Jason Cooper

I was thinking that you could quite easily set up a pineapple to connect to their network and then you connect to the pineapple on whatever network you like (Along with others using their laptops in the area). First the trackers would have to track down the pineapple (when they find it hopefully you will see them and know it is time to leave), once they find that they will either disconnect it (also alerting you that it has been found) or they will leave it in place and try to figure out who is connecting to the pineapple. If there is enough people connecting through the pineapple then they will have to either try and track them all, or try to single you out from the others by grabbing packets and then doing some traffic analysis on them (both of which will require sometime).

because of the natural hacker instinct to know how something works and how you can manipulate it if you need to :)

I have always found spybot search and destroy to be useful for removing malware on personal machines, but for a corporate environment you can't beat being able to just take their base unit away and put another one you had prepared earlier in its place. Very little downtime for the user and you can reimage their machine and use it as the spare.

I suggest you read this paper before stating that reason for the number of rounds isn't to take longer, yes there are other reasons for using a larger number of rounds but the ability to extend the cost of calculating a hash as hardware advances without having to change the algorithm makes some hashing algorithm a better choice for hashing passwords than others. I agree that passwords should always be hashed first then the list of users searched for a match (it is also a good idea to make sure that the searching of the list of users takes the same length of time or you could still face the same leak on large userlists)

Is anyone else wondering if you can set up a pineapple to proxy your connections?

Of course there are some hashes that you can set the number of rounds that it does when generating the hash (Note: this is not the same as hashing the output again). The reason for this is purely to make it take longer to generate the hash. This can help with some aspects of security (e.g. increasing the length of time a dictionary attack would take against a hash). One thing to look out for is that if you do use a large number of rounds in a hash for your passwords then your system could leak information about valid usernames (Though most OS's have measures in place to combat it).

Try explaining what you mean again? But from what I have read you have already had the answer, it just involves work on your part (I.E. creating your own or altering an existing one to do what you want.)

Of course the black swan in this case could be one that lives on pluto so scouring the earth multiple times for it wouldn't help you find it. The point I was trying to make was that you can't prove that a backdoor doesnt' exist, just that it probably doesn't exist (Two very different things).

What you want it *nix's touch command. There are win32 versions available if you are using windows, just Google for win32 unix commands. The touch command will let you set the modified and access timestamps for the files.

VNC is probably not the best tool to do that if you want to be extra stealthy, unfortunately for you (And fortunately for the rest of us) the programs that do work stealthily are usual picked up as a trojan or spyware by antivirus software. Of course that doesn't stop you writing your own or modifying an open source alternative (e.g. tightVNC) to do what you want.

That isn't proof that a back door doesn't exist, just proof that one hasn't been published yet. Note I am not saying that there is a back door I am just saying that it is a lot harder to prove that something doesn't exist than to prove that it does. The classic example is black swans, at the start of the 18th century a lot of professionals believed that all swans were white. Of course they never could prove their belief but later on in that century they managed to disprove it by finding a black swan in Australia.

That is a very hard to prove statement :) I think the key thing is that there hasn't been one found yet and so the only people likely to have the knowledge and computing power to break it are large governments. And if they do have the power to do that they won't advertise it by breaking the encryption on anything small or public (Just other countries political/military communications and suspected terrorist communications) and even then they won't make the results of it public. What I am trying to say in a round about way is that even if the government can break AES encryption they wouldn't be willing to give up the power it gives them by advertising that they can do it.

That wouldn't work as you would still have two machines with the same MAC address clashing. If you are going to the hassle of ARP spoofing then you could just filter their connection to their wireless routers web interface and remove the table line with your MAC address in it. This is more useful as they would only see that they were connected when they weren't.

"of the hook" and "off the wall" are the two that I regularly listen to on my mp3 player.

You could always use ettercap in bridge mode between the switch from the lab and the rest of the network, you would have to write your own filters or plug ins and you would need to make sure the machine running it was capable of running processing the packets fast enough so that it doesn't slow down the network. Of course the real problem you will have is identifying if the page/file they are downloading should trigger the message. If they are using encryption then looking at the content of the page is very difficult, so you are just left with the contents of the packet's headers to make your decision on and if that is the case then you might as well just run a firewall blocking access to those IP addresses and save yourself the hassle of injecting packets.

How deep is your tree? The easy way to deal with trees is usually a recursive function, but you can hit stack problems with a deep tree.

What about (as suggested previously) a Fonera 2.0 but use the USB port to host a USB Flash Drive, or USB hard disk?

To avoid the hassle of running cables you can use Ethernet over Power modules. You can loose some of the bandwidth compared to dedicated cabling, but as long as you get good quality modules you shouldn't loose too much. Other than the convenience of using Ethernet over Power you also get to avoid the argument with your other half about why you have spent the entire day ripping up carpets, fitting trunking or trailing cables over the house. In my experience this argument will normally start when you are drilling holes through walls to poke the cable through. And before you try it, the argument of "If you let me fit the false floor when we moved in, we wouldn't have had to do this." doesn't work it just makes the argument worse.

I changed the memmory in my eee 900 (SSD not hard disk) for a 2GB module. They use standard laptop so-dimms and mine had a nice label on telling me the spec, which made it easy to make sure I got a matching spec for the upgrade. If you are wanting to increase your wifi range with a USB dongle then make sure you get one with an external antenna (most with external antennas have it connect with a SMA type connector so you can add your own directional antennas for the extra bit of range) Also check out the chipset, and make sure that there are suitable drivers available for it. (By suitable I mean ones that will work with kismet, aircrack, etc.)

Actually that wouldn't quite do what you want. For example it would match against $var if it contained "This is complete" but it would also match against $var if it contained "Complete this is not". He would actually want something like this to force the complete to be at the end of the line. Note that the [\r\n]* in the regular expression will make sure that there aren't any problems caused by carriage returns and new line characters. if($var=~m/complete[\r\n]*$/i) { print "Complete found at end of output"; }

I like this, I have so many ideas for things like this but never get round to implementing any of them a competition would definitely push me into actually working on some of the ideas.

The game I played the most was Elite. Wireframe graphics have never been so addictive.

I once had a call from the group responsible for keeping our networks secure saying that their snort had picked up some odd behavior from our subnet with one of our servers looking like it was running a ssh connection on port 80. Turns out that the web service running on that machine had handed out a sessionID which had an exact match for their signature for a ssh connection and so their IDS thought that webserver was running ssh on port 80. Took me ages of looking through logs to figure out what had happened to trigger the IDS.

I'm glad that I'm not the only one who enjoys takedown (Or was it called trackdown, or was it released under a different in title for different countries?). The one key thing that stands out for me is that even with all the Hollywood spin that they put on it everyone who watches it ends up siding with Mitnick.