sqall

Like everyone said, it will work if it is really a hub. Because it's your brother and you have physical access to his pc, you can set up his computer to use your computer as router. Than you have a man in the middle attack as well and you can sniff his packets.

http://damnvulnerablelinux.org/ <-- I post you the desciption of the site: "Train IT security using Damn Vulnerable Linux (DVL)! This distro is meant to be used by both novice and professional security personnel and is even ideal for the Linux uninitiated." This is a live distribution which you can use in VMware or VirtualBox or whatever, to train yourself. It's a really nice project which I'm using myslef. http://www.reverse-engineering.net/ <-- real good one with video tutorials. It's also the community forum of dvl (damn vulnerablel inux)

There is a portable version of tor. The Chaos Computer Club in germany give usb-sticks with a portable version of tor to journalists who report of the olympic games in china. So the journalists were able to circumvent the "great firewall" of china.

You can copy the files where the passwords are stored. I don't know if the passwords stored in plaintext in the files. (in FF you can set a masterpassword which should secure your safed passwords. I'm not sure that the passwords are encrypted when it's set). But I think you should be able to copy the IE "password file" to your own pc and use this function of the FF. Perhaps there are some tools to read the passwords from the file?

Of course for now it's just working in a laboratory enviroment. But you don't need any physical access to the hardware to spy. I read the same some days ago on a IT-news site. I'm curious how far this method can go to spy keyboard inputs in a real situation.

This isn't just a hack. It's a hack with a "superb" name: Made my day ;)

This sounds very very interesting and gave me a new idea for a new project. I've got an Asterisk Server for my ISDN phone system and I think I try to combine the security system with motion detection and Asterisk. For example Asterisk call me when the webcam detects some motion in my room. I'm living in a residential community and with this system I can take a look if someone enter my room when i'm not home.

Perhaps it was just a not funny joke from someone. I received the same PM for saying "I wouldn't buy there for myself!". It's just rediculouse. But I'm curious about his reaction.

I would do the same thing. Just contact the webmaster or administrator and tell them everything or give some help how to secure the site. But I think defacing isn't so bad if the defaceors just leave a little note on the frontpage or something like that with infos to secure the site or whatever. I don't agree with the deface which ls showed us.

Does he really have to replace the public cert? Can't he just install a own cert on the browser (when you take a look at the cert list installed in your browser, there are a lot of certs) and then use his own key verificated with the cert?

The admins of the university can find you as well if you're using other proxies. Principle Tor is nothing else. They just filter the traffic for certain IP adresses of the Tor server or look for certain IPs (therefore any VPN-tunnel or SSH-connection can be conspicuous for the admins too). I still think tor is the best solution.

I don't know. It doesn't look seriously. I wouldn't buy anything from this site for myself.

1)KDE 2) - 3)Konqueror 4)firefox 5)nmap, nikto, tcpdump, wireshark, nessus (I think I don't even know 10 ;) ) 6)OpenOffice 7)there's no tool 8)5 9)amarok, vlc, k3b 10)widelands (I hope the final release will come soon)

Just like ls said just use tor. When you use firefox there are some plugins so you can use tor with the hak5.org connection and for other sites (because it's much faster) you can use the normal connection without any proxy.