ihackforfun

You could point out that this is indeed not the best practice, point them to this OWASP web site: https://www.owasp.org/index.php/Information_Leakage

Also when password protecting zip files, make sure you have a really strong password since you can try forever to guess the password, there is to my knowledge no way to self-destruct a zip files upon mis-guessing the password. Quote from the winzip website: "The security of your data depends not only on the strength of the encryption method but also on the strength of your password, including factors such as length and composition of the password, and the measures you take to ensure that your password is not disclosed to unauthorized third parties." (http://kb.winzip.com/kb/entry/80/) Literally every coder can write a password cracker for zip files, it is a common example when reading books on Python for hackers ... You can find one here if you look into the preview: http://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579 Conclusion: don't put pictures you do not want others to see on media that is frequently lost/stolen (USB, external HD, public dropbox folder, phone) :-)

Latest info is that there is no additional info :-) As soon as they open up (we should be informed via email) I will start creating a team and call for participants ...

If you would have built and programmed this system just to see if you could do it or to show benchmarks on how fast a WPA can be cracked I would think it was cool, in those cases you would not send back the cracked key nor charge money for it (although asking for donations might have been a good idea). In this case you are just advertising the fact you are selling a service that obviously will be used for illegal things just makes you a “lamer” in most real hackers view … just that you know …

@GuardMoony, I'm still in holidays ... I'll get back in touch with my collegues beginning of next week :-)

As a side note, all this technology means nothing if you can be identified in other ways ... Example: some people try to send an anonymous email (e.g. trow away email address) but are identified by their style, other by their browsing habits, others by aggregating data like cell phone and log in records together with hotel and flight registrations (e.g. the general-mistress thingy in the US)... Then of course there are people who will simply betray you or who are double agents or working for the gouvernement (e.g. lulzsec case) ... I still admire your will though and if you take note of these effects that could betray your identity you will be a lot more anonymous then most.

Also keep in mind that multiple levels of encryption do not always add security, I remember a (very rare) case where adding more encryption weakened the strongest algorithm used and the added encryption was not strong by itself so in total the plain text was easier to figure out ... I can't seem to find that article again though ... If you want to start in encryption, go for the eldest examples (Caesar cypher) and crack those, once you get to algorithms where frequency analysis cannot crack them things get really though unless you have a strong mathematical background. If you want to encrypt text an added layer of encryption can be the language itself, a language that is not spoken anymore and that is not linked to one of the known “old” languages can be great (e.g. the native American code speakers) to hide the meaning of a language. It will not help against evil companies like google or anything government related ;-)

I'm thinking about it but there is not yet a lot of info on their website. When I tried inviting some friends the mail functionality did not seem to work... I we start a team you are welcome to join :-) I'll let you know ...

Hey CompleteTech, Instead of "brushing up" on your skills to track them I think you have a better change of learning skills to defend yourself against criminals like this. First of all I doubt that you will find this "person" unless you can work with the police and even if you did, what then? I doubt thay will give you back your domains, it might even lead to an escalation of the situation. Preventing this from hapening is going to be easier, digininja already gave sound advice in that area and at least it ill make sure this never happens again, if you get your domians back now somebody else might again steal them tomorrow ... I know this is costing you money but I think in time it will be clear the domains are yours and you will get them back. Just count this as "learning money", I know it sucks but I think most of use had to pay it one way or the other ... If you really want to annoy these people then advocate good practices to prevent them to the people you know (e.g. also your customers), this might prevent these people to keep doing this to a couple of others and thus you make sure there business model breaks and they will go away and find something else to do ;-) (in a perfect world that is, I know they will probably find some other wau to extort people)

Did you file a police report/complaint? It might not do any good but it cannot hurt either ... What country are you in? If in the EU or US there should be a police branch that specialises in cases like this. Do your domains actually contain value like an online shop or something like that? If not then why are they holding it hostage? Take note that if you pay them, there is no guarantee you get your stuff back not that you will not be hacked again the next day ... Unless you are working with the governement/police you should not try to go after him/her/them, there is a very small chance that you are victim of organised crime, you cannot take these guys down yourself. If it is a kid doing it from home you will not be able to do anything either, you might even get arrested yourself.

I use bleach bit on both linux and windows, for windows I have a USB stick with some portable tools, bleach bit is one of the tools I always have on there (get the portable version here http://portableapps.com/apps/utilities/bleachbit_portable) together with Eraser (also portable edition). When I'm feeling paranoid I also run the Diskcleaner and Wise Registry cleaner portable tools although I have no proof that it removes things that bleach bit could have forgotten, sometimes it is better to be safe then sorry ;-)

The group anonymous is rumored to use the Havji tool a lot (http://www.danbuzzard.net/journal/lulzsec-and-anonymous-script-kiddie-sql-injection.html), SQLMap is a tool thought in most security courses like CeH and SANS 542 so I would start with those as a general rule. If you want to test your own application/website to see if someone could get in easily then I would start with these also …

And don't root your iPhone ... the number of malicious apps making it through the iStore is very low (almost non existent). There is a problem with apps sending out to much personal info but that is another problem all togehter ...

@Comodo I watched the slides but there was no technical info in them on how they are going to host systems. If more details are known I can re-evaluate my comments ;-) Also on the subject of knowing when a server is hacked, the hacker will let you know since he will want to claim his reward. I'm guessing he will need to provide detailed step by step instructions on how he got in and only after this is verified he will receive money ...

I agree with digininja, I would not like to see my server being attacked without my monitoring, if anyone gets in they just had a dry run to come and hack your real server with much less hassle ... companies like google have the resources to patch vulnerabilities fast, most other companies are not so lucky ... If I were to use this service I would: - make sure the DB is empty or filled with random values, I would not even trust randomising existing data - make sure the server nor any of the software indicates the company the server is from I am a great fan of the hackademy though, good courses are expensive and most info can be found on the net but you loose a lot of time searching/sorting/sifting through info before you get there, this initiative can be helpfull there ...