Infiltrator

In Chrome you can add an exception to block or allow Javascript from loading. Furthermore if you decide to block Javascript altogether, and you visit a website that uses Javascript on the far end at the right hand side of the address bar Chrome will display an X option, that allows you do enable or disable Javascript. So far it works well and have only allowed a few websites.

Agree with Digip, you should always take pre-cautions when uploading any personal information to third party services. Its not because they claim their system is 100% secure that you should trust their word entirely. Dropbox is still a very good service for storing information or data on a short term, but as an end user you need to be aware of its weaknesses too. Encrypting your information is a must before it leaves your computer. That's the only security guarantee you will have if it falls on the wrong hands.

Another way to test how secure your password really is by brute forcing it with HashCat or looking up your hash on the internet as Digip suggested before.

It doesn't really matter if the password is generated on your end or their end. One way or the other, they need to know who you are before you can login. Even though they don't know what your original password is, they have what's called a "digital finger print" or a hash of your original password. Which looks something like the one below. 5f4dcc3b5aa765d61d8327deb882cf99 When you create your password on your computer, their encryption algorithm will generate a hash of your password and upload it to their servers. To prevent an attacker from sniffing that hash, they use HTTPS on their website to secure the communication between your PC and their servers. However if an attacker really wants to steal that hash of yours, he/she will need to find other ways to break into the system. Such as exploiting services or vulnerabilities in their software in order to gain access to the system.

There is an add-on you can install in Firefox that disables all scripts on a page. Its called noScript. Alternatively, if you need to copy some text from the site just highlight and use Ctrl+C to copy the text. To copy an image, you could also dig into the source code and try locating the image URL.

Interesting, do you know if your "vpntunnel.se" has a dynamic or static ip address? If it has a static ip address, than it won't do much good for you. One way to find out if the ip address of your "vpntunnel.se" changes, is by pointing your browser to this address http://ipchicken.com/. If it shows a different IP address everytime you visit this site "http://ipchicken.com/" then its dynamic, if not static. And that's why Google is asking you to verify your identity.

MIMO stands for multiple input and multiple out, its a technology that makes use of multiple antennas at both the transmitter and receiver to improve communication performance. Furthermore it significantly increase the data throughput and link range without additional bandwidth or transmit power. You won't really need MIMO when performing wireless pen-testing. Its mainly used for transferring large files from one computer to another or for watching HD movies. And not many wireless routers/AP support MIMO so its just something to keep in mind too. That's a good question, since I haven't used a dual band wireless adapter before, I can't give you an answer on that. But I'm guessing if the adapter is not authenticated to the AP it should be able to monitor both bands simultaneously, or at least passively monitor the wireless traffic. Yes, a 2 watts antenna has more power than a 500 milliwatts antenna. It offers better coverage when pen-testing from a distance. For instance, you could be from a few hundred meters to a few KMs away from the access point and still be able to see it.

What a coincident the other day I watched a documentary on BBC about Cyber War threats. The US Department of Defense in particular have personnel staffs trained to spot backdoor software built into their hardware that comes pre-assembled from China. And amazingly enough, they have found quite a few of their hardware bugged. Now here is something that organisations could do and train their IT staffs for. It may not be of a concert for some but its a prof of concept that should not be disregarded.

Hey Team, Just out of curiosity has anyone played with this unit at all? I'm thinking on buying one but not sure how well it will perform. So hope anyone in here has experimented with it and could give me some feedback. http://www.alfa.com.tw/in/front/bin/ptdetail.phtml?Part=R36&Category=105501 Thank you in advance.

If I am not wrong, I think its an Alfa AWUS036H http://www.alfa.com.tw/in/front/bin/ptdetail.phtml?Part=AWUS036H&Category=105463

When you mean different IP address, do you mean different private IP or public IP? By the way, the same has happened to me before, so you will need to either use a proxy to change your IP address or do the extra verification via the phone.

No body would suspect a thing. Very clever idea.

According to the specifications on the website, it operates on both bands 2.4 and 5.8Ghz. But you can only operate one band at the time. If you want to deauth both 2.4 and 5.8 bands simultaneously you will need two separate adapters.

I'm with Digip, it would be a waste of resources (money, electricity) to build a cluster of computers based on CPUs. If I were you I would invest into a couple of Nvidia's graphics cards. To give you an idea a single GTX 460 card contains a total of 480 CUDA codes, that's like having a few hundred computers in a room, wasting huge amounts of electricity. All you need is an application that supports Cuda or OpenCL, to take advantage of all this power.

Agree, it can crack up to 14 characters with no issues, but don't expect the rainbow tables size to be small. For instance a table with the following charset, would be around 36.4GB in size. Plus generating a rainbow table this size would take some time, in addition it can only crack up to 7 characters, which would be ineffective if the OP's password is over 7 characters long and contains certain special characters. Charset: 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ (including the space character)

There is also Ophcrack that you could try. But if your password is longer than 8 characters and contains special characters, then it would be useless.

Just get a replacement, that should resolve all the problems you have. If it was a minor thing, I would send it in for service but that's not the case.

Its just another way to manage or configure them, instead of using a web-based interface you generally use a command line interface and that's why a serial cable is required.

You could install Windows XP on a virtual environment, using Vmware or Virtual box. Or add a second hard drive to your computer and install Windows XP in it, so that way you don't have to worry about space or re-sizing partition.

Just buy two separate adapters that can operate on each corresponding band. It will be a lot easier.

Sorry I meant symmetric DSL!

Those links Mr-Protocol sent you are very good, however you can always set up your own Virtual Machines or Metasploitable using MVware or VirtualBox. And this is what I do at my virtual lab, I run some instances of Win 7 and XP with some apps and services installed then I use Metasploit to try and break into one of them. Also if you haven't experimented with Metasploit yet, I would encourage you to go and visit securitytube.net, they have plenty of demos including a very well structured tutorial on Metasploit published by Vikiv.

You can have what is called a dual screen set up. The first screen displays your desktop icons and the second is an extension to it. Follow this article, it should be straight forward. http://support.microsoft.com/kb/976064

Have you tried using SUDO? Edit: Try this tutorial, http://www.osix.net/modules/article/index.php?id=455

Ohh my bad, it shouldn't be hard at all. Provided you have a VPS or a server running SSH, it should be a straight forward set up without any complication. I found this youtube video that walks through the process of setting up a DNS Tunneling http://www.youtube.com/watch?v=ke0cFcPJUOc&feature=related