Starting in September of 1998, we began formalizing our advisories. Here are a list of advisories issued since that time. We've also got a disclosure policy.
20060114: After a 3 1/2 year lull, an advisory is released! Pity it is a lame Windows wireless bug.
20020510: Cyberiad finds a couple of problems in Critical Path inJoin V4.0 Directory Server.
20020319: Oops. ISS left in a default account in RealSecure on Nokia appliances which allows for remote manipulation.
20020114: Cyberiad finds both Microsoft's IIS 4 and Symantec's Norton Internet Security 2001 are vulnerable to log files being rewritten via Windows APIs.
20011204: Cyberiad and Phuzzy L0gik have some fun exploring Valicert's CGI program, including finding numerous buffer overflows, info leaking, and even weak random numbers.
20011126: Phuzzy L0gik plays with some Sun products and turns up a bug. NetDynamics session IDs can be reused, allowing session hijacking.
20010814: Adept finds some GroupWise issues, and NMRC helps him publicize it.
20010527: hellNbak has found a number of problems with the Specter IDS, including DoS (a simple port scan can cause CPU usage problems) and remote identification of its honeypot nature (you see, it really isn't an IDS to begin with...).
19991122: It has always been trivial to sniff file transfers between a server and a workstation. NMRC now automates the process in the latest version of Pandora.
19990910: Bindview's product HackerShield is a security scanner with a number of impressive automation features that make use of a Service User to allow HackerShield to run unattended. Unfortunately, the Service User is not machine specific, making anyone who has downloaded the product including the demo vulnerable to potential attack. Here's Bindview's response.
19990715: Originally reported 13 months ago, some of the same spoof and hijack tricks that worked on Netware 4 work on Netware 5. This advisory simply points that fact out, as the new Pandora v4 simplifies the spoof and hijack tricks.
19990512: Netware 4.x servers not running the latest patches are vulnerable to a nasty Denial of Service bug that can potentially crash multiple servers simultaneously.
19990505: Under certain conditions Network Associates VirusScan NT will not properly update the virus definition file, leaving the NT server or workstation vulnerable to viral attack.
19981006: If an intruder recovers the encrypted password used during the loading of REMOTE.NLM, it can be easily decrypted on another Netware server.
19980930: If you have Token Ring packets with bad data in them, you can crash NT servers and workstations. All four sites running Token Ring should apply the RIF Hot Fix from Microsoft (ask them for it, it's not on their FTP site).
19980923: You can overflow the POP3 and LDAP ports causing the server to crash. Unlike the last advisory, this one has generated lots of thank-yous. Hmmm, revealing user account names is bad, but crashing servers is good. At least with the latest patches only the affected NLM goes south, but we advise to simply not use it. UPDATE 06Oct98 - Novell has released a patch, look for gwia551.exe at support.novell.com. The patch is for GroupWise 5.5 only, so you are forced to upgrade before you can apply the patch.
19980916: Most Netware installers are unaware or uncaring about how much info is revealed from a standard install. Lots of flames on this one from disgruntled sys admins having to fix things because their boss read about it. Sorry folks, some OSes (such as Unix) actually go to some trouble to keep intruders from learning account names. Netware should be this way too.
20030608: NMRC issues a major press release about a new service, which is real (we swear, you can trust us, right?)... Oh and we also announce our upcoming talks at Black Hat and DefCon.
20030402: Trust no one... except for us, of course.
20011102: hellNbak announces Information Anarchy.
19991201: The announcement of the release of Pandora 4 Beta 2.1 for Linux.
19991119: ToorCon announced last week that Simple Nomad will be the keyonote speaker at the security convention next September in San Diego.
19991119: The announcement of the release of Pandora 4 Beta 2, with improved drivers, improved GUI and lots of bug fixes.
19990507: The announcment of the release of the beta version of Pandora 4, made right before the Black Hat Briefings.
Here are some hacking and informational FAQs. These are NMRC exclusives, developed from work within the lab. These FAQs are the main reason for the lab. Contributors can send hot tidbits to firstname.lastname@example.org.
This FAQ is a combined NT, Netware, and Unix FAQ discussing hacking. A lot of people have been bugging us about this, so feel free to see what we have so far.
Many of you have wondered exactly how to hack a Macintosh Powerbook battery. Thanks to gawdawful long (tm) Netware 5 loads, read exactly how to hack that Powerbook battery. BTW we can't believe we got email about this, yes idiots, it's a joke.
Basic questions about NMRC that might explain why your email was deleted without a response.
In The Media
20080422, Hack A Day - jrandom's presentation on scratchcard vulnerabilities gets a special mention
20041222, SearchSecurity - Mr. Nomad again bitching about Microsoft, apparently this is a fulltime job.
20041026, IT Management - Mr. Nomad quoted under his real name again, this time bitching about how Microsoft's cranial/rectal inversion problem.
20041014, SearchSecurity - Mr. Nomad quoted under his real name again, bitching about Microsoft. Yawn.
20040611, SecurityFocus - Mr. Nomad quoted under his real name again, this time gets in a nice zinger on Microsoft
200404, Security Management Magazine - Mr. Nomad quoted under his real name, talking about virus stuff.
20031110, NWC Security Pipeline - Simple Nomad and a few other hacker-types are interviewed in a pseudo FUD article with a neato catchy title. Wee.
20031106, SecurityFocus - Kevin Poulsen's story about a backdoor inserted into the Linux kernel, with a quote from Simple Nomad.
20030804, CNET ZDNET Reviews - An article about the Qualys panel at Black Hat, with a quote from Simple Nomad.
20030731, CNET News.com - During Black Hat at Hacker Court, Weasel is put on trial. Thank god for the well hung jury -- as good as a win for poor Weasel.
20030731, CNET news.com - Simple Nomad releases NCovert at Black Hat and gets some press.
20030731, ComputerWire News - An article on the Qualys panel at Black Hat, with a quote from Simple Nomad.
20030730, SecurityFocus - Simple Nomad is quoted under his real name, stating the obvious about how quickly the underground works to find and reverse engineer security bugs.
20030404, The Star-Ledger - Sioda an Cailleach is quoted on the subject of cyberwar FUD and the companies that profit from it.
20021205, The Guardian - Simple Nomad and Richard Thieme tell it like it is regarding the hype surrounding cyber terrorism myth.
20020812, Reuters - Richard Thieme, RFP, and Simple Nomad are quoted regarding the possible higher stakes of hacking, mainly as a result of the post 9/11 knee-jerk legislation passed by the U.S. Government.
20020727, Wired News - hellNbak gets a quote in about a bill in the House of Representatives that would allow copyright holders to "attack" P2P networks transmitting their copyrighted works.
20020723, Down Jones Newswire - Simple Nomad is quoted in an article regarding an Apache flaw. He tries to keep some perspective as opposed to some of the FUD being displayed by people like Chris Rouland.
20020619, SecurityFocus - hellNbak is quoted talking about the "potential" of Microsoft's broadband-ready XBox.
20020502, CNet - CanSecWest 2002 was a great conference. In spite of being in Canada, the US of A feds were there in force, and Simple Nomad makes sure to give them some shit.
Consumer Group Reports Hacker Break-Ins (expired)
20011119, Newsbytes - Ralph Nader's Consumer Project on Technology had some security incidents on their Internet servers, and Simple Nomad comments.
20011107, vnunet - More of hellNbak in the news with another article on the Information Anarchy 2K01 movement.
20011106, Newsbytes - The Information Anarchy announcement from hellNbak gets some press, and hellNbak does an email interview.
20011018, Newsbytes - The SSH crc32 attack uncovered last February is finally being exploited en masse as script tools begin to circulate in the underground. Simple Nomad quoted.
20010918, Washington Post - Article about steganography and terrorism. Simple Nomad is quoted under his real name.
20010808, Newsbytes - Microsoft releases a tool to clean up after Code Red II and Simple Nomad comments on what the tool does *not* do.
The Weakest Link (paid archive)
20010717, Interactive Week - Story that discusses upper management being a weak link in computer security. Simple Nomad is quoted under his real name.
20010125, Washington Post - Questions asked about a Microsoft outage that impacted microsoft.com, msnbc.com, and hotmail.com. Simple Nomad has a couple of answers.
20000807, Information Security Magazine - A story by Al Berg that talks about the various commercial security scanners, and the vendor's R&D groups. Simple Nomad gets a mention for the BindView RAZOR team.
Specter of Web attacks looms anew (paid archive)
20000806, Inter@ctive Week - A sensationalized story that gets most of the facts correct. Simple Nomad talking about distributed attacks, not about distributed denial of service. Also note, the talk in October 1999 dealt with stealth communications to control security devices, not denial of service. Techniques used in that talk surfaced in the DDoS attacks in February. The point is that these techniques can be discovered and analyzed before they occur.
20000405, ZDNet UK - A short article on how healthy hacking is. Which it is. 'cause Nomad says so.
20000405, ZDNet UK - Another short article that talks about the different types of hackers, including a quote from Simple Nomad under his real name.
20000500, Inside Business Magazine - Local copy of an article that appeared in an Ohio regional magazine. Features comments from Simple Nomad.
20000401, Technology Decisions - This sidebar to a magazine article quotes Simple Nomad talking about hacking, and dissing Microsoft.
20000328, Christian Science Monitor - Interviews with several hackers including Simple Nomad about the current state of hacking in general.
Who Can Stop Cybervandals? (paid archive)
20000228, U.S. News & World Report - Asks questions about the futile nature of trying to find decent solutions where basically none exist. A one-sentence quote from Simple Nomad.
20000221, The Standard - A large number of quotes from various hacker folk, including Simple Nomad, in an article after the wake of Denial of Service attacks.
Respite Follows Hacker Attacks (paid archive)
20000211, Washington Post - More fun as the WP asks questions about denial of service and Simple Nomad (quoted under his real name) throws in a comment.
20000209, The Standard - In the wake of all of the distributed denial of service attacks, Simple Nomad puts in his two cents' worth.
19991222, BindView - Simple Nomad gets a new job, and the new boss releases a press release. BTW Mr. Nomad had nothing to do with the Syskey bug discovery, despite the way the press release reads. It was all Todd Sabin's work.
19991101, Infoworld - Talks about Y2K virus attacks, and gets a quote from Simple Nomad.
19990809, Infoworld - Talks about the danger of web and e-commerce, and mention's the NMRC Hack FAQ, along with other tidbits.
19990719, Infoworld - Summation of the Black Hat Briefings, with a reference to NMRC and Simple Nomad's presentation, including the new Pandora v4.
Worm With an Attitude (paid archive)
19990628, U.S. News & World Report talk about the Worm.ExploreZip virus and who is really to blame. Microsoft catches some heat from Simple Nomad and Aleph1. Microsoft continues their mindless lip service.
19990524, Infoworld - Refers to NMRC as they try to clear up some of the statements their readers had problems with regarding their story on The Ruiner's remote encryption hack.
19990426, Infoworld - The Ruiner makes a splash in the press with his RConsole decryption hack. The article mentions NMRC and some of our's and Shade's tools.
19980803, Infoworld - Attempts to figure out Pandora. They state they tested many of the tools, but they only tested four -- the spoofing ones. They had problems, and we tried to help them, but alas.... due to Novell's complete lack of disclosure, simple configuration issues make Pandora only work under certain conditions. This coupled with the fact we don't think the Infoworld security guys like us (see this article for a flavor of their opinion of guys with funny names), it's not a flattering review.
19980720, Computerworld - Article mentioning Simple Nomad and Jitsu-Disk as the ethical hackers behind Pandora.
19980720, LAN Times - Article about system adminstrator shareware, and where to get it. Mentions Pandora, along with L0phtcrack and some other mainstream resources.
19980715, CNet - Reports news about Pandora, and Novell says the threat isn't that serious but they are taking it serious. Losing sight of the point, Novell implies locking up your server protects you from Pandora.
19980713, Infoworld - NMRC lets them know about Pandora, Infoworld tells everyone how we've hacked Netware, and Novell thinks we're cool. Or at least "helpful".
Hackers Track Presidential Pagers (expired)
19980615, WFAA Dallas TX Channel 8 News - Simple Nomad is the so-called "expert" during a story about hackers nabbing FBI pages during a Presidential visit a couple of weeks ago. In the lead story Simple Nomad relies upon his savvy (web surfing some pager sites) to say yes, it is theoretically possible. Photos and hopefully an AVI will be posted soon showing more of the story. Here's a link to the audio of the broadcast (also expired).
19980420, Infoworld - An article taking about internal threats to the network. Lots of decent quotes from Peter Shipley, a typical slue of InfoSec and Fed quotes, and a paragraph paraphrasing Simple Nomad.
19980302, Computerworld - A somewhat accurate article discussing how Microsoft and Novell have interaction with white hat hackers to improve security. Simple Nomad and the NMRC web site are mentioned, and the facts are almost accurate. I like the part about how Mudge "operates" the "10pht". And they say L0pht can't spell!
19980201, Network VAR - An article on NT security. NMRC is mentioned, and it falsely lists (or at least implies) Nomad as the author of NT Crack and PWDump since these were on my web site. For the record, Secure Networks did NT Crack and Jeremy Allison did PWDump.
19970804, LAN Times - Pandora splashes onto the scene. Hell, they even try it out and crack a few passwords.
19970804, LAN Times - Article mentioning the Hack FAQ among other references on web security.
19970700, Windows NT Magazine - Mentions the NMRC web site when discussing NT hack tools.
19970414, LAN Times - Article on the Netware Hack FAQ. Kind of a mini review of the FAQ. Quite positive (or negative, depending or whether you are wearing a white or black hat) as LAN Times tries some shockingly successful hacks from the FAQ, hacking the offices at LAN Times.
19960617, LAN Times - Article and side bar featuring a "forum" interview with Bill Cheswick, Winn Schwartau, and Simple Nomad. Kind of an odd mix of people. The wasn't actually a "panel", just some email interviews.
Defcon 16 presentation by Weasel
Toorcon Seattle 2008 presentation by jrandom
ShmooCon 2006 presentation by Simple Nomad
NMRC, DefCon, 2003
Simple Nomad, Black Hat, 2003
Every year, NMRC likes to do a little something special for April Fools.
Simple Nomad, DefCon, 2001
Simple Nomad, DefCon, 2000
Simple Nomad, Black Hat Briefings, 2000
Occassionally we release various papers and reports. They are listed here:
Simple Nomad discusses he holy trinity of hackers -- trust, control, and truth.
Sioda warns how hackers are their own worst enemy when pitted against the businesses and governments that would exploit them.
This report details how easy it is to download the demo version of a commercial vulnerability scanner, and within a few minutes start mapping network vulnerabilities to systems you don't own (yet).
We occassionally will review products, and give them the NMRC Hacker Stamp of Approval. This doesn't happen very often, mainly because we have to really want to do it, and we don't get paid for it. Very, very few products will get this stamp, because 1) as we stated we don't do this very often, and 2) the product must kick hacker butt to receive this prestigious award.
Here is a short list of Official NMRC Hacker Seal of Approval reviewed products:
L0pht Heavy Industries
We also have a selection of books we recommend as part of our association with Amazon.com. Buy books from them and help fund our projects!