Here’s a pretty screenshot of it in action:

Download ratproxy and try it out!

(full-size readable image)

It appears Amazon is suggesting that we should read Greg’s book and then go hack Second Life.

Trading of 0-day computer exploits between hackers has been taking place for as long as computer exploits have existed. A black market for these exploits has developed around their illegal use. Recently, a trend has developed toward buying and selling these exploits as a source of legitimate income for security researchers. However, this emerging “0-day market” has some unique aspects that make this particularly difficult to accomplish in a fair manner. These problems, along with possible solutions will be discussed. These issues will be illustrated by following two case studies of attempted sales of 0-day exploits.

It’s refreshing to see an academic paper that discusses real-world experiences. Especially ones that most of us never get a chance to see, such as the selling of vulnerabilities to firms other than TippingPoint and iDefense. In one of his examples, he reportedly sold a vulnerability for $50,000 to a government agency. Charlie’s writing is also amusing. After discrediting an earlier paper, he calls for the author to buy him a beer. He also talks about how “it can be difficult for the researcher to verify the buyer’s intentions and avoid a trip to “Gitmo”.”

You can read his entire paper here: The Legitimate Vulnerability Market, Inside the Secretive World of 0-day Exploit Sales.

I’m still waiting for a zeroBay.

My site has been acting a little slow and weird today. I checked my logs, and I’m seeing a lot of GET requests causing strange errors. Most of the requests have escaped Unicode characters, but they don’t appear valid. Sorry that the site is kinda slow; I’m going to be away from the computer until around late Monday, so I don’t have time to check it now, but I’ll try to track it down when I get back.

It looks like Matt was seeing some attacks coming in. At least one of those attacks appears to have been successful:

It appears that only his blog, and not his entire site have been defaced. Last night he upgraded from WordPress 2.0.x to 2.1.x. I wonder if there are known security issues with the current version of WordPress, or perhaps with some of the plugins he’s using.

On the defaced page, there’s the quote nous sommes le proprietaire de toi which roughly translates in to “we are the owner of you”, or perhaps simply pwned. In the defacement there are some odd nicknames for popular SEO bloggers. Here are a few that I’ve figured out so far:

• pentazilla = Quadzilla
• RandomFish = Rand Fishkin
• Shchoeoe = ShoeMoney
• lejackalgris = Graywolf

Which other ones have you figured out? Feel free to post below.

P.S. The main question is, was the attack really an interesting GET request with Unicode-encoded characters, or is it an April-1st-based attack? Matt claims he’ll be out of touch until April 2nd, so we’ll just have to wait and see.