| Tuesday May 31st 2016

HOWTO: Advanced SSH configuration and tunneling


Excellent article/guide to using SSH tunnels to bypass using third pary VPN software. I agree with them on all points. SSH FTW.

In a recent Red Hat Magazine article, Paul Frields gave some examples of how SSH port forwarding can be used to remotely gain access to resources, or ports, from a remote location. This article will show a pragmatic implementation of SSH port forwarding by demonstrating how to use configuration files and conditional statements to create permanent, yet dynamic, SSH configurations for your home, office, and any virtual machines you may have on your systems.


New Google Maps For Smartphones

Attention Microsoft/Apple, this is why everyone loves Google.

Just released tonight: Even without GPS, it gets your location automatically via cell phone towers.

Working like a charm on my Treo. Is there anything Google can’t do?

phone_en.pngSee your location on the map, with or without GPS. Save time and tedious keystrokes finding where you are, what’s around you, and how to get there. Watch the video on the right to see how it works.

Press “0” and look for the blue dot: or

If you have a GPS-enabled device, this blue dot corresponds to your GPS location. At times, or if you do not have a GPS-enabled phone, you might see the blue dot surrounded by a light blue circle (as shown on the right) to indicate uncertainty about your location.

Why the uncertainty? The My Location feature takes information broadcast from mobile towers near you to approximate your current location on the map – it’s not GPS, but it comes pretty close (approximately 1000m close, on average). We’re still in beta, but we’re excited to launch this feature and are constantly working to improve our coverage and accuracy.

The My Location feature is available for most web-enabled mobile phones, including Java, BlackBerry, Windows Mobile, and Nokia/Symbian devices.

Youtube Demonstration


New xkcd comic!



iTunes coverflow clone in flash


I’ve been searching for an iTunes Coverflow clone in flash, because one of my client asked me to use something like that for a new project. I finally found something decent… Take a look the following link: http://www.quietlyscheming.com/blog/components/tutorial-displayshelf-component/

Now the above opensource product is built for flex2, so it doesn’t suit our project. Then I found this. It’s pure .fla file, and XML to write data. I think this is the best sample to recreate Coverflow in flash.

HOWTO: Watch the Fox Prison Break American Express exclusive without a card


Tried to catch up on the Prison Break highlights and came across the Amex Only previews. Well since I don’t have an AMEX there’s only one choice. Google American Express support numbers.

Enter any one of these phone number numbers:


then enter anything longer than 5 letters in the name field and any expiration date to access the American Express “exclusive” Prison Break promo.


Protecting your IMs from prying eyes with OTR


Leading security researcher and co-creator of the Off-the-Record Messaging (OTR) protocol discusses why you should use OTR to make sure your instant messages remain private. This is especially important given the NSA’s recent wiretapping activities and the increasing prominence of Big Brother.

Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie-Hellman key exchange, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides perfect forward secrecy and deniable encryption. This is not to be confused with the “off the record” setting in Google Talk, which merely disables logging.

The redeeming thing about OTR is that there is pretty much no configuration after its installed. You don’t have to worry about managing keys, trust databases, or any of that crap. You just click the button and it encrypts. When you “authenticate” someone, you don’t have to memorize their public key. Instead, you type in a shared secret (any string) and if the other party types in the same string, their public key is marked as trusted. Of course, it uses an algorithm that doesn’t reveal the secret to the other party. Pure genius. Great article and video.

Link to article

Link to OTR 

36 years ago today, D.B. Cooper jumped from a plane and put the U.S. $200,000 in debt


At 2:58pm, PST, on Wednesday, November 24, 1971, the day before Thanksgiving in the United States, a man traveling under the name Dan Cooper hijacked a Boeing 727-051, Northwest Orient Airlines Flight 305, flying from Portland International Airport (PDX) in Portland, Oregon to Seattle, Washington, with the threat of a bomb (he had a briefcase containing wires, a large battery and “red sticks”).

Cooper boarded the plane of only 36 passengers and 6 crew. He wore a black raincoat and loafers, a dark suit, a neatly pressed white shirt, a black necktie, and a mother-of-pearl tie pin. He also had black sunglasses.

Read the rest of this entry »

TI-84+ gets down with USB peripherals


I realize this is somewhat old news, but after sitting around Calculus class playing with my TI-84 Plus graphing calculator, I decided to look around to see what has been hacked onto these things. I thought for sure some tiny distro of linux has been ported to it. I stumbled upon an open-source project called usb8x. This is very cool.

“Ever since Texas Instruments added a USB link port to the TI-84 line, people have been trying to write drivers for almost any device. Here’s an example of a Lexar Jumpdrive playing a black-and-white short – it’s the lobby scene from The Matrix! Check out the article’s comments for users’ takes on this development.”


Mark Cuban to ISPs: block all P2P traffic


In an open letter to Internet service providers published earlier this week, billionaire entrepreneur Mark Cuban calls for telecoms to put an end to peer-to-peer (P2P) file-sharing. Cuban expresses concerns that P2P “freeloaders” are clogging the tubes with commercial content. His letter doesn’t focus on piracy, however, and instead primarily attacks companies that use P2P for legitimate commercial applications. Being from the same hometown, we’re always interested to read the musings of Mr. Cuban, but this time we’re pretty sure he’s missed the point.

“If I was a Comcast customer, I would tell them, as I am now telling all the services I am a customer of: BLOCK P2P TRAFFIC, PLEASE. As a consumer, I want my Internet experience to be as fast as possible. The last thing I want slowing my Internet service down are P2P freeloaders,” says Cuban. “Thats right, P2P content distributors are nothing more than freeloaders. The only person/organization that benefits from P2P usage are those that are trying to distribute content and want to distribute it on someone else’s bandwidth dime… When consumers provide their bandwidth to assist commercial applications, they are subsidizing those commercial applications which if it isn’t already, should be against an ISPs terms of service.”

Read the rest of this entry »

Researchers blast Vista Service Pack 1


A group of researchers has described Microsoft’s upcoming Windows Vista Service Pack 1 as a “performance dud”.

Researchers from the EXO Performance Network claimed that a series of in-house benchmark tests showed that users hoping to receive a speed boost from the update will be disappointed.

“After extensive testing of Release To Manufacture and SP1-patched versions of Vista it seems clear that the hoped-for performance fixes that Microsoft has been hinting at have not materialised,” the group said in a company blog.

The tests were run using tools from Devil Mountain Software, which also hosts the group’s site. The researchers used a Dell notebook with 1GB of Ram for the tests.

The benchmark tests measured performance in Microsoft Office 2007, multitasking and streaming media.

The results from the SP1-patched system were nearly identical to those from the version of Vista released to manufacturers, according to the researchers.

“The thinking goes that SP1 will address all of these early performance issues and somehow bring Vista on par with, or at least closer to, XP in terms of runtime performance,” said the report. “Unfortunately, this is simply not the case.”

The researchers concluded that users waiting for the update to fix pokey performance will not get any respite in the short term.

“If you have been disappointed with the performance of Windows Vista to date, get used to it,” they wrote. “SP1 is simply not the panacea that many predicted.”


Leopard’s Aurora Borealis wallpaper in GIMP


Apple finally released their new OS called Leopard about a month ago. One of the things I like the most with Apple, and probably everybody loves too, is that they always release tons of beautiful stuff. From the package box to the t-shirt. Yeah there is a very cool t-shirt as well. And now it’s not different. I loved the space feeling of the new wallpaper with that sort of aurora borealis effect.

Besides that, this week the new version of GIMP was released. The 2.4 version has a renewed interface, with new icons, and much more stable, at least running on my mac it has not crashed yet.

Anyways, what I want to show on this tutorial is how to create that Aurora Borealis effect using the new GIMP. Basically I used the Leopard’s wallpaper as my reference. I have to say it was easier than I thought. Follow the link below for the amazing write up.


HOWTO: make mp3 files smaller


An old friend emailed me over the weekend and asked for some help reducing the size of a MP3 file so he could load it on his wireless phone. Seems he wanted the ringer to sound like a sheep when one certain person called (don’t ask), but the MP3 he found was too big for the phone to accept.

I did a little research and found a cool little utility called FreeRIP that will convert between .WAV, .MP3 and .OGG formats with ease. You can also convert a MP3 file to the same format, but with a different bit-rate, which allowed my friend to reduce the file size as needed, and duly embarrass his friend in public.

Mission accomplished.

XSS Cheat Sheet


XSS is Cross Site Scripting. If you don’t know how XSS (Cross Site Scripting) works, this page probably won’t help you. This page is for people who already understand the basics of XSS attacks but want a deep understanding of the nuances regarding filter evasion. This page will also not show you how to mitigate XSS vectors or how to write the actual cookie/credential stealing/replay/session riding portion of the attack. It will simply show the underlying methodology and you can infer the rest. Also, please note this XSS page has been replicated by the OWASP 2.0 Guide in the Appendix section. However, because this is a living document I suggest you continue to use the site below to stay up to date.

XSS Cheat Sheet

You’re Not Attractive


And neither is your girlfriend, but in order to stomach the prospect of a long-term relationship, you delude yourself into believing she’s better looking than she really is. (This has been suspected for so long that even the Greeks had a euphemism for it.)

To see if men (and women) really deceive themselves in this manner, a group of researchers obtained data from the popular physical attractiveness ratings site Hot or Not and studied users’ behaviors.

Read the rest of this entry »

Your Privacy Is An Illusion

Everyone should already know that Facebook employees can see your profile even if it is private. Now we hear that they are willing to share your private profile with your boss. All he has to do is ask. A poster on the AR-15 Forums, a firearms-enthusiast website, says her bosses asked Facebook for permission to see her profile — which is normally set to private for everyone but her friends — through something called Administrators Access. Facebook’s privacy policy has this to say:

We may be required to disclose user information pursuant to lawful requests, such as subpoenas or court orders, or in compliance with applicable laws. We do not reveal information until we have a good faith belief that an information request by law enforcement or private litigants meets applicable legal standards. Additionally, we may share account or other information when we believe it is necessary to comply with law, to protect our interests or property, to prevent fraud or other illegal activity perpetrated through the Facebook service or using the Facebook name, or to prevent imminent bodily harm. This may include sharing information with other companies, lawyers, agents or government agencies.

The poster had pictures of himself with his firearms — which, though legal and taken on the employee’s own time, the company was concerned about. Perhaps Facebook was trying to “prevent imminent bodily harm?”

Think Facebook might be helping your employer out with a glimpse of your private profile? Leave us a post below.

iPhone Phoning Home


Big surprise. Apple’s much loved iPhone has a hidden feature, and it’s not going to be welcomed by everyone: it phones home.According to 9 to 5 Mac, the iPhone sends the users IMEI number, IP address and stock quote preferences amongst a number of things via a hidden string to Apple via the Weather and Stock apps. The information could be used by Apple to build user profiles that includes data on travel, financial and banking preferences, work details…even personal browsing information (if you’re using your iPhone to surf porn be warned).

Hackers are now apparently working on a way to block this functionality. In the mean time the only way of stopping data being sent to Apple is to delete the stock and weather applications via jailbreak.

Losing Faith


Snagged this off a forum I frequently browse…

[Originally Posted by porksoda]

So let me start by saying I work at Sears and here are a few of the geniuses we have that bring their car in here.

Also I work in the store not in the automotive section. I like to work on cars but only on my own time, not as a full time job. But I am good friends with the guys there and since they are car guys they call me when this stuff happens. I apologize for the camera phone pics but that all i have on me at work.

This idiot brought in his car today and said “My brakes are squeeking”. Well gee theres your problem!

Read the rest of this entry »

NIST encryption standard may have NSA backdoor


According to security experts, an algorithm for generating random numbers that is included in an official standard documented by the National Institute of Standards and Technology (NIST) could potentially include a backdoor planted by the NSA.

In a recent blog entry, cryptographer Bruce Schneier describes research that was presented by his colleagues Niels Ferguson and Dan Shumow at the CRYPTO 2007 conference this past August. The security researchers have raised concerns about a potential backdoor in the Dual_EC_DRBG algorithm, which is documented in NIST’s 800-90 publication about deterministic random bit generators. Dual_EC_DRBG, which is based on elliptic curves, is said to be significantly slower to compute than the other algorithms in the standard and was supposedly only included at all because it has the strong support of the NSA.

Read the rest of this entry »

Ethnic Topography of NYC


A friend of mine was compiling census data for a project. They sent me these visual census charts, which are pretty informative… especially if you’ve ever lived/visited The Big Apple. More data after the jump

Read the rest of this entry »

Using Google to match MD5 password hashes


One of the steps used by the attacker who compromised a friend’s Blog a few weeks ago was to create an account (which he promoted to administrator). I quickly disabled the account, but while doing forensics, I thought it would be interesting to find out the account password. WordPress stores raw MD5 hashes in the user database (despite many recommendations to use salting). As with any respectable hash function, it is believed to be computationally infeasible to discover the input of MD5 from an output. Instead, someone would have to try out all possible inputs until the correct output is discovered.

Read the rest of this entry »

 Page 149 of 152  « First  ... « 147  148  149  150  151 » ...  Last »