Boosting Your Chess Skills


Recently I have read a few articles on how to quickly boost your chess ability. Hey I am always down for a shortcut. Well you can't get something for nothing. There is some work involved. However you can maximize your bang for your buck in studying.

One thing you got to do is manually analyze your games. Don't just let the computer do it. Record your moves and go back over them after your games. You also got to study up some exercises. There are a lot of books to help you do that. Practicing the basics can give you quite a boost.

Here is some advice that I found strange. Avoid studying openings. That is not a high return on investment type of study. Go figure. All I know is that I need to step up my game so I can put my chess computer program in its place.

Beware of Emily


Some bad boys came up with a plan to infiltrate a government security agency. They set up a fake social media profile of a hottie. They used some random good looking girl's photo. They also made it seem like she graduated from MIT. Her resume boasted 10 years experience in the industry. Poor government officials had no chance.

Emily started making virtual connections. Got some FaceBook likes and friends. Also got some LinkedIn love. It was not long before she was getting offers to help her cut through the red tape to get jobs at government agencies and commercial companies alike.

Did I mention that some emails sent from emily had viruses in the payload? Yep. Government computers compromised. What is a security professional to do? Guys cannot help themselves when they see poor Emily needing an assist. Social engineering at its best.

Wide Open for Attack


I switched over to a new router recently. Set up WPA-2 encryption on the wireless access. Don't want the neighbors stealing my Internet bandwidth. Then I had to move all my printer over to use the new router. I got a ton of printer. But I use three of them wirelessly all the time. Two of them are cheap Brother printers. The other is a color HP.

Turns out the easiest way to configure the printer network configuration is to connect to the printer over the network. Each of these guys seems to have a built in mini-web server. You just figure out the printer's IP address. Then you put that address in the browser URL bar. Presto. You are greeted with a tons of menus to control the printer.

Now changing the printer network configuration requires you to enter a username and password. The problem is that I never changed those passwords from the factory defaults. Doh. This is just like leaving the default passwords on my wireless routers.

Now I figure there can't be too much damage done if someone comes in and mucks around with my printer configuration. I could always press the button that returns them to their factory configuration, then lock them down. But why wait? Lock them up tight I say.

Operation Honey Pot


I have used the default SSID on my wireless router at home. Did not enable any encryption on the thing. The whole neighborhood could use it to access the Internet. The rest of the people in my home got irked that they had to share bandwidth with random strangers. I caved in and decided I would put a password on our connection.

However I decided to achieve the bandwidth goal using another means. I bought a separate router that had a secure connection. But I left my old router on. I bet there are lots of people using the old connection to get to the Web. Why not turn that router into a honey pot?

I still needed to keep the Internet connection open. First I figure I could just log who is using this open router. Then maybe I could start to spy on their traffic. Finally I could see whether I could reach back into their devices (computers) to poek around. This is going to be fun.

Perhaps I should google around to find some tools to help me with my exploits. Or I could just roll my own tools. That would be truly educational. Fair warning people. If you are leeching off a router with SSID linksys, you might be owned soon.

Cracking Cobalt Strike


I read an interesting article by Raphael Mudge, creator of Cobalt Strike. He explains how one could download the Cobalt Strike program and crack it. You can inject your own evil code into the install. Then you can post your results up on some site as a cracked version. Read all the details on his blog.

Part of the reason why this is possible is that he uses the Sleep scripting language in his solution. So you can modify his Sleep scripts to do some of your own work. I like how the guy freely comes out and explains how to do it. His software is, after all, a tool to help penetration testers. I do understand why people might want to crack his software. Prices start at $2500 per year per user. And that is the discounted price!

Choices of Edward Snowden


Every day I am hearing more details about Edward Snowden. He is the whistleblower that leaked information about the NSA spying on US citizens. Snowden previously worked for the CIA as a security guard. He most recently was employer by Booz Allen Hamilton, a government contractor. Snowden's worked on a contract for the NSA. There he found that NSA had set up the abiltity to track phone calls, emails, and who know what else with tech companies. Then he went public with the information.

Why did this guy do this? I think he only had a high school degree. Still he was pulling down a fat salary living in Hawaii, where he had a hot girlfriend. Now he is on the lam running from the US government. Is this guy some sort of patriotic hero? He did seem to give up a whole lot to expose the dirty deeds on the NSA. I guess he was fully committed to outing the government. You got to give the man credit for that. Now he is allegedly hiding in Hong Kong.

The real question is what is going to happen to the spy programs set up by the NSA? Tech companies like Verizon, Google, and FaceBook are already in bed with the NSA. The suspicious detail is that all these companies are under a gag order to ensure they do not cough up details of the access they have provided the NSA. Man are we moving in to a police state or what? Perhaps we have always been there, and Americans just want to ignore it at their peril. Myself included.

Operation Troll the NSA


In reaction to the latest evidence of the NSA spying on US citizens, somebody has come up with a plan to DDoS the data collecting machines. The pitch is to overwhelm the email and phone circuits on Wednesday with juicy keywords. You know, words like overthrow, blueprints, bomb and such. See the full script at Operation Troll the NSA.

Now the idea might sound interesting in theory. Overload the listeners. However I doubt it will have any effect. Since the NSA could detect that such a scheme was going on, they could explicitly filter out all the trolling. This is especially true if participants follow the exact script. However at least this is a start.

I did LOL that the only link on the trolling page was an Gmail contact link.

Car Jacked

Thieves have been breaking into and stealing cars as long as cars have been around. But now there is a new twist on the robbery. Most cars these days have keyless remotes, power locks, and security systems. Some high tech crooks are now using some strange device to remotely open your car doors. They sneak in without any fanfare. And they get away with your ride. Police are stumped as to what this device is. Fail.

Teenager Build a Sub


Justin Beckerman has just built a submarine. It cost him two grand. Took him six months to build. The sub goes 30 feet under water. It can stay submerged for over two hours. It is self propelled.

Justin had built subs before. They were not as advanced as this one. His last sub could only go down to a depth of 5 feet. The latest is a new and improved version. Now here is an engineer in the making. Dude is still in high school.

Reminds me of a guy I went to high school with. This guy built a robot. Then he upgraded it with rocket launchers. That thing was definitely not legal. LOL. The best part was that he controlled the robot with an Atari computer. Sweet.

Phone Charger Attack Vector

A couple of guys are gong to present a way to install malware on an iPhone at BlackHat 2013. Apparently Apple can install secret software using their charger. Now these guys can too. They built a cheap prototype that does just that. I can see how this would make it easy to infect an iPhone or iPad. People ask to use my iPhone charger all the time. I could just say, "No problem." Then I laugh as they get the payload.

I guess it just goes to show you that you can't trust anything these days. As a side note, there seem to be a number of talks addressing how to hack into mobile devices. It is not just limited to Apple products. This is probably due to mobile being hot right now.

Creating Your Own Cola


I just finished reading directions on how to make your own cola. This is called OpenCola. The ingredients are somewhat hard to find. There are dangers mixing and storing the ingredients. There are also hazards from choosing the wrong kind of ingredients. And it is difficult to get that fizzy carbonation. But it is possible to brew your own cola.

I know I spend a fortune on cola. That would be Coca Cola to be exact. I buy it frequently at fast food joints. And I get 12 packs of 12 ounce cans like it is water. I do try to buy that darn stuff when it is on sale. It would be nice to mass produce the stuff at a seriously wholesale price.

Might be time to set up my lab.

Get Cracking

I found an interesting puzzle posted by the FBI recently. It is a challenge to decipher some code. The code is a bunch of symbols. Heopfully each symbol is just a reference to a certain letter or character. The FBI was nice enough to show us where the spaces are in the words.

My interest is to see if I could maybe write a program to do the cracking for me. The symbols look like they each have nine positions. Those positions are sometimes occupied by a circle. When the circle is present, it is filled in with one of a few different colors.

Well I could scan in the picture with my software. Divide up the words by the spaces between them. Then identify where the circles are and what colors they contain. I could definitely represent this as something better that symbology with circles. In fact, assuming this is a simple substitution cipher, I would just want to represent each distinct symbol with a number.

Then I could perhaps do some sort of brute force deciphering. The software should know which letters occur most frequently in normal text. Then it could choose a mapping based on how often the letters show up in the encoded message. Then it could take each word using the current mapping, and see whether the words are in a dictionary.

The software, if fast enough, could iterate through all possible combinations of mappings. Then it could generate a score for each mapping based on how many words are spelled correctly accoring to a dictionary. The software would then present the translation for the highest scoring mappings to the user, who could make the final determination as to what makes sense.

Screen Scraping to the Rescue

I play this online game these days. It is a casual turn based game. Nothing heavy. It is a bit addicting. Occasionally I look to compare my progress against other players. There is a ratings board on the web site. But here is the problem. Every so often, I get a message stating that I visited the ratings board too often. Then I cannot see my rank. WTF?

This is a free game. So it is not like I am losing money. But this should not be that hard. There are around 1000 total players. At any given time, only 10 of them are online. How hard can it be to support a rankings page? Yeah they are probably querying a database, and sorting my character level and experience.

What? Are they running an Excel database LOL? I bet it is MySQL. And hello? Can you cache the data please? Performance problem solved. No charge. Time to take matters into my own hands. I hear the source code for the site is available. No need for me to whine. I should just implement the cache idea and demonstrate an elegant solution.

My first step was to get a snapshot of all the ratings screens. Next I am going to code up a parser to grab the raw data out of the HTML. Then I think I will import this stuff into my own database. Might not even need to do the caching if I tune the SQL correctly. For now I may just use a free Oracle database. I could just as easily use MySQL. I think I already have an instance running on my machine right now.

This is going fun. In the end, might even need to host the game on my own site. Pwned.

Errors Give me the Log

I was trying to read an article or a blog entry. Took a while for me to get to that tab in my browser. When I did, saw the following stack trace in the browser:

Traceback (most recent call last):
  File "/base/python_runtime/python_lib/versions/1/google/appengine/ext/webapp/_webapp25.py", line 714, in __call__
    handler.get(*groups)
  File "/base/data/home/apps/s~combemmu-hrd/1.366712374553545399/main.py", line 432, in get
    if self.blog(self.request.path[1:]):
  File "/base/data/home/apps/s~combemmu-hrd/1.366712374553545399/main.py", line 230, in blog
    posts = [BlogPost.get_by_key_name('p' + slug)]
  File "/base/python_runtime/python_lib/versions/1/google/appengine/ext/db/__init__.py", line 1275, in get_by_key_name
    return get(keys[0], **kwargs)
  File "/base/python_runtime/python_lib/versions/1/google/appengine/ext/db/__init__.py", line 1533, in get
    return get_async(keys, **kwargs).get_result()
  File "/base/python_runtime/python_lib/versions/1/google/appengine/api/apiproxy_stub_map.py", line 604, in get_result
    return self.__get_result_hook(self)
  File "/base/python_runtime/python_lib/versions/1/google/appengine/datastore/datastore_rpc.py", line 1450, in __get_hook
    self.check_rpc_success(rpc)
  File "/base/python_runtime/python_lib/versions/1/google/appengine/datastore/datastore_rpc.py", line 1222, in check_rpc_success
    rpc.check_success()
  File "/base/python_runtime/python_lib/versions/1/google/appengine/api/apiproxy_stub_map.py", line 570, in check_success
    self.__rpc.CheckSuccess()
  File "/base/python_runtime/python_lib/versions/1/google/appengine/api/apiproxy_rpc.py", line 133, in CheckSuccess
    raise self.exception
OverQuotaError: The API call datastore_v3.Get() required more quota than is available.


Yum. What is all this good stuff? Guess maybe too many people were viewing the blog entry? I got a good view of some of their directory structure. Obviously they are using Python, and also Google App Engine. I wonder if they meant for me to see all this?

More importantly, is there anything I can do with all this information? Maybe I just got some insight that could come in handy. Just tried to refresh the page again. Still spitting out the stack trace. Something is hosed.

Hiding the Payload

Just read this interesting post on sneaking an Easter Egg into the Cucumbertown application. The source code was being watched by peer reviewers. So they had to get tricky. They wanted a song to play when they pressed the secret key combo. They hid the data for the song within an image. The tactic is nothing new. But I like the ideas behind using this to get past the watchguards.

Still not sure I understand how they hid the code that actually played the music. Maybe you can follow. Check out the original post on this early hack. Be warned. These peeps code in C#. Ouch.

Veti-Gel Stops Bleeding Immediately

New York University student Joe Landolina has come out with an amazing product. It is called Veti-Gel. It stops bleeding immediately when applied. We are talking about 10 seconds or less here. You apply it to the wound. It holds its own pressure. You don't need to press down on it.

The gel uses plant polymers to get the job done. Joe calls this platform technology. It also helps to start the healing process. It allegedly can stop the bleeding from punctured organs. Orignally this was called Medi-Gel. That name matches the one from the Mass Effect video game.

This obviously has military applications. Joe is trying to get a grant from the Department of Defense. The Army already has a similar product calls QuickClot that it uses. Hospitals use another product that is similar.

Right now Joe is trying to get approval from the Food and Drug Administration. They will start doing tests on animals next. Joe has filed a patent for this breakthrough tech. Obviously this need to go through a lot of trials. Others call this in the early stages. But damn. This is exciting stuff if it is for real.

Software License


I needed some software for a class I am taking. Thought I could just download the free version. Nope. The company took that version off the market. Okay. Let's price the commercial version. It costs $1000. WTF? That does not even include documentation or install media. They do have a lite version for $500. Also a fail. That's about how much my whole college course for the semester costs. What's a starving student to do?

My initial instinct was to head to the Windows registry. I had signed up for a free 30 day trial. Maybe I could hack that somehow. It was not obvious how to do that. Then I searched around for some license codes on the net. They were easy to find, and surprisingly, they worked. If that had failed, I would maybe have to resort to running a keygen. I always fear it would also leave some malware on my system though.

I told my instructor about the fail. He said that as an instructor, he might be able to get 1 copy of the software for free. But he was going to keep that for himself. He did share some ideas on how to extend the trial. He thought we could just keep resetting the system clock on our PCs. Our he thought the key might be stored in a browser cookie. That seemed weird since this is not a web app.

There was one piece of good news to go the legit route. My instructor said the company does provide a 30% discount to students. So the lite version costing $500, with a 30% discount, would be $350. That is still way too much money for the piece of software I needed. Sure it was good software. But it did not do that much. As a last ditch legit effort, I could talk my company into buying me a copy of the software. They have big bucks in their budget. And I am learning this stuff for work.

Pwn2Own Happening Now

I just heard about the Pwn2Own competition going on in Vancouver right now. It is taking place at the CanSecWest conference. The conference specializes in digital security. Hewlett Packard and Google are backing the contest with some sweet prizes. Prizes for pwning the latest version of browsers top out at $100k. Bamm.

This is not a new competition. It has been held in previous years. But Pwn2Own had previously focused on browser vulnerabilities. Now the goal has been broadened to include browser plugins. You got to break the latest version of the browsers running on the latest operating systems. And they got all the current patches installed.

You cannot work for HP or Google to enter. And yeah you got to be 18 years old at a minimum. You must be registered for the CanSecWest conference to qualify. Bad news is that it costs $2200++ USD to get into the conference at this late date. I guess this only makes sense if you were already planning to attend the conf. Then again, the high cost of entry might minimize the competition.

One cool thing about the compeition is that you get drawn at random to attack the machine and browser. Then you go to work to hack an exploit. You got 30 minutes to break in. Then you got to hand over all your details to collect your prize. Of course HP will pass the info on so the holes can be plugged. This is a legit opportunity.

The Case of Aaron Swartz

Aaron Swartz was 26 when he hung himself last Friday. He was a co-author of the RSS 1.0 specification at the young age of 14. He was also a cofounder of Reddit, from where he was later fired. Aaron dropped out of Stanford. He created web.py, a Python web framework.

Swartz broke into a network closet at MIT. He placed a computer in the closet to run scripts to download articles from JSTOR, which is a journal storage system. Swartz had downloaded almost 5 million articles. JSTOR did not pursue a case against Swartz.

The Massachusetts attorney picked up the case against Swartz. The trial was to start in the spring. Swartz was pleading not guilty. He was charged with wire and computer fraud under the Computer Fraud and Abuse Act. If found guilty, he could have served up to 35 years in jail. He also may have been liable for $1M in fines.

Swartz initially had access to JSTOR at MIT. Then they detected his massive downloads. At first, his IP address was blocked. He changed his IP address. Then his MAC address was banned. He changed his MAC address. Finally he got another laptop, broke into a network closet at MIT, and jacked into the network to download the files.

McAfee Surveillance

Previously I had heard about John McAfee going on the run from Belize police. That sounded a bit odd. He was allegedly a person of interest in the murder of his neighbor in Belize. This caused McAfee to go into hiding, claiming that the police were trying to silence him.

Recently I read that McAfee launched a surveillance campaign against police and government officials in Belize. He said that he got a bunch of new laptops. Then he installed some keyloggers on all the PCs. Finally he distributed the laptops free of charge to people of importance in Belize.

McAfee also hired a team of people to monitor the rogue laptops. He then allegedly recorded all kinds of wrongdoing from the subjects of his espionage. Perhaps that is why the law is gunning after him in Belize. If that is true, he better hope that they don't extradite him back to Belize. He might not last long in that scenario.

I do love the premise that McAfee used to put the laptops in the hands of high ranking Belize officials. Part of the draw was that the cost was free. The other vector he used was to have some hotties deliver the PCs to the dudes in charge. Smart. Apparently it worked.
Subscribe to: Posts (Atom)