burn

Why don't you try it? Instead of assuming that Windows is vulnerable to someone pretending to be updates.microsoft.com, do it and let us know what you find. Anyone can speculate and spread FUD around all day long, but until it's actually proven then I don't think your rant has any real substance to it. It should be fairly simple to prove. Take another box on your network and use it to arp spoof your Windows box and your gateway. Use this second box to forward all updates.microsoft.com traffic to itself. You'll need to do a little packet sniffing to find the location Windows looks for the updates and what filenames it's looking for. Once you find that, create yourself a non-malicious binary (it will have to be something that installs with no dialog boxes (next,next,finish), or use an MSI file you've created) and let Windows Update download and install it. If your new program is installed then you've got some proof that Microsoft is lame and that anyone with enough bots in their network can own pretty much everyone on the 2nd Tuesday of every month. I would like to assume that Microsoft is smarter than that and that they've programmed some checks in their updates, but you really never know. There are some companies out there doing some pretty stupid stuff. I, for one, am very interested in what you find out with this. Hopefully you'll continue your research and won't stop at just speculation. Or maybe someone else has already done it and a simple Google search will find all you need. Either way, let us know what you find.

cs:s x-moto - fun little game when I'm bored of cs:s fear - decent game but free online version sucks

glitch shadow something or other pauldotcom.com has a few video sessions of their podcasts I don't think there's too many of them.

It really depends on what you want to do. Do you want to program? Then get a Computer Science degree. Do you want to be a network/systems administrator? Then skip school and get a few certifications. However, certifications won't get you in the door at most places but they will help keep you there. Degrees are very important. They're stupid and a waste of time and money but if you don't have one then a lot of places won't even consider you. It's stupid but that's big business for you. A lot about jobs isn't what you know, but who you know. The majority of my jobs have been from friends referrals or people I've socialized with in the past. I went to high school with my current boss which is how I got the job I have now, which is being a network/security admin for a small firm of about 150 desktops and about 30 Windows 2000/Linux/FreeBSD/AIX servers. The only place you'll be able to work when you're first starting out is a helpdesk position. I started out doing dialup ISP support at an outsourcing company. It sucked but it lead to much bigger and better things. The best thing you can do for yourself is find what you're interested in, whether it's programming (C, C++, Ruby, PHP, Visual Basic ...etc), network admin (Cisco, routing, switching, firewalls, windows servers/workstations) security (protocols, hacking, reverse engineering code) and going with it. It's rather difficult to be good at more than one area since each area takes quite a bit of knowledge. Oh, and don't be scared to move unless you live in a big city. Don't let Mom and Dad hold you back because they don't want to see you grow up.

Here's a good tutorial for cracking WEP with Windows. You should take the time to read the entire thread because there's a lot of good information in there and it will teach you a lot about this subject. http://www.tazforum.thetazzone.com/viewtopic.php?t=2069. There is a part 2 if you look through the tutorials section but all of the meat is in part 1. However, if you're looking to crack WEP, you'll need to get your hands on a Linux tutorial so you'll have access to applications that support packet injection. Comm View is the only Windows app so far that supports it but it's not free.

nice. rss2festival :) Or get one that you can upload mp3's to. Does iPod make hearing aids? :)

I guess the next logical acknowledgment would be that I n+1th it. and c'mon with the spelling ... there's a spell checker built into Firefox2 for Pete's sake! And to whoever has the avater with the floppy cutting the dummy's head off ... nice! (I can't see avatars from the reply screen so I don't know who it belongs to from here)

There is a DLink model that has a DHCP bug. If I remember correctly, basically you attack the router's DHCP mechanism in such a way that when the router is rebooted it's returned to factory default. You can try looking at the exploits over at milw0rm.com for d-links, but they don't seem to have the exploit for my 614+ model with the dhcp bug. Here is it: http://www.governmentsecurity.org/archive/t9628.html However, it required the admin to login to finish installing the payload you sent. Or, you could get your own router which would solve your problem without all the fuss. Just unplug his from the wall and plug yours in. That seems like the easiest way to solve your problem.

I'm almost positive a cross-over cable won't work as a serial cable. However, you can probably create your with a diagram and, some rj-45 ends, and a crimper (though buying all of those parts will be expensive) and then build the rj-45 to 9-pin serial adapter from radio shack parts. You need a serial cable, though, and it's handy to have more than one. Do you have a computer shop in your area that you can buy one from? You might even be able to get a free one from one of those mom-and-pop shops.

I did a google search for 2948g manual and got this link: http://www.cisco.com/application/pdf/en/us...a0080122191.pdf It seems to be what you need. It's 588 pages long and covers the specific model number of your switch. As for managing the device, have you tried connecting a console cable to the thing and managing it with either minicom or hyperterm. I'm going to guess that you're a linux guy by your handle, so I'll throw a bit of experience at you - I can never get a cisco device to work with minicom unless I create an rc file and open minicom with that file. Maybe I'm a loser, but that's the only way it works for me. For example: cat /etc/minicom/minirc.cisco # Machine-generated file - use "minicom -s" to change parameters. pu port /dev/ttyS0 pu baudrate 9600 pu bits 8 pu parity N pu stopbits 1 Don't worry with the machine generated bullcrap, just copy and paste that into /etc/minicom/minirc.cisco (as root). Then open minicom like this (as root) minicom cisco Works every time for me. If you find that your switch uses different settings, edit that file manually (or with minicom -s) and start minicom again. Don't waste your time hanging up and reconnecting within minicom. Have I said minicom enough? :) Hope that helps and I hope that document helps you. If you've been searching for hours you've probably already ran across it, though. [edit] Something else I just thought of, minicom and screen both use CTRL-A as their control keys so you're going to screw yourself if you open minicom in a screen window. Create yourself a bash alias like this in your .bashrc and root's. cat .bashrc | grep minicom alias minicom='minicom -m' make sure you run: source ~/.bashrc as root (and your normal user) to activate the changes. I'm sure there's a way to run minicom as a normal user but I've never taken the time to figure it out.

I like the simplicity of Notepad, myself, though others prefer Firefox.

Ok, so I feel retarded. I knew that LM hashes were split up into two 7 character chunks, but I had no idea that a 7 character rainbow table would be able to crack the chunks independently. I guess I never put that much thought in it. And just so I have my math right, it's 15 or more character passwords that MS won't create an LM hash for, right? Not 13 like I said previously (what was I thinking?). Thanks for the clarification!

How can you say your tables will crack 100% of the passwords you're going to be getting when you're limiting your tables to 8 characters? Shouldn't you be generating tables that will crack up to 13 character passwords since that's the limit Microsoft puts on the LM cache?

I know what I'm going to be doing tonight.

It sounds like we all need decoder rings for Christmas! So far the only thing I'm really wanting for Christmas is an mp3 player. I've heard that the Zune is highly overrated, and the iPod, well, it's an iPod. I think the trend for iPod's has worn off and I would really like to be able to watch movies on the go. I despise all things trendy so I've always had a hatred for the iPod. I currently have a 1gb iRiver and have loved it. I've had it for a little over a year now (when 1gb was a lot) but I seem to be sharing it with everyone in the family so my little portion of it doesn't hold much. :cry: What's everyone's thoughts on the 80gb video iPod? Is it worth it or should I look at other devices? (nokia 770 perhaps?)

You're only going to be 1337 once??? Might want to take a screenshot of that!!

w00t! source code is always nice :P

I like how the font changes in the middle of the email, then changes back. I bet it came in as an image, too, and not actual text like a normal email would have.

Awesome, thanks for the post! I'm definitely going to be doing this to my key.

Yeah, the -r flag is for read-only so you won't accidentally write to the NTFS partition.

Really, though, spelling is so overrated. I mean, you know what the person meant regardless of how they spelled it. Like in your example, you can tell what Kateweb is asking. However, I think Firefox 2 would explode if she tried to use it. :)

You can also find your Windows mount points this way: dmesg | grep hd Then, as root, create a directory you want to use when accessing your Windows files, like Sparda recommended. mkdir /mnt/windows or mkdir /media/windows Then, again as root, mount the partition (assuming your Windows partition is /dev/hda1). mount /dev/hda1 /mnt/windows As far as I know, writing to an NTFS partition is still considered experimental in Linux so if you don't want to take any chances with writing to, and potentially corrupting, your Windows parition you'll want to use the -r flag in your mount statement.

Why are the names different on the email? The first sentence says Jason Milworth while the signature says Jason Milworm.

Since you brought it up, it's spelled 'does', not 'dose". :D

A binary clock ... sweet. I've looking now for one.