Steve8x Posted September 11, 2008 Posted September 11, 2008 Anyone who is getting mad about this should just realize something! People were already doing this, The thing is its just been underground! If no one knows about it then people who were doing it got away scotch free because no one even realized that anything had been done! If anyone is to get mad its probably the underground people lol, because now Hak5 is making people more aware of this hack! If people are more aware then they can take measures to protect themselves from these types of attacks! That's what I feel the show is trying to do! Make people aware of these "black hat" if you will attacks, so that people will understand what can be done, and what they can do about it so it doesn't happen to them! There's always going to be that black hat crowd, so its good we have the Hak5 crew to keep us updated on what they are doing! Then we can make our networks and internet safer to use!! So thanks to Darren and everyone at the Hak5 crew! Keep up the show! I'm liking the new season so far! ;) We now have a reason to teach our IT department to use a static connection instead of DHCP.' by static connection you mean manually setting your computers internal IP and DNS + gateway right? I've been doing that, in fact I discovered with my router, the only way that ports can be opened to my computers is if the computer is manually configured! Is it just my router? or do all routers have that functionality? to not allow ports to be forwarded if DHCP is used for that particular computer... As the image shows I just set the IP between the range that the router has set. Then leave the subnet mask default, and set the gateway and the DNS at the routers IP. The actual DNS servers are gotten from the router...
Darren Kitchen Posted September 11, 2008 Author Posted September 11, 2008 The hands of the law? Since when is security research a crime? You don't see the authors of metasploit, ettercap, aircrack, bluesnarf, airpwn, karma, or a million other "hack" tools being arrested do you? Hell last time I was at a "hacker conference" I met a Fed. I didn't see this kinda freak out when I did a segment on cracking WPA keys using brute force dictionary attacks on episode 3x06. Firearms aren't illegal yet killing people is. Name one piece of security software that is illegal and I'll give you $100. You can apply that towards a copy of Nessus -- an commercial vulnerability scanning tool.
Conor_M Posted September 13, 2008 Posted September 13, 2008 @Steve8x - I can forward to DHCP'd machines on my network, I don't know why you can't.
kickarse Posted September 13, 2008 Posted September 13, 2008 @ Darran, Its noting against you peronaly. And like i mentioned befour its out of my hands in the hands of the law now. I brook my word to VaKo just and only to give you (Darran) a reply. And ones again out of respect for VaKo i will not response any more in this topic. Best of luck Gerard Being from the Netherlands I'm surprised on how well you think you know US laws! Darren certainly said it best. But, really, it's a hacking show... don't watch it if you don't want to learn something useful. It's not like all this information isn't readily available. And to those who watch this and are first timers, it's most likely they wouldn't be able to pull this off anyways. So I'm not worried about a net of these getting out to get me wirelessly.
SmoothCriminal Posted September 13, 2008 Posted September 13, 2008 What I really think is funny is Gerard really thinks that the FBI is going to do something about this... "Best of Luck". He obviously knows less about the U.S. legal system then Sarah Palin knows on foreign policy. If security research was illegal then all systems would be far less secure than they are today. In fact I am sure some people at the FBI/NSA/CIA probably watch the show. Pen testers drive positive change in the security world. At my university we do research in attacking bot nets, modifying trojans, and some really neat stuff with mobile devices. Rather than the government discouraging us, they pore grant money into this research to drive change in the field, and they work hand in hand to develop coursework, teach government officials, and assist in researching. Shows like Hak5 are great for exposing insecurities in systems. If there weren't things like HAK5 and all pen testing tools were illegal, the true black hat hackers would exploit the shit out of these tools on systems. Because without a doubt in my mind, I know these tools would still be out there, just less publicized, and as a result systems wouldn't guard against them. Gerard puts a bad name to this community... Maybe you should have properly conferred with FON and Hak5 before reporting them to the FBI. I feel like you probably got a response back from your "friends" at FON, and weren't happy that they supported Hak5 with routers, and so you shot back at Hak5 by filing a legal complaint against them. Even despite this, don't you think this is really a matter between FON and Hak5. If Fon truly does not believe what Hak5 is doing is right, shouldn't it be in their hands on how to proceed (legally or not).
Swathe Posted September 13, 2008 Posted September 13, 2008 He went to the FBI?!!!!!!!!! I won't say one here what I exactly I think of this because it will probably get me banned.
darkjoker Posted September 15, 2008 Posted September 15, 2008 I agree with Matt and Darren, and would love to do this mod but i dont have the extra $ to buy a fon keep up the good work hak5 crew ~Darkjoker~
Darren Kitchen Posted September 15, 2008 Author Posted September 15, 2008 What I really think is funny is Gerard really thinks that the FBI is going to do something about this... "Best of Luck". He obviously knows less about the U.S. legal system then Sarah Palin knows on foreign policy. If security research was illegal then all systems would be far less secure than they are today. In fact I am sure some people at the FBI/NSA/CIA probably watch the show. Pen testers drive positive change in the security world. At my university we do research in attacking bot nets, modifying trojans, and some really neat stuff with mobile devices. Rather than the government discouraging us, they pore grant money into this research to drive change in the field, and they work hand in hand to develop coursework, teach government officials, and assist in researching. Shows like Hak5 are great for exposing insecurities in systems. If there weren't things like HAK5 and all pen testing tools were illegal, the true black hat hackers would exploit the shit out of these tools on systems. Because without a doubt in my mind, I know these tools would still be out there, just less publicized, and as a result systems wouldn't guard against them. Gerard puts a bad name to this community... Maybe you should have properly conferred with FON and Hak5 before reporting them to the FBI. I feel like you probably got a response back from your "friends" at FON, and weren't happy that they supported Hak5 with routers, and so you shot back at Hak5 by filing a legal complaint against them. Even despite this, don't you think this is really a matter between FON and Hak5. If Fon truly does not believe what Hak5 is doing is right, shouldn't it be in their hands on how to proceed (legally or not). QFE
Spinkman Posted September 17, 2008 Posted September 17, 2008 *sigh forum debates are always such a great diversion from work... too bad hak5 forum is blocked at work... that being said, how about a segment on how to bypass proxy without getting pwned by the network people (or perhaps pen test for them and score a position on the team? lol it could happen) see you guys tomorrow for your show. keep up the good work. Spink OMG WTF my mouse just died... WTF
Swathe Posted September 17, 2008 Posted September 17, 2008 Give them a disc with hak5 on it. Demand access as payment. Get a razer!
Darren Kitchen Posted September 17, 2008 Author Posted September 17, 2008 I think snubs is working on the segment on bypassing work filters
SmoothCriminal Posted September 17, 2008 Posted September 17, 2008 Your best bet is just to use logmein (assuming that isn't blocked), and then no more proxies, acts like a vpn too.
KeelBug Posted September 18, 2008 Posted September 18, 2008 too bad hak5 forum is blocked at work... Funny, the forum is the only thing not blocked for me at work :). Your best bet is just to use logmein (assuming that isn't blocked), and then no more proxies, acts like a vpn too. I use logmein but can only get to it by using one of the servers that has its own dedicated broadband line, not using the corporate network that has an evil proxy blocking crap.
rock3ralex Posted September 18, 2008 Posted September 18, 2008 One really good proxy is https://dtunnel.com/ It is a secure connection so it is hard for your company to track it.
benjamin1254 Posted September 18, 2008 Posted September 18, 2008 OMG i sooo wish thoes were added in modded to the thing for thoes folk who donate 100 dollars or more.... *DREAMS N DROOLS*
super opus Posted September 18, 2008 Posted September 18, 2008 No asshats aloud you hear me son!! I am waiting for the day he logs on and tells us he got roxxerd for his stupid y!!! take your nooby ass out of here this is place to learn for all lvls. hak5 keep up the good work i love what your doing with this segment i made my gf watch it cuz she all was logs on unsecured networks
skynetbbs Posted September 18, 2008 Posted September 18, 2008 No asshats aloud you hear me son!! I am waiting for the day he logs on and tells us he got roxxerd for his stupid y!!! take your nooby ass out of here this is place to learn for all lvls. hak5 keep up the good work i love what your doing with this segment i made my gf watch it cuz she all was logs on unsecured networks seems not only Yahoo Email got hacked but MSN did as well...
skynetbbs Posted September 22, 2008 Posted September 22, 2008 official statement from FON is : "Applying these changes to your Fonera will void it of its warranty. FON does not support these modifications and will not be held responsible for their consequences. This should only be done by advanced users." you can also find this statement on eg http://wiki.fon.com
DingleBerries Posted September 22, 2008 Posted September 22, 2008 Once you buy the fon it is yours. The company cannot tell you how to use it, they can only suggest. Its like the counsel mods.. Microsoft says it is just for gaming, never the less we have seen linux running on these boxes and no successful convections against modders. The question of legality comes into play when you are doing something that cost a business revenue. An example of this would be piracy, the reason Microsoft was able to get the mod chip stores shut down was because of piracy. Here, with the fon, we have a totally different situation all together. Once the product has left the stock room and is now in possession by the customer it no longer belongs to fon, they forfeited their rights of ownage. The patent and software may still belong to fon but the device its self does not. For example, if i bought a copy of XP and decompiled it and found some source code that ok. BUT when i use that source code in my own projects or distribute it then what i have done is illegal. The only issue you may have is the "hacking". But in order for the DA to prove that you were indeed hacking they would need alot more then a segment from hak5. Darren did not show any clients connected to the fon only a zoom in of a women. So without probable cause they cannot make an arrest or even get a search warrant. Also once fon has your money they dont fucking care what you do with it. Enough with m opinions, here are the facts. The U.S Fair Use Act section 1: the purpose and character of the use, including whether such use is of commercial nature or is for nonprofit educational purposes Our First Amendment Code is Speech, it is creative and in that way it must be protected by copyrights. However the disclosure of venerabilities in code is also protected, as long as the person disclosing the code does not use any copyrighted material to do so in their presentation. In order for Patent Infringement to take place the product must make, use, sell or offer for sell an invention described in the patent claims. Check out Jennifer Sitsa Granick and her stuff @ cyberlaw.stanford.edu
James0331 Posted September 28, 2008 Posted September 28, 2008 @ SmoothCriminal The point is that FON is a community network and like any community network it stands or falls with the use of its community members. Any one that gets a (cheap) Fon router is suppose to share its internet connection with the other Fon users/owners. Bud when you are just getting a FON router because its cheap and its nice that you can use the internet connection of the Fon users/owners that are sharing there internet connection with out sharing it your self. Thats wrong. And the FON community is not happy with those people because there are the back stepping group that give the FON community a bad name and will get the Community to fall down instead of letting it grow. The point is if your not willing or able to share your internet connection with other FON users/owners you shut not get your self a Fon router. Gerard (by the way i contacted the FON head office and they will get back to me) I think you are missing the fundamental flaw in your argument. FON's business model is the following: They sell routers (at a completely unsubsidized price) to consumers. The consumer uses this as a router in their own home. If the consumer creates an account, and agrees to the terms and conditions, the router is configured automatically to have a private and public side. In return for sharing their home connection, the consumer is given access to the public side of other FON routers. Consumers who do not wish to share their home connection, or do not purchase a FON router, may still purchase usage rights to the FON public network for $3 per day. Simply put, the FON business model is to sell routers. This is very different from the subsidization of a cell phone, for example, where the hardware is sold under cost in order to sell services. This is the reason FON does not force consumers to agree to terms of service upon purchase, only activation. In addition, Comcast, Verizon, Rogers, and most other North American telecoms specifically prohibit such sharing of WiFi. In the United States it is, in fact, illegal to share Wifi without a license. In this case, I think you would agree that by FON selling routers to Americans, they are not encouraging illegal activity. In short, if you paid for it, it belongs to you. If you disagree, we would all love to see a clear, concise, and cogent rebuttal, well thought out and in proper Queen's English. There is no greater pursuit than intelligent discourse, please do not waste the opportunity with thinly veiled threats and inconsistent accusations. Cheers, James
skynetbbs Posted September 28, 2008 Posted September 28, 2008 I think you are missing the fundamental flaw in your argument. FON's business model is the following: They sell routers (at a completely unsubsidized price) to consumers. The consumer uses this as a router in their own home. If the consumer creates an account, and agrees to the terms and conditions, the router is configured automatically to have a private and public side. In return for sharing their home connection, the consumer is given access to the public side of other FON routers. Consumers who do not wish to share their home connection, or do not purchase a FON router, may still purchase usage rights to the FON public network for $3 per day. There is the "fonero gets fonero' action where every member that allready owns a fonera can give you a personal code which entitles you to a -20 euro discount. As I remember this deal doesn't exist for the UK hence BT bought this option of by investing in FON. When buying the fonera you are [x] on a promise that states you will become a member of FON which requires you to share your internet 24/24h 7d/7d for at least a year. FON will give a warranty on the hardware of 2 years...so after a year you could use your fonera for other purposes... When you decide to "jailbreak" your fonera you also decide to have no warranty anymore on your device and you can do with it what you want. It's indeed no loss for FON; hence as you point out the hardware selling makes it "commercial"... now if open-mesh.com is selling thesame hardware at a 2x higher price; is open-mesh getting more $$$ out of it or did the fonera get sold at a 'subsidized' price afterall hence undermining your statement that fon is all about selling hardware? The general idea is that FON is promising a global roaming wifi network and that everybody can volunteer by buying a piece of hardware at a low price (if you check out professional hotspot equipment you'll notice a few 00 behind their price) and a wifi community where you can talk about how to improve your La Fonera. The hardware selling isn't so interesting for FON...they rather work out a deal with you ISP as they did with BT, Neuf, ZON and Comstar...and more to follow which turns your adsl/Cable modem into a FONspot... these people will not be able to resell their wifi...only be part of the "linus" fon community; it will be their ISP that takes their 50% and as far as I know no one has been hacking their BThome hub yet :-) For every fonero that leaves the FON community by not sharing their wifi and replacing their firmware with eg jartager/openwrt/dd-wrt there are 10 people opt-in on their BT/Neuf/Zon/... FON signal... and FON isn't subsidizing any hardware here (so not loosing money). And the stats are public available (poi export); out of 200.000 sold fonera/fonera+/linksys fon only 100.000 have kept the original fon firmware; others used them for jartager-like experiments or spare parts in their cupboard :-/ More ISPcustomers have chosen to participate by opt-in than buying this piece of hardware. Also the CEO of FON is not making it a secret that FON is still not making profit and still loosing money monthly
DeepN1KE Posted September 28, 2008 Posted September 28, 2008 Try to bring this back on topic. Anyone know of a compatible battery solution available in the UK?
skynetbbs Posted September 28, 2008 Posted September 28, 2008 Try to bring this back on topic. Anyone know of a compatible battery solution available in the UK? 4 AA batteries in serie is good for 2 hours of FON pleasure :-) when saving to /jffs your results are "saved' while /tmp is only memory (good for temporary stuff) which gets erased at reboot
DeepN1KE Posted September 28, 2008 Posted September 28, 2008 4 AA batteries in serie is good for 2 hours of FON pleasure :-) when saving to /jffs your results are "saved' while /tmp is only memory (good for temporary stuff) which gets erased at reboot So just make a battery pack from Maplins or something??
Recommended Posts