lunex

I don't know if there has been a court decision on this or not, but I can not reasonably believe that "wardriving"(i.e. detecting the SSID broadcast) would be prohibited by the wiretapping laws. To be prohibited there would have to be an assumption of privacy, but only a moron would believe their SSID, and everything that goes with it, to be private. On the other-hand, if you had turned off your SSID broadcast, then the police would not even be able to comment at all on the presence of your wireless network. NOTE: I have done precisely zero research on this, and am writing purely from prior experience, and have had no law education.

Too much effort for so little.

Doh! Missed the "per minute" thing. Haven't seen anyone scale transfer speed to the minute before. I'm just going to assume that your network and server is not the point where it needs a major hardware upgrade and just ask about the software you're using. What transport protocol are you using and what software are you using for that protocol. Version may be helpful too.

What he said. My godly new(less then one year old) computer's HDD clocks at about 56MB/s synchronous so unless your server is state of the art or is using RAID strips you're not going to get much faster.

[EDIT]Unless you're board, ignore the rest of this post. It is merely the result of me with a goal and no plan.[/EDIT] The Hak5 community, by definition, has people of widely varying experience. The growth of a community reqires that the more experienced members of the community be willing to help the newer members become more experienced, the new members can then provide back to the community through their experience. Since this community is very technical and has no specialization, it is inevitable that there will be hard questions asked that will not answered unless there is already some one in the community that is knowledgeable on the topic of the question asked. It is therefore also necessary that if a person can not have there question answered that person must know how to do the research necessary to find the answer. It is therefor of my logical conclusion that, for the sake of the growth of the Hak5 community, the Hak5 community provide resources that would in some way aid community members in doing any research and/or development in the event that one of their questions can not be answered. Such resources could include tutorials on effective use of a search engine for any one doing research and links to specialized technical websites for those who would be willing to do development work to make the answers for themselves. Links to resources to educate developers on how to make documentation could also be a worthy addition.

If you could list significant privileges that the SYSTEM account has that someone in the Administrators group doesn't have then I may be bothered to find an easy way to start SYSTEM processes in the current session for you. The only real difference is that SYSTEM is designed for drivers and not so much for user applications.

Best advice ever.

I'm sorry to tell you this but databases need formats and since you don't seem to know what you want to put into the database you don't know the format of the tables you want to have in the database. Even if you had a format in mind telnet is probably not the best way to do it. Databases are most use full when access to them can be automated, and telnet sucks at automation. XML RPC over HTTP would be better for automation. Danbooru/Sagubooru is set up as an image board, and has an open API that allows automated access to the images and the tags and comments associated with them. If you really wanted to be open ended you could just setup an FTP server with anonymous read and write access.

Log into that computer and open the command prompt. Type this into the command prompt: netstat -ao That should give you a list of all active connections and listening ports, and the PID of the process that owns the port. Look for the susspisious port and the PID associated with it. You can then use taskman or some other application that can list active processes to find more info about that processes, such as the process name. Then, you still have to figure out whether the process is malicious. I can't help you there without more information.

I demand a web cam.

Two things: 1) Google Images and Picasa have completely different purposes. 2) Picasa has been around.

I have three issues that are of concern. 1) That document is not targeted to developers and is poorly written for its target audience, any democratic administrative office. It fails to relay any information regarding the security of the clients, the servers, and protocols used. 2) My second concern is in regards to the phrase: This sounds like an innuendo for "This isn't really democracy. Don't concern yourself with the big issues. Vote on these issues instead." Creating individual ballots for each voter would allow the administrative staff to exclude anyone out of any vote for any reason. "You don't get to vote on this bill because you participated in a public protest 12 years ago." 3) If I were to participate in a vote that makes use of this system, and then later use my receipt to check that my vote exists in the voting system, would the existence of that receipt in the voting system ensure that the content of the voting ballot has not be altered?

By deploy do you mean distribute (as in the way the switchblade/hacksaw has been amongst the community) or use maliciously (using the switchblade/hacksaw in an unauthorized situation) (Sorry for the bad word choice) I meant the actual malicious use of the software. Generally the line is drawn at the point of interacting with someone else's machine in a way they don't want you to. That even goes beyond the use of viruses and can even include browsing a website in a way that the owner doesn't want. The example I got was "intentionally leaving required form fields blank."

I tell the computer to allow remote logins.. I guess thats more under the novell problem though. How would one go about settong privilages? If it is someone else's computer then ask them to give you the remote log on privilege. If it is your own computer and you're using *NIX then you'll have to look it up in the documentation as every one has their own way of doing it. If it is your own computer and you're using Windows then take a look in the System Properties window for some Remote Desktop settings.

I immediately thought you meant Final Fantasy.

DISCLAIMER: I'm not a lawyer. STATEMENT: My interpretation of US law on the topic of malware is that it is not illegal to develop any particular form of software. However, digital vandalism is considered illegal. So if you do create a virus/worm/trojin/etc... you haven't done anything illegal yet. Once you deploy the malware, then you have committed a felony.

You seem to be new to using forums so I'll give you a tip. Limit your self to one concise question per thread. That makes your post much easier to read, and clarifies the intent of the thread. You may otherwise want to use paragraphs. This is due to group policy settings. You can do this only with computers that the network administrators give you the remote log on privilage.

Fixed for common sense.

This post is 100% correct. This is incorrect. Symptoms from malware can surface without being infected, simply by being on the same network as an infected computer. e.g. blaster, or the attack that I mentioned in my last post. Additionally, some malware, particularly worms, do not have symptoms. You must actively look for such infections on a case by case basis. Unfortunately, you don't get to know what case it is beforehand. All posts by the OP in this thread would indicate to me that he/she is running a poorly defended machine on a network that has one or more compromised computers. lol @ the pun Has anyone else noticed that the OP stopped posting without stating that the issue has been resolved?

And thusly we have established that "hide known extensions" === "user is an idiot"

I think I remember reading a messages like that when I was reading packets out of the storm using Ethereal. Once upon a time I used Ethereal to read some of the random packets that get thrown across the internet and I had seen some packets that resembled packets used by Windows Alerting Service, but such things should not be transmitted across the internet. Only older operating systems would display those messages. New OSs generally come with adequate fire walling to prevent cheep exploits like this. An older OS like Win 95 or Win 98 that is connected directly to the internet would do exactly what you're describing. The messages usually claim that a registry fix would make the messages go away. This may be true, but a better fix would be to get your machine updated to a more recent OS and set up a firewall. I suggest not going to any web site stated in one of those popups as that would open you up to even worse exploits. If you are using anything older than Windows 2000, as I suspect, then I'd have to suggest getting an upgrade. In the case that you're running XP SP2 then ignore this message as XP SP2's defaults, with the affected service disabled and the associated port blocked, should make it impermeable to that exploit. Oh, and don't delete csrss.exe or you may kill your machine.

Yes, that would be why I'm not taking that list as being canon. Thanks for pointing out the absence of xhtml and png. I might have missed that if I would have done a copy and paste. I noticed that bas, c, and h are listed as text/plain. This seems rather odd to me. Having those as text would mean that people would read that source code in their web browser. Does anyone even distribute code in this way? Wouldn't it be easier to distribute code in an archive? Even if you, when browsing, had to obtain code as individual files, wouldn't you expect your web browser to save the file to disk(i.e. use application/octet-stream)? Or can anyone give me a valid reason to have source code files reported as text/plain?

I'm currently developing a web server library and one component that is used to serve static content off of a local disk uses a hash table to resolve generic file types to a Content-Type. It's also possible to setup this component to override this hash table, however the override table uses regular expressions, and will thusly be much less efficient than the generic table. So I want the hash table with generic content types to be very complete so as to help prevent the need to create overrides. I found a MIME reference at w3schools: http://www.w3schools.com/media/media_mimeref.asp I'm just asking for suggestions to augment that list, such as: any entries that could use a better supported content type, any additional entries that may be of use, and any entries that would never be used and could be removed. Note that this only applies to static content on disk, and the hash table only does matching to the file extension.

There is actually a setting for this exploit. To turn off this exploit open the Internet Options dialog, switch to the Security tab, click Custom Level for the Internet zone, scroll down until you see the option labeled "Open files based on content, not file extension", and disable that option. "file extension" is no doubt a misnomer referring to the Content-Type reported by the http server. This option is for some reason enabled by default in the Internet, Local Intranet, and Trusted Sites zones. Could anyone create a payload that, when executed, would disable this exploit?

That machine is in serious danger! Backup all user files. Then, insert the Vista repair disk and do format and a clean reinstall. OEM installations are always crap, no exceptions.