Lost+Found: Shells, cowboys, ponies and swearing passwords
Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H's radar over the last seven days:
- Pentesters will find the hacker shell should make their work easier by simplifying working with nmap, w3af and other tools.
- If you'd rather perform spectacular cyber-intrusions without any consequence then Quadrilateral Cowboy is for you. The game is due out by the end of the year.
- Stack Exchange now has a special section for questions and answers on the subject of reverse engineering.
- The Unix-like PonyOS was released on the first day of April to provide systems with extra pony power. It, however, has a cloven hoof as evidenced by the killjoy on the full disclosure mailing list who published a number of security vulnerabilities in it. But, one has to accept this if you want Pinkie Pie and pals to move into your desktop.
- Trend Micro has found a trojan trying to use the Evernote service as its command and control server. It turns out that the trojan was never able to log into Evernote to collect its commands though.
- Worries about UEFI Secure Boot were compounded when it appeared signing keys and source code had been left on an open FTP server for an AMI BIOS. What looked like a chance for malware writers to get a valid key for trojans was thwarted though when it was later revealed that the key was a default test key which was supposed to be changed before building a production BIOS.
- It seems AT&T weren't trying to ban swear words from passwords in what many took to be a curious April Fool prank. AT&T told Ars Technica that they were banning common words, which include obscene words, from passwords and that the wording was "unclear" in their password guidelines.