Archives

Monthly Archive for April, 2013

The Story – Part V

The original founder of Cyberhornets Hackerboard, Hazel ‘Jynx’ Carlo died of breast cancer in 2008. After that her younger brother Jon ‘demon sk8tr’ Carlo took over and in the summer of 2009 we all got together working on Project: Hazel.

Project: Hazel is a joint effort between some of the most prominent organisations on the internet and it has connections to some of the “big five”.

Her Legacy Lives On

Timelines I – Tuesday, 30 April 2013

The first Timelines patch will be deployed on Tuesday, 30 April, starting at 0600 GMT. We are estimating the patch will take three hours to deploy and the network should return to service by 0900 GMT.

Patch Notes are available for viewing.

As always, we recommend you sync your services in case there are issues delaying the return to service.

Timelines I

Timelines I Features, Improvements and Fixes

Deployed on Tuesday, 30 April 2013.

Timelines Patch Notes

FEATURES

– The new tutorial system is now live on the server. This addition includes all of the basic skills of playing Minecraft with SpoutCraft.

Squidwolf Mail

– The new Squidwolf Webmail service is now available. This addition includes new server facilities such as displaying exactly how much space you have on your account, storage of address book contacts, and attachment support.

– A number of fixes and code improvements have been made to reduce/eliminate mail artefacts. These include:

– Checking whether you have enough space to send an attachment.

– Checking if the email exists on the server before attempting to download it.

 

In all cases you will receive an explanatory error message.

 

CraftBukkit for Minecraft Server 1.5.1 “Redstone Update”

Squidwolf Minecraft now has the Redstone Update. 

BUG FIXES

Fixes 115 bugs

Please refer to the official Minecraft Vanilla, CraftBukkit, and SpoutCraft pages for full list.

Java JDK 1.6 Update 15

– This release updates the Apple-provided system Java SE 6 to version 1.6.0_45 for Mac OS X v10.6.

– Multiple vulnerabilities existed in Java 1.6.0_43, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_45.

Squidwolf Web Server

– A canonicalization issue existed in the handling of URIs with ignorable Unicode character sequences. This issue was addressed by updating mod_hfs_apple to forbid access to URIs with ignorable Unicode character sequences.

Localisation

– A canonicalization issue existed in the handling of the EUC-JP encoding, which could lead to a cross-site scripting attack on EUC-JP encoded websites. This issue was addressed by updating the EUC-JP mapping table.

ImageIO

– A buffer overflow existed in libtiff’s handling of TIFF images. This issue was addressed through additional validation of TIFF images.

Squidwolf IM

– An issue existed in the Jabber server’s handling of dialback result messages. An attacker may cause the Jabber server to disclose information intended for users of federated servers. This issue was addressed through improved handling of dialback result messages.

PDFkit

– A use after free issue existed in the handling of ink annotations in PDF files. This issue was addressed through improved memory management.

Squidwolf SQL

– PostgreSQL was updated to version 9.1.5 to address multiple vulnerabilities, the most serious of which may allow database users to read files from the file system with the privileges of the database server role account.

QuickTime

– A buffer overflow existed in the handling of ‘rnet’ boxes in MP4 files. This issue was addressed through improved bounds checking.

Squidwolf Server Network

– A type casting issue existed in Ruby on Rails’ handling of XML parameters. This issue was addressed by disabling YAML and symbols in XML parameters in Rails.

– Several intermediate CA certificates were mistakenly issued by TURKTRUST. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue was addressed by not allowing the incorrect SSL certificates.

– Software Update allowed a man in the middle attacker to insert plugin content into the marketing text displayed for updates. This may allow the exploitation of a vulnerable plugin, or facilitate social engineering attacks involving plugins. This issue does not affect OS X Mountain Lion systems. This issue was addressed by preventing plugins from being loaded in Software Update’s marketing text WebView.

– This update runs a malware removal tool that will remove the most common variants of malware. If malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found.

HazelPorts

– MacPorts base sources updated using rsync.

– MacPorts base version 2.1.3 installed.

– Ports tree updated.

– db_select 0.1_2 installed.

– db45 4.6.21_8+java installed.

– libxml2 2.9.0_0 installed.

– libpng 1.5.15_0 installed.

– sqlite3 3.7.16.1_0 installed.

– x264 20130327_0 installed.

– ffmpeg 1.2_1+gpl12 installed.

– fontconfig 2.10.92_0 installed.

– libffi 3.0.13_0 installed.

– perl5.12 5.12.4_2 installed.

-glib2 2.36.1_0 installed.

– kerberos5 1.11.1_0 installed.

– pkgconfig 0.28_0 installed.

– php5 5.3.23_0+apache2 installed.

– php5-ldap 5.3.23_0 installed.

– webp 0.3.0_0 installed.

– xorg-inputproto 2.3_0 installed.

Bit on the past, the present and the future

A number of different resolutions have been devised but the actual decision making process is much more complicated than it seems. On one hand the constitution of Cyberhornets states that the ultimate decision lies with whoever exerts ultimate control which in this case would be Demon Sk8tr, but he was elected democratically and then granted full power under a democratic referendum.

Another variable that needs to be addressed is that under GUHA treaty, military action against a target needs to be approved by GUHA council in a war declaration.

The GUHA

  • Cyberhornets Hackerboard
  • Rage Hackerboard
  • The New Hack Canada
  • hAx0r
  • Antarctic Dial-up
  • REDACTED
  • REDACTED

This is indeed a complex process and the deadline for a decision is drawing closer & closer, perhaps HazelScript contains some guidelines that are yet to be uncovered. We can only hope. How did a small group of internet teenagers become so complex?

Hardware Upgrade Patch

Hardware Upgrade Patch

Features

  • Deployment of a new Hackintosh system at the February server farm.
  • Edge receive a huge storage upgrade in preparation for the new expansion to be announced this week.

Changes

  • HazelNet authentication system merges with SquidPassport & resulting Domain Name System changes

Unexpected Downtime due to Electrical Fault

Edge was subject to Unexpected Downtime at 15:31 UTC today due to an Electrical Fault at our Server Farm. Normal service is resumed and we apologise for the inconvenience.

The Story – Part IV

A crisis meeting was held in the spring of 2009 to develop a way to move forward. The group became democratic (before, Jynx held full power) and Demon_Sk8r, Hazel’s younger brother, was elected the new leader. After this the group decided that the democratic running of the hackerboard was too messy and found it an extremely slow way of making decisions so Demon_Sk8tr was reinstated with full power. The group became militarized once again and the idea of “Regional Generals” was implemented.

Regional Generals was an idea that Jynx began working on before she passed away. A single person who is highly trusted is given control over an entire region and those who have lower ranks report to them.

In the Summer of 2009, work began on Project: Hazel which is the brainchild of Blue Shadow, the chief architect and Jynx’s “Polaris General” (the General who oversees all military action). This move was the beginning of moving all non-military activity which Cyberhornets engaged in out of the hackerboard and into Project: Hazel. By the end of 2009, Cyberhornets was no longer a ‘hackerboard’ in the traditional sense of the term and more of a ‘cyber army’ (something that Jynx hated the idea of).

Debate is still underway that is mostly managed by the GUHA (Global Underground Hacker Alliance) which needs to be resolved before 4 June 2013 which is the date that the alliance disbands.

 

Big in Minecraft

As you might remember from accounts of the last Special Event, we have been working on a custom-built Java Server just for Squidwolf Minecraft. We have been doing so in partnership with the SpoutCraft project, which is one of the three big modding communitites. This partnership is close to being finalised, so we thought it was time we gave you some more information about this project. This way, the community gets a better idea on exactly what is involved and how it might affect or benefit you.

First of all we decided to go with a separate server for this, we will be using Alive. There were multiple reasons for this, which I will describe here. The first and most obvious one is that the environment inside of the Polaris network allows for quicker translation between the publicly accessible server, basically the SQL servers for Squidwolf Minecraft will still be on February but the actual game environment is on Alive. Ignoring the Alive server simply didn’t make sense as we don’t really use it for much anyway.

The Story – Part III

HazelScript, the in-house OS for Cyberhornets is unlike anything in the public domain. It is extremely customisable to any piece of hardware and can even be made into a hybrid of another OS. It also seems to ‘adapt itself’ in certain situations.

With this new set of toys under their hat,  Miami Vice was defeated and their entire territory assimilated in less than 24 hours. Two years later Cyberhornets claimed sovereignty over the entire Florida region. Although Cyberhornets was significantly smaller than Miami Vice in terms of membership, it was able to assert a quick victory thanks to HazelScript.

It seemed that Cyberhornets was unstoppable, within two years they had expanded into Texas, Georgia, Alabama and through to South Carolina; and word of the success of Cyberhornets had spread north.

By the summer of 2005, territory had been claimed in Connecticut and Rhode Island (although this area was abandoned due to increased government activity in the area). At the end of 2005, Cyberhornets controlled the entire western side of Nova Scotia and held territory in Quebec, New Brunswick and Maine.

So what is the current state of Cyberhornets? Well after the tragedy which occurred towards the end of 2008 the hackerboard lost a lot of influence and momentum on the Internet. Over the course of 6 months the hackerboard lost around 40-45% of it’s territory in the US and most of it’s holdings in southern England.

Big on WordPress

As you might remember from the accounts of the special event in March, we have been working on a custom-built version of WordPress for Squidwolf Syndicate for some time now We have been doing so in partnership with RAGE Hackerboard, which is one of the front liners when it comes to modifying established CMS systems. This partnerships is close to fruition, so we thought it was time we gave you some more information about this project. This way, the community gets a better idea on exactly what is involved and how it might affect or benefit you.

First of all we decided to go with a dedicated server for this (which will be Alive). There were multiple reasons for this, which I will describe here. The first and most obvious one is that WordPress is driven by PHP and PHP requires a Web Server, it also needs MySQL and our in-house SQL system is already tied into too many things to launch a service of this scale directly on to it. So everything that our WordPress project requires will be self-contained on one server. The only thing that won’t be on there will be the gateway system which is tied in to Surface as Alive is currently a Project: Hazel-only server which will remain this way.

But from the point of view of the community, we also thought that the sudden doubling or tripling of traffic onto already crowded web servers would be it into turmoil, thus ruining the experience for everyone. We have always grown our network organically at a steady rate, and we think it is the best way to ensure relatively stable social structures. Many projects of our neighbouring organisations have tried to launch a giant new project on top of their existing infrastructure without changing anything, and failed. We won’t make the same mistake.

So what is the plan? Well if you have been reading Squidwolf Magazine then you will know all about our plans but for those who haven’t (tsk, tsk) then pay attention. We will be moving Squidwolf Forums, Squidwolf Services Network, Squidwolf Minecraft, and Squidwolf Dev Blog on to one shared authentication system which will be driven by MineAuth.

“But MineAuth is for Minecraft players!!!! I don’t play it!!!!!’ That is fine, don’t panic. Since none of these services are mission-critical to things that you do on the network which aren’t related to our Minecraft Server, this won’t be a problem. Also, the existing memberships on these services so if you already use any of them, then you can still login using your existing credentials.

Also, SquidPassport is reaching maturity and soon you will be able to login to anything anywhere on the network using it.

All will be revealed soon with the big announcement this month so pay attention people!!!!

loves ya!

IN Bookworm xx