Infiltrator
-
Posts
4,287 -
Joined
-
Last visited
-
Days Won
22
Posts posted by Infiltrator
-
-
P.S i understand the whole concept of the "yes man" thing, like how it becomes the access point for all devices trying to connect to the internet, but i mean like, what can you do once they connect to the wifi via your pineapple? thanks!
The whole purpose of the WIFI Pineapple is to make users aware of the dangers of connecting to an open/unencrypted WIFI connection. Once the victim connects to it, the attacker operating the device, can remotely do all sorts of malicious things.
For example, the attacker can monitor your traffic and in real time he can see what sites you visit, what information you enter on the websites. He could redirect your from a legit website (Facebook.com) to a fake Facebook website and harverst all your login credentials without you knowning.
All these would be happening transparently on the background. The best way to avoid being a victim, of such attack is to never connect to an unencrypted/open WIFI, always use secure connections, like HTTP(s), VPN or SSH. These will reduce the chances of the attacker sniffing your traffic.
-
-
That's weird, so its connected, it's getting a valid IP address, but not connecting to the internet.
What happens when you try pinging google.com, or your default gateway? Does it work at all?
-
I would certainly recommend Avast, it does a pretty well job in securing your computer from threats. I use the paid version of Avast, which comes with more security features, such as the ability to run applications in a sandbox environment, a built in firewall, the keeps a close eye on the outbound and inbound connections your computer makes. If you can't aford the paid version, the Free version will still do a very good job.
Secondly, i would stop using XP altogether and upgrade to Windows 7 for security reasons. DO NOT log into your computer using administrator account, this will limit the damages a virus infection will do to your system. Keep your system and third party applications, up to date, again this is very important as it will prevent virus/malware from exploiting your system and gaining access.
I would turn off services that are not required by you, this will limit your threat surface and make your system more secure. The other thing you could look at as well is installing a Firewall, such as Comodo.
-
I did a bit of research into resetting the BIOS password for Thinkpad laptops and believe it or not, all articles that I found suggest, either contacting IBM to reset it for you, or going the old school hacking way.
http://sodoityourself.com/hacking-ibm-thinkpad-bios-password/
-
Users who are less educated on the subject, will perceive a hacker, as a criminal or someone who's intetions and motives are the same as a blackhat hacker. On the other hand, users who are educated and understand well what the term "hacker" means, will perceive it in a different way.
We can go on and go about this, but in the end if the person is not willing to learn or accept the differences its gonna be a waste of time.
-
Wow really, you really want to use them after they keep all the logs on everything that you do.....i use them for 2 hours, after that i requested my money back....THEY TRACK EVERYTHING
No really worth, if you are using their services to do illegal things. Nvpn seems to be a good option, they don't seem to keep any logs at all.
-
Yes there is a way to get around that, but it involves getting your hands dirty. You will need to get to the motherboard and remove the CMOS battery from its socket. Make sure the battery pack and the AC adapter is disconnected, or you could run the risk of damaging the components on the motherboard while powered on.
-
OpenPGP (which is PGP and GnuPG) is pretty much the gold standard for email encryption. It can be used for file encryption as well, though TrueCrypt is becoming a bit more popular for that.
In addition to public-key cryptography, GnuPG also implements a number of symmetric algorithms. I get the feeling that Darren is working up to covering PGP and GnuPG in a future episode.
It would be a great episode to watch, no doubt about it.
-
I'd forgotten about all the goodies that come with a QNAP. As you say though, they're not cheap! I'll put this into the equation but suspect that the cost will rule it out.
These are great units to have at home or in your business, but the price is the big player in this game. I am planning on buying one of those, to store my terabytes of movie and music collection. But will only be able to afford the unit first then the hard drives.
The unit itself is like in the range of $500 to $2000 dollars, the hard drivers on the other hand, is $300 dollars each, depending on how many hard drives the NAS unit itself hold. It's gonna be a huge investment.
-
More than anythign though, I think people just want simplicity, and I think if that is the key ingredient to the program, you have a winner, hands down. Especially if GPU based cracking comes into play, because right now, there aren't a whole lot of crackers that both use GPU and are easy to learn/use. Don't get me wrong, oclHashCat is a great program, but its also friggin HUGE once unzipped, and not like you are going to be carrying it with you on your thumb drive to every job(although thumbdrive are fairly cheap these days).
So if you can 1 - keep it simple, 2 - implement GPU+CPU cracking on the go, and 3 - keep the file size down, while being cross platform, you got yourself a good starting point for a long term project that could grow beyond simple password safe cracking.
Well said, and if the OP's tool can do a better job why not. I personally used many different password cracking tools, one of them being the Cuda Multiforce, due to its simplicity and support for Cuda. I know the oclHashCat supports both CUDA and ATI graphics cards, and its one of the fastest cracking password tool out there, however it can be very confusing and sometimes frastrating to use, not that I can't use it, but as Digip pointed out being easy to use and to learn is very important for the end users, if they can't get something to work because of its complexity, or lack of instructions they gonna look else where.
The oclHashCat has many different features, which makes it the swiss army knife for security professionals and pen-testers, even though they do have an online wiki detailing, what each feature does and how to use them, I belive they could've done a better job in terms of keeping it simpler and less confusing with the commands. Furthermore, I belive BitWeasel has done an amazing job with his Cuda Multiforcer, he has kept it as simple as possible, the commands are very easy to use and remember and the tool works without much hicups.
-
By the sound of your description, what you need is a captitive portal. There are open sources solutions like Pfsense or Untangle, they are Linux firewall distros, that offers this functionality you are after.
-
Sorry Inflitrator i ment file and email encryption not whole disk encryption...
i haven't used this one before, but apparently is really good.
http://www.axantum.com/axcrypt/
Here are some of the features:
Password Protect any number of files using strong encryption.
Right-click integration with Windows Explorer makes AxCrypt the easiest way to encrypt individual files in Windows.
Double-click integration makes it as easy to open, edit and save protected files as it is to work with unprotected files.
Many additional features, but no configuration required. Just install it and use it.
AxCrypt encrypts files that are safely and easily sent to other users via e-mail or any other means. Self-decrypting files are also supported, removing the need to install AxCrypt to decrypt.
AxCrypt is translated into English, Danish, Dutch, French, German, Hungarian, Italian, Norwegian, Russian, Polish, Spanish and Swedish so chances are it speaks your preferred language.
-
This may be an overlooked thing. But make sure open-relay is disabled on your mail server.
Good point, but if the mail server has indeed been compromised, the attackers could have enabled "open relay".
-
That said, GnuPG is pretty trusted.
That's what I use sometimes, but since the op hasn't responded to my question, I couldn't suggest it.
-
Are you referring to full disk encryption, or things like email encryption, files encryption and stuff like that.
-
Not trying to discourage you, but trying to spam back the spammer is not going to help you much. As stated above, spams are forged, if you try sending emails back to those addresses, they will return to your inbox, with a "delivery notification error" and the only way to keep them out of your inbox is with a good spam filter.
I run my own mail server at home, and use SPF police to only receive emails from trusted domains, I have specified in my whitelist. Any domain that is not in the whitelist will automatically be blocked. I've also configured my mail server, to stop responding to any abusing IP address.
Edit: If you are not happy with the spam, consider migrating to a better email service, Gmail would be a nice one.
-
You could also look into the QNAP NASes, they offer a varity of services such as webserver, mysql, video and photo streaming. And there is no app nstallation required, it all comes in a single UNIT. However there's a bit of configuration required before you can get it to work.
On the other hand, since it's a NAS device, it provides you with Backup and data protection solutions, like RAID and the ability to backup to a remote site or a similar nas device.
The only downside is that they are not cheap, but they are great NAS devices to have in your business.
-
Thanks for the information Digip, will keep it in mind if I come across it.
-
There's a possibility your mail server could be infected, I'd also look into enabling SPF in your mail server to prevent further spamming.
-
Have a look under the /var/httpd/logs, I believe.
-
A lot is going on, but its all for a good cause. Keep up the good work Darren.
-
Permissions problem in deed, are /tftpboot and pxelinux.0 world readable?
Edit: Take a look at this article, it might solve your problem, http://serverfault.com/questions/280537/how-to-chroot-the-tftp-service
-
What audio streaming application are you using?
Security Setup?
in Security
Posted
I would suggest getting yourself familiar with each term and what each does, they can get quite overwhelming sometimes.
A firewall, is a very important piece of software or hardware, it helps stop known attacks from getting into your computer. Most importantly, it helps you manage what applications are allowed to access the internet or not. Firewalls uses rules to determine what traffic can be let in or out.
An AV Scanner or an Antvirus, helps detect and delete virus/works/malwares from infecting your computer, in the first place.
Spyware Removal, its a tool that helps identify small piece of software designed to steal information from your computer.