2a dissapointed :< Boo :<

Edited by Arbuscule
2 people like this

Share this post


Link to post

The examples given used nothing near 'high-end encryption' as you call it. Look up 512bit AES, and even that isn't high end.

examples? ..if you mean those 2 bits of code I posted...they have nothing to do with encryption ..but you can have as many guesses as you like :lol:

That doesn't begin to answer the question.

the question is rhetorical ..your not really interested in an answer..more making a statement on my perception of what is real and what is not ..really strawb if your going down that road...you must try harder

Edited by weed_G

Share this post


Link to post

Please take out a more substantial target :spliff: Go on, please - IF YOU CAN

e2a dissapointed :< Boo :<

accord. to FB they have 800m active users

..only 60m people in the UK

..lucky if 30-40m use the IR

..lucky if 5-10m of those do their taxes online

one will make the world news and one wont

although strawberry says its easy..maybe he does requests :unsure:

Edited by weed_G

Share this post


Link to post

The examples given used nothing near 'high-end encryption' as you call it. Look up 512bit AES, and even that isn't high end.

examples? ..if you mean those 2 bits of code I posted...they have nothing to do with encryption ..but you can have as many guesses as you like :lol:

I didn't mention the code. You clearly didn't bother to look up AES. If you had, you'd understand why your case examples were poor examples.

That doesn't begin to answer the question.

the question is rhetorical ..your not really interested in an answer..more making a statement on my perception of what is real and what is not ..really strawb if your going down that road...you must try harder

I have to try harder to get you to answer a question?

Share this post


Link to post

They'd be fools not to use it. We already know that employers check out facebook accounts to know what their people are up to, so it's hardly a far stretch of the imagination to picture the government doing the same.

Yeah I do that. Just did it about 5 minutes ago actually :guitar:

Share this post


Link to post
I didn't mention the code. You clearly didn't bother to look up AES. If you had, you'd understand why your case examples were poor examples.

why would I look up AES? do your own research & post your point ..you said encryption could not be cracked ..I gave you two well known recent examples where it had

what did you say again...

...a deep knowledge of cracking high-end encryption

A knowledge as deep as knowing it's not possible to crack

----------

...don't recall anyone mentioning AES ...maybe you need to be more careful about throwing around blanket statements ..I'm still unclear as to what exactly you are responding to in my reply to madgiz....unless of course you think pw guessing is the only type of hacking that people do? ..otherwise you are chasing shadows

I have to try harder to get you to answer a question?

another top heavy play to gallery ..cast over from other threads :lol:..might even get you another rep from ratdog ....you will have to try harder at asking a genuine/decent question instead of acting like cock( if you want an answer from me ) ..thinking your clever when your actually way off the mark just makes you look silly ...tbh strawberry I can only think by your initial post you didn't understand my reply to madgiz...now having jumped the gun its a long way back eh?

Edited by weed_G

Share this post


Link to post

If FB operates in the UK it is bound by data protection laws, but perhaps it does not operate here (like Twitter) and so there are only the farcical American privacy protections?

The assertion was that the UK Gov had open and ready access to all users facebook data.

And you outright dismissed that as a "fantasy", but you cannot make an assertion that it is a fantasy any more than Myrden knows the government have complete access.

But the track record of governments, corporations, the social network industry, and Facebook itself means that distrust is a much better default stance to take, IMHO.

I deleted a sentence in my last comment about you perhaps sounding like a FB fanboy, as it was rather inflammatory, but IMHO you do sound like you trust FB that bit too much, or want to trust them. I just do not think the evidence correlates with what FB would like its users to believe, nor portray FB as trustworthy.

The RIP act is actually designed for interception of communication, not the handing over of stored data. To invoke a RIPA investigation there has be a primary crime to investigate, not what we are talking about here. If an individuals information was handed over under the pretence of protecting national security, well, thats not really what we were talking about either.

U

OK, that is where intelligence sharing comes in then. If the rich and powerful know something about foreigners, they will often let the rich and powerful in that foreign place know. And there's treaties on top of that to formalise that process.

Wasn't that how Echelon worked/works? The US spies on non-US and tells those countries when it notices stuff, the non-US spy on the US and tell them when they notice stuff.

One thing RIPA does do though is criminalise the non-handing over of encryption keys when asked, and so even if wires can't be tapped or servers can't be seized under RIPA itself (IANAL, so I don't fancy debating subtle nuances[1]) then those things can certainly be done under other laws, with RIPA being used as the stick to enable privacy violation by demanding encryption keys.

Though if RIPA is about communication then simply monitoring the comings and goings to FB could provide useful intelligence, considering that RIPA does mandate that ISPs above a certain size have to install interception equipment. Are they allowed to do large scale monitoring with that shit though?

But to think our government would be above something similar to the NSA warrantless surveillance scandal would be naïve, though of course I have no way of knowing if they are doing that or not. Just stick to using strong encryption products properly and the content of communication at least should be kept out of the view of those who want to exercise their power.

Though I also highlighted ways other than RIPA that our state can get at data, not that I feel the state is the only risky entity in society - to just be concerned about what the state knows or can directly find out is to ignore many other powers in society.

And the UK is a bit of shit for fruit of the poisonous tree. If our law enforcement gets info through illegal means, the info can still be used as evidence (unlike the USA). So if law enforcement can cover its tracks then they potentially have a motive to do outright illegal shit, knowing it will not be in vain.

[1] Because to do so means trying to trudge through the most boring of Wikipedia articles ;)

Share this post


Link to post

might even get you another rep from ratdog

jealous because you don`t have any here?

That`s lame G

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0