| Friday May 27th 2016

Over 10 offers to pay student hacker’s fine

Chinese undergraduate Zhao Ke, fined $15,000 for hacking into his former school’s computer network, has received “over ten” offers to help pay his fine.

At least two law firms here, including Allen & Gledhill, have also offered to help him appeal the sentence.

The 21-year-old who is doing a double degree in engineering and economics on a National University of Singapore scholarship, met up with lawyers from Allen & Gledhill on Wednesday.

While he has yet to make a final decision, with the fine settled “there was no big need to appeal and I need to catch up on my studies,” he said.

Read the rest of this entry »

No Cell Phones?

First of all, does anyone even remember the band W.A.S.P.? If I remember correctly they were a band from the early 80’s. Heavy metal always shadowed by the likes of Motley Crew, Twisted Sister, Scorpions, etc..

Second, can you believe that ANYONE would attend one of their shows today? Maybe I am being a little bit harsh here, but I honestly couldn’t name a single hit that this band has, let alone even name or hum one of their songs.

And to top it all of they have now released an official statement saying that ALL cameras, even mobile phones will be confiscated from people as then enter their shows.

Read the rest of this entry »

Recovering Windows passwords with Linux

If you lose a Windows password, or you buy a system that has an OS on it, but you don’t know the password, what are you to do? The best thing to do would be to throw in a Linux CD, format the drive, and install the Distro. But, what if you want to boot to the system and see what’s on there, and get data off?

Read the rest of this entry »

Intro to Reverse Engineering – Part 2

In Part 1, Intro to Reverse Engineering – No Assembly Required, we extended the series of coding articles for non-programmers with an area of high interest in the infosec community. We’re proud to be able to bring you the highly anticipated follow-up complete with screen shots, sample code and applications. This one is long and detailed, so strap yourselves in for some great educational content. This paper is designed to outline some essential reverse engineering concepts, tools and techniques – primarily, debuggers and using the debugging process to reverse engineer application functions and algorithms. It is assumed you have knowledge of basic assembly and C programming. An understanding of Win32 programming and API calls is also helpful. This tutorial does not necessarily have to be read in order (although it is strongly advised), as some sections do not contain information that directly relates to subsequent sections. However, if you begin skipping around and find that you have trouble understanding a concept, or feel like you missed an explanation, it would be best to go back to previous sections of the tutorial and read them first.


ExploitMe: Free Firefox Plugin

Dark Reading covers the upcoming release of free Firefox plug-ins that test common web application vulnerabilities. As with most security tools, they could be used for good or ill. “The ExploitMe tools — which are in currently in beta form — include SQL Inject-Me, which lets you right-click on an HTML field in your Firefox browser and inject it with SQL injection payloads, and XSS-Me, which works the same way, but with XSS. The tools developers also plan to release Web services exploit tools as well.


Intro to Reverse Engineering

Last time we went over the C programming language in an introductory article specifically focusing on getting the security professional on the road to coding (or at least the road to understanding). This time around we extend the series of coding articles for non-programmers with an area of high interest in the infosec community, reverse engineering. This paper is intended as an introduction to reverse engineering for someone who has no experience whatsoever on the subject. You should have some basic knowledge of C programming, and access to a Windows or Linux box (preferably both) using the x86 architecture (i.e., your average computer). No knowledge of assembly code, registers, or the like is assumed, although it helps. The “Introduction” section of the paper is intended for the newcomer who has little or no understanding of what reverse engineering is and may be skipped by those looking for more technical details.

Read the rest of this entry »

HOWTO: Grammar Check For Open Office

So you are trying to drop that MS Office habit but find yourself struggling thanks in part to features missing from Open Office (Oo) such as a solid grammar check feature. As it turns out, there is a solution for Oo users looking for this kind of functionality, be it about as ‘craptacular’ as the one for MS Office.

The problem is that grammar checkers in any form are a half-hearted solution to a larger problem. Another thing to consider is that the grammar check offered in this article does not underline mistakes as they do with misspelled words. This is due largely to the fact that this is an add-on rather part of the Oo bundle.

Read the rest of this entry »

BackTrack 2 Virtual Appliance

The Ethical Hacker Network (EH-Net) proudly releases the only Official Version of BackTrack 2 that not only adds Metasploit 3 to the toolset but is also packaged as a VMware Virtual Appliance. Here are just a few of the features added by the projects lead developer, Mati Aharoni, specifically for the EH-Net Community:

  • Metasploit updated to latest svn, all dependencies upgraded
  • Added fabs patches for msfgui
  • Aircrack-ng updated to 1.0 svn, all dependencies upgraded
  • Tcpdump patched (security fix)
  • Firefox updated to latest
  • Firefox links, favorites and home page
  • A few more lib fixes for old nasties in BT2 final

For those of you who are not familiar with BackTrack, here’s a brief description directly from the project’s web site, http://www.remote-exploit.org/:

BackTrack is the result of merging the two innovative penetration testing live linux distributions Auditor and Whax. Backtrack provides a thorough pentesting environment which is bootable via CD, USB or the network (PXE). The tools are arranged in an intuitive manner, and cover most of the attack vectors. Complex environments are simplified, such as automatic Kismet configuration, one click Snort setup, precompiled Metasploit lorcon modules, etc. BackTrack has been dubbed the #1 Security Live CD by Insecure.org, and #32 overall.

Read the rest of this entry »

Backup files from dead Windows using Linux

Here is how you can backup files from dead Windows using either SLAX, Knoppix and Ubuntu.

Read the rest of this entry »

Corporations Versus Democracy


The most important issue to young people in the 2008 campaign is one that no presidential candidate will discuss. In fact, even touching on this subject is taboo for anyone with aspirations to Congress or the White House. Anyone who has the temerity to mention this political third rail will almost certainly lose the campaign.

Read the rest of this entry »

Technical Advances Make Your Passwords Practically Worthless

Russian outfit Elcomsoft has just filed for a US patent which leverages GPUs to crack passwords. Their approach harnesses the massively parallel processing capabilities of modern graphics cards to make minced-meat of corporate-strength password protection.

Read the rest of this entry »

What VMware is, and Why It Rocks

VMware is indispensable for software testing that I do – and it’s a solid tool for freelancers as well. If you’ve never heard of VMware, it’s simply an application that lets you run a virtual computer inside your regular “host” computer … and you can do anything you want to the virtual machine without hosing up your real one. And you can reset your VMware image to it’s pristine, original state any time you want.

Read the rest of this entry »

NASA Satellite: California Fires

Read the rest of this entry »

OiNK.cd Servers Raided, Admin Arrested

The servers of OiNK.cd – one of the most popular private BitTorrent trackers – are raided and the admin, a 24-year-old man from Middlesbrough, is arrested.

The British and the Dutch police both contributed to the investigation that was initiated by the IFPI and the BPI, two well known anti-piracy organizations. The operation was supported by Interpol who coordinated the international cooperation.

According to early reports OiNk’s servers were confiscated in Amsterdam last week. This seems to be unlikely because the site was still fully functional 24 hours ago. The administrator of OiNK was arrested this morning by the Cleveland Police. The BBC reports that his employer and the home of his father were raided as well.

Jeremy Banks, Head of the IFPI’s Internet Anti-Piracy Unit, said in a reponse to the news: “OiNK was central to the illegal distribution of pre-release music online. This was not a case of friends sharing music for pleasure. This was a worldwide network that got hold of music they did not own the rights to and posted it online.”

OiNK hosted hundreds and thousands of torrents with over a million peers which makes it more popular than most public trackers. The site was known to be one of the first places where leaked music albums appeared, so anti-piracy outfits such as MediaDefender were keeping a close eye on it.

In July the tracker already changed its name from OiNK.me.uk to OiNK.cd due to “legal” issues with their domain registrar. Unfortunately it now seems that the popular private BitTorrent tracker is in bigger trouble.

Online Poker World Rocked by Hack

Chief of Absolute Poker site says ‘consultant’ developed method to look at others’ hole cards without their knowledge

OCTOBER 22, 2007 | The controversy has been swirling in online poker forums for a few weeks, but now it’s official: Absolute Poker has been hacked.

In a letter to regular players, Absolute Poker owner Joe Norton conceded that his site was compromised by “a high-ranking, trusted consultant employed by [Absolute Poker].”

Read the rest of this entry »

Top Ten Opt Outs

As privacy experts, we are frequently asked about “opting out,” and which opt outs we think are the most important. This list is a distillation of ideas for opting out that the World Privacy Forum has developed over the years from responding to those questions. The list below does not contain all opt outs that are available. Rather, it contains the opt outs that we believe are the most important and will be the most useful to the most consumers.

Many people have told us that they think opting out is confusing. We agree. Opting out can range from the not-too-difficult (the FTC’s Do Not Call list is a fairly simple opt out) to the challenging (the National Advertising Initiative opt out can be tricky). Our hope is that this list will clarify which opt out does what, and how to go about opting out.

Read the rest of this entry »

FBI Makes Copperfield’s Hard Drive Disappear

Magician is target of mysterious raid that collects computer drive, computer chip, and $2M in cash

OCTOBER 19, 2007 | A dozen FBI agents stormed a warehouse owned by famed magician and illusionist David Copperfield last night, coming away with evidence for an investigation that apparently reaches all the way to Seattle.

According to a report broadcast last night by a local Las Vegas television station, the FBI took a computer hard drive and a memory chip from a digital camera system. The agents also took some $2 million in cash stuffed in a safe in the warehouse, the report said.

The FBI also paid a visit to the MGM Grand Hotel in Las Vegas, where Copperfield often performs.

Both the FBI and Copperfield’s attorney confirmed that there is an investigation ongoing in the area, but the purpose of the investigation, like Copperfield’s tricks, is still a mystery.

How to Turn Your Browser Into a Weapon

On Monday, I wrote about three of my favorite Firefox extensions that help me stay safe when I’m browsing the darker areas of the Web and incoming email. Today, let’s look at three other extensions: Those that can turn Firefox into a feature-filled, Web-hacking weapon. These extensions aren’t required to use Firefox for hacking Web applications, but they certainly make it a lot easier.

Read the rest of this entry »

How to Talk to Girls

I nearly spit out my Enviga while reading this part:

Difficulty: Challenging

Things You’ll Need

* Charisma
* Approaching skills
* Approaching confidence
* A social vibe


Insert Coin

Since I was asked by several peers in a computer course why the printer said Insert Quarter today, so I deemed this post necessary. It is amazing how unaware some people can be. This little perl script allows you to change the “Ready Message” on most HP printers to whatever you’d like. For the *nix intolerant: here is a link to a Windows binary I’ve used in the past. Keep in mind the limitations of the display when composing your clever verbiage. I wrote it after coming across the command in an HPPJL (HP Printer Job Language) reference manual I was reading for some reason that I now forget. Thanks to the flexibility and power of perl, it was a no-brainer to play with the new information.

Well, of course I couldn’t ignore such an opportunity, and it turns out to be a lot of fun. You can think up your own funny, confusing or scary messages. I generally like “INSERT QUARTER” or “FEED ME” on the larger displays (e.g, 4200, 4250). My personal favorite is “INSERT COIN” which fits perfectly on the small LCDs. You can even sit in sight of the printer and change the message while watching the reaction of your victim. Don’t be surprised, though, if a large fraction don’t even notice. I was quite surprised myself but, it appears, some people don’t look at what is in front of them.

UPDATE: I wrote a more elaborate version that takes advantage of the HP 4200’s larger, four-line display. It sends the current weather conditions which I grab from NOAA using the perl Geo::METAR module. It updates every 10 minutes. Amazingly, while many people noticed the report on the printer display, no one questioned it!

People are endlessly surprising. Isn’t it great?

 Page 151 of 152  « First  ... « 148  149  150  151  152 »