Black of Hat

Lifestyle of Megaupload's Founder

2012-01-26T02:54:00.002-05:00

There has been a lot of buzz about the takedown of Megaupload. Today I read up on the history of its founder Kim Schmitz. This guy has a lot of aliases. His handle is Kimble. He had his name legally changed to Kim Dotcom (LOL). He also had a passport with the name Kim Tim Jim Vestor (WTF?).

Kimble was a self proclaimed German hacker. He founder a security company called Data Protect. Kimble made some cash when he sold most of the company. He was convicted of insider trading when hyping then selling shares of another company.

Kimble is a big boy. He is 6 foot 4 or mote. He once produced a video called Kimble Goes to Monca. It hyped up his extravagant lifestyle with fast cars and hot women. Not all of Kimble's image is hype. He did create his Megacar luxury car system, which unfortunately did not sell well. He also formed a group of hackers to combat terrorism.

Kimble seemed to have got around a bit. He moved to Thailand for a while, where he created a bunch of companies. Most recently he tried to move to New Zealand. There were problems obtaining property. The country apparently does due diligence on its visitors. Let's circle back to the beginning. Megaupload actually made money with its premium download offering. Investigators estimate that since its beginning, the company has brought in $175M. That's no joke. It seems the guy is pretty much history now.

Pervert Hackers

2012-01-22T18:11:00.002-05:00

I keep reading about this hacker dude who was able to spy on girls' video cameras. He somehow found a way to take over their computers and turn their web video cameras on. The bad boy caught girls stripping and pleasuring themselves and all kind of other goodies.

The cops got onto the perp when he started blackmailing his victims. He tried to get them to make sex videos for him or something. WTF? Dude should have just got his jollies spying the girls. He even said he was onto a new hack that would enable the video camera without the camera light coming on.

Instead the feds busted in and nabbed the guy with all his computer equipment. Turns out the dude was a victim of a drive by and ended up in a wheelchair. Didn't matter. The judge thew the book at him. Scum gotta pay, disabled or not.

Win 7 Internet Security 2012

2012-01-05T01:52:00.003-05:00

I was browsing some web site when all of a sudden my computer got hijacked. There were all kinds of annoying pop ups and programs running. They all seemed to be related to "Win 7 Internet Security 2012". I knew something was fishy when I tried to used Internet Explorer and Chrome to visit Google. This malware stated that Google was a rogue site. LOL.

I could not run any programs such as Windows Explorer. The Win 7 Internet Security 2012 app would come up instead. This thing was throwing out all kinds of buzzwords. It said my computer got hacked. It also said I was a victim of identity theft. How did this thing get installed without me running a program?

I went on another computer and did some research. Apparently this malware intercepts browsers and any executables. There was a full set of instructions on how to remove this evil malware over at Bleeping Computer.

The manual removal instructions seem to have done the trick. Right now I am running a full virus scan with Malware Bytes Anti-Malware. A quick scan already found some probs with my laptop.

Hacking Hacker News

2011-12-31T03:42:00.002-05:00

Recently I have been following the disaster known as Paul Christoforo of Ocean Marketing. He flamed a customer of the Avenger PS3 controller. Then he got into it with Mike Krahulik of Penny Arcade, who managed to turn the masses of the Internet on him. Even though Christoforo messed up, I thought the mob mentality that followed on the net was overkill. Apparently that is an unpopular opinion to have. My comments on Hacker News got downvoted a lot.

I don't post of Hacker News too often. In the past year I probably commented on two posts. However I got a lot of downvotes this latest go around. The result is that my Hacker News karma is low. I think if your karma goes low enough, they ban you automatically. WTF? Now I want to brainstorm a way to hack my karma up into the positive region. While I am at it, I might as well try to raise my karma up high enough to downvote others (you cannot downvote if your karma is too low).

So how does one carry out such a hack? Well I could work within the system. I could try to post some hot new topic that appeals to a lot of reader. Then they could vote me up. Weak. I could find a way to trick the system. Create some Hacker News accounts. Ensure the system would not detect this. Essentially vote myself up to many karma points.

The real win would be to find out how karma is stored. Then I would need to figure out a way to go in and just change my number. Is this thing stored in a relational database? Or perhaps it is in some NoSQL database. What O/S is hosting this database? How can I get in? This is a fun problem to think about. Got any idea?

Customer Service Battle

2011-12-27T13:52:00.003-05:00

I been reading this hilarious email exchange regarding an Avenger PS3 controller. I saw the emails over at Penny Arcade. The company was represented by Ocean Marketing. There is a small discussion about it over on Hacker News as well.

Here is the synopsis: Customer pre-orders a control paying full price. The product does not ship on time. He contacts customer support via email. The response gets the customer salty. Then the customer support dude goes to town on the customer. I actually love the put downs.

Here are some gems the customer support guys sends to the customer: "Grow up you look like a complete child bro", "You just got told bitch", and "We just have to put you in the corner with your im stupid hat on". These were all from just one email. LMAO!

The Cipher Challenge

2011-12-15T17:15:00.003-05:00

I was reading a post on Hacker News from a company that is hiring. They were pretty smart about it. They did not give out their name or URL. Instead they made you work for it. The ciper text "xfbhlqtlj" was provided. You were told to decipher it using Vigenère decryption.

Oh yeah. You were also told to use the number 61803398874 from their URL. What? Anyone know what the heck Vigenère decryption is? Sure. Wikipedia does. This is a Caesar ciper with a varying shift. The number provided tells you how many characters each letter in the cipher text needs to be shifted.

I tried shifting them to the right. No luck. The result was mumbo jumbo. But when I shifted the letters to the "left" in the alphabet, I got their name. Bamm. Nice way to make me work for the URL. Too bad I am not in the running for any of their positions or their location.

Not sure why a C and python program would come up with different result while decrypting the text.

Moving Cash Around with Paypal

2011-12-06T14:35:00.002-05:00

This week there was a massive PR campaign launched againt Paypal. Here is how it went down. Somebody set up a toy campaign for some poor kids. They funded it with Paypal payments from donors. The funds were collected via Paypal. The problem was that the organizers were not charitable foundations. But they still used a Donate button on their web sites. This is against Paypal's TOS.

Paypal detected the violation and froze the account and payments. The organizer was left with a lot of toys purchased, but not funds to pay for them. The organizer started up a grass roots protest using readers of her blog. The users were outraged. Some of them had been donors. Paypal was made to look like a big Scrooge with kids getting cheated out of their gifts.

In the end, Paypal relented. They unfroze the account. Initially Paypal stated that they had to freeze the account because this is how the bad guys transfer funds via Paypal. They set up fake donation schemes to their money. This organizer figured out how to get a giant corp like Paypal to submit to their will. Make Paypal look like a bad guy. Get a lot of people outraged. Engage the media. Giant corp pwned. Brilliant.

HP Printers on Fire. Oh My.

2011-11-30T01:39:00.003-05:00

I been seeing these sensationalist headlines about Hewlett Packard printers being able to be hacked. The ultimate danger is stated as the HP devices being overloaded and catching on fire. Makes for a great headline indeed. I thought this was just crazy talk. Turns out it probably is.

Here are the details. Apparently the printers look for software updates during each print job. It is possible to sneak in an unscrupulous update as part of a print job. The theory is that one could overload the printer, causing it to heat up, and eventually catch on fire.

HP has already come out and said that in the rare scenario where this happens and the printer does heat up, a hardware governor will kick in and shut the thing off before things heat up too make. Did anybody actually test out the theory and cause an HP printer to catch fire? No. Hell. They might as well said that HP printers would explode if they are hacked too much. Hehe.

Spammer Pwned

2011-11-16T00:02:00.003-05:00

I had a weird spam message in my email today. The spammer made it look like the email came from one of my other email accounts. I sometimes send myself email to transfer stuff quickly between machines. This spammer must have determined my email address and forged it to fool me. This reminds me of a situation that Mike from Attack Vector ran into. His solution was to track down and call out the spammer.

Mike checks out the email headers. He gets the spammer IP and email address. He uses whois to get a phone number. Then he finds a postal address and bamn. He can now spy on the spammer's house with Google Maps. Turns out the spammer is Steve Nicholas of Spokane, WA. Mike goes on to determine the spammer's wife name, some social security numbers, and all kinds of other private info. Eventually the spammer contacts Mike and begs him to take down the info. What an unlucky day to send email spam. Hehe.

Hacking YouTube Views

2011-11-01T16:19:00.002-04:00

I got a friend that produced a video and uploaded it to YouTube. Some other friends did the same. Now they are all seeing who gets the most hits on YouTube. My friend wondered if there was anything I could do to help increase his views. No problem.

I want to make it look like a user is viewing the video. The video is just a URL that gets accessed in a browser. I could just write a program that keeps launching the browser to start watching my friend's video. Perhaps I could have a small delay between viewings.

Let's say I want to try and fool YouTube into thinking it is a real human. I could mix in access to some other videos from my program. My program could also launch one of the many different browser available on my machine.

Let's think about taking this up a notch. I could write some hot software and release it for free. Then that software could quietly "watch" the video on some hidden screen. Makes it much harder for YouTube to detect something fishy. Let's see how far I need to take this.

Dennis Ritchie RIP

2011-10-13T11:40:00.002-04:00

Dennis Ritchie passed away this week. In case you were unaware, he was the creator of the C programming language. He also was one of the creators of the UNIX operating system. Damn. That is some resume. Dennis was one of those early pioneers of computer science in the 1970s whose work affects a lot of us coders.

Have you ever heard of the K&R book of C programming? The R stands for Ritchie. Yep. He invented the language and wrote the seminal work on it. I measure all programming books against the K&R book. The rest usually do not even compare. How can you get so much info in such a small book? Elegance.

Hats off to you Dennis. Rest in peace.

Simpletron

2011-10-04T12:06:00.003-04:00

I have been taking a community college class on advanced Java. The instructor is experienced in Java and that helps. However our text is a Deitel book that just can't seem to explain these advanced concepts to me successfully. I feel ripped off because the book cost me $130. Now I still read the chapters each week and work through the exercises. But I find myself googling around to figure out what the heck is going on.

The latest chapter was on common structures like stacks, queues, and lists. We got into the internal implementation of these structures. I worked through almost all the exercises in the back of the chapter. I was pleased with a calculator app that used a stack to convert math expressions to a format the computer could read. I was amazed that such little code could figure out complex expressions.

The last exercise in the chapter was to build a compiler for the BASIC programming language. Damn. That's a tall order. The problem was that this task relied on you finishing some exercises from previous chapters. Our advanced class had skipped over those chapters so I did not do them.

The crucial exercise was to implement a computer called the Simpletron. This thing has its own set of assembly language instructions, registers, memory, and so on. I started hitting those Simpletron exercises hard. I wrote out some small programs in Simpletron assembly language. This was fun. The real challenge was to build a Java program that would implement the Simpletron computer. More about that grand task later.

Day of Vengeance

2011-09-22T14:17:00.002-04:00

I just heard that Anonymous has declared September 24th a "Day of Vengeance". They plan to launch a collaborated massive set of cyber attacks. They call out certain targets of their attack. It is undetstandable that they are going after corrupt banking institutions. I guess I can see why they would also go after Wall Street. The funny taget is the NYC Police Department.

What kind of malice is Anonymous going to enact? It might just be a bunch of DDoS attacks. Whup de doo. Or perhaps they shall be defacing some web sites. A little better. Given their past activities, perhaps they shall infiltrate systems and share the secret info they find.

I thought the British police had at least some of the Anonymous members locked up. Maybe they got the wrong people. Or perhaps Anonymous is a huge organization that cannot be brought down with a couple arrests.

No Internet Connection

2011-09-17T23:46:00.002-04:00

One of my boyz could not get onto the Internet. The thing found my wireless router. Windows kept saying there was no Internet Access. What the heck? I tried to add the computer to my home network. No luck. This thing would not get on the Internet. I was getting desperate.

Personally I blame Microsoft. But Microsoft somewhere game me a clue. It said that McAfee was providing firewall services. Perhaps that was to blame. I fired up msconfig. There was a whole lot of McAfee services and startup items up in there. I disabled all of them. Then I rebooted the computer.

Boom. The computer was browsing the Internet with ease. I was able to set up and print to my local printer. Damn you McAfee. The thing might be trying to prevent some problems. It is the problem. Fail. I might have to write a program that disables all the McAfee stuff itself. I will call this prog "Cleaner" hehe.

Declinge the FBI Interview

2011-09-16T14:41:00.002-04:00

I just finished reading a lengthy post about some FBI interview scenarios. It turns out that most of the time, speaking with the FBI can incriminate you. So what is a hacker supposed to do? There is one thing you should not do. Do not refuse to cooperate. That might look bad in a court of law. Instead the golden rule is to say that your lawyer will get in contact with the FBI for you.

You got to have counsel. Now this might seem like a ploy for some high priced lawyers to rip you off. It is better pay these pied pipers than server time in jail for a casual slip up. It turns out that good lawyers are not going to want you to be subjected to an interview with the FBI. They can figure out what is up, and provide the best offense for you. That is a great defense right there.

Do not just trust me on this. I am not a lawyer. I am a coder. Check out the original post by Solomon Wisenberg regarding 18 U.S.C. Section 1001.

Directory Denial

2011-09-12T15:13:00.002-04:00

Some time back I must have submitted by blog to an Internet directory. Today I received a message that I had been denied. It has been so long that I have forgotten that I requested that I be added. They did not specify exactly what was preventing me from being added to the directory. I don't really mind.

Here were some of the reasons that one might not get added to this "elite" directory: You don't have your own domain. You blog on a free site. Blah blah blah. I am not going to even state the name of the directory that rejected me. Why give them any fame? I am just going to keep on hacking, and keep on writing.

Perhaps I should email these schlubs back, telling them I don't need no stinking link in their directory. I'm already a champion. Or I could gain access to their root. Muhahaha.

Windows Sleep and Hibernate

2011-09-09T20:24:00.002-04:00

I like to keep my computer on all the time. However I want the lights to go off at night so it does not bother anyone. I could shut the thing down. But it takes a long time to boot up. Windows provides the options of both Sleep and Hibernate. But what the heck do these things mean?

Let's start with sleep. This has been called suspend or standby before. The state of the computer is kept in memory. So it does draw some power during the sleep. The good thing is that the transition back on (the resume) is fast. Hibernate writes the computer state to disk. Then it goes to a state that draws no power. The state is written to file "hiberfile.sys", whose size depends on the amount of RAM you have. The hibernate state is slower to resume than sleep, but faster than a whole boot up.

Attacks From the Sky

2011-09-08T12:41:00.003-04:00

I have been busy lately with my new Advanced Java college class. However I saw something today that caught my eye. There have been some trials of some futuristic unmanned robots which fly around and jack into your wireless network.

Yeah. Before you knew your neighbor could "share" you wireless network. There could also have been a driveby where some hacker listens in on your wireless network activity. Now the spin is that a drone can fly around and listen in on everybody's wireless network traffic.

This is novel because it brings up images of mini-drone aircraft flying around. But the defense against the drone is no different than the defense against your neighbor. Lock down your wireless networking using security. Know also that whatever you send over the air is liable to be compromised.

COBOL ON COGS

2011-09-01T09:42:00.002-04:00

I clicked over to a link from Reddit that got me to COBOL ON COGS. The screen colors were so dim I needed to highlight the text just to see the damn page. Don't you hate when web developers do that? Then I thought this was some COBOL revival site.

I did get a LOL from the "(c) DATE OVERFLOW" at the bottom of the community page. Didn't anybody test test this thing? Then I figured that COBOL was not meant to work past the year 2000 or something. Finally I figured out that this was a prank. They got me. Turns out this was released one April Fools day.

Heheh. Maybe I should code up a lulz like that.

LulzSec Strikes Again

2011-07-18T20:45:00.003-04:00

Previously the LulzSec hacker group announced that they were disbanding. Some think that authorities were getting too close to their identity. Others speculated that they ran out of the easy hacks. Well that all came to an end. The LulzSec has struck again.

Team Lulz hacked The Sun newspaper. They redirected the Sun's web page to their own Twitter account. Mischevious. It seems a little less hard core than their past exploits. Maybe this is just one of the team. Or perhaps it is the work of some other LulzSec wannabes.

Anonymous Busts Booz Allen

2011-07-11T16:31:00.002-04:00

I just saw an announcement from the group known as Anonymous. They infiltrated government contractor Booz Allen. Their main score was 90,000 email addresses and passwords. Anonymous claims these email accounts belong to military personnel.

Anonymous found a Booz Allen server that had no security on it. They proceeded to install a shell program that got down to business. In addition to the emails, they found tons of source code which they deemed worthless. LOL.

This is touted as a score since Booz Allen does defense contracts and homeland security contracts. One would think such a company runs a tight ship. Anonymous says they sunk the battleship, finding its defenses lacking. No matter what you think about their tactics, you got to give them props for their byline:

We are Anonymous
We are Legion
We are AntiSec

Bitcoinage

2011-07-01T16:40:00.002-04:00

I read a fantastic story about a guy who claims his computer got hacked. No big deal, right? Well he claims that the hacking resulted in somebody stealing his bitcoins. There were a lot of them. The total value amounted to $500,000. The owner blames Microsoft Windows for the theft.

There was a lot of discussion in the Bitcoin community about this claim. How could they stop the selling of so much Bitcoin? What would be the effect on the Bitcoin market? Is this story for real? Some people doubted the facts. Things sounded a bit fishy. I myself thought that it could be true. I never did find out any proof about the alleged theft. Other commenters wanted some proof.

Move forward and we find that there was a run on the Mt. Gox bitcoin exchange. It caused a crash. Tons of bitcoins were put on the market for sale. This drove the value of a bitcoin from $17 to a penny. The exchange declared that it was going to roll back the transactions. Some who profited from the drop publicly groaned. The exchange justified this by stating that the crash came as a result of a theft. Once again the call was made for details and proof of the theft.

Finally I see a public announcement from the Mt. Gox bitcoin exchange. It appears an admin account was compromised. The person assigned themselves a large amount of bitoins. Then they went to town trying to sell them all. They got away with 2000 bitcoins. The exchange said they would eat this loss and that security has been improved. However the exchange seems to have backed away from the story about somebody's personal bitcoin wallet with tons of bitcoins being stolen.

I recall one guy who heard the initial story about a computer being hacked and tons of bitcoins being stolen. He postulated that maybe nobody's wallet was stolen, and that the exchange had an account that was hacked. Bamm. Right on target. Perhaps this person had insider info. Whatever the case, I find it odd how the story has changed from the exchange. I am glad I don't have any money in Bitcoins.

The Lulz Boat

2011-06-25T03:22:00.002-04:00

I am really starting to get a kick out of this LulzSec crew. Today I went to their web page. The theme from The Love Boat TV show start playing in the background. That is in reference to their Lulz Boat. I get it.

There is a link at the button of the page to Mute the volume. But when you click the Mute link, the volume gets doubled, and they change the text to say that volume has increased 100%. LMAO. Now that is a worthwhile joke.

On a more serious note, I checked out some of the data they posted on their sight. Damn. They got around 75,000 records of X-Factor contests details. Whew. They also have a long list of emails and passwords for a porn site. Ha ha. They have a good time at who they find registered at the sight. I am going to be keeping an eye on the Lulz folks.

The Mind of LulzSec

2011-06-24T15:00:00.004-04:00

The Guardian newspaper published an article online describing the personalities of the members of LulzSec. They gained this insight in part by viewing the logs of an IRC channel called "pure-elite". The Guardian went on to publish the contents of the logs, with some information redacted. From what I gather, the redacted info outs the perp who leaked the info.

I read through the chat log and learned a great deal about the LulzSec crew. They value the Perl, Bash, C++, PHP, and assembly programming lanaugages. That does not mean they all have these skills. It is just what they need to write some apps or bots. In fact, during on session they were trying to identify some C++ programmers to help them out.

They use technologies such as bots, IP spoofing, Virtual Private Networks (VPNs), and flooders. These are use in DDoS attacks. They also help conceal their identity. Or so they think. Muhahaha.

These guys use tools such as Tor for anonymous communications, Slowloris for DDoS over HTTP, and anonine for VPN servers. LulzSec seems to hate The Jester, 2600, and Adrian Lamo.

Overall this crew seemed to speak intelligently. They used a lot of slang appropriate for chat. But their speech was eloquent. They also seemed to know a lot of details about composing DDoS attacks. Not that I am a DDoS expert. But you could tell they were discussing the finer points of putting together cool attack vectors.

Hats off to the Guardian newspaper for obtaining and publishing the chat logs. I guess they have their security in order. Otherwise the LulzSec crew would have DDoSed them off the Internet.

You Would Have To Be Destroyed By Me

2011-06-23T22:39:00.002-04:00

I am finally getting around to reading a book I brought a while ago. The title is "I Could Tell You But Then You Would Have to be Destroyed by me". This book catalogs a number of military patches from covert projects. Who would have though that you could get a patch for a mission you could not speak about? Apparently it happens all the time. I imagine many of these patches are not sanctioned by the military.

I have only ready a portion of the book so far. However there are some themes that seem to be recurring. You get a lot of swords, stars, globes, and skeletons on these patches. Each item connotes something about the black ops project. Some of the patches are still a mystery even to the author.

Take the image I posted above. You got a helmet or hat that means the bearer flies a helicopter. The footprints on top of the helmet make reference to search and rescue operations. Who knows what the G.H.O.S.T. stands for? I may give you some more info by the time I finish this book. That should not be too long. It is a quick read.

LulzSec Identification

2011-06-18T09:58:00.003-04:00

The LulzSec team has been all over the news. The biggest story was their hacking of Sony accounts. Lately they have infiltrated the CIA websites. Is there anything they can't do? Well the LulzSec blog is outing the identify of some LulzSec members.

Who knows whether this blog has actual info on LulzSec members? The thing that surpised me was the detailed information the blog posts on some people. They got social security numbers, postal addresses, phone numbers including mobile, and email addresses. They know the ISPs used, IP addresses, pictures, and even family information.

The LulzSec blog is brought to you by Team Web Ninjas. They provided the most information on one Corey R Barnhill. He is known as Kayla, Xyrix, and Parr0t. Leave it to a hacker to have so many handles. I am going to keep an eye on this blog. Perhaps they have the low down on LulzSec.

Keygen Fail

2011-06-14T23:38:00.003-04:00

Last time I wrote, I had just created a keygen to test the security I put in my app. My keygen app tried a brute force attack on my app registration. It would simulate a user entering in all the combinations of keys. The keygen had to also press the Ok button on the registration dialog.

Well the keygen app key trying all night. However the target of the attack blew up after a few hundred thousand attempts. Heck. I might consider that abort part of the security in the app. If you can't brute force the thing without it blowing up, that makes the brute force hacker's job even harder. That's not to say that the keygen app could not detect this and restart my app.

I just wanted a little experience with creating a keygen. My app's registration screen will pause if you enter a wrong key. The more bad keys you enter, the longer it will pause between attemps. This will slow a brute force attack down in its tracks.

Malware Attack

2011-06-06T16:45:00.002-04:00

I was in the middle of some brute force app attacking testing when my Windows system itself came under attack. I hastily allowed some Adobe update program to run. Turns out it was some malware masquerading as an Adobe update. I found a program which kept asking me to allow it to do something to my computer. It would not go away.

My task manager was disabled. All the icons on my desktop were gone. All the items in my Windows start menu had also disappeared. I could not use Windows Explorer to browse to the location where the rogue program was at. Damn this was a serious virus.

I did get to the command prompt. From there I ran the Windows registry editor. I changed the entry that disables task manager. With task manager back, I could kill off the malware process. Then I saw the real damage that had been done.

This rogue app had made almost everything on my hard drive hidden. Therefore I could not see any files and directories. The directory that contains my start menu items was hidden, as was my desktop (which contains all my icons). The developers of this malware were pretty damn smart. This just reminds me that I need to do a better job of backing up the source code of my ongoing projects.

Brute Force Attack

2011-06-06T02:20:00.002-04:00

I am getting close to completing my app which I plan to sell. This thing is going to need some crack protection. So I am shipping a alphanumeric key to customers that pay. You need to enter the key to get the software to work. I thought I would test to see how a brute force attack might work against this first level of defense.

I coded up an app that would simulate a user trying combinations of characters, guessing what a legit key would be. This brute force cracker does not have any speed up techniques. Currently it is generating 2000 keys a minute. I plan to leave the thing running all night to see if it can get into my app.

If it does get in, I will implement some delays on my app when it detects wrong keys being entered. That will slow down a brute force attack. However if I find it takes forever for the cracker to get into my app, then I might not even add that level of defense. No need to put up a higher gate if the existing one is keeping out the dogs.

Uncrackable

2011-06-02T17:21:00.003-04:00

Sorry I have not posted anything in a while. Each night I have been working on a computer program that I plan to sell online. At first I was going to do something in the college scene. But now my direction has turned to poker.

So far I already have a playable game. I just need to put in some rewards that makes the user want to keep playing my game. My recent research has turned to figuring out how to lock down my app. I want people to buy the thing. And I was only those who bought my app to be able to run it.

I need to generate some registration keys that you need to install the game. The key needs to be long enough so you can't guess it. But it should be short enough so as not to cause valid users to make mistakes. Next I need to write some code that is hard to figure out, but that validates the key. I do not want anybody brute force attacking this key. So if you make a mistake, my program will pause before you can reenter the key.

My program is written in C++. I hear that you should use some complex features of the programming language to make it harder to break. Speaking of C++, you should inline all calls to the key decryption. That way a hacker can't just patch one copy of your routine. They need to find all instances of it. There is a whole lot more to this key business. I plan to talk about it some more in the future.

iTunes Money

2011-05-14T17:43:00.003-04:00

Somebody gave me an iTunes gift card as a present. I do download some apps from the iTunes app store. However I only get the free ones. I still activated the gift card and posted the credit to my account. Who knows? Maybe there will be some cool app I need to buy in the future.

This is the thing I wondered about. How does the gift card and credit activation work? There is a code on the back of my gift card. It is a 16 character code. The first 15 characters are alphabetic. The last character is a number. You key it into the app store, and it knows the amount of credit to give you.

Surely these numbers by themself do not equate the money. If that were so, I could steal a stack of them from the store and be app store rich. I imagine that when you purchase the card, the cashier scans it in and that activates the value on the card. That would be the smart way to regulate the cards from theft.

But what is that 16 character code? It might be some sort of encrypted value. Or then again it might just be a random set of characters to make my card unique. This will require more thought before I can figure it out. What do you all know about this number? I want to know.

Control of Your PC

2011-05-13T14:55:00.002-04:00

You probably have heard of some malware trying to take control of your PC. But get this. Now people are renting out time for jobs to run on your PC. This appeals to the gangsters. The evil deeds they do will come from your PC under their control.

Damn. This is quite a setup. Part of the defense against criminal activity is to check the IP address of the place where connections are coming from. If a botnet has compromised computers all across the world, the traffic might look legitimate to the untrained eye. Furthermore my computer might be aiding the crime.

I used to not care too much about spyware and malware. Who really cares if somebody is stealing cycles from my PC? Now I know the answer. I care.

Software Impersonation

2011-05-02T10:26:00.002-04:00

There are some security peeps in my customer's organization that are looking for malware. They identified some of the programs I was running as suspicious. Here is their reasoning. Nobody else is running programs with the same names as the ones I run. What?

They must be auditing the name of all programs runs by everyone. Then they see which ones are unique to certain individuals. They conclude that there must be something fishy with these apps. Duh. I am a developer. I write and name my own tools.

I tried to explain this to my management and to the customer. They said they would look into it. In the mean time, I am supposed to not run these programs. Hello? I need them to do my job. What is a coder supposed to do?

I figured I could name the programs "winword.exe", or something like that. However that would be a subversive act. It might just get me past the keystone cops. Anyone else with any sense would be able to figure out that I am impersonating Microsoft Word. That might be an even more egregious offense. For now I am rewriting my crucial tools in Java. That way when they look at the name of the program I am running, all they see is "java.exe". Noobs.

Terms and Conditions

2011-04-21T22:46:00.004-04:00

I am stayting at a hotel during my vacation. They have free wireless Internet. However you need to agree to their terms and conditions. I am interested in figuring out how they make your browser open up to their TOC page. However I did find the list of conditions interesting.

Do not display disturbing images

Do not do anything illegal

Do not harass others

Do not destroy stuff belonging to others

Do not copy protected material

Do not access any porn

Do not bypass any security

Do not install any viruses

They did try to provide some guidance if you need encrption. They recommended some third party virtual private networks (VPN). You should use SSL to access email. You should also make use of SSH. Use your computer's personal firewall. Make use of antivirus software. Don't open attachments.

The Case for Emacs

2011-04-14T13:11:00.000-04:00

When I am on UNIX, I use vi for file editing. However I read an article today about emacs that was most interesting. It touted some of the emacs power that I would like to have at my fingertips. I tried emacs before. It just did not feel natural. Maybe it is time for another look.

One thing is certain. Emacs is not easy to learn. A key tenet of emacs is that you should be able to do anything by just pressing keys. There is not cut and paste per se in emacs. They have something like it though.

You can open a whole lot of files in emacs. They each get their own buffer. Emacs has a built in spell checker. Nice. It also has sophisticated undo and selective searching.

The list of emacs featues goes on and on. There is support for regular expressions. You can also execute shell commands directly from the program. I just may have to give it a try.

Best Things are Free

2011-04-13T22:19:00.002-04:00

I just went through a huge list of free .NET tools. Thanks to Qink for providing the links. I chose the top four tools I thought you might be interested in. Here is the low down on these freebies.

DotNetZip can do everything you want with zip files. Any dot Net apps can use it. It even works undo Mono. You obviously need the .NET framework to use this thing. It is distributed as a DLL. You can make self extracting zip files with it. The tool even supports AES encryption. Damn. Get this now.

PDFSharp lets you create PDF files. It is open sourced under the MIT license. The routines to draw on the PDF file are the same types you use to draw on the screen (i.e. GDI commands). It supports transparent images. Nuff said.

Selenium is a tool to help test web apps. You can record a session using Firefox. Then you can play back what happened. Alternatively you can export the activity to your programming language for modification. Your app can then work with the Selenium server to play back the actions. Sweet.

Finally there is DocX. It allows you to create Microsoft Word documents. It is released as a DLL. DocX requries .NET and Visual Studio. All the Word goodies such as tables, headers/footers, and pictures are supported.

Hacking Tools

2011-04-09T00:00:00.003-04:00

I have been talking about free tools recently. But instead of any old tools, I should focus more on hacking tools. Let's do that here.

Date Cracker 2000 gets you past most time sensitive software. You know. It pwns trial software that expires in 30 days. It also works on shareware. The tools is distributed "for educational purposes only". LOL. The authors have agreements with some software developers. So it won't crack all trialware. It can come in handy when you are coding up some software that expires.

PuTTY is an SSH client. It also does Telnet as well as xterm terminal emulation. The web site where you download it from has a warning. The software is illegal if encryption is illegal in your country. Weird. This program is better than the stock applications that come with Microsoft Windows.

The Advanced Port Scanner is a tool that runs on Windows. You enter an IP address or a range of addresses to scan. This program is fast because it is multithreaded. You actually specify how many threads you want it to run. The latest version of the program was released in 2006. You can save the options for reuse.

Some other tools of interest include nmap and p0f. They are a network mapper and passive listener respectively. Maybe I will review them in depth some time later.

More Free Tools

2011-04-06T11:01:00.002-04:00

I just finished reading a post about the massive amount of plugins that are available for Notepad++. There were a bunch of them that sounded cool. The post states that these plugins can make developers ultra productive.

Notepad++ is a free application that replaces Windows Notepad. It runs only on the Windows platform. The app is released under the GPL license. It is written in C++, and uses raw Win32 calls plus the Standard Template Library (STL). This thing is fast.

Let's talk about the plugins themselves. XML Tools lets you edit XML files. The Compare Plugin shows you the difference between two files. Windows Manager shows the files you have opened in Notepad++. XBrackets Lite matches up brackets in your code. TopMost puts the Notepad++ window on top of all others always.

Open Source Tools

2011-04-05T14:51:00.002-04:00

It seems like there are a lot of free open source tools out there in the security sector. I just read an article that listed 59 such tools. I checked most of them out. Some of them look worthwhile. I am going to highlight three of them here.

Take a look at Bacula for doing backups. You can perform the backup over a network. This tool is truly simple to set up. It is called "enterprise ready". This tool has its own conference. Damn. It is released in an AGPL license. Code is stored in Sourceforge.

How about AxCrypt? It is totally integrated into Windows. Right click to encrypt. Double click to decrypt. It does not get any simpler than that. Currently there are 2 million users of this product. The developers request a $5 or $10 donation if you love this software.

You may have heard of tcpdump for UNIX. Well now we have WinDump for Windows. This is a command line network analyzer. It needs the WinPCap library. It can deal with wireless networks. This software is being released under the BSD license.

Front Running

2011-04-04T13:06:00.002-04:00

You want to register a domain for yourself. The first thing you do is search whether somebody else already owns the domain. The problem is that by doing the search, people get informed that you are interested. Registrars will then do some front running, actually registering the domain for themselves. Then you need to deal with them to buy it from them. That can be prohibitive.

What a sleazy business some of these registrars run. I have heard about this nonsense before. The trick to making sure somebody does not scoop up the new domain you want is to do the query against the actual registry database. Don't go through one of the registrars. Don't even do a Google search for the domain. Somebody is most likely going to snatch up your domain.

I thought about this problem a bit. Why not attack the source of the problem? Stick it to the greedy registrars. Let's flood them with a bunch of queries checking for domains. I can write a problem that comes up with random domain names and then checks them. If the cost to pre-register all these domain names is too high, perhaps they will stop this idiotic behavior. Sounds like a nice little project for me to code up. What language should I used?

Samsung Shipping Spyware?

2011-03-31T14:19:00.002-04:00

Some dude came out and accused Samsung of shipping laptops with spyware installed. He used a program that detected Starlogger installed on his laptop. So he deduced that the culprit must be the manufacturer. This guy founded a consulting company. Maybe this is him doing a good dead by spreading the info. Or maybe he is looking for some free publicity.

Samsung has since come out and refuted the guy's claims. He says they do not install any such spyware. In fact, they determined that the dude was using a program that thinks it detects Starlogger, but is in error. Well this made for a sensational headline anyway.

Starlogger is a $23 piece of shareware that will secretly record all the keystrokes on a computer. It is supposed to be "undetectable". Starlogger can then email you data it collects. By the way, it can also take screen shots at given intervals to see what the user is doing.

Coin Dozer Hack

2011-03-13T21:27:00.002-04:00

I finally finished coding my roguelike game JSRL. Now let's get back to hacking. I have been addicted to this iPhone game called Coin Dozer. It looks like a real arcade game where you put coins in and try to make coins fall out in front.

You start out with 40 coins. There are many ways to get new coins. You slowly gain them as time goes on. You can install other apps on your phone to get some coins. Some of those apps cost money. You can also pay real cash for coins.

My goal is to not have to pay for apps or coins. So how do you do this? There are many techniques to do well in the game. But there is one hack that is very handy. You can always exit the game, and restart it. When you do this, the gold coins get restored back to the original position. This can help you out a lot.

I found the optimal game play is to do two sets of three coins each. That ensures a bunch of coins get pushed out the end for you. Then exit and restart the game. Repeat. This can keep me playing indefinitely with a lot of coins. Yeah it is just a game. But I play this game all the time. This little "feature" is keeping me stocked full of a lot of coins. Good luck in your coin dozing.

Out of Commission

2011-03-05T00:41:00.003-05:00

I have been a bit busy lately. My college cancelled a class I wanted to take in JavaScript. I decided to take matters into my own hands and learn the programming language myself. I bought the college textbook on Amazon and started to learn. I find the best way to learn is to actually code in the language. I do all the exercises at the end of each chapter.

So far I have gone through about 10 chapters. At first I did not like JavaScript much. But I am learning to appreciate some things. JavaScript is an interpreted language. When there is an error, the browser knows exactly which line has the error. But let's get back to the beginning. What the heck is JavaScript?

JavaScript is a language invented by the now defunct Netscape. It is a scripting style language that runs in the web browser. The goal of the language was to add the ability to do dynamic operations on web pages. Note that JavaScript is unrelated to Java, which is a general purpose programming language. JavaScript is now starting to be used on servers as well. But that is a story for another post.

Next week I plan to enter a game writing contest to generate a game like Angband. And I am going to code the darn thing in JavaScript if at all possible. I did the same exercise in the past when I was learning the Java programming language. After I get JavaScript out of my system, expect more posts on hacking material.

AVG Antivirus 2011

2011-02-14T09:49:00.003-05:00

There is a phony version of AVG Antivirus 2011 going around. It tries to trick users into paying a license fee to avoid the annoying popups it produces. The real hack is that it also adds some registry entries that make most major browsers run the fake program instead.

If you want to get around this, rename your browser executable file names. Get rid of "avg.exe: that is located in C:\Program Files\AVG Antivirus 2011. You should also delete C:\Windows\system32\iesafemode.exe. A good antivirus such a Spyware Doctor can help rid you of this nuisance.

How does the program hijack the other browsers? It adds some registry keys in HKEY LOCAL MACHINE. Specifially there is an ImageFileExecution Options location in the registry that allows you to redirect iexplore.exe, chrome.exe, firefox.exe, and any other executable name. The fake AVG Antivirus 2011 intercepts these and all other popular web browsers. What an effort.

Use for Old Computers

2011-02-08T15:20:00.003-05:00

I just read an article on the many uses of old computers. The best ideas seemed to be ways to allow your computer to be used by others over the net. One obvious use is to let the old computer serve up torrent files. Even a lanky old Pentium came server this purpose.

Another noble use for your old PC is to have is join the TOR network. This essentially allows users to hide their location and identity. It makes it harder for somebody to track their internet traffic. The goal of this system is to provide personal freedom. The software is open source. It is good for IRC, Instant Messaging, and web browsing.

Finally you can install the BOINC client on your computer. It lets you choose worthy projects for your computer to work on during idle processing. For example, you can help the search for extra terrestials by choosing the SETI project. If your old computer has a graphics processing unit (GPU), it will help the effort even more. Now there is no need to junk that old PC. Put it to good use.

Two Tales of a Hacking

2011-02-02T14:54:00.001-05:00

Markus Frind, founder of dating web site Plenty of Fish, says his site got hacked last week. The hacker got away with user email addresses, user names, and passwords. Plenty of Fish has since reset the passwords.

Frind accuses Chris Russo as the hacker. He said it took Russo 2 days to break into their system. Then Frind states that Russo called Frind's home to extort him. He says that Russo is a 23 year old from Argentina. Frind says Russo wanted access to all the source code from Plenty of Fish, as well as unspecified money for "security services".

Chris Russo, on the other hand, says he only reported a bug. He discovered a vulnerability that affected all 28 million Plenty of Fish user accounts. The vulnerability was fixed. Russo goes on to say that Plenty of Fish wanted to hire him as a security professional.

The specifics of the vuln were based on a Microsoft SQL Server injection hole. It allowed a hacker to make a full backup of the database. You combine that with the fact that Plenty of Fish stores user passwords in plain text, and you get disaster. So who are we going to believe here? I bet like most cases, both sides are telling some truth, and are also adding some lies. It really seems like a mess.

Anonymous was not Really Anonymous

2011-02-01T14:05:00.002-05:00

I saw an interesting article on Arstechnica about the FBI raiding people in the Anonymous group. However the real gem was all the reader comments on the post.

Here is what went down. In the USA, the FBI raided the houses of a number of members in the group called Anonymous. They must have been a part of a recent DDOS attack, and used their own computers in their houses. In other words, they got tracked down.

Anonymous says they launched the DDOS as a method of protest. They used the low orbit ion cannon app to blast some web sites. Well if you are going to protest, you got to be ready for the cops to round you up and cuff you.

People are calling the Anonymous DDOS team a bunch of script kiddies. Whatever they are, it looks like the FBI literally was busting down their doors. Couldn't these so called hackers have used some unsecure WiFi that belonged to someone else?

Nope. It looked like they downloaded "loic.exe" onto their own computers and ran it. The thing that is strange is that the FBI usually does not kick down doors when following up on white collar crime like DDOS attacks. Perhaps the Anonymous crew was exaggerating a bit.

Botnet Activity

2011-01-31T11:16:00.004-05:00

Security experts had noticed a downturn in botnet activity at the end of 2010. It was just a temporary effect. Botnets are coming back strong in 2011. Some popular botnets running amok now are the Waledac botnet and the Rustock botnet. These are email spamming botnets that operate on a huge scale.

There are predictions that the Zeus crime ware toolkit will take home the prize for 2011. This is a tool that steals personal data. Specifically it targets banking info. You can use this toolkit to create your own botnet variant. Since it is easy to use, even noons can get down with Zeus. This tool attacks traffic (even secure traffic) send through the browser.

Credit Card Numbers

2011-01-24T13:17:00.003-05:00

Your 16 digit credit card number is not a random number. Each of the digits means something. I read about this today and am passing on what I learned.

The first digit is the industry of the credit card issuer. The first six digits are the ID of the issuer. Digits 7 through 15 are your account number. And the last digit is a checksum of sorts.

The checksum uses the Luhn algorithm. This is also called the mod 10 algorithm. It doesn't use any cryptography. It just tries to detect if any one of the digits is incorrect due to error.

Bottled Water Debate

2011-01-06T15:25:00.003-05:00

I am starting to hear some rumblings from the Environmental Working Group (EWG). They are a non-profit organization. Their goal is to advocate the government to assist in figure out what the heck goes into bottled water. They achieve this means by doing research on the subject.

Here is what the EWG has to say. By all means drink a bunch of water. But avoid bottled water. The contents of public drinking water is well documented. Use the correct filters (e.g. carbon or reverse osmosis). They also recommend you use a safe water container.

EWG also has a 2011 report on their findings for pretty much all the bottled water distributors. They complain that most of these companies keep secret the contents of the water they distribute. EWG wants the EPA to start cracking down on these water bottlers to disclose the contents of their water.

All of this sounds like big business. Bottled water is probably a huge dollar industry. I am not exactly sure what to think about the EWG. Usually there is some underlying motive in groups such as this.

BitTorrent

2011-01-03T15:12:00.003-05:00

I confess that I do not know a lot about BitTorrent. So I picked up a dummies book about it at the public library. Here is what I learned.

BitTorrent traffic accounts for almost a third of all Internet traffic. That might be because it is suitable to transmission of large files. We are talking about Gigabyes here. The file sharing is distributed, which is different from FTP where there is one serving giving you the goods.

There is a lot of vocabulary in the BitTorrent world. A torrent is a small file containing the table of contents for a file. A leecher is somebody who has not downloaded the entire file yet. A seed, on the other hand, has the whole file and is sharing it.

A swarm is the set of leechers and seeds for a given file. Trackers are web server software packages that manage the interaction between seeds and leeches. Now down to a bit of technical data. BitTorrent uses ports 6881 through 6889 for its communications. So open up those ports in your firewall.

Chick Virus Writers

2010-12-29T21:42:00.004-05:00

I read this interview with a female hacker. She writes viruses and is a freelancer. She goes by the handle hh86. Credit to SPTH for the original interview.

So hh86 says that her friends really don't know she is a virus writer. Incognito. Nice. She is hard core in that she writes her viruses in assembly language. Writing with compiled languages is restricting for her.

Shrug for the 64 bit Windows platform is a virus she admires. She is author of the Delae family of viruses. These are ones with names that start with w32.

One of hh86's techniques is to obscure the entry point of her viruses. Unlike other virus authors, she does not do IRC much. She is in contact with antivirus peeps.

Look for a new zine to be released by hh86 next month.

Find Your Foe

2010-12-29T11:24:00.002-05:00

Continuing from my last post, I learned a few tricks by watching some video from DefCon 18. Everyone has a web browser. You can use the browser to deliver software to users.

FaceBook has a feature where the client checks whether a user's friends are online or not. This is just an HTTP request to FaceBook. Good stuff to know.

Here was the finale of the talk I watched. Create a web page with malicious code. Have a piece of JavaScript that inquires the MAC address of the user's router.

The MAC address is set in hardware. It cannot be changed. Once you have the user's MAC address, you can send it to Google. Then Google will tell you where the router is located geographically. Bamm. You can track the people who come to your web paged. Owned.

Cracking the FaceBook Session

2010-12-28T04:25:00.003-05:00

Just watched a 3 part series on YouTube. It was from DefCon 18. Dude was looking to exploit another guy on FaceBook. He noted that FaceBook uses PHP. And PHP is open source, including its session management code. When you log into FaceBook, you get a session which is nothing more than a random string.

The session string is stored as a cookie in your browser. PHP session creation uses a 160 bit string. It would take millions of year to brute force such a string. However you can study the properties of the string to narrow down the possible values it might contain. Then you can narrow down the bits that are truly random, and break down the door.

One part of the string is the IP address. You can grab this by sending a person to your web site. Another piece of the string are two random number seeded with the web server start time. Cause the server to reboot, and you will approximately know when the start time is.

So after narrowing down the cookie, our friend managed to narrow the random bits down from 160 to 20. Now 20 bits can be cracked in a few seconds. He measured that it takes on average 500k attempts to guess 20 bits of random numbers. Good stuff. Getting back to FaceBook, they actually use a modified version of PHP called Hip Hop. And after our boy figured out how to crack the session cookie, PHP was patched to make it harder to crack.

Maybe next time I will also go over how this dude can figure out where you are geographically located by hacking your router. I love it.

Phony Checks

2010-12-21T00:48:00.002-05:00

I just read this doozy of a story. It was from way back in 1995. A dude got a piece of junk mail with a $95,000 check in it. The check had the words non-negotiable written in the corner. So the guy goes to his ATM and deposits the check. 10 days later, the money is still in his account. A teller from the bank says the money is his since it has been over 10 business days and the check had not been returned. This is a synopsis of the Midnight Deadline.

The dude did some researching on check validity. The authority on this subject if the banking book by Brady. It states what a check needs in order to be valid. Just because a check has the words non-negotiable on it does not make it invalid. So the guys thinks about trying to get the $95k out of his account in cash. But that is a big process because banks usually don't dole out so much cash. Instead he gets a cashiers check.

Over a month later, a security officer from the bank accuses the guy of fraud. However all checks are initially assumed to be valid. The bank must server the depositor a notice of dishonor in a timely fashion. This was obviously not the case with this guy (it had been over a month). The guy decides he wants to get the Wall Street Journal to do an article on him. It takes a long time for that article to make it to print.

The guy decides to put the story on his own web site. His bank account gets frozen. His ATM card gets confiscated. He tries unsuccessfully to reach the president of the bank. In the end, he winds up negotiating with senior counsel from the bank. He can't get any photographers in the bank on the day when he hands the cashiers check back to them. It is too bad he did not try to keep the money in the end. He had a good legal ground to stand on. If he did not want the money himself, he could have given it to charity.

Prison Break

2010-12-19T18:38:00.004-05:00

Let's talk about getting out of prison. No. I am not talking about breaking out. I mean serving your time and being released. If you remain on good behavior, you will accrue 54 days off per year. These can add up if you spend many years in the slammer.

You can normally serve the last portion of your sentence in a Community Corrections Center (CCC). This is a house out in the city. You get to work a job. But you must spend nights and weekends back at the house.

Do well at the CCC, and you may be able to serve the very end of your sentence under house arrest. After you are out, you must report to your probation officer frequently. Try to stay out of trouble. Sooner or later things will lighten up. Ok. I have been going over the highlights of what I know about the big house. Time to return to more hackology like coding mad apps.

Prison Life

2010-12-18T18:28:00.003-05:00

Here are a bunch of tips to guide your life behind bars. Don't threaten other prisoners. If you want to make an impressive, be like Nike and just do it. You know what they say. Actions speak louder than words.

When you do have a beef with another prisoner, don't involve the guards. That makes you seem like a snitch. Nobody likes a snitch. If your problem involves a guard, then you can submit a complaint.

Complaints against guards or other prison employees will take a long time for resolution. To maximize the chance that your complaint will be effective, keep it short and specific.

Finally let's talk about solitary confinement. You get put into "the hole". It is a small area. Most everything is concrete, except your toilet and bed, which are steel. It is cold in there. The food you get fed is minimal and also cold. Normal punishments get you into the hole for 1 week.

Federal Bureau of Prisons

2010-12-18T00:52:00.003-05:00

There are a whopping six different levels of security in the federal prison system. A designator at the prison will figure out what level you start out at. Let's get into the different levels.

1. Minimum - This is for short sentence convicts. There is no fence to keep you in. If it is your first time, you will probably wind up here unless you were convicted of a violent offense.

2. Federal Correctional Institution - You are fenced in here. You got sharp stuff at the top of the fence to prevent you from climbing over.

3. Medium Federal Correctional Institution - There are extra guards on duty here. Inmates are serving long sentences. You don't get to move around as much compared to the lesser security prisons.

4. High Federal Correctional Institution - More oversight by guards. Less movement by inmates. Very long sentences served by inmates.

5. United States Penitentiary - The real bad guys are kept here. You cell mates will be murders and such. They don't use a fence to keep you in. There is a very high brick wall surrounding the prison. If you make it in here, you may get roughed up bad by other prisoners.

6. Supermax - Also known as Max. You are always stuck in your cell. If you need a shower, you get a sponge and some water. If you must leave your cell, you are cuffed and escorted by a lot of guards.

Surveillance and Defending Yourself

2010-12-15T14:48:00.002-05:00

If the Feds need hard evidence on your, they can do a wiretap. This requires a court order. It is also expensive to operate. There are some devices you can buy that detect whether you are under surveillance.

Before sentencing you meet up with a probation officer. That title is a bit misleading. Their job at this point has nothing to do with probation. They write up a report which is supposed to be a comprehensive profile of you. Make sure you have your lawyer present during this interview.

Lawyers cost a lot. If you cannot afford one, your best bet is to study up yourself. This is good advice even if you must rely on the public defender. Buy a couple of the great books such as The Prisoners Self Help Litigation Manual. You should also pick up Federal Sentencing Guidelines, as well as Federal Criminal Codes and Rules. You got to lean the rules of the game before you can play ball.

Jails and Sentencing

2010-12-14T14:42:00.003-05:00

Not all jails are created equal. County jails are rough. You might spend some time there before you get sentenced. State prisons are also hard core. In general it is better to go to federal prison.

Here is the trade off. If you do serve time at a tough state prison, you will most likely serve a shorter sentence. The federal prisons are better to be in, but you will probably spend more time there.

Let's switch gears and talk about how to handle yourself when you are charged. Don't say anything. Speak only with your attorney. Anything you say will only count against you.

If people do snitch, the only ones that benefit are usually the first ones to talk. So if you are going to be a rat, do it early. I don't recommend it though. Providing useful information to the FBI might get you a sentence reduction. Hope for upwards of half your sentence eliminated. In reality you will only get about a third of your sentence chopped.

Bail and Sentencing

2010-12-13T11:32:00.002-05:00

Much of your court success will depend on the skills of your attorney. Here is a hint. You should not use the public defender. Instead you got to hire your own lawyer. The problem is that they will cost you a whole lot of cash. We are talking $100k or more.

It is good to know a lot about the laws and court yourself. Here are some tips if you are going to sign a plea agreement. Try not to sign away your right to an appeal. Later you might find a way to lesson your sentence. Have a list of issues you can appeal ready during your sentencing. Bring these issues up at sentencing. Follow through by filing a notice to appeal. Do this quickly after your sentencing.

There are some factors that might extend your sentence. If you are highly skilled, and your used those skills to hack, you get extra time. Now let's talk a little about bail. You get locked up as soon as they come to collect the evidence and yourself. In general, you do not get released on bail. That is a low probability event. If you do make bail, it can take weeks to process the bail papers.

Prison Guidance

2010-12-10T15:01:00.003-05:00

I just read a huge file on what to do when you get arrested for hacking. It was written by a dude who served 42 months in the pen. Some advice was common sense. For example, try not to pick enemies. However there was some advice that shows true insight. You should not join a group or gang. It will only count against you.

Get ready for the press to lie about you. Trust no one. You are probably being arrested because you allowed somebody else to know what you were doing. If you do get caught, you had better have studied up. It might reduce your sentence by half or more.

After you have been convicted of some crime(s), they will calculate the duration of your sentence. Here is the freaky thing. The length of your stay will not only depend on the crimes you have been convicted of. It might might also include other crimes that were not even brought forth against you.

Get a lawyer. The best bang for your buck will be one that specializes in sentencing. It would be best if you knew the United States Sentencing Guidelines (USSG). Don't put your hopes in beating the Fed. They have a 95% conviction rate. Try to minimize the damage and your time in the slammer.

Doomsday File

2010-12-07T13:47:00.002-05:00

Scotland Yard has arrested Julian Assange. He is cofounder of Wikileaks. Britain plans to extradite Assange to Sweden, where he is wanted for sexual misconduct crimes. Assange is an Australian citizen. The judge in Britain says this has nothing to do with Wikileaks. However the Wikileaks servers are located in Sweden. Hmmm.

What I find most interesting is Assange's "insurance policy" against being apprehended. He has widely distributed a doomsday file. The file is named "insurance.aes256". It supposedly contains a bunch of secret info that has not been released to the public yet.

Assange warns that if he gets detained, the password to this file will be distributed and chaos will ensue. The file itself is 1.4G large. Who knows what goodies are in there. The way things are going with his Swedish case, I bet we are about to get the next large dose of Wikileaks mania.

TSA Body Scanners

2010-11-19T14:32:00.002-05:00

The TSA is now requiring airplane passengers to submit to a full body scan machine. Supposedly a TSA employee in the back room will view the images. Passengers did have the ability to opt out of the scan and receive a pat down. However the new TSA policy is to give you the full feel up during this pat down. Madness has ensued.

You know this is wrong when even the pilots are complaining about the new procedures. They worry about the radiation from the body scan. And some pilots hate being felt up when they opt out. Don't you love it when the TSA comes up with crazy rules like this?

When I fly, I will just obey and go through the scanner. So what if some chump in the back gets to see my privates. I don't want nobody feeling up my junk. The rest of the American public may not be willing to take this any more though.

Making it in Prison

2010-11-18T11:49:00.002-05:00

I just checked out the latest issue of Phrack magazine. This one is issue 67. Inside the thing, they refer to it as issue 0x43. Ha ha. Put your numbers in hexadecimal huh?

The best article this month is "How to Make it in Prison". It seems to be written by an insider with insider knowledge. Here is a summary of the tips:

* stay clean
* do not join a gang
* fight those who challenge you
* hide all personal info
* do not do favors without payment

You really should check out the Prison article yourself if you plan to do any hard time.

DDoS Wars

2010-11-17T17:49:00.002-05:00

This is too funny to be true. Hackers from the 4chan site declared war on Tumblr. Their goal was to launch a denial of service attack on the rival web site. Their weapon of choice was the Low Orbit Ion Cannon (LOIC). The LOIC is a prog that you can use to flood a web site. The source code is actually available on SourceForge.

The funny thing is that you should be able to set up a filter to block any effects from the LOIC. Well any web site worth their salt should be able to defend against such child's play. Tumblr decided to launch their own counter offensive. They called upon their members to blast 4chan. The end result of this war was that both sites went down hard. LOL. You got to love some of the propaganda each site used to rally their users to join in the DDoS battle. This is great stuff if you are looking for a chuckle.

Canoe from Plywood

2010-11-16T11:30:00.004-05:00

I just read a sweet instructional on how to build a canoe out of a single sheet of plywood. This thing is a working floating canoe. Sure anybody can slap a thing together out of a sheet of plywood. But this one was designed so that an amateur can actually float in it and not tip over.

The bad boy goes over trade offs involving thick and thin plywood. He then goes on to give you the specs to build the darn thing. He also gets technical on how to maximize the boat size without making it unstable. Check out his main page on other boat construction skills. Tight.

Making Money

2010-11-08T11:02:00.003-05:00

It is all fun and games to get technical and figure things out. But you got to eat right? How much can you realistically make in the security industry. Let me tell you this much. You got to get a government security clearance. That opens all kinds of doors, including the high pay.

Real security admins make between $70k to $90k. And these are the normal mid level peeps. I am not talking about the senior administrators. Mid level admins top out around 6 figures. These are real wages being made by real people I know.

It almost makes you want to drop the programming game and get into cyber security.

WireShark Skills

2010-10-28T22:28:00.002-04:00

I read a blogger bragging that he snuck into a building. He avoided the security cameras. He got off the elevator but could not enter the floor. Instead he pulled out his laptop, ran his WireShark app, and sniffed some wireless network traffic.

This dude was proud that he captured all kinds of info on the computer sending the network traffic over the air. A lot of people thought this guy was a n00b, because what he did was nothing special. I disagree. I give him props for using WireShark to extract meaningful data from network traffic he was not familiar with.

I know another guy that tried to show that he could capture the HTML code for a web site, even if the web site programmer tried to prevent it. This other dude installed a copy of WireShark, installed the prerequisite Win P-Cap software, and booted up WireShark. He knew exactly what he was looking for. He only captured the traffic on his own box. However he was still unable to capture the HTML source code for a web page.

This second guy considers himself the ultimate hacker. Guess not. The moral is that WireShark, while powerful, requires some skills to operate. I should know. I used it before to do some password risk analysis. That is a story for another day. However I do respect the guy who could run WireShark on random wireless network traffic and figure out what was going on.

Hacker Book List

2010-10-19T18:24:00.002-04:00

I just went through this massive list of hacker news books. Wow. Where are I going to get the cash to purchase a bunch of these goodies? I mean they don't carry most of those at the library. Anybody know a good way to get sought after books for cheap?

Well here are some of the books off the list that I have read. Check out Code Complete by Steve McConnell. It will tell you how to write code the right way. Then there is the Mythical Man Month. This is useful if you are writers code with a bunch of other people (on a team). One book a buddy of mine just got is How To Win Friends and Influence People. Dale Carnegie wrote this one way back when. It is timeless.

Next is Debugging by David Agans. I wrote a blog post about this one. Then I put some random book cover image in the post. The author emailed me complaining. Sheesh. Good book anyway. Another book on the list is The One Minute Manager. Can't say I remember much from the read. You might as well skip it.

A good one is The UNIX Programming Environment. I just consulted this book last month when working on a UNIX project. Good stuff. I read Dive Into Python because I got a free copy. Don't remember much about it either. Finally I checked out Getting Real by 37Signals Corporation. That one was free too. You might want to check it out if you are starting up a company on your own.

Happy reading.

D.C. Voting Hackage

2010-10-07T22:27:00.003-04:00

The District of Columbia subjected their online voting system to penetration testing. Some college kids hacked the thing in about a day. Doh! Part of the voting process was to upload a file which got encrypted.

Guess how the hack worked? The students could name the file their were uploading whatever they wanted. Turns out they embedded UNIX commands within in the filename. This allowed them to run whatever commands they wanted. The result was that they totally owned the web server.

LOL. They are trying hard to spin this pwnage. Luckily this was not a system for everybody in the nation's capital to vote online. It was just an absentee ballot voting system. People like the troops overseas have to vote through absentee ballot. I hear they are still going to use this system to distribute ballot electronically. However you will have to print out the form and mail it back. Can't have any more server hackage going on in Washington DC.

Browser Tab Speedup

2010-09-10T14:36:00.002-04:00

I read about a tech dude who opens a lot of tabs in his browser. He then keeps them open for days. The only problem is that this causes lots of performance problems in his system. He had an inexpensive computer. So he decided to build one on his own to support his strange browsing habit.

Dude's parts came out to $1300. That's a lot of dough for a PC. He spent a lot on a solid state disk drive. It is supposed to be very fast. He figure that Windows uses the drive for virtual memory. So it must be ultra fast. He is very pleased with the performance of the beast. He also got a lot of the latest ran. He sprung for a top of the line CPU.

A lot of people commented that the guy could have switched to using bookmarks instead of tabs. The dude wanted fast access to the data. Another reader thought he could save the web pages off to disk for immediate recall. That still did not sit well with the dude. I thought I opened a lot of tabs. But heck, this guy takes the prize. I guess he did the right thing as long as he is happy. Personally I don't got $1300 to spend on mega browser tabs.

Difuze by Rrola

2010-09-08T14:51:00.003-04:00

The hacker who goes by the handle Rrola has done it again. He produced a 256 byte intro called Difuze. We are not talking about 256 kilobytes of code here. It is just 256 bytes. This blog post is is probably a lot more than 256 bytes.

I found this gem while reading Reddit. The thing runs in DOS. It has a lot of interesting graphics, with music to boot. The easiest way to experience this program is to watch the YouTube video of it.

So how did Rrola pack such a brilliant changing graphics display in just 256 bytes? He has a set of partial differential equations that govern how the graphics should look. They are rules referred to as the Gray-Scott reaction-diffusion. Thus the name Difuze.

The reason these graphics are cool is because they simulate 2 chemicals interacting with each other. The system also adds back the chemicals as they are consumed. It is like something that occurs in nature. Great stuff. I salute you Rrola. Keep em coming.

Malvertising

2010-08-26T09:12:00.003-04:00

The new entry point for attacking the enterprise is the web browser. Bugs in web browser implementations allow hackers to exploit your users. You know what Google says? The browser is the new operating system.

It is difficult to lock down web browsers. Hackers are injecting malware in advertising. This process is being coined malvertising. It is simpler than trying to get a user to download and execute a file.

The injection of malware ads is also pretty simple. You just put together a real ad which has the hack embedded in it. You don't need to take user a web site. Allow the web site to come to you to serve up your ad.

How do you stop such a malvertising attack? You can make sure you users are not administrators of their machines. You can also disable the technologies that allow the attacks to work. This includes JavaScript and ActiveX. The only problem with these extreme measures is that it may impact legitimate user activities.

Tweaking Vista

2010-08-25T13:18:00.002-04:00

My friend's Windows Vista computer is slow. I have gone through some general steps to get the thing running fast. Let's now go over some last ditch specifics to speed things up.

The theme is that you should disable anything that might take up extra CPU resources, and thus slow things down. Turn off any fancy visual effects. Turn off disk performance monitoring. Disable user account control (UAC).

Clear out your Internet Explorer browsing history. There might be tons of stuff in your web browser cache. And if you are using Firefox as your default browser, install FasterFox to help it run better.

Turn off any Windows services you don't need. This one is a little tricky. You don't want to make Windows crash. However every service may be configurable to run at startup. If you can identify some that you definitely don't need, disable them.

Finally you can fine tune your page file. This is a big file on your disk that acts as virtual memory. Make this file be on your fastest disk if you have many physical hard drives. Set the size to a fixed large size. Normally Windows can manage this for you. However if you have a lot of free disk space, make it big and constant size.

If you follow all my advice from the last couple posts, I bet you can get some old hardware running Windows Vista lightning fast. Good luck.

Windows Optimization

2010-08-24T13:00:00.002-04:00

How do you make a Windows machine run fast? There are a couple themes. One is to ensure that unnecessary programs are not running. Another is to make sure the system is optimized.

If you have spyware running on your system, it might slow it down. Run a spyware removal program like AdAware.

When Windows starts up, it runs a number of programs that you have configured as startup items. Execute msconfig from the Windows command prompt. Then uncheck any startup programs that you don't want to run. This will get your system faster in booting and running.

Another way to prevent spyware or bloatware from running on startup is to uninstall the stuff. Go to Add/Remove programs from your Control Panel. Get rid of anything you don't use. The uninstall will normally take the items out of the startup path.

Then there are some system optimization tricks you can try. Defragment your hard disk(s). Turn off indexing on your hard drive. Get programs out of your system tray. All the items I mentioned so far could increase your performance significantly. Maybe I will do one more post with some very special techniques.

Making Windows Fast

2010-08-23T11:47:00.003-04:00

A friend of mine was complaining how slow their computer was. It was taking around 5 minutes to copy a file locally. That did not sound right. He was running Windows Vista. Luckily I have never ran that version of Windows. How do you make such a beast run faster? It seems to be a black art.

To start with, I have heard that you should have at least 1GB of RAM to run Windows Vista. And it always helps to have more memory. But I doubt that is the specific cause of this slowness. Another hardware option I read about was to get a faster hard drive. Upgrade from a 5400rpm drive to a 7200rpm one will give you some gains. That also did not seem to be the root cause.

I plan to review how Windows works, and what might make a system slow. Then I can try these things out on this machine.

Rubik's Cube

2010-08-16T00:37:00.002-04:00

A friend recently got a bunch of Rubik's cube, as well as a solution guide. I decided to try the cube by myself. Did not want to "cheat" and read the solution. That initially got me 1 side solved. Got lucky and solved a second side. I figure it is time to analyze this thing and come up with some techniques to solve the whole thing.

One good start is to get one side solved. However that is not enough. Each side adjacent to the solved side must also have the common squares in the correct order. That way you can solve a second or third side without having to move the pieces on the first side. That's the way I want to proceed with my hack. I want to figure out a way to manipulate some cube faces without messing up a side that I have already solved.

Blogger Start Page

2010-08-13T17:18:00.002-04:00

I like using Blogger. They give you free unlimited blogging abilities. However I had a problem with it recently. The start page where you log in was always being displayed in Chinese. WTF? I always view my pages in English. This curse just would not go away.

Logically Google must be storing some Chinese language preference somewhere. Should I get rid of all my cookies? Or is there some other secret place where they stored the language? This questioning was getting me nowhere.

Then I found out a trick of my own. I forced Blogger to display in English. From then on, the Blogger start page always shows English. I consider this a Blogger bug. But hey. The thing is free so I won't complain too loudly.

FaceBook Infio

2010-08-02T00:52:00.002-04:00

So 171 million FaceBook names and profiles have been captured and put into a text file. You need BitTorrent to download the files. Let me tell you. The files are huge. I spent a number of hours downloading the torrent.

The text file with the URLs of all the profiles grabbed was so huge I could not open it up. I downloaded a few programs to see if they could open up such a massive file (10Gig). The only one I found that worked was called UltraEdit. This program costs $60 for the full version. Strangely enough there was a cracked copy of UltraEdit available as a torrent. I used the 30-day trial version to spy on the FaceBook profiles.

My next idea is to stuff all these URLs into an Oracle database. Then I will run a program that browses the profiles to see what nice info I can grab. The profiles sometimes show the user's FaceBook friends. That might provide even more profiles. A brute force crawl of the profiles could take a couple years. Might need to put an army of machines on that task. I will start with a few trial runs, and keep you posted.

FaceBook Profile Leak

2010-07-31T20:45:00.002-04:00

Hacker Ron Bowes used a scraper to grab the name and profile URL of 171 million FaceBook users. You might think he would sell this information. But he did not. Instead he blogged about it on the Scull Security blog. He also uploaded the data in text files as a 2.8 gigabyte torrent to the Pirate Bay.

Bowes used a script that interrogated the Facebook public profile directory. All of this is publicly available data. Search engines like Google have access to this information already. You can tell whether your data is publicly available on FaceBook by seeing whether "search for me on FaceBook" is set to everyone in your settings. You can also see whether "enable public search" is checked in your settings.

I am going to download this large torrent and see what this data is all about. Probably will just get usernames and URLs. Then perhaps I can write a small program that scrapes the profiles and builds up my own database. Not sure if I have enough bandwidth, disk space, and processing power to do that. We shall see.

WikiLeaks Disclosure

2010-07-27T23:57:00.003-04:00

It seems WikiLeaks is the big story these days. I read about them on the front page of my local paper. There were links to their recent disclosure all around the web. What they did was post a massive amount of classified information about the war in Afghanistan.

I downloaded all the data from WikiLeaks and am still waiting to be impressed. It seems that what they have is a whole lot of small reports of incidents. There is more formatting than actual content there. You get a blurb about some Afghanistan incident. You have counts of if anybody got killed. And they tag whether it was friend or foe.

In my mind, I was thinking there would be some juicy details of being there in the war. Instead I got a huge amount of small entries which were initially classified by the government. Maybe I will uploaded all this data to a database. WikiLeaks makes it easy by providing scripts to uploaded the data. However I still think I will not be wowed by their data. All they show is that there is a source willing to give them classified government information. The actual data is a bit boring. Next.

Old School Hacking

2010-07-17T22:56:00.003-04:00

Check out a book online called Hackers : Heroes of the Computer Revolution. This book covers monumental events from the hacking world of the 1970's and 1980's. Let's look at the topics of some of the chapters.

Of course they need to talk about the Homebrew Computer Club. It was a meeting for electronics hobbyists. They first met in 1975. The meeting was held in a garage in California. Apple cofounder Steve Wozniak attended.

Woz gets his own chapter. He build his own computer before personal computers were around. It was based on the Motorola 6502 processor. Of course Woz worked with Steve Jobs back in the early days.

The book talks about the origins of Altair BASIC. It was created by Microsoft ihn the early days. The thing was immediately pirated, causing Bill Gates to write a letter to the thieves. This is the BASIC that was involved in the creation of the now defunct Doctor Dobb's Journal.

BitTorrent Contest

2010-07-13T01:30:00.002-04:00

BitTorrent is sponsoring a contest. You got to design an app that uses their software development kit. The SDK is restrictive in that you can only code in HTML and JavaScript. The top prize is a grand and prime app placement.

Hey. I bet anybody could use an extra thousand for toys. However I cannot imagine you making any money off an app for BitTorrent. These users are trading files for free. They want stuff for free. If you try to sell the app, somebody is going to get ahold of your app and trade it for free.

Still I find this an interesting challenge. Too bad I am concentrating on learning how to write applets in Java right now.

Ideas From War Games

2010-07-09T22:01:00.000-04:00

I am watching War Games 2, the movie. Started out looking like a serious B movie. There are no real stars in this thing. However there are some interesting ideas in there.

The government put a type of war games on the Internet. This game offered real cash for people who could get to level 5. However those who made it got targeted for surveillance.

The problem was that the computer that tried to get players and track them got smart. This program is called Ripley. Too bad it did not need human intervention.

I did get a few laughs out of the main character doing some hacking. He gained the trust of his neighbor. Then he used his neighbor's online banking account to "borrow" some cash.

The main character also dealt with stolen credit cards, and also some prepaid phone cards. The dude liked playing online games. He also was a true to heart hacker.

Robin Sage

2010-07-08T15:29:00.002-04:00

Some time ago, a woman named Robin Sage started appearing on social networks. She was supposed to be in her twenties. She was supposed to have worked for the Naval Network Warfare Council. As you might expect, she was getting connected with military personnel.

The online persona looked good. Her picture was hot. She was allegedly a grad of MIT. And she interned at the National Security Agency. It turns out this profile was fabricated. A hacker put it together as part of an experiment.

The funny thing is that the online persona networked with military top brass. She even got some job offers extended to her. The tragedy is that, through her military contacts, the hacker was able to get a lot of information about troop movements in Iran and Iraq. Nice.

A nice picture, and some early assumptions, caused the scam to pick up momentum. Luckily some skeptics dug deep and discerned the sham. Beware who you meet online. Often they are not who they seem.

Face Camoflage

2010-07-02T23:38:00.003-04:00

I just read a blog post at SocialBeat on techniques to disguise your face from recognition software. People be posting their image to the web on sites like FaceBook. And there is software that is growing smart at figuring out who you are just from your picture. This is kind of like a Big Brother future. But the software is only so smart. A little mask can throw the software off track.

Now nobody is saying you need to make sure you go out looking like cat woman. You can maybe just touch up your face using photoshop before you post it online. Then you can remain below the radar from the image trackers online.

I think what we really need is some type of image processing which can mask your face from the image processing, but leave it looking the same for humans. Sounds like a good research project. You could start with the actual facial recognition software. Then you could try out different subtle hacks to the image to make it confuse the software. Or you could reverse engineer the code in the facial recognition software, and find its weakness. That's even better.

Government Agency for Cyperspace Identity

2010-06-28T14:05:00.004-04:00

The United States Federal Government and a number of entities in the private sector have drafted the "National Strategy for Trusted Identities in Cyberspace". Their goal is to secure cyberspace. This effort is a direct response to the increasing amount of identity theft and online fraud going on each year. Last year there were over 10 million occurrences of identity theft. Ouch.

This proposal recommends creation of an Identity Ecosystem. There should be an authority to authenticate digital identification. Participation is supposed to be mandatory. The new system will be built with interoperability in mind. That means everything works with everything else like ATM systems do with cash. The proposal is for this not to be all done by the government.

People do not seem to have control over their personal info any more. And there are other problem plaguing people which will not be solved by this initiative such as malware. However the president is to designate a government agency to lead this effort. The proposal goes out of its way to clarify that they are not talking about a national ID card. This is a digital problem requiring a digital solution.

Topsites

2010-06-24T23:19:00.003-04:00

Like most folks, I have friends that download movies from BitTorrent sites. Personally I don't have much experience getting movies from such sites. However I did read a story about topsites.

Topsites are secret web sites that share pirated stuff like movies and software games. These aren't normal peer to peer sites like Kazaa. These are open to a limited amount of people in the club. You need to be on their list to get access to the sites.

Getting movies and such onto topsites is not easy. They only want the high quality stuff. That requires high tech and expensive hardware to rip movies. But you do get some bragging rights when your stuff is downloaded by everyone.

Spying on Cell Phones

2010-06-23T00:09:00.001-04:00

I was reading some interesting blog today. Then I saw some ads on the site. I clicked through one ad to find a big web page on a product that let's you spy on someone else's cell phone usage. The marketing sounded too good to be true. I wondered whether such a hack could actually exist. Perhaps it is some type of blue tooth device hacking. You ever hear of blue snarfing or blue bugging? I seem to have studied this stuff in school a while ago.

Let's get back to the features of this offer. You can listen in on another person's calls. You can read their text messages. You can also track them via GPS. You can view their contact list. And you can see their photos. All of this is supposed to be undetectable. These are alleged features. I am not sure whether I belief them or not.

This functionality is supposedly not limited to cell phones. It works on any blue tooth enables devices like laptops as well. Law enforcement uses these techniques as well. This works on any phone. You do not see evidence of this on the target's phone. You do not see any apps on the target phone. Nor does it consume much memory. All the data collected fits in megabytes, even after a year's worth of recording. There is different software to install on your phone based on your model. Nothing is logged on the target phone. It is an all software solution.

There are some bonuses with this deal such as how to catch cheaters, how to use spy gadgets, and how to get the truth. Those are the names of the bonus products. These products include detailed info on dirty tricks, covert surveillance, spying via web cams, lie detection, and mind games. I almost would go for this deal just for the bonuses if I could trust them. The whole thing costs $99. If I had more cash, I would try going for this. But if something sounds too good to be true, it most likely is. This might be a hack to get my credit card number and leave me with nothing. Still I can dream that such a broad tool set of capability actually exists out there. Anybody want to give this deal a try?

Meet Phiber Optik

2010-06-21T18:05:00.004-04:00

This post is going to be something of a history lesson. I just finished reading a book about the hacker gang Masters of Deception. One of the main characters in the book is Mark Abene. In the late 1980's and early 90's he went by the handle Phiber Optik.

Phiber Optik starting computing on a TRS-80 MC-10. This is a little home computer from Radio Shack that was essentially a scaled down version of the TRS-80 Color Computer. I know because I started out on a Color Computer I (CoCo 1), and later graduated to a CoCo 3. Once Phiber Optik got a modem, he was off to the races.

Phiber Optik initially started making claims that he was a part of the hacker gang Legion of Doom (LoD). The thing is that you cannot will yourself into that group. You needed to be voted in. Luckily the members unanimously voted him in due to his skills and exploits. Some of these exploits results in Phiber Optik getting raided by the Secret Service back in 1990. This is weird. I thought the Secret Service just guarded the president.

Phiber Optik was only 17 years old when he first got raided. He was just a junior in high school. This did not end his hacking career. There are different stories of how it happened. But he eventually got kicked out of the Legion of Doom. He then went on to form a new group - the Masters of Deception. It was a play on the LoD. This was the MoD.

All the founding members of the MoD were eventually brought up on charges by the New York grand jury. Mark held out the longest. All the other members pleaded guilty to the charges to avoid too much jail time. One of the members turned on the others and cooperated with the authorities. These guys were so very interesting that I might do some more history reporting and let you know more about them.

The MOD

2010-06-20T23:55:00.002-04:00

I finished reading the book Masters of Deception by Michelle Slatalla and Joshua Quittner. The book chronicles the lives of the main members of the hacking group Masters of Deception (MOD). The group's name is actually a play on the Legion of Doom (LOD), which was a rival hacker group.

The book itself was a good read. It was hard to keep all the hackers straight, given that they all go by handles. Some hackers have multiple handles given the system they are on. The thing that annoyed me about the book was that there was no Table of Contents. Well I am going to rectify that. Here is the table of contents I would have created for this book:

Prologue - AT&T Crash
Chapter 1 - Scorpion
Chapter 2 - Phiber Optik
Chapter 3 - Plik
Chapter 4 - New York Telephone
Chapter 5 - MOD
Chapter 6 - Corrupt
Chapter 7 - The Learning Link
Chapter 8 - Raided
Chapter 9 - Alfredo
Chapter 10 - Fifth Amendment
Chapter 11 - Tymet
Chapter 12 - MODNET
Chapter 13 - Parmaster
Chapter 14 - Broker
Chapter 15 - Grand Jury
Chapter 16 - Plea
Afterward - 2600

I recommend you get this book and read it. The thing gives you a good feel for who these people are. I might go over some of the hackers revealed in this book.

Windows Help Center Vuln

2010-06-20T00:56:00.001-04:00

Tavis Ormandy discovered an old vuln in Windows Help Center that allows an attacker to run an arbitrary command on your machine. This only applies to older operating systems like Windows 2003 and Windows XP. Tavis alerted Microsoft to the problem. Then he went public with his info.

The real hack here is that people are making a big deal about Tavis being employed by Google. Supposed reported are making it look like Tavis reported the hole to Microsoft and immediately shared the zero day with the world before Microsoft could patch the hole. Imagine that. Reporters are hacking security consultants with their stories. What will they think of next?

You can find a lot of technical details on the original vulnerability from SecLists. They even disassemble the Windows Help Center executable code, and show you how the arbitrary commands can get through the parsing. That is some deep stuff.

Masters of Deception

2010-06-19T00:03:00.004-04:00

A buddy of mine bought me the book Master of Deception. It chronicles the exploits of some young hackers from the 1980's. One of them is the famous Phiber Optik. I have heard this name before. And I thought he was some ominous hacker. Indeed he might have been. But the book paints him as a teen that stayed up all night trying to figure out phone systems. That is not the thug I expected him to be.

The book annoyed me a bit. There was no table of contents. That does not help me get a feel for what I am reading in each chapter. When I finish the book, I will come up with my own proposed table of contents for the book and post it here. Okay? For now I really do like the insight into the lives of the kids that cracked the phone system, as well as the authorities that pursued them.

Plane Protection

2010-06-12T23:33:00.003-04:00

Here is a smart idea I have read about. Suppose you need to fly, and want to transport something of value. Sure you can carry it on board and keep it close. But maybe you want to check it in. How do you make sure it has the best chance of making it to your destination? You pack it with a gun.

This is the scoop. You need to declare that you are checking in a package with a gun. Then you sign some forms. The package then gets priority handling and storage during the flight. That is understandable. Who at the airline wants to be responsible for a gun checked in disappearing? I like this idea. Except you need to carry a gun and bring it to the airport.

The more sensible approach might just be to Fed Ex your item and insure it. That way the shipping company has a financial incentive to make sure you package arrives without being tampered. It is a little more hassle than checking a package. However it may give you more peace of mind that bringing the gun along on the flight.

Secure Voice and Texting

2010-05-29T13:33:00.002-04:00

I just read about tow new apps that run on Android to secure your cell phone communications. They are Red Phone and Text Secure. You will be able to view the source code for these apps. It is limited to the Android platform, and for calls in the USA only.

Red Phone is an end to end encryption solution for voice calls. It uses ZRTP encryption developed by the dude who brought you PKZIP. This is a VOIP implementation. So the calls do not use up your cell phone minutes. Instead you communicate over Wifi or 3G. It uses SMS to initiate the calls.

Text Secure uses the Off The Record protocol. All messages are stored in an encrypted database on your phone. Messages are compressed and sent via SMS. This technology is based on the NSA Suite B standard. That is the same one used for Top Secret government communications. So you know it is secure.

High Performance Graphic Card Computing

2010-05-28T13:16:00.003-04:00

There is a hot trend out there to get high performance from your code. Run it on your graphics card hardware. Nvidia has released their CUDA architecture which let's you do this easily. You write your code in the C programming language, along with some extensions provided by Nvidia.

You need a GeForce style card to use CUDA. The card itself has a number of multiprocessor. Each multiprocessor has a bunch of cores on it. The cores handle different threads executing in parallel. This can give you 10 times the performance of your normal CPU.

Nvidia distributes both a toolkit and software development kit for the Linux platform. You also need the gcc compiler. CUDA comes with a cudart runtime. You set up what CUDA calls kernels that run in separate threads on different cores. You use the local multiprocessor memory which is faster than your main system memory.

You probably already have sunk some cash on a nice video card. If you had chosen the Nvidia card and run Linux, you can take advantage of some very high performance GPU programming.

Penetration Testers

2010-05-27T10:01:00.003-04:00

Once you think your systems are locked down, you should probably get somebody to try to break in. Normally you imagine hackers from the outside breaking in. However the truth is that the intruder may be somebody on the inside. Or an attacker can have some help from somebody on the inside. So your security tests need to take this into account.

You are going to want the guys who disguise themselves and try to physically gain entry to your systems doing your tests. I read a funny story the other day. A guy left a bunch of USB flash drives around. More than half of them were picked up people and used. They got a surprise when the guy's software automatically ran on their machines. People are just not too careful.

Just like you have internal software test teams, you could also have an internal penetration tests team. These guys are called the Red Team. But it is best to use somebody from the outside. Just make sure you are not hiring a criminal, even if they are "reformed".

Frame Busting

2010-05-22T16:03:00.002-04:00

I read a detailed paper on how popular web sites perform frame busting. There are web site attacks like clickjacking where the site uses frames to trick users. The attack goes like this. The site uses a frame to make you think that you are running on the real web site. Instead you are seeing the real web site, but are on the hacker's frame. Web sites try to prevent this by detecting whether you are on their site, or in an unscrupulous frame.

The frame busting technique is normally some extra JavaScript on the real site to detect the frame problem. This technique is not normally used on every single page on a web site. It is seen on login screens. Hackers are trying to bypass the frame busting techniques. For example, when they enclose their site in double frames, the prevention sometimes fails. So how can you combat such frame hacks on the Internet?

Your code can check the domain name. But that can be tricked away as well. You can play some tricks with some overlay HTML elements. However those are not fool proof either. What you really need is some support from the browser. IE8 has defenses against clickjacking. So does Mozilla. But you have to employ these defenses in your code. You also have to have users with the right browsers to take advantage of it. The paper I read recommended that you do some HTML hacks of your own to hide content if your pages are found to be framed.

Hackers Wanted

2010-05-21T10:24:00.002-04:00

Word on the street is that the documentary "Hackers Wanted" has been leaked onto the Pirate Bay. This documentary features people such as Woz (cofounder Apple Corp), Kevin Rose (founder of Digg), and Adrian Lamo. More on Adrian later. The documentary is narrated by actor Kevin Spacey.

In case you do not know, the Pirate Bay (also know as TPB), is a web site hosted in Sweden. It is a big bit torrent site. You got to register to access the porn on it. They run Linux, Lighttpd, PHP, and MySQL to provide the site. It seems to always be in the news for controversy. The place got raided by police back in '06. And last year they got taken to court. The site is supported by ads.

The most interesting part of the documentary seems to be the coverage on Adrian Lamo. To tell the truth, I had not heard of him before this documentary. This guy used to be a grey hat hacker. He hacked big corporations, identifying security holes for free. They called him the Homeless Hacker because he roamed around. His is most known for hacking into the New York Times, adding himself as an expert source in their database. They prosecuted him for that, and he got 6 months confinement, 2 years probation, and a heft $65k fine. The dude has since gone on to college, and is now a journalist.

I will leave with a funny story about Adrian Lamo. They wanted him on the NBC Nightly News. He was asked to demonstrate his skills. So he proceeded to quickly hack the NBC Network, upon which he was escorted out the building. LMAO.