Hat’s off to Google for unveiling perhaps the greatest tribute today to the 30th anniversary of the iconic video game Pac-Man. Google revealed its first “doodle” or temporary logo change back in 1998, with the first animated logo appearing on Newton’s birthday earlier this year. At this rate of increasing complexity, the Google logo should be sentient by 2012.

For the birthdays of one of the most successful video games of all time, Google reveals perhaps its most complex logo of all time, a full featured playable version of the game for the next 48 hours:

Go to google.com, and click the logo or the Insert Coin button.

Hit “Insert Coin” twice and Mrs. Pac-Man will show up too.

Pac-Man

The original 1980 version of Pac-Man.

Pac-Man was first released on May 22nd, 1980, thirty years ago today, by Namco in Japan. According to Guinness, Pac-Man is the most successful coin-operated video game of all time. It sold more than 100,000 units in 1980 and kids pumped more than $1 billion dollars in quarters into the arcade game in its first fifteen months. It was played more then 10 billion times in the first twenty years from its release.

End Game

At level 256, things get messy.

Due to a programming glitch the game ends at level 256, although that’s not much of an issue because few in history have ever gotten a perfect score. Billy Mitchell played the first verified perfect game in 1999. In 2009 David Race became the sixth and currently last person known to achieve a perfect score.

Notice we said ‘verified perfect game’? That’s because in 1982 an 8 year old named Jeffrey Yee allegedly received a congratulatory letter from then President Ronald Reagan congratulating him for the record score of 6,131,940 points. There’s a problem though, that score would only be possible by passing level 256, the famous impassable split-screen bug shown at left.

Pizza & Puck-Man

Toru Iwatani was the primary developer of the game in 1979, and has related the apocryphal story that the main character was designed after looking at a pizza that was missing a slice. In reality the character is a rounding and simplification of the Japanese character for kuchi, or mouth. The original name, pronounced pakku-man, is a take off of the Japanese phrase paku-paku taberu where the words paku-paku describe the sound of a mouth eating.

The game was released under the name Puck-Man, but modified for the game’s North American release to Pac-Man as it was feared that arcade machines would be vandalized by modifying the ‘P’ to an ‘F’.

Those Ghosts

“Google doodler Ryan Germick and I made sure to include Pac-Man’s original game logic, graphics and sounds, bring back ghosts’ individual personalities, and even recreate original bugs from this 1980’s masterpiece,”
- Marcin Wichary, Usability, Google

Original Monster Names.

Blinky, Pinky, Inky, and Clyde are the four ghost monsters, the antagonists of the game. Each has its own personality derived from movement patterns, as derivable from both past efforts to reverse engineer the game as well as the Japanese translations of their original names:

Finally

You can go play Pac-Man a few blocks from Praetorian’s main office down at the Chinatown Fair Video Arcade on Mott Street.

With that we leave you with the 80’s tribute song Pac-Man Fever by Buckner and Garcia in honor of the day. Enjoy.

Related Posts:

• For Access Call, or Walk Right In
• Best Information Security Commercial Evah…
• Bo Dietl Lost His Guns

The big news hit earlier this week that the attack vector that allowed bad actors presumably from China into the networks of Google, Juniper, Adobe, and some 29 other firms was an Internet Explorer zero day, a use after free vulnerability on an invalid pointer reference affecting IE 6, 7, and 8 but only used by attackers on IE 6 according to Microsoft. Per Microsoft’s Advisory 979352: “In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution. Earlier today this entry from yesterday at Wepawet (an online analysis engine for malware) was pointed out to H.D. Moore, and within hours Metasploit has an exploit of the vulnerability integrated. McAfee has confirmed that the exploit is out and the same one they saw during the investigation. The video below demonstrates how crackers initially gained access to the corporate networks of Google, et al. using this zero day attack.

Here It Is

The video below demonstrates how Google and the rest have been, according to most news reports, exploited via the “Aurora” vulnerability in Internet Explorer, and had their “intellectual property” taken.

In the video you will see Metasploit set up a listening session, set up a web site that serves up the malicious code, and watch as an unsuspecting user visits the web site, triggers the attack that uses the IE vulnerability, and unknowingly opens a connection to a computer owned by the attacker. The attacker then lists the user’s processes, and elects to kill Notepad where the user was working on an important document. IE 6.0 is used, as this is the version Microsoft references as having been used in the “targeted attacks” on some 30+ U.S. companies.

A silly example for demonstration to be sure, but once the backdoor is open to the user’s PC the attacker can use it as a pivot point for other attacks against the internal network, escalate his or her privileges, take information off the PC, basically do anything the user can do.

The Vector

The attack scenario is that users were pointed to a web site (probably through a targeted Spam e-mail, an attack called spear phishing) containing a JavaScript that references this invalid pointer and injects the included shell code. The code below was released publicly yesterday.

Update

• Ahmed Obied has published a clean python version of the exploit (opens your Windows Calculator) for testing also: ie_aurora.py.
• CVE-2010-0249 has been opened for this issue.

Finally

“At this time, we are aware of limited, active attacks attempting to use this vulnerability against Internet Explorer 6. We have not seen attacks against other affected versions of Internet Explorer.” – Microsoft.

This situation has the potential to change rapidly now that it appears the exploit has been found. Microsoft last patched a vulnerability off cycle in July of 2009, they could elect to pursue the same response here.

Or as McAfee correctly opines: “What started out as a sophisticated targeted attack is likely to lead to large-scale attacks on vulnerable Microsoft Internet Explorer users.”

Related Posts:

• IEPeers – A New Internet Explorer Zero Day Vulnerability
• Press F1 for Help, pwned.
• Scareware Purveyors, Spammers, and Crooks Take Advantage of Haiti Earthquake
• Windows 7 SMB Kernel Crash Video
• Baidu.com the Latest Victim of Iranian CyberArmy

Click 'I'm Feeling Lucky' with a blank search.

To see what Google is planning when the clock strikes zero (as I’ll be drinking champagne at midnight not watching google.com), make a quick change to our PC time by double clicking the clock on your PC, and modifying the time to 11:59pm:

Change your Windows time to 11:59pm.

Once the timer hits zero on Google, text based fireworks and a ‘Happy New Year’ message are revealed:

Fireworks, Google style.

Happy New Year from all of us at Praetorian Security Group, LLC.

Related Posts:

• A Brief Reminder, Passwords Have Been Around Forever
• Halloween Jokes, Twitter & Google