ben
-
Posts
65 -
Joined
-
Last visited
Posts posted by ben
-
-
Are those before and after makeup pictures??
j/k
-
It really depends on what you want to learn. I started going to a university with a computer science major. I then decided that I wanted to do a computer science major with a computer networking minor. After getting into Comp. Sci. a bit further I decided that I wasn't a major coder. I enjoy smaller projects and some of the design, but not the coding so I changed to a Comp. Networking major with a Comp. Sci. minor and that's what I graduated with.
The biggest thing I could say is go to college of some kind. While at college try to get some kind of tech job. Any experience you can get would be great.
Ben
-
That is more or less what no-ip.com does. My problem is that I want to KEEP wildandbad.com as my domain name.
Since I control the Name Servers for it I can direct it to any IP address, but I can't direct it to any port.
All of these redirect services are NAME based, not IP based.
I WANT an ip-based port redirect.
I'm confused, with zoneedit you would be able to keep whatever domain name you want.
If what you're asking for is a user to type http://www.wildandbad.com but be pointed to your server at a specific port then you're asking for something that can't be done. The "http" controls the default port for your browser. Unless you want to change what the user's services file sets the default port for http to use you won't be able to have them go to http://www.wildandbad.com but point to http://yourip:8080, it just won't work.
Sorry.
Ben
-
I'm going to go against most of you and say that you can't tell if someone is a hacker by what programs they use.
Just because they use sub7 doesn't mean they are a noob. sub7 may be the best tool for the job. I've said before, do you know of a hacker that doesn't use a tool like Nmap, Metasploit, Ettercap, etc.?? Just because they use someone else's program doesn't make them a noob, it may just mean that someone else already did the hard work and why should they replicate code?
As degoba said, it really depends on how much you understand. A hacker is someone who understands why and how things happen. If you use sub7 "because it works" then you are a noob. If you know how sub7 works then you may be a hacker.
Ben
-
stingwray -
I certainly wouldn't call it a "waste of space" since it's a good archive of the past. Without theBroken we probably wouldn't have Hak.5 or any other good IPTV shows to watch. They really broke ground and delivered a new product to the masses. How many of the IPTV shows that you watch were inspired by theBroken?? Probably most.
VaKo -
Yes, they have been planning a comeback for a long time. Unfortunately the creator of theBroken has A.D.D. (I'm guessing on that one) and can't really stick with anything good that he creates for more than a few episodes. And even more unfortunate than that he's screwed over many people by having them make donations to fund his projects and then just stopping production.
Ben
-
Just remember if the packets are encrypted then you won't be able to traffic shape them or block them.
Yes you will. You just won't be able to shape them differently than other encrypted traffic. There should always be a failover shaping rule and since you should have a rule that says standard http traffic is a high priority this other unknown traffic could get a lower priority.
Ben
-
MrDave2176 -
When an old ISP that I had blocked port 80 my DNS provider, zoneedit (which is a free DSN service), had a service called web forwarding. It works in one of two ways:
1. It can keep the URL as the main URL (http://www.mydomain.com) and capture the URL with the different port in a frame.
2. It can forward to the server running on a different port and in the location bar show http://server2.mydomain.com:8080
WebForwardâ„¢ - Do you have a web site with a complicated address? Would you like to have a "www.___.com"? Use our pathed WebForwardâ„¢ service, and visitors will get transferred automatically!I'm not sure what you're currently using for DNS service but I would suggest that changing to zoneedit, if at all possible, may be the easiest solution.
Ben
-
I'm sure the author would have liked to have kept the name Ethereal as well but when the company says they own the name it was probably much easier for him to just start off with a different name rather than start a legal battle.
Ben
-
My suggestion would be to develop a portfolio. Make some applications that are well coded, well commented, and show what you know how to do. A cert isn't always best, the employer will want to know that you actually know how to use what you know.
Ben
-
News:
www.digg.com
I wouldn't say that Digg can teach anyone anything about hacking. Yes, it's an interesting social networking site but I wouldn't put it in this list.
Podcasts:http://www.grc.com/SecurityNow.htm <-- This is fantastic for people who are new to the field. If you have the time or motivation, go back and listen to them from day 1, they assume you know very little if anything and hit on all of the major topics in the security field. Fantastic show.
I've got issues with Security Now! They are trying to do good things by explaining everything in a very dumbed down way but Steve Gibson bothers me because he jumps way overboard on things and isn't always technically accurate.
Ben
-
And of course something like Ethereal is good for analyzing the traffic.
Ethereal is dead, long live Wireshark.
Ben
-
So what it basically boils down to is that ARP poisoning behind a switch is just as easy as behind a hub. And you shouldn't need any specialist big bucks tool to get it going either. Any tool will do. You only need to know the IP and MAC address of the target, the IP and MAC address of the destination (such as the internet gateway) and take it from there. Finding the correct values for those might be trickier behind a switch though.
Not exactly. The difference between sniffing a hub and a switch is that a...
1. hub automatically forwards every packet on the network to your computer and then your computer decides whether or not to care about the packets.
2. switch requires the attacker to "tell" the victim's computer that the attacker's computer is actually the default gateway. The attacker's computer must then be set up to forward any received packets (that aren't supposed to end at the attacker's computer) on to the proper destination.
Any tool won't do, but, as Harrison said, Dsniff and Ettercap make the job easy.
As far as finding the correct "values", that shouldn't be that tough since most systems send out plenty of broadcast messages that anybody can sniff on either a hubbed or a switched network.
Ben
-
-
I have my Bachelors Degree (Major: Comp. Networking, Minor: Comp. Sci.), Network+, and RHCT (for work)
I may work on my Security+ because that is what I'd like to get into for a career.
Ben
-
You took what i said out of context, my mum who knows nothing about computers could of watched that episode and downloaded a few programs clicked a few buttons and within five minutes have it done, thats why i said there script kiddie tools, they dont require you to have any knowledge of what is going on, you just simply clicka few buttons and thats it. And when you say there isnt any script kiddie tools i would have to disagree with you, take a look at programs like sub7, i would call anyone that uses such a program a script kiddie, and then lets look at metasploit, theres another perfect tool for the script kiddie. Meh im done with this post, i didnt know it would start an argument for just asking them to go a little more in depth on there topics they are covering instead of just showing you how to click a few buttons.
I'm sorry but I have to agree with stingwray on this one, there is no such thing as a script kiddie tool, only script kiddies. I would call anyone who doesn't use automated tools an idiot. Why re-invent the wheel?? If someone else took the time to write the code why not use it??
A good example...
I'm sure everyone here, and a lot of security professionals, has used Nmap. Does that make them script kiddies?? No, just because they don't write their own network scanners or construct their own packets doesn't make them a script kiddie. Now, if they have no idea what they're doing and just follow a script they found on the internet that says "type this" and then "press this button" without understanding what the underlying actions are, that makes them a script kiddie.
Just my opinion.
Ben
-
I agree with VaKo on this one. This post is actually a good suggestion. If users want to to learn to hack they should:
a. Get one or two spare computers and practice hacking those.
b. Get VMware Player and VMX Builder and then hack virtual machines on their own desktops.
c. Go to HackersLab, PullThePlug, Root Wars or one of the many other wargames sites out there that offer a spot for you to legally hack.
Ben
-
I've got a Proxim Silver card and it's great. I purchased it because I wanted to play around with making a cantenna and it has an external connector.
It may not work for you though because it uses the Atheros chipset. I'm not sure why you can't get it to work with Linux because since the release of MadWifi drivers I haven't had a problem with Linux support. Heck, FreeBSD even supports Atheros chipset cards so it's turned out to be a great card for me.
Ben
-
vsftp... very good yeesss
I agree, I use vsftp but I'm guessing, even though he didn't say it, he needs a Windows ftp server since he's currently using Serv-U.
Ben
-
Podcast 1-5
in Hak5
What do you mean "podcast format"?? Podcasting is a delivery mechanism, not a format.
Ben
-
But what if that bug is in a common program, like, say, 3tunes?
I think the difference here is the author is suggesting that the people were testing the application to prevent someone else from stealing their information. If you find a bug in any program you can either choose to continue using that program or not. You just need to realize the consequences of your choices.
Ben
-
In the Wired News article Spot a Bug, Go to Jail there was some discussion about a few different court cases.
Case 1. Eric McCarty, a professional computer security consultant, found a coding issue with a web application at USC that allowed an attacker to harvest personal information. As proof McCarty anonymously e-mailed a sample of personal records to a reporter. USC later traced the server activity back to McCarty yet he claims he is innocent of any crime.
I can't believe he's claiming to be innocent. He found a vulnerability, which I can see as being fairly benign, but then he accessed personal information and sent it to someone else. It's like if he noticed a car was unlocked (not a crime) but then he took a package out of the back seat to prove to the owner (or in this case someone else) that it was unlocked. He still took the package.
Case 2. Stefan Puffer, a security consultant, was charged with illegally accessing a county court's wireless LAN to prove that it was insecure.
I haven't been able to find much information about what he accessed, or how it was accessed so I can't really comment on this one. If he just accessed the wireless network by connecting to an unauthenticated network I don't believe he broke any laws. If he cracked WEP, or any used any other unauthorized authentication, I believe he should have been convicted.
If others have info about how he accessed the wireless LAN or what information he accessed while on the wireless LAN I'd be interested in reading more.
Case 3. Bret McDanel was charged with a crime for e-mailing out information about a security hole to "customers of his former employer" to potential victims.
Since McDanel did not use the security vulnerability in any way (at least not as is stated in any information I could find) I believe he was not guilty computer crimes. He unfortunately was convicted but later had the ruling overturned.
The most disturbing part of the article was the following quote:
People need to be able to exercise a little bit of self-help before plugging their data into web forms, and security professionals who happen upon vulnerabilities shouldn't have to choose between leaving the system wide open to attack and prosecution.I agree that people should check out the security of a web site before using it but I believe there is no difference between someone who uses a bug in code to get information to show the company that a bug exists and a person who uses a bug in code to get information that they use for crimes. Both of these people illegally accessed private data. If you were not hired by the company to test the security of a site or system then you have absolutely no reason to access that data, even as proof of a security bug.
If you find a potential security bug you should report it to the company. As long as you don't use that bug to access data you should not be convicted of any crimes. If, after you report the bug, the company fails to fix the bug then you can choose to not use their services.
What are other people's opinions about the individual cases or personal testing of systems/site security in general??
Ben
-
Its like running certain processes as limited accounts
Huh?? I'm not sure what running a firewall has to do with account authorization. Could you please explain more??
you only permit traffic from say Apache and Postifx and nothing else out on to the WANI think Sparda and I are talking about a machine that only acts as a server. If this is the case then all outbound traffic should be considered legitimate. This would also assume that the only outbound traffic for the machine would be response traffic to client requests (I know this not always the case because there are sometimes maintenance processes that access the network on servers but those are negligible).
you could then have a seperate table to lan connections which was more lax.I am not 100% sure what you mean by "more lax" but it really don't like that idea. Yes, there may be certain services that you only open to your LAN (or other specified systems or subnets) but it should not be considered more "lax".
Ben
-
Well yes, he broke the law, but he didn't really actually do anything evil did he? I mean he didn't cause any damage or anything.
The fact is he broke the law.
If you don't agree with a law you don't get to just choose to ignore it. There is a process of appeals where, once convicted, he can appeal to the US Supreme Court if he wants to and then they'll decide if the law is constitutional. But the fact is that, when he broke into the systems, it was against the law and he should therefore be convicted.
Ben
-
Hello, in reading Slashdot today I cam across a couple of news articles that I'd like to discus with the members here. I will post them in the Everything Else forum but it would be nice if there were a News forum to discuss news items (news that's actually covered by some type of media and not just stuff that's new in our lives).
What do the rest of you think??
Ben
P.S. Sorry Sparda, but I saw the "Are we all fat slobs?!!" just before I made this topic.
F.E.A.R.multiplayer "free" for everyone(next lan?)
in Hak5
Posted
On my browser the browser is still at about forty something minutes.
I'll probably download the game but I doubt my 1.4 GHz processor will be able to handle the game. Oh well, I'll have it for when I build this Fall.
Ben