Acidus wrote:
] StankDawg wrote:
] ] They kept Kevin Rose? ?:-/ I never had cable to even see
] this
] ] show, so this doesn't really mean much to me. Why would
] they
] ] do this anyway? How do they plan on running a tech channel
] ] without people?
]
] A later look at this guys blog shows that Kevin and Sarah are
] no longer hosting the show either. Kevin is now simply
] generating content for the show (mainly his Dark Tips Stank,
] so you and I are going to get jacked more it seems).

I expect it. But just for grins take a look at his list of upcoming "dark tips" for December posted on his web site:

*** snip ***

UPDATES UPDATES - Hey everyone, here are my segments for December:

- 11/30: Dark Deals - the latest tech deals and steals on the net.

- 12/01: TVB-GONE - a small keychain device that turns off any television. (great for sports bars when your team is losing)

- 12/02: Hide your Data - creating hidden data compartments out of normal household items.

- 12/03: DIY Vodka - turn cheap vodka into top shelf (previous post on this site).

- 12/06: Surf Anonymously - the latest software to keep you hidden online.

- 12/08: Destroy All Data v3 - the latest ways to destroy your data.

- 12/13: Dark Deals - the latest tech deals and steals on the net.

- 12/15: Hack your Cell - some great hacks for your cell phones.

- 12/16: DIY Beer Kit - Brew your own beer from home.

December is a strange month due to vacations etc. Expect to see my best stuff come January.

*** snip ***

Sooooo.....

---

Dark Deals? How is using coupon codes and hitting up shopping sites = hacking?

12/01 - TVB-gone, already been talked about in our forums and many other online places since it was announced. Decent topic, but he will act like he invented it or something. I predict he will actually go into a store or sports bar and do a video clip of him turning off the TVs with his "1337 hax0ring skillz".

12/02 - Ummm.....yeah.... WTF is this a "dark tip"?

12/03 - see 12/02

12/06 - I just did an episode on BRR of proxy servers last week. But this is a common topic anyway, so no biggie.

12/08 - Again, long time topic but coincidentally (or is it??) this has been a long running thread with ideas being discussed in the binrev forums. Let's see if he jacks any of the specific ideas from posts in that thread.

12/15 - Vague much? What are you going to do...put one of those holographic stickers on the face and call it hacking?

12/16 - see 12/03

---

So there you have it. Nothing new or unique and even if he DOES come up with something new and unique, it will be something that someone else did that he will take credit for.

RE: Alex Albrecht: TSS is DEAD...

] Hackers are training within our borders in how to
] participate in terrorism. By staying silent, we condone
] it.
] BY ARA C. TREMBLY

] The criminal activity I%u2019m pointing to is hacking,
] the unauthorized computer system break-ins that may
] result in anything from some annoying graffiti on a Web
] page to data theft to extortion demands from those who do
] the breaking.
]
] And how is such activity promoted? Believe it or not,
] hackers have their own trade shows and conventions, and
] the programs read like something out of Kafka.
]
] Take, for example, The Fifth HOPE (Hackers on Planet
] Earth) convention held this past July in New York. The
] event, now apparently in its fifth incarnation, is
] sponsored by 2600, a magazine devoted to hackers and
] their activities.
]
] Perusing the program for the conference, one sees a
] session on the IBM AS/400 system that promises %u201Cto
] show where %u2018interesting%u2019 data can be found and
] where possible weaknesses are in the system.%u201D The
] course is taught by one %u201CStankDawg%u201D (obviously
] his real name) who is alleged to be %u201Ca senior
] programmer/analyst who has worked for Fortune 500
] companies and large universities.%u201D He also is the
] founder of The Digital DawgPound, a hacker group. Maybe
] he works for your company right now.

Beware the evil that is StankDawg. A couple of points:

1) This came out in November, a full 5 months after the conference.
2) It is apparent by the way this was written that the author didn't even attend the conference or listen to the audio panels. IF so, they would have made comments about my appearance or quoted from my presentation itself. Instead they simply copied the text from the web site.
3) His defination of hackers at the top of the article is dead wrong. It will be hard to convince them any different if that is their definition.
4) My presentation specifically stated NOT to break into machines without permission. I started off with a comment that this was about LEARNING and PROTECTING systems. The goal was NOT TO teach how to break into an AS/400 and that was stated on the first 2 slides!

So the thing is, I know that people will write their anti-hacker articles. I saw some other reviews of me saying that "StankDawg is on the prowl" and how hackers are the bad guys. I am not naive. But this is the first time anyone has out-and-out called me a terrorist. I like to think that I am one of the "good guys" in the hacking scene. Apparently, I am not. :(

Technology Decisions

] Hack to the Future
]
] For Him Magazine
]
] December 2004
]

FHM magazine has an article on Defcon in the December issue. This link contains scanned pages from the issue, which I will read before I go and BUY it from the shelves.

C4I.org - Hack to the Future - FHM 11/04

] TSS is DEAD...
]
]
] Well I've officially been let go... along with a bunch of
] other people from TSS and three other shows. Kevin and
] Sarah are the only ones left on screen and I don't know
] what they are planning to do with them. The Screen
] Savers as you know it is GONE! We were rounded up today
] at 11am and told to be out of the office at 3pm... very
] smooth... So I wanted to take this time to say, Thank
] you... thank you to all of you who gave me the chance to
] enter your living rooms five days a week and try my best
] to make you smile. You, the fans of TSS, really made me
] feel like a million bucks. I know it was hard for some
] of you to see Patrick go, but I really appreciate you all
] giving me a chance. I just wish I could have more time
] to get to know you all...
]
]
] It has been one of the best experiences of my life...
] Thank you...
]
]
] - Alex Albrecht

They kept Kevin Rose? ?:-/ I never had cable to even see this show, so this doesn't really mean much to me. Why would they do this anyway? How do they plan on running a tech channel without people?

Alex Albrecht: TSS is DEAD...

Acidus wrote:
] I got a reply from Jeff today about his C/C++ article. My
] comments are at the end
]
] From: Jeff Duntemann (jduntemann - @ - copperwood.com)
] To: Acidus (acidus@yak.net)
] Date: Tue, 9 Nov 2004 09:50:57 -0700
] Subject: Re: C/C++ responsible for Buffer Overflows
]
] Billy--
]
] Thanks for writing. The kicker isn't the C language per
] se--when I write C it looks (and works) pretty much like
] Pascal, which everybody in the C world seems to hate. The real
] problem lies in two areas:
]
] 1. The C "I can do anything I want or I'll hold my breath
] until I turn purple!" culture. Getting C programmers to adhere
] to coding standards is pure hell.
]
] 2. The standard C library. There's no real reason to use the
] string functions as they currently exist. There are numerous
] other functions (and rewrites of the canonican C string
] functions) that have built-in protections against overflows,
] e.g. strncpy(), strncmp(), and snprint(). My favorite is:
]
] size_t strlcpy (char *dst, const char *src, size_t size);
]
] This isn't part of standard clib, but if people used it, we'd
] see a LOT less of this sort of thing. The fact that people
] DON'T use it tells me that down on the front lines,
] programmers really don't care about buffer overflows. This is
] the C culture again. I'd really like to see a total rewrite of
] clib, with an eye toward preventing what we now know of hacker
] exploits. The damned thing is what, 25 years old now? I think
] it's way past time for an overhaul. But when I suggest it,
] you'd think I was saying we should torture newborn kittens.
] The truth is that C and clib are inseparable in the current C
] culture. To me, that means that we have to dump both.
]
] I agree that an executable stack is a bad idea--but it's
] easier to change CLIB than to make a major change in existing
] hardware. Since we're unlikely to be able to change clib, I've
] been pushing for managed languages like Java and C#.
]
] Lots of things to do today so I'll have to stop here. Again,
] thanks for writing and good luck.
]
] --73--
]
] --JD--
]
] While I agree that programmers will always make mistakes,
] there is a balance between smart languages and smart people. I
] choose requiring smart people every day, because besides
] performance issues, a language that is too smart can prevent
] an experienced coder from doing what they need to do. By
] Jeff's logic, a seg fault is the languages fault, because the
] language didn't prevent it. Some languages, such as Java and
] C++ allows for users to catch and handle errors, which is a
] nice compromise to an all out smart language. If you compile a
] C program using g... [ Read More (0.2k in body) ]

RE: Jeff Duntemann responds to my email

] WPA Cracking Proof of Concept Available
]
]
] We warned you: short WPA passphrases could be
] cracked--and now the software exists: The folks who wrote
] tinyPEAP, a firmware replacement for two Linksys router
] models that has on-board RADIUS authentication using
] 802.1X plus PEAP, released a WPA cracking tool.
]
]
] As Robert Moskowitz noted on this site a year ago, a
] weakness in shorter and dictionary-word-based passphrases
] used with Wi-Fi Protected Access render those passphrases
] capable of being cracked. The WPA Cracker tool is
] somewhat primitive, requiring that you enter the
] appropriate data retrieved via a packet sniffer like
] Ethereal. Once entered, it runs the cracking algorithms.
]
]
] Remember that to crack WEP, an attacker has to gather
] many packets, possibly millions, but can then easily
] crack any key. For WPA, certain shorter or
] dictionary-based keys are highly crackable because an
] attacker can monitor a short transaction or force that
] transaction to occur and then perform the crack far away
] from the physical site.
]
]
] The solution to this WPA weakness involves one of three
] approaches:
]
]
] Choose a better passphrase: Pick passphrases that aren't
] entirely comprised of dictionary words, meaning they need
] some random nonsense in them. "My dog has fleas": very
] bad. "Mdasf;lkjadfklja;dfja;dfja;d": very good, but hard
] to type in. Passphrases should be at least 20 characters.
]
]
] Use randomness to choose a passphrase: A random
] passphrase of at least 96 bits and preferably 128 bits
] will defeat the cracking that Moskowitz wrote about,
] according to his paper. Tools like SecureEZSetup from
] Broadcom and AOSS (AirStation One-touch Setup System)
] from Buffalo are two automated ways to produce better
] passwords of this variety.
]
]
] Use WPA Enterprise or 802.1X WPA: Deploy
] enterprise-based authentication which will allow a strong
] WPA key to be uniquely assigned to each user. This isn't
] as expensive as it once was. The TinyPEAP folks are
] pushing their method, but you can also turn to Interlink
] Networks's LucidLink product (for on-site control),
] Gateway Computer's 7000 series of access points with
] on-board PEAP service, and Wireless Security
] Corporation's WSC Guard, available from them directly or
] for certain Linksys models via Linksys.

Wi-Fi Networking News: WPA Cracking Proof of Concept Available

] MP3 files are being created for our panels. Watch this
] website as new files are made available every Friday.
] Click on "L" to download a local copy to store on your
] machine, or click on "S" to stream the audio. Video
] copies of all panels will also be available from our
] online store.

They just added 25 new audio files of presentations. I recommend "hacker radio" by slipmode (with an appearance by yours truly). Also there was something called "when corporations attack" by some other people that are very familiar with memestream regulars. ;)

The Fifth HOPE - 25 presentations up

] The first man in the US to be indicted for launching
] denial-of-service attacks has made the FBI's 'most
] wanted' list after going on the run
]
]
] The FBI has added a new kind of criminal to its most
] wanted list -- a man on the run accused of hiring hackers
] to damage the businesses of his competitors.

Suspected hacking mastermind on 'most wanted' list - ZDNet UK News

] The default install of Windows does not prompt for a
] password to be created for the primary user. It also is
] set to auto-logon, even after Service Pack 2 is
] installed. This means, for a default install of Windows,
] anyone can walk up, type "del /F /S /Q *", and your
] system will be hosed. Ubuntu, like most Linux
] distributions, set up a password for the primary user
] right away during installation. The primary user's
] password is required to do anything beyond the single
] users's environment, so why a user may screw up their own
] files, they won't destroy the system (which may contain
] tools which allow them to recover their files).

Kiosks and public terminals beware!

hohle. post

Rattle wrote:
] An online database of what switches control what NPAs. Useful
] if you want to see what company any given number block is
] assigned to. For instance, if you have a number xxx-yyy-zzzz,
] you can lookup the xxx-yyy portion and see who its assigned
] to. Due to number portability, this isn't an authoritative
] way to tell who is currently using a given number, but it
] might yield a clue about where it started.

I missed this stream until today...this is a site run by DDP member ntheory who has a lot of additions coming to the site soon. some of them are the AOl bot that allows access to the sites functions via an IM client which comes with most cel phones. This gives a multitude of information at your fingertips while "phield-phreaking".

It also soon to be tied into another project called YAPL (Yet another Payphone List) which will include payphone information that people have submitted from around the world.

ntheory is bringing the binary revolution to phreaking. Just like the slogan says, "despite what you may think, phreaking is not dead."

RE: BellMind.net Phreakery Tools