Jump to content

joeypesci

Active Members
  • Posts

    300
  • Joined

  • Last visited

  • Days Won

    4

Everything posted by joeypesci

  1. So, went to buy some Premium Bonds the other day from NS&I http://www.nsandi.com/ and had to sign up. I stopped, why? Because their password limit is only 8 characters long! WTF? I needs to be letters, numbers and special characters however, surely 8 character limit is WAY to short, especially for such a big financial site? Mentioned to Digininja who suggested it's probably to keep support calls down and I think he's right. I e-mailed them warning of the danger but got this fobbed off reply: The last "Please note" bit is ironic because she left my e-mail address, my full name and my address in the e-mail. So what was this "Deleted some information" then? Seems companies like this won't listen until someone breaks in. Sony didn't until it all went tits up. My question is, not being an expert, I'm am write about the 8 character limit being seriously insecure? Worst still is the National Lottery site limits to 12 characters, numbers and letters only and NO special characters aloud. Their reply to me was essentially "we're secure, f*** off". That was about a year ago. Recently sent another e-mail pointing out the issue again. They haven't even bothered replying this time.
  2. Thanks. Looking into this. Last time I had SSH on one of my machines running putty, I would check the logs daily and noticed it would get hammered by at least one bot per day attempting to guess the user name and password for it.
  3. Wouldn't of thought so as it's encrypted. I think you can monitor packets and DPI is just to get more details on those packets, if I'm understanding DPI correctly.
  4. joeypesci

    Legality

    Thanks. I blurred the faces, well the eyes :) and the numbers had no names against them so were just numbers.
  5. Thanks Inventoman but the question was about Exchange and if it gets attacked a lot, not what other ones I could use instead, as I want to learn Exchange as most companies, including ours, use it. Oh and all my training videos I watch our on MS Exchange :) But might have a look at the above some time.
  6. Hmm. That's a good idea, will have to look into it. I'm with little know Xilo.net as they do a monthly contract BB. Little more expensive than the big players but customer service is so much better. 8 free static IPs but not sure if I got free hosting or e-mail address with them.
  7. Just messing with some VMs and DCs. Looking at Exchange now. Being running a small domain for over a year at home. Not much on it. Want to stick exchange on to test. I've done it before so it just can send e-mails internally but was thinking of getting a domain name and just messing with the MX records to point to my exchange. However, I know the exchange should always be in the DMZ (which I've never set up). Just wondered how much an exchange box is targeted? A mate run his own very basic website from home testing and it lasted a day before it was wiped by someone getting in :)
  8. And it wasn't just a car wash it was to get the scratches out with a new paint job. At first I thought it was a wide up but sounded more plausible towards end. In answer to price, about £600 or into the thousands he said. However, for all we know, the owners of said cars also donate large amounts to charity.
  9. Spamster of the worse kind. So poorly done :)
  10. I'm far from an expert but advising people "Are you authorised to pen test this" isn't answering the question. I feel if someone asks a question we assume they know the legal issues involved. And seeing as it's a school I can see, it really doesn't surprise me they've asked the Admin assistant to do the pen test. Anything to save money in schools normally. But as above, I'd suggest looking at some security vids. If the network already has AD setup, then you could look up radius server. So sticking the WIFI on WPA 2 and with radius authentication, from what I remember, would give you to factor authentication. Crazy to know the NHS place I worked at, for years still used WEP. I told the network guys of it's insecurity and they shockingly said "But it's 128bit WEP" as if to suggest that would make it harder to crack. We were located opposite flats. Anyone living in those flats would of had a field day for years. Their excuse was always that no confidently info was being transmitted over our network. Bullshit, I knew there was. Amount of people that could of been Middling that network is shocking. Eventually they brought in a radius server. But didn't for years because of cost and lack of knowledge. So doesn't surprise me here that the OP is saying the school has asked the admin assistant to pen test.
  11. A proper rack with proper servers! I'm jealous! How about a simple small standing air con unit? I wouldn't risk trying water cooling. I've never been a fan and if it leaks, water and servers, as you know, don't mix.
  12. Also an advantage of roaming profiles means if you setup Outlook on one machine, if they visit another machine, their profile and Outlook settings get downloaded from the server, meaning you don't have to set up their Outlook profile again. We used roaming profiles at NHS and they helped a lot. New place I'm at don't and it's a pain having to setup Outlook on any PC someone moves to.
  13. C++ would probably what will be taught in Uni', what I had to do in my HND at Kingston Uni. Ruby looks good though and may help with learning C++ http://www.ruby-lang.org/en/
  14. Appears yes, and didn't realise how big it was :) http://www.computer-juice.com/forums/f47/15dbi-omni-directional-antenna-alfa-network-1w-1000mw-usb-campervan-project-31038/
  15. Old thread back again. Anyone know if this would work on the Alfa Awus036h? http://www.data-alliance.net/-strse-207/Antenna-15dBi-2.4Ghz-Omni-dsh-Directional/Detail.bok
  16. joeypesci

    Mitm Wifi

    Erm, but doing the registry fix in post 5 has fixed it. It's a Alfa, the one that's in the pineapple, minus the pineapple.
  17. joeypesci

    Mitm Wifi

    Yep, everything is on the 10.0.0.x range Cause it's easier to type :)
  18. joeypesci

    Mitm Wifi

    Would be nice to be able to edit the titles on these threads. I'd like to put FIXED at the end of the title for anyone else who runs into the issue.
  19. joeypesci

    Mitm Wifi

    Looks like it might be an issue with Cain. Finally fixed this issue after all these years. This never came up when did a search before http://oxid.netsons.org/phpBB3/viewtopic.php?f=8&t=4222 Changed reg key to 0 and it's fixed it and now I get the MAC addresses on a scan. For anyone else with the issue I'm on Windows 7 Ultimate 64bit.
  20. joeypesci

    Mitm Wifi

    This is probably why then :) http://img269.imageshack.us/i/49285750.jpg/ Had this before and never seemed to be able to fix it. I also note it states it only supports ethernet. So doesn't that mean it doesn't support WIFI? 10.0.0.105 is the WIFI card.
  21. joeypesci

    Mitm Wifi

    It's a Draytek Vigor2800VG. You can turn on AP Isolation for specific WIFI devices that connect to it, mine laptop isn't one of them so I can access everything else on the network from the laptop. The ESXi box, the VMs, the NAS drives. But just doing a scan in Cain doesn't bring anything up. And I've selected the wifi card in Cain and the Winpcap drivers are installed. Just updated Cain and Winpcap but made no difference.
  22. joeypesci

    Mitm Wifi

    Probably a simple question for others but not me. I understand a MITM attack, what I'm a little lost is my own home setup. I have my Vigor router that also has WIFI. Various machines on the network all connected wired. If I do a sniff in C&A from the wired machine it shows me all MAC address' it finds on the network. If I do the same sniff on the laptop via WIFI I get nothing. No MAC address, nothing. Means I then can't target other test machines on the network to do the MITM attack. Any ideas?
  23. joeypesci

    Legality

    Article would be on the perils of selling on your phone with the SD card included. And the perils of attempting to rip someone off when you sell that phone with the SD card included, wiped but not security wiped.
  24. If I remember right, really rough memory of the story, in one of Kevin Mitnick's books there was a story of a security guy coming in to give a talk to a bunch of coppers on IT Security and hacking I think. And turns out their servers, unknown to them, were being used as a gateway by some hackers to gain access to a number of other agencies and businesses related to that place. I think it was flagged up while the security guy was there. So he took them to the server room to experience the real world attack and monitored what the hackers were doing, where they were going etc. So that they could trace them and catch them later. Which they did. I'll have to flick through those books again if I can find them and find the story. Was a good one.
×
×
  • Create New...