Jump to content


Dedicated Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Garda

  1. Funny; title says parent, grammar says 13-yo.
  2. Is this packet type often used for MITM attacks? I may not have a good understanding of the protocol, but what stops someone sending one of these to anybody they want, then redirecting traffic to somewhere they can sniff?
  3. There is this presentation which does essentially that. Unfortunately it seems whoever the presenter is he hasn't gone anywhere with the technology. It's an interesting concept and I'm absolutely sure commonly used by people that aren't mentioning it to anyone. Probably healthy to leave your phone in aeroplane mode whenever you can.
  4. https://wiki.python.org/moin/Pyarmor
  5. > Under the new rules, cars will also be fitted with compulsory data recorders, or "black boxes". I just don't see this playing out as a system that automatically controls your car's speed. No government wants that. There is just too much revenue collected from speeding fines. Instead, a government wants to be able to record where you were at every moment in a completely opaque black box. Then, whenever you come in for a service just download your driving habits and fine you for each time you sped. Much easier than installing cameras all over the place and only getting you on rare occasions. No government wants to help you automatically stay within the speed limit. There is not a government in the world that wants to shoot itself in the foot and dry up all it's revenues.
  6. Hi, The best way to get a response if you need help is to ask specific questions regarding the particular issue you have.
  7. Sorry if this seems too critical or is too much, but a few quick points: Personally, I wouldn't use "from module import *" if I'm just using a single class, once. If anything, you can "from irc import IRC", which would work in just the same way. In fact, what I would do is "import irc" then use "irc.IRC()". Having those namespaces can be useful when you are using more modules. I noticed a lot of try: except:. You probably can do this in a better way. I haven't looked too closely, but it looks like your error is an index error for a list/tuple. I'm not sure what your algorithm is, but you almost certainly can do it in a way that is more elegant. You should delete irc2.py. I think you're not even using it at all. I'm confused on why this line even exists when you have this one when the class is instantiated. IIRC Django has a settings.py from which variables are collected. I personally use a dictionary which I import for my settings. That way your settings are separated from your initialisation script. This line will always return, no matter what. I don't think the "while 1:" changes anything at all. The way I design a module is have all of the global variables at the very top (basically everything up to the art), then functions, then code underneath a "if __name__ == '__main__':". That is even if I'm not using the muliprocess module. Don't be ever ashamed to post work, you needn't call it dyslexic. I think it's generally good, with just a few rough edges. How long have you been using Python?
  8. I haven't seen this yet. The trailer is here. From what I can see it looks a little cheesy. Mac is a cliché action hero whereas RDA was more humble and I think it worked better. That's why using his smarts made sense and fit into the character. Will have to wait and see after I have watched it though.
  9. Has anyone heard of this show? The promotional page here is also kind of cool, IMO. I think it fits with the usual audience here.
  10. There's something I don't really get about this. In the Samsung case it's a little different because they're taking audio and it's leaving your TV to the Internet, but when the Xbox one was supposed to always be listening people got really freaked out about spying. I don't see this as any different to any microphone connected to software. Everybody with a mobile phone is taking it on faith that the software in the phone isn't switching on the mic and sending that away or doing something nasty. Similarly, the xbox one is listening, but you're taking it on faith that it's not doing anything nasty once it is. In both cases it's the same faith in software that you're hoping isn't going to do anything nasty, but people feel really uncomfortable about some things and very accepting about others.
  11. Garda


    Hi, Does anyone have any experience with these? I have been told that it's a good idea to get a cheaper ~$50 one to practice my piloting. I expect that I will probably be terrible and crash it often. Is it as fun as I imagine it will be?
  12. Not entirely relevant, but I have noticed that people will *almost always* click on links. It's a weird fetish the computer using world has. If you want to mask something, use a URL shortener first. Most of the shortening services offer a simple http based API, if you need it to be automated.
  13. I just recently bought a laptop. I wanted a large one that I could work on, so got a 15.6'' Asus. I can't remember the brand name, but it's part of their "ultrabook" (but not nearly as nice as the macbook air) series. It has an SD card reader, i5 processor and 4GB of RAM, 3 hours of battery at regular use (this is my experience, rather than the 5.5 promised). Debian installs without problems and all of the hardware works without any issues. For what you want, I don't think you need to get anything better than what I described above. Perhaps get one of the alternatives with a proper video card, rather than the Intel HD graphics (which is pretty terrible for any "real" games) if games are important to you. If you're just studying and expect to graduate and have a real job in the near future, I think it makes even more sense to get something cheaper.
  14. I have been using 7zip and Winzip recently. Neither however perfectly hits the spot in terms of what I want from a file compression tool. I would like: Something where I can compress/decompress on both Windows and Linux. .zip files are OK for that. Random access. .7z files do not allow this, so if you have a really big archive, it has to look through serially to find the one file you want to extract. LZMA and PPMD. Both Winzip and 7zip support compression and decompression of these. 7zip is no longer being maintained and I'm concerned that all of my .zipx archives will be inaccessible to me one day when I don't have Winzip available to me. Otherwise, the format works great! What tool do you normally use?
  15. What do you mean by "software composing"?
  16. Garda

    Fun with Shodan

    Thanks, I also found the relevant RFC is RFC2616 and http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html'>Section 9 is the one that lists all of the request types. However, all I wanted was just enough to get the server to give me its headers. I found this Firefox addon listing headers as you visit a webpage, which I think can be quite useful.
  17. I don't disagree with Sitwon in anything that he said. My point was more about how I feel personally. I find got to be a bit unclear since I don't now it all that well. I try to be very clear about what I am commuting each time and what exactly is getting pushed out. One of the problems, and it's something similar to Wikipedia, that being that even if the current head doesn't have something sensitive, it doesn't mean it's not in the history somewhere. Not really a criticism of the tool as much as just me personally that I don't 100% trust myself not to stuff it up. Edit: typo
  18. Garda

    Fun with Shodan

    What is of interest here is the name of the server and the version. Searching on Shodan for the string "hfs 2.2f 200" gives all the open HFS servers on the Internet. There is even an API (I used Python, but there are other languages). The following will give back the same search but output it to output.txt. (You need to get an API key and download the Python module "pip install shodan" run as root was enough for me. #!/usr/bin/env python from shodan import WebAPI apiKey = "" api = WebAPI(apiKey) try: allIP = [] # Search shodan results = api.search("hfs 2.2f 200") for result in results["matches"]: allIP.append(result["ip"]) f = open("output.txt", "w") for anIP in allIP: f.write("%s\n" % anIP) f.close() #print allIP except Exception, e: print "Error:", e
  19. Garda

    Fun with Shodan

    I have been having a bit of fun with the search engine [url"http://www.shodanhq.com]Shodan[/url]. It was mentioned in this episode of Hak5 and in a few old discussions in these forums. Unlike other search engines it indexes technical information about services that run on the Internet. For example, it lets you search by web server type, or by strings in the headers sent when sessions are initiated. For example, I was kind of interested to know if there are a lot of people with Internet facing instances of the http://www.rejetto.com/hfs/'>HFS web server. If you access a web server via telnet and ask for /index.html (I'm not 100% sure what the proper http command is to get the root web page, I need to look it up), you get a few http headers and then the start of the 404 error page. (see below) garda@localhost:~$ telnet localhost 8080 Trying Connected to localhost. Escape character is '^]'. GET /index.html HTTP/1.1 404 Not Found Content-Type: text/html Accept-Ranges: bytes Server: HFS 2.2f <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <style>
  20. The https://www.grc.com/x/ne.dll?bh0bkyd2'>shields up utility on GRC just added a scan for this every UPnP vulnerability. To check your router, go to the link while within your network, click proceed, then click on the big gold button (you can't miss it) to check if your router is vulnerable.
  21. Whenever I push something back up to Github there's always that awkward feeling that I may have just posted something I wasn't supposed to. The tool is automated and complicated, which in my opinion is the perfect combination for things to go wrong.
  22. In my opinion, you should never pay for books to learn programming languages. Perhaps if you want something in dead tree format (which is basically the reason why I have certain textbooks on my bookshelf even though I have equally good documents in .pdf), otherwise there is no reason to buy anything if you want to learn a language. That is especially the case for Python (which I can say from experience) and probably also for Matlab. The secret to learning these things is unfortunately time spent using the language to develop something. I recommended this book a few days ago because I like the guy who wrote it (that is, I like the things he writes, don't know him personally) http://www.greenteapress.com/thinkpython/ Otherwise, the documentation on the Python website is excellent and all the other help you might need is available in irc://irc.freenode.net/#python (registered Nick required). The people there are excellent and unbelievably patient.
  23. This guy sounds a little obnoxious, but his presentation on Powershell is pretty good. It assumes no prior knowledge of powershell. [4 hours]
  24. Steve Gibson is going to have a look at how they have done security on the next security now (he promised to do so on the last one). I'm looking forward to see what he has to say. This seems to have the potential to be a really great service. Assuming that the guy who runs it is really interested in privacy, it would be great to have something where users are in control of security, where he follows Steve Gibson's "trust no one" approach (rather than someone like the US phone companies or Myspace/Facebook who are proactive at giving the US government user's personal information), and that's really huge and free. They have posted https://mega.co.nz/#blog_3'>a response to some of the criticisms. From what I can tell it in fact looks pretty good. I think the way it works, (and I'm just reading through their blog and some other sites) is that there is a master key that sits on their server, but which is encrypted with a key that only the user has. The one problem identified is that assuming your connection to Mega is secure, Mega would be able to get to your master key if they sent you compromised javascript from their server which reported back to Mega once you gave it your personal key to unlock the master key. I don't think that is too big a deal, but assuming that you can also access your files through a public API and a 3rd party app that you trust, it's probably not a problem (that is if you don't want to trust Mega). That being said, it would probably be best to get the opinion of somebody who has spent more time on this than I have.
  • Create New...