Archive | September, 2007

TJX (T.J. Maxx and Marshall’s) Largest Breach of Customer Data in U.S. History

Your website & network are Hackable


This case has been going on for a while but obviously hush hush, being that it is the largest breach of customer data in U.S. History. The details of the case have only started emerging in the last couple of months.

Information Week published a good article covering what has been going on recently.

Amazing the amount of data we are talking about here, 45 million customer records!

TJX will be glad when this year is over. The $17 billion-a-year parent company of T.J. Maxx, Marshall’s, and several other discount retail chains has spent the past eight months dealing with the largest breach of customer data in U.S. history, the details of which are starting to come to light.

Last December, TJX says it alerted law enforcement that data thieves had made off with more than 45 million customer records. Since that time, at least one business, Wal-Mart, has lost millions of dollars as a result of the theft, while TJX has spent more than $20 million investigating the breach, notifying customers, and hiring lawyers to handle dozens of lawsuits from customers and financial institutions. Should TJX lose in the courts, it could be on the hook for millions more in damages.

But there’s an even broader TJX Effect: The data breach, which actually took place over a period of years, has put the entire retail industry on the defensive and stirred up demands for all businesses that handle payment card information to do a better job of protecting it. Legislators are invoking TJX’s name to fast-track data-security bills.

Years? That’s scary, how can something like this happen? I can’t blame the retail industry for being shaken up. Credit card information does need to be safeguarded.

I hope legislation is approved to hold companies that leak data like water in a sieve, they should be fined some big cash and made to compensate every consumer that was negatively effected by fraudulent use of their credit cards.

Poorly secured in-store computer kiosks are at least partly to blame for acting as gateways to the company’s IT systems, InformationWeek has learned. According to a source familiar with the investigation who requested anonymity, the kiosks, located in many of TJX’s retail stores, let people apply for jobs electronically but also allowed direct access to the company’s network, as they weren’t protected by firewalls. “The people who started the breach opened up the back of those terminals and used USB drives to load software onto those terminals,” says the source. In a March filing with the Securities and Exchange Commission,TJX acknowledged finding “suspicious software” on its computer systems.

The USB drives contained a utility program that let the intruder or intruders take control of these computer kiosks and turn them into remote terminals that connected into TJX’s networks, according to the source. The firewalls on TJX’s main network weren’t set to defend against malicious traffic coming from the kiosks, the source says. Typically, the USB drives in the computer kiosks are used to plug in mice or printers. The kiosks “shouldn’t have been on the corporate LAN, and the USB ports should have been disabled,” the source says.

A pretty basic attack eh? Can you believe they were so negligent in setting up the kiosks? They virtually allowed full access to their corporate network!

Public resources should never have access to the same segments critical data are stored on…this is basic stuff!

They also owned via open Wifi networks in Marshall’s stores…sad eh?

Source: Information Week


Posted in: General Hacking, Legal Issues

Tags: , , , , , , , , , ,

Posted in: General Hacking, Legal Issues | Add a Comment
Recent in General Hacking:
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,169,162 views
- Hack Tools/Exploits - 624,521 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 433,536 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


httprint v301 – Web Server Fingerprinting Tool – Download

Find your website's Achilles' Heel


I was looking through my toolbox to see what else is useful and I came across this one, httprint – the only caveat is that it’s a little out of date. It still does a good job though.

httprint is a web server fingerprinting tool.

It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database.

More details on how httprint works can be found in the Introduction to HTTP fingerprinting paper. It is printer-friendly.

Main Features

  • Identification of web servers despite the banner string and any other obfuscation. httprint can successfully identify the underlying web servers when their headers are mangled by either patching the binary, by modules such as mod_security.c or by commercial products such as ServerMask. Click here to see an example of how httprint detects disguised servers.
  • Inventorying of web enabled devices such as printers, routers, switches, wireless access points, etc. Click on the sample HTML report.
  • Customisable web server signature database. To add new signatures, simply cut and paste the httprint output against unknown servers into the signatures text file.
  • Confidence Ratings. httprint now picks the best matches based on confidence ratings, derived using a fuzzy logic technique, instead of going by the highest weight. More details on the significance of confidence ratings can be found in section 8.4 of the Introduction to HTTP fingerprinting paper.
  • Multi-threaded engine. httprint v301 is a complete re-write, featuring a multi-threaded scanner, to process multiple hosts in parallel. This greatly saves scanning time.
  • SSL information gathering. httprint now gathers SSL certificate information, which helps you identify expired SSL certificates, ciphers used, certificate issuer, and other such SSL related details.
  • Automatic SSL detection. httprint can detect if a port is SSL enabled or not, and can automatically switch to SSL connections when needed.
  • Automatic traversal of HTTP 301 and 302 redirects. Many servers who have transferred their content to other servers send a default redirect response towards all HTTP requests. httprint now follows the redirection and fingerprints the new server pointed to. This feature is enabled by default and can be turned off, if needed.

You can download httprint here (version 301 released on 22/12/05):

Win32 – httprint_win32_301.zip

Linux – httprint_linux_301.zip

Or you can read more here.


Posted in: Hacking Tools, Network Hacking, Web Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,978,068 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,420,033 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,929 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Gentoo Pulls the Plug after Getting Pwned

Your website & network are Hackable


Gentoo Pulls the Plug after Getting Pwned

Gentoo pulled quite a few of it’s servers recently following the discovery of a fairly severe flaw in it’s systems.

Just to show that Linux systems aren’t invulnerable and immune to all security issues.

Ubuntu suffered quite heavily recently too, so don’t assume just because you use Linux you’re safe.

Admins with the Gentoo Project say they have disconnected major parts of its website a week after discovering it could be vulnerable to a command injection attack that allows bad guys to remotely execute code on the machine.

At time of writing, users trying to access Gentoo Archives and at least seven other areas of Gentoo.org got a message saying they were unavailable. Gentoo pulled the server hosting the sections “to prevent further exploitation and to allow for forensic analysis,” according to Gentoo’s homepage.

The words “further exploitation” and “forensic analysis” suggest the server was pwned, but Gentoo assures us the damage was minimal.

Not to say Linux is intrinsically unsafe either, you are definitely safer using Linux than Windows, especially if you don’t spend all your time using root.

Just be wary.

Members intend to rebuild the server and will also perform a security audit on source code for packages.gentoo.org, which is the service containing the injection vulnerability. According to this advisory, the vulnerability allows the remote execution of code by attaching a semicolon to the end of the URL, immediately followed by the command an attacker wants to run. The bottom of the page will then display the output of that command.

Gentoo’s advisory comes a week after Ubuntu unplugged five of its eight production servers following the discovery they had been so badly compromised that they were being used to attack other sites. Turns out the systems, which were sponsored by Canonical and hosted by the community, were running an old version of Ubuntu. Tsk, tsk.

The irony is…Gentoo servers are hosted on Ubuntu, old versions of Ubuntu with flaws!

Source: The Register


Posted in: General News, Linux Hacking

Tags: , , , , , , , ,

Posted in: General News, Linux Hacking | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,393 views
- eEye Launches 0-Day Exploit Tracker - 85,537 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,842 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


aircrack-ptw – Fast WEP Cracking Tool for Wireless Hacking

Your website & network are Hackable


WEP is a protocol for securing wireless LANs. WEP stands for “Wired Equivalent Privacy” which means it should provide the level of protection a wired LAN has. WEP therefore uses the RC4 stream to encrypt data which is transmitted over the air, using usually a single secret key (called the root key or WEP key) of a length of 40 or 104 bit.

A history of WEP and RC4

WEP was previously known to be insecure. In 2001 Scott Fluhrer, Itsik Mantin, and Adi Shamir published an analysis of the RC4 stream cipher. Some time later, it was shown that this attack can be applied to WEP and the secret key can be recovered from about 4,000,000 to 6,000,000 captured data packets. In 2004 a hacker named KoReK improved the attack: the complexity of recovering a 104 bit secret key was reduced to 500,000 to 2,000,000 captured packets.

In 2005, Andreas Klein presented another analysis of the RC4 stream cipher. Klein showed that there are more correlations between the RC4 keystream and the key than the ones found by Fluhrer, Mantin, and Shamir which can additionally be used to break WEP in WEP like usage modes.

The aircrack-ptw attack

The aircrack team were able to extend Klein’s attack and optimize it for usage against WEP. Using this version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz and can additionally be optimized for devices with slower CPUs. The same attack can be used for 40 bit keys too with an even higher success probability.


Countermeasures

We believe that WEP should not be used anymore in sensitive environments. Most wireless equipment vendors provide support for TKIP (as known as WPA1) and CCMP (also known as WPA2) which provides a much higher security level. All users should switch to WPA1 or even better WPA2.

You can download aircrack-ptw here:

aircrack-ptw-1.0.0.tar.gz

Or read more here.

Find an aircrack-ptw How To here.

Please note aircrack-ptw should be used together with the aircrack-ng toolsuite.


Posted in: Hacking Tools, Wireless Hacking

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Wireless Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,978,068 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,420,033 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,929 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Voting Machines Lose to Hackers Again

Your website & network are Hackable


I’m sure everyone remembers the Diebold voting fiasco with their system getting pwned multiple times. Back in May 2006 it was announced from multiple sources that the Diebold system was critically flawed.

Then more recently Hackers in the Philippines were Invited to Crack Internet Voting, which is definitely positive step to increase security in voting applications.

Now more recently it’s been announced that voting machines have lost to hackers again.

State-sanctioned teams of computer hackers were able to break through the security of virtually every model of California’s voting machines and change results or take control of some of the systems’ electronic functions, according to a University of California study released Friday.

The researchers “were able to bypass physical and software security in every machine they tested,” said Secretary of State Debra Bowen, who authorized the “top to bottom review” of every voting system certified by the state.

Thankfully this time they were state-sanctioned hackers and not black hats or anarchists. But it shows again the voting system are flawed, most likely the very architecture they are built on hasn’t been thought through properly.

Neither Bowen nor the investigators were willing to say exactly how vulnerable California elections are to computer hackers, especially because the team of computer experts from the UC system had top-of-the-line security information plus more time and better access to the voting machines than would-be vote thieves likely would have.

“All information available to the secretary of state was made available to the testers,” including operating manuals, software and source codes usually kept secret by the voting machine companies, said Matt Bishop, UC Davis computer science professor who led the “red team” hacking effort, said in his summary of the results.

Of course they wouldn’t publicly state how badly they’ve screwed up…but still it doesn’t look good.

The machines really should be de-certified, even though there was no probability analysis, or risk profiling. There are still flaws there and something needs to be done about it.

Source: SFGate


Posted in: Exploits/Vulnerabilities, Legal Issues

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Legal Issues | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,748 views
- AJAX: Is your application secure enough? - 120,100 views
- eEye Launches 0-Day Exploit Tracker - 85,537 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


LORCON (Loss Of Radio CONnectivity) 802.11 Packet Library

Find your website's Achilles' Heel


The LORCON packet injection library provides a high level interface to transmit IEEE 802.11 packets onto a wireless medium. Written for Linux systems, this architecture simplifies the development of 802.11 packet injection through an abstraction layer, making the development of auditing and assessment tools driver- independent.

Using LORCON, developers can write tools that inject packets onto the wireless network without writing driver-specific code, simply by asking the user to identify the driver name they are currently using for a specified interface.

The project goal is to create what libradiate could have been: A generic library for injecting 802.11 frames, capable of injection via multiple driver frameworks, without forcing modification of the application code.

Nearing 1.0 public release. Once FreeBSD support is incorporated, the first full packaged release of Lorcon will be made, stay tuned!

Supported drivers:

  • wlan-ng
  • hostap
  • airjack
  • prism54
  • madwifing
  • madwifiold
  • rtl8180
  • rt2570
  • rt2500
  • rt73
  • rt61
  • zd1211rw

You can find some more information here:

LORCON Man Page

You can get the latest code from SVN here:

Or read more here.


Posted in: Network Hacking, Programming, Wireless Hacking

Tags: , , , , , , , ,

Posted in: Network Hacking, Programming, Wireless Hacking | Add a Comment
Recent in Network Hacking:
- CapTipper – Explore Malicious HTTP Traffic
- SubBrute – Subdomain Brute-forcing Tool
- WAFW00F – Fingerprint & Identify Web Application Firewall (WAF) Products

Related Posts:

Most Read in Network Hacking:
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,420,033 views
- Wep0ff – Wireless WEP Key Cracker Tool - 514,315 views
- THC-Hydra – The Fast and Flexible Network Login Hacking Tool - 327,393 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Major Web Vulnerability Effects Yahoo, MSN, Google and More

Find your website's Achilles' Heel


I’ve seen this from quite a few sources so it seems it’s fairly legitimate, it seems all major websites have some flaws in the way they implement cookies meaning they are vulnerable to certain types of attack.

The only current solution seems to be using full time SSL or https connections full-time, if any of you use gmail you’ve probably noticed it forces all logins through https now, but reverts back to http after it’s done logging you in.

The change is due to this problem.

If you use Gmail, eBay, MySpace, or any one of dozens of other web-based services, the United States Computer Emergency Readiness Team wants you to know you’re vulnerable to a simple attack that could give an attacker complete control over your account.

Five weeks after we reported this sad reality, US CERT on Friday warned that the problem still festers. It said the world’s biggest websites have yet to fix the gaping security bug, which can bite even careful users who only log in using the secure sockets layer protocol, which is denoted by an HTTPS in the beginning of browser address window.

US CERT warned that Google, eBay, MySpace, Yahoo, and Microsoft were vulnerable, but that list is nowhere near exhaustive. Just about any banking website, online social network or other electronic forum that transmits certain types of security cookies is also susceptible.

It seems pretty serious eh? And it’s definitely related to cookies. It seems there are some workarounds which can alleviate the majority of risk but only Google has implemented them.

Not surprising eh?

The vulnerability stems from websites’ use of authentication cookies, which work much the way an ink-based hand stamp does at your favorite night club. Like the stamp, the cookie acts as assurance to sensitive web servers that the user has already been vetted by security and is authorized to tread beyond the velvet rope.

The thing is just about every website transmits these digital hand stamps in the clear, which leaves them wide open to snoops monitoring public Wi-Fi traffic or some other type of network. Once attackers have the cookie, they gain complete access to the victim’s account, and depending on the way many cookies are crafted, those privileges may continue in perpetuity – even if the victim changes the account password.

So just be careful what you are doing online and where you are storing your important data, because things might not be as secure as you assume.

If you are using Google Apps (Gmail) and Firefox you can use the CustomizeGoogle Add-on to force full-time SSL connections, I’ve done this for a long time anyway.

Source: The Register


Posted in: Exploits/Vulnerabilities, Web Hacking

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,748 views
- AJAX: Is your application secure enough? - 120,100 views
- eEye Launches 0-Day Exploit Tracker - 85,537 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


IPAudit – Network Activity Monitor with Web Interface

Your website & network are Hackable


IPAudit monitors network activity on a network by host, protocol and port. It listens to a network device in promiscuous mode, and records every connection between two ip addresses. A unique connection is determined by the ip addresses of the two machines, the protocol used between them, and the port numbers (if they are communicating via udp or tcp).

IPAudit can be used to monitor network activity for a variety of purposes. It has proved useful for monitoring intrusion detection, bandwith consumption and denial of service attacks. It can be used with IPAudit-Web to provide web based network reports.

IPAudit is a free network monitoring program available and extensible under the GNU GPL.

IPAudit is a command line tool that uses the libpcap library to listen to traffic and generate data. The IPAudit-Web package includes the IPAudit binary in addition to the web interface that creates reports based on the collected data. Using the Web package is recommended, as it gives you a slick graphical interface complete with traffic charts and a search feature.

You can download IPAudit here:

IPAudit 0.95 – Latest stable version of IPAudit

Or read more here.

You can also find a very good introduction to IPAudit by SecurityFocus here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,978,068 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,420,033 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,929 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Im In Your Leenucks Box Changing Your Password

Your website & network are Hackable


More hacker humour – this is a good one!

So I’ve been a professor at this ‘little school’ for a while now. I love my job. My classes contain students from all age groups. I have a few 17 year old high schoolers that are here because they are bored during the summer. I have a few seasoned folks that have IT experience. I also have a few people that are clearly here just for the three credit hours.

The classroom is set up in a ‘lab’ environment. Each student has a PC in front of them that netboots linux from a central box located near my desk at the front of the classroom. This setup works great because the students come into the classroom every day, power on their PC, and they get the exact OS load and lesson they need for our session. Not to gloat, but I designed it this way and I’m the envy of a few other professors *cough* windows instructors *cough*.

I have this one student that I’ll call “Pima”. Yes, that’s an acronym.

Pima is one of the 17 year olds in the class and considers himself an uber-hax0r. He constantly interrupts me during my lessons trying to make valid points that are somewhere between “WTF?” and “OMG YOU ARE NOT USING TEH DEBIAN!”. For those of you that listen to the podcasts and remember my story about training some folks over in another country and some dude put my kevlar vest over top his… well let’s say if we were in combat and this kid dropped his kevlar I think I’d dig a hole and bury it so he couldn’t find it.

This kid has the attention span of me at a Hooters restaurant. He’s always doing “something” on his PC during class. Most of the time he’s constructing poorly written bash scripts and trying to download stuff from an internet connection that really doesn’t exist. I didn’t say he was bright did I? Right.

One day recently we had a special saturday class that was very lab intensive. Right before the lunch break I informed everyone that I’d be going around to each PC and “breaking” something that they’d have to fix when they got back. Usually I do something silly like screw with their /etc/resolv.conf file, comment out some things in a service’s configuration file, or some other type of fun.

During the lunch hour I wander around and start breaking stuff. I get to Pima’s machine and I can’t login to the machine as root. My little uber-hax0r had changed the root password.

[Note from Scrap: All students have the root password to their workstations as part of their lesson]

Let’s keep in mind that this kid is NOT the ripest banana in the bunch by a long shot. Let’s think about this, shall we?

1) The PC neboots to an image. Changing the root password is effective for the current ’session’ only. I reboot the machine, I get a fresh load. Kapisch?

2) SSH is running on all of these boxes. Did I mention that I authenticate using a certificate to all of these machines? I don’t NEED the password.

3) In /etc/passwd, there’s this really cool user called (and I kid you not) “backdoor”. Backdoor is authorized for ’su’.

Curiosity was killing me. I tried to login as “backdoor” and sure enough it worked and I could issue commands as root. Duh.

I wandered back to my instructor workstation and ssh’d to his box as root with no problems.

I had a decision to make. Do I just reboot the machine and carry on? Or do I teach this kid a lesson?

Oh yeah, he’s getting a lesson.

I whipped out my microphone from my laptop bag and plugged it into my workstation. I recorded a few choice sound files and scp’d them to his workstation in a directory I made called “/tmp/…/lmao”.

I then made sure that ’sox’ was installed on the workstation. It was. I ran back over to Pima’s workstation and made sure that the speaker volume was turned to 75% on his speakers. Just to be a jerk I used my trusty pocketknife to pry the volume knob off of the speakers. There will be no adjusting these bad boys!

The clock said that I had half an hour left before the students returned, so I quickly returned to breaking the rest of the students’ workstations.

A half hour later it was show time.

The students filed back into the classroom. Pima was five minutes late as usual.

I instructed the class not to touch their keyboards until I gave them their instructions.

After I prattled on for five minutes with the assignment I sat back down at my workstation and acted like I was busy. I noticed that Pima had a big grin on his face after he logged into his machine with his root password. The grin said “haha you didn’t break MY stuff!”.

I brought up the xterm that was ssh’d into Pima’s workstation and issued the following commands:

$ cd /tmp/…/lmao
$ play haha1.wav

At that moment a loud booming voice commanded its way from Pima’s speakers:

YOU SHOULDNT HAVE CHANGED MY ROOT PASSWORD BOY!

There was dead silence in the room. Pima jumped back about half a foot from his PC.

Laughter ensued.

I glanced up from my screen and glared at Pima.

“Is there a problem? You should be working on your assignment and not goofing around.”

Pima squeaked out a “It wasn’t MEEEEE!”

I glanced back down at my screen and waited another few minutes.

I then issued this:
$ play haha2.wav

The class was treated to a very high-pitched chimpmunk version of “MY HUMPS! MY HUMPS! MY ITTY BITTY HUMPS!”

At this point the class was dying in laughter.

I continued with my straight man act.

“Pima, if you interrupt this class one more time I’m walking you out. Have some respect.”

He sat there and didn’t say A WORD.

A few more minutes go by and Pima is typing like a mad man on his keyboard trying to figure out what the heck is going on.

It was now time for “Le Finale Grande”.

$ play haha3.wav

Pima’s speakers blared the following in my own God-like voice:

“ATTENTION CLASS. THIS IS WHAT HAPPENS WHEN YOU DONT PAY ATTENTION TO THE INSTRUCTOR, CHANGE YOUR ROOT PASSWORD AND COMPLETELY DISREGARD YOUR ASSIGNED WORK. THAT IS ALL.”

At that moment Pima figured it out and was treated to his classmates (and me) laughing hysterically at him. He stood up, put his arms up in the air and proclaimed “YOU GOT ME. YOU GOT ME. OKAY.”

Pima has been a perfect gentleman since.

He even shows up to class five minutes early every day.

From: IT Tool Box


Posted in: General News

Tags: , , , , , , , ,

Posted in: General News | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,393 views
- eEye Launches 0-Day Exploit Tracker - 85,537 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,842 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Foremost – Recover Files From Drive or Drive Image AKA Carving

Your website & network are Hackable


Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive.

The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.

Originally developed by the United States Air Force Office of Special Investigations and The Center for Information Systems Security Studies and Research , foremost has been opened to the general public.

You can download the latest version here:

foremost-1.5.tar.gz

Or read more here.


Posted in: Forensics

Tags: , , , , , , , , , ,

Posted in: Forensics | Add a Comment
Recent in Forensics:
- Web Application Log Forensics After a Hack
- CapTipper – Explore Malicious HTTP Traffic
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response

Related Posts:

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,423 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 34,253 views
- OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool - 28,735 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95