Google

Monday, March 10, 2008

Identity Protection

"What Exactly is LifeLock Identity Protection?

Identity theft is one of the fastest growing crimes today. By now hundreds of thousands of Americans have been victimized by this kind of financial crime. From kids to adults to the elderly, no one is spared from identity theft.

If you get victimized by this crime, you will work very hard to get your life back to the way it was. Your credit score will be ruined, lose your home, and some evenSign Up Now for Lifelock! experienced getting imprisoned for a crime that they didn’t even commit.

If you want to protect your identity and you want to prevent becoming a victim of identity theft, then you may want to hire LifeLock. LifeLock offers total protection from identity theft. It is a company that is dedicated in providing you with a guarantee that identity theft will never happen to you.

In fact, LifeLock can even guarantee their services for up to a million dollars. If you become a victim of identity theft while you are in a LifeLock customer, they will guarantee your good name up to a million dollars.

LifeLock is one of the leading companies in identity theft protection. Even if would be thieves get a hold of your Social Security Number, you can be sure that LifeLock will be able to protect you.

So, if you don’t want to become a victim of identity theft, you may want to get protected under LifeLock. With LifeLock, you can be sure that you are well protected and keep your name as well as your credit score clean." -Lifelock

For those that are somewhat concerned about identity theft. Personally, I'd just keep my stuff to myself, and shred important things. I suppose once hit by it, I may change my story, but until then, it's worked just fine for the last twenty something years.

Monday, March 3, 2008

New Threats!

"At the DEFCON hackers' convention this summer, two researchers showed off a way to take control of a laptop through its wireless connection. The attack didn't target the operating system; it sought out specific flaws in the software that managed the wireless-networking hardware." -by Robert Lemos

What does this mean to us? Though this is just a software vulnerability for the hardware, which would require software updates. But what if it was a vulnerability in the hardware's firmware, which would completely bypass the operating system, making EVERY system a target. This is somewhat like the change from phreakers(hacking phone's and telecommunication systems(who faded out)) to hackers(who found loops, and holes in software to make things perform in ways they weren't originally designed(not crackers)). This makes me wonder if we'll soon have a new breed of hackers that will be concentrating strictly on hardware issues. If so, the new exploits will be rather difficult to protect against. Short of firmware flashes, which 90% of box owners either A) don't know how to do, or B) are too lazy to do them.(*EDIT* Obviously firmware would still be in the same ballpark as software, but hardly anyone ever upgrades firmware, thus making it a longer wild exploit :/)

I will be keeping an eye out for these types of hacks as much as possible and keeping the blog updated with them.

Fun with Hex Editing.

For one of the missions on a site I head over to whilst bored, I was to find out the cd-key of the program, to register it. I was thinking it would be a little more difficult than it was, but to my dismay, it was rather easy. First, I grabbed the first hex editor I could find, and opened the app that was given to break. After a quick ascii search for "cd-key" I found it. Yay! Took longer to grab the hex editor than it did to find the cdkey :( Hex editing can be used in multiple ways:
According to Hex Editor Wikipedia:
"By using a hex editor, a user can see or edit the raw and exact contents of a file as opposed to the interpretation of the same content that other, higher level application software may associate with the file format. For example, this could be raw image data, in contrast to the way image editing software would interpret the same file.

In most hex editor applications the data of the computer file is represented as hexadecimal values grouped in two groups of 8 bytes and one group of 16 ASCII characters, nonprintable characters normally represented by a dot,(".") in the ASCII part.

The standard Unix shell command used to display (though not edit) a file in hexadecimal and octal is od."

So, by using a hex editor you can change just about anything you want. For example, back in the day, I used to use a hex editor to change spawn points on maps for a game I played. I won't dig into the things the 'bad' guys can do with it ^ cdkeys*cough* so we shall end it with this :D

Monday, February 25, 2008

Comcast: Friend of Foe

For those of you who have Comcast internet, you may want to take a look at the following:
Comcast to FCC
Also, here's a recent Bill, that google has some say in, that relates to comcast:
Google cheers anti-Comcast legislation

An excerpt from Network Neutrality Wiki:
"Network neutrality (equivalently "net neutrality", "Internet neutrality" or "NN") refers to a principle that is applied to residential broadband networks, and potentially to all networks. Precise definitions vary, but a broadband network free of restrictions on the kinds of equipment that may be attached, on the modes of communication allowed, that does not restrict content, sites, or platforms and where communication is not unreasonably degraded by other communication streams would be considered neutral by most observers.[1][2][3]

The possibility of regulations designed to mandate the neutrality of the Internet has been subject to fierce debate in various fora. Though the term did not enter popular use until several years later, since the early 2000's advocates of net neutrality and associated rules have engaged in mutual campaigns of propaganda with broadband providers over the ability to use "last mile" infrastructure to block opposed internet applications, and content providers (e.g. websites, services, protocols), particularly those served by competitors. Neutrality proponents also claim that telecom companies seek to impose the tiered service model more for the purpose of profiting from their control of the pipeline rather than for any demand for their content or services.[4] Others have stated that they believe net neutrality to be primarily important as a preservation of current freedoms.[5] As Vint Cerf, co-inventor of the Internet Protocol, has stated, "The Internet was designed with no gatekeepers over new content or services. A lightweight but enforceable neutrality rule is needed to ensure that the Internet continues to thrive." [6]

Critics, meanwhile, call net neutrality rules "a solution in search of a problem" and believe that net neutrality rules would reduce incentives to upgrade networks and launch next generation network services.[7] Others argue that discrimination of some kinds, particularly to guarantee "Quality of Service," is not problematic, but highly desirable. Bob Kahn, Internet Protocol's co-inventor, has called the term "net neutrality" a slogan, and states that he opposes establishing it, warning that "nothing interesting can happen inside the net" if it passes: "If the goal is to encourage people to build new capabilities, then the party that takes the lead in building that new capability, is probably only going to have it on their net to start with and it is probably not going to be on anybody else's net.[8]"

In a June 2007 report, the Federal Trade Commission urged restraint with respect to the new regulations proposed by network neutrality advocates, noting the "broadband industry is a relatively young and evolving one," and given no "significant market failure or demonstrated consumer harm from conduct by broadband providers," such regulations "may well have adverse effects on consumer welfare, despite the good intentions of their proponents[9]." In turn, the FTC conclusions have been questioned in Congress, as in September 2007, when Sen. Byron Dorgan, D-N.D., chairman of the Senate interstate commerce, trade and tourism subcommittee, told FTC Chairwoman Deborah Platt Majoras that he feared new services as ground-breaking as Google could not get started in a system with price discrimination.[10]"

Post some comments with your thoughts on network neutrality or lack there of. I want to see how others feel about this subject!

Fun with your DD-WRT

For those that have a DD-WRT flashed router, here are some funs things you can do with it!
First off, here is a firefox addon that will show your routers status in a status bar!
DD-WRT Firefox Addon

Boost your wireless signal
Go to the Wireless tab in the web interface followed by 'Advanced Settings'. Scroll down to the 'FXmit Power' and adjust accordingly(as the DD-WRT manual states, it is "safe" to increase it up to 70) Personally, I wouldn't want to fry my router, so I'd set it at 70 max ;)

QoS
Throttle bandwidth for things that are more important that others such as games over torrents. This is something most routers don't come with, but luckily you have a DD-WRT router right? :D

Cracking WEP
Using wepcrack on your DD-WRT, crack other AP's (please note this should never be done :P) Just set the storage of the capture files to be on a samba mount.

More to come once my brain works a bit more!

Saturday, February 16, 2008

Blue Update!

I just received my bluetooth dongle! Yay! Again, we have the little problem of my phone being verizon thusly can't use OPUSH. So, I can't use bluesnarfer on it. Going to have to find someone with a different carrier and an older phone. But here is me bringing up the device, and playing with bluesnarfer(obviously for those who have used bluesnarfer I'm using the wrong channel, but that was just to test if my phone would even pair with it, which it did and I purposely entered the incorrect pin to cancel it. And for those who haven't played with bluesnarfer, the part where it's saying:
bluesnarfer: open /dev/bluetooth/rfcomm/0, Connection refused
bluesnarfer: bt_rfcomm_config failed
bluesnarfer: unable to create rfcomm connection
bluesnarfer: release rfcomm ok
is because I entered the incorrect pin and it disconnected :D)




Once I find a phone to play with I'll post some tuts on how to use bluesnarfer :D So anyone looking to donate, shoot me an email and we'll talk!

Friday, February 15, 2008

Funny Quote

I was randomly cycling through my normal forums before hitting the sack and ran across a funny quote. A guy and his wife were sitting there, and he looks at her and says "Make me a sandwhich", she says "What? Make it yourself". He then replied, "Sudo Make me a sandwhich" and her response was "Okay." It made me chuckle after reading that. Hopefully a few of you get what happened in the conversation :P