FBI Hacked, Billion Laugh

DfgDfg Admin
edited October 2012 in Tech & Games
Well, FBI did get attacked by:

http://FBI.GOV/ Website Server Dox
#By The Hackers Army

Don't know if it's legit or just a honey pot or whatever. Anyway, found another funny thing:

In computer security, a billion laughs attack is a type of denial-of-service (DoS) attack which is aimed at parsers of XML documents.[1]
It is also referred to as an XML bomb or as an exponential entity expansion attack.[2] The example attack consists of defining 10 entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity.
In the most frequently cited example, the first entity is the string "lol", hence the name "billion laughs". The amount of computer memory used would likely exceed that available to the process parsing the XML (it certainly would have at the time the vulnerability was first reported).
While the original form of the attack was aimed specifically at XML parsers, the term may be applicable to similar subjects as well.[1]
The problem was first reported as early as 2003, but began to be widely addressed in 2008.[3]
Defenses against this kind of attack include capping the memory allocated in an individual parser if loss of the document is acceptable, or treating entities symbolically and expanding them lazily only when (and to the extent) their content is to be used.
<?xml version="1.0"?> <!DOCTYPE lolz [  <!ENTITY lol "lol">  <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">  <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">  <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">  <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">  <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">  <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">  <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">  <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">  <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;"> ]> <lolz>&lol9;</lolz>

Thinking of testing it out but this is 2012 most computers should be patched by now. It would work on Windows Xp system, just dump this file in startup folder and wait for the shit to brick.


via http://en.wikipedia.org/wiki/Billion_laughs

Comments

  • RemadERemadE Global Moderator
    edited October 2012
    Oh man, looking at that code gave me a hard on. So simple.

    FBI, you best start watching Die Hard 4. Just in case, you know.
Sign In or Register to comment.