Jump to content

Signal Hacker

Active Members
  • Posts

    36
  • Joined

  • Last visited

Everything posted by Signal Hacker

  1. Here's a link to it, for those having trouble finding it (can also be found other places on the web): http://freedomisnothingtofear.com/th28gaa1g.txt Most of it is snide commentary, insults, and a metric sh*t-ton of dumps from the shell command history, ls, the shadow file, and other "trophies"....including that dump of every login attempt to the forum made while these asshats were MitM'ing it. EDIT: Something keeps changing the link when I try to type it and post it here.............it's "www.freedomisnothingtofear.com" then a "/" then "zf0.txt"
  2. This is what I used as the basis of my custom GRUB splash screen on my Ubutnu/Win dual booting laptop (looks like crap in 14 colors, though). Bill looking mad sexy
  3. Look at the article about the hak5 attack that was just published in zf0, issue 5. It doesn't matter that the passwords were stored hashed and salted...the attackers were sniffing them in real-time whenever someone tried to authenticate at the login page through some SSL exploit. I found my own info amidst the pages and pages of password dump: three different login attempts I made one day when trying to login to the forums. Attacks like this make hashes, salting, and strong passwords meaningless (passwords were pretty meaningless already).
  4. I'm still pursuing the CEH cert. Still don't have a chance in hell of getting the company to pay for the bootcamp (though I did try out for the CEH web course contest TheAcademyPro.com had), so I applied for the self-study option and got my eligibility number...haven't scheduled yet. Got the ExamPrep book, which had better reviews on Amazon than even the official course material . Don't know when the hell I'll get enough to finish studying and take the exam. I'm pretty swamped right now with an ISO 27001 project where I'm the only guy whose ever even touched it and the rest of the team is clueless.
  5. 25A...but National Guard, not active duty. Nowadays, your old MOS (now called 25F) is in pretty high demand with a hefty bonus. Wanna re-enlist? ;) I don't think it's as bad as 25B though...active duty Army is hurting for them so bad that we can't even slot anyone for it for the next year. For any non-military following this convo: 25A - Signal Officer 25F/formerly 31F - Net. Switching Systems Operator 25B - Info Systems Operator
  6. Weird coincidence...someone at the office was just discussing this (stealing info off RFID credit cards). Makes me glad all mine are just magnetic strip...hell, I have a hard enough time keeping those from getting stolen! Seriously, I have three cards that got compromised....a Mastercard that got compromised when the Heartland Systems breach occured and two Visas (one debit, one credit) that each had funny charges made to them and I got replaced, all in the last year! I'm not sure if it was one of my machines (doubtful, I run Linux) or my girlfriend's machine (Conficker'd a few months back, reinstalled the OS), but somebody must've had a keystroke logger on it or else I bought from some vendor that was compromised.
  7. Very true...I get a free business infosecurity mag called SC Magazine. Most of it's already out of date by the time it hits my mailbox.
  8. Forgive the n00bness, but what are those?
  9. I recently started pouring through all those old 80's-90's hacker ezines (back from the ol' BBS days). Phrack, LoD Technical Journal, etc. It's a very cool glimpse into the history of computer security, blackhatting, etc. http://www.textfiles.com/magazines/ has a huge archive of all these old ezines.
  10. Agreed! Like that ridiculous news story about the "dangerous hacker group Anonymous" when all they are are a bunch of 4chan dorks who grief on Habbo Hotel
  11. I just got the lolz reading that garbage "manifesto" they posted! I read between the lines and this what I got out of it: "Full disclosure and whitehat hacking is bad because it makes systems too secure, too many script kiddies steal the headlines from us (the REEEAAAL h4x0rs), and it makes it too hard for us to set up spam botnets and sniff credit card numbers off people's eBay accounts. The world needs to return immediately to security via obscurity and closed source so we can keep blackhatting with less effort." What a bunch of back-asswards, contradictory BS! We're protesting whitehatters' irresponsible and destructive practices..........by committing irresponsible and destructive acts...
  12. GREAT points, all of you! There are absolutely NO good reasons this data should be going home with NG employees. Vako, you're right on the mark about the reasons why these users are taking laptops home with them. Sure, it's just a Guard laptop, so identity theft is the worst risk. But it's still scary to think this sort of thing has happened multiple times in just a few years with MILITARY laptops!
  13. :lol: That would be why South Korea would be threatening to launch missiles......at Blizzard Entertainment HQ in Irvine, CA. North Korea would be lucky to even have Scorched Earth on DOS.
  14. So, for the third or fourth time in two or three years, I get a letter from my state's National Guard (not the state I live in, so Illinois is off the hook) telling me that YET AGAIN they've lost a ton of Soldiers' data! YAY! And it was the exact same fuggin' situation as the last two or three..........some dipsh*t who works for the Guard or DFAS (Defense Finance and Accounting Service) went home with his company laptop, left it in his car overnight, and someone ganked it. Especially funny that I got this letter right after watching the Hak5 episodes on hard drive encryption and cold boot attacks. The letter doesn't go into any technical detail, just tells me my data (and that of most of the other commissioned officers in this state's National Guard) was on the stolen device, put fraud alerts on your credit report, etc. etc. etc. How many times is this shot of shite going to happen before they just outright ban employees from taking laptops home!?!? I'm not aware of anyone in the NG who works from home, anyway. I just hope to God they encrypt all their devices' hard drives. I have drill this weekend and my company commander is a full-time sysadmin for the Guard, so I'll try to find out. In the meantime, hope nobody's out buying a house in my name...
  15. Here's a blog I stumbled upon when looking for a way to make my Back Track 4 LiveUSB keep persistent changes: http://www.infosecramblings.com (and here's the directions for persistent BT4, if you're curious http://www.infosecramblings.com/backtrack/...-changesnessus/)
  16. Though my *nix dork colleagues would probably crucify me, I did like the Seinfeld and Gates ad campaign. And the IE8 is entertaining too.
  17. Stating the obvious too, experience is always better than any cert. Which is why I want that CEH/CPT course, since I get a nice lab to actually do this stuff (experience), and not just buy a $50+ book and vomit back up the info on a $400+ exam sheet. SSCP is a good cert, but I can't really say I learned much new that I didn't know already, now I just get to prove I know by placing a pretty little acronym after my name...same with Sec+, as much as I've looked at what it covers and the sample exam questions. My company used to be really really anti-cert, their philosophy being, "The experience you gain here is better than any certification!" But my company is a consulting one, so eventually they had to back down when clients start asking for CISSPs, CCNAs, etc. by name to work their projects. But they're still resistant, so you really have to sweet talk them to get them to pay for anything expensive (over $500).
  18. About ClamAV and other Linux anti-virus/trojan/rootkit/whatevs... If you dual boot your comp with Linux and Windows, those tools are very handy...not so much for the Linux side (as others mentioned above, not much Linux malware exists), but for scanning your Win partition for viruses that might have root kitted themselves or otherwise tricked/corrupted your Windows AV program into not detecting or eliminating it. After my gf's Windows-only laptop got ate up real bad with Conficker and nothing could remove it, I reinstalled XP and then installed Ubuntu. I didn't hold out much hope she'd switch over to using Linux (she likes the idea of how secure it is, but is too stubborn/lazy to learn a new OS ), I put it there for the next time some piece of super-malware decides to eat the Windows side of her computer.
  19. To add a more serious comment, Sparda's initial response isn't too far off. Anyone who's had the "pleasure" of dealing with Conficker can tell you...malware is getting smarter and smarter every day. My gf got her laptop blasted by Conficker (she claims innocence, saying it's the fault of her little cousin who she let borrow it when she was visiting family) and I tried everything to get that crap off her machine. I even stooped to the low of calling...................Microsoft Tech Support. And WOW were they dumb! The guy on the other line tries to tell me at first, "Oh, you don't have Conficker." and I yell back, "I can't reach any website remotely related to security, I can't update Windows, I've got some piece of scareware called SpyProtect popping up asking me for $50, and my LAN has slowed to a crawl on account of all the spambot....YES, I have Conficker!!!!!" After hours on the phone with those geniuses and still no relief in site...I booted into the Recovery partition on her laptop and reinstalled Windows......then I left some space on the HDD and installed Ubuntu in case this kind of crap happens again. With the rise of smarter worms like this, and especially newer polymorphic virii, some top-notch security experts like Dan Geer foresee that the future of protecting against malware is going to lie in backups and rapid restores, not in anti-virus and patches. Doubt anti-virus and other removal tools will ever be totally a thing of the past, but I see his point.
  20. Oh COME ON!!! Is no one gonna say it? Well.......alright then.... This is my anti-virus tool!!!!!111111 (j/k, I know that the various *nix OS's aren't an option for everyone, especially those of us in the corporate IT world)
  21. CompTIA certs are nice and cheap...if you have to bite the bullet and pay for Sec+ yourself, but through some miracle get your employer to sign off on CEH....DO IT!!!!!!! I hope both of us have the luck to get our respective companies to pay for it! I've heard some people opine that GPEN (the GIAC Penetration Tester cert) is the superior one...but check any job site for how many employers are asking for CEH vs. how many are seeking GPEN, and there again you have the same situation as I have with Sec+ vs. SSCP. But that's kinda beside the point.....CEH is a good cert, by all accounts I've heard. A cert is only as good as how valuable management-types think it is and how much more they're willing to pay you for having it!
×
×
  • Create New...