Site Stats | Darknet – The Darkside

Comments Posted By zupakomputer

Displaying 1 To 30 Of 211 Comments

TJX Credit Card Hackers Busted – Largest US Data Breach

What jobs?! None over here. Not even those kinds where you get trained (from your own web surfing I mean, as issues arise) as-you-earn.

» Posted By zupakomputer On August 18, 2008 @ 11:00 am

I commented on this same story at a forum, and listed a bunch of vulnerabilities about cards in general and online banking. Then the guy that had posted it tried to claim I made up the vulnerabilities, and he said this kind of fraud would only be prevented by the US adopting a chip & pin on credit cards.
As if that would prevent it!

» Posted By zupakomputer On August 13, 2008 @ 4:57 pm

HD Moore’s Company BreakingPoint Suffers DNS Attack

I may have a dewy-eyed view of Malaysia but it must be hard picking a better holiday destination when you’re in a tropical paradise already! Iceland perhaps, something a bit different…..or it works out better cause you don’t have to travel at all, just holiday in the same country.

This DNS thing – what if you tried to complain to your ISP that their caching was poisoned, but their own website was redirecting to a fake ad site too……

» Posted By zupakomputer On August 6, 2008 @ 5:44 pm

July Commenter of the Month Competition Winner!

Navin, did you not get a PSP or an i-pod? I got a 50 quid Amazon cert through almost right away, but it doesn’t work on their in-stores or .com Amazon – only .uk, the one with no DVDs that I want. I’m just wondering, cause I remember other people posting they got loads of stuff so why did I only get one gift cert? Are they mailed out twice?

» Posted By zupakomputer On August 18, 2008 @ 10:54 am

What about if you can’t leave a server running at home – are there any free webspace sites that let you upload proxy scripts?
Or if you don’t have a static IP, has anyone tried the dynamic DNS services?

I was wondering also – what did anyone that won the commenter prize actually get? I remember you’d listed what you got Navin, but I can’t find what article it was on.

» Posted By zupakomputer On August 16, 2008 @ 2:30 pm

That’s just typical, neither of us have even half decent internet speeds, and millions of people do and they’re sitting there bandwidth-flooding the net with things like “[quotes entire 8 page thread while posting in that same 8 page thread, about nothing at all] yomg! here is 10 of my photos of the night out we just had yesterday that you were at: (10 X 1050×6000 targa followed by embedded unswitchoffable video of 200MB); it was superfun!!!!!!!!1″

» Posted By zupakomputer On August 10, 2008 @ 3:20 pm

I can’t! I’m on dial-up! I even did a big long comment here about why it’s too expensive for me to get broadband.

» Posted By zupakomputer On August 10, 2008 @ 3:01 pm

Hey, that ‘kit’ isn’t a kit – that picture on the site here of the box its supposed to come in doesn’t really exist!

» Posted By zupakomputer On August 9, 2008 @ 11:35 am

I wish I was Japanese though, then I could get to play Cave games in a real arcade / at all. And I could be running Raiden Fighters Aces on the XBox360 right now, having purchased it in store! Imagine that, a good reason to pay for XBox Live.

Didn’t notice the previous comments! – funny you say Albanian, cause I have a lot of Albanian family background.

Ont ja – ‘zupakomputer’ as in ’supercomputer’, by way of the TV dubs as mentioned. I must have been at the top500 site when I first posted a comment here.

» Posted By zupakomputer On August 6, 2008 @ 2:42 pm

gul – it’s a play on/reference to RTL TV dubs of old Superman episodes we used to watch, back when the only digital TV was BSBs DMac system; Sky used to come along with loads of European channels, and it was one of those amusing things when the advert came on for ‘zupa man’.

» Posted By zupakomputer On August 6, 2008 @ 11:24 am

Well thanks…….I didn’t know it couldn’t be won more than once, so I only noticed this justnow.

I mentioned this before, but in-the-flesh in meatspace I am a she not a he! I can’t work out if that’s just been missed or you thought I was kidding or am a tranny or something?!

» Posted By zupakomputer On August 5, 2008 @ 5:24 pm

UK Hacker Gary McKinnon to Fight Extradition

Well, Windows isn’t the most secure of OSs, there’s a right load of default settings that could be enabled or disabled that lead to compromises and exploits; it didn’t say in where I read if he could tell what Windows it was – but just for example if the clients were XP then remote desktop and other remote services are on by default.

Which of course doesn’t mean much anyway when admin accounts are freely available – I just meant that even a secured Windows does have a lot of potential exploits (and it’s just funny because big science places tend to use *nix’s or write their own OSs or run obscure ones. I mean even just the image processing areas he may have been searching – usually those would be linked with big visualisation workstations; remember only XP 64 lets you use more than 3.5GB ram, and it’s the same story with Vista, you need 64 ultimate…….so I don’t know if they were using Server or XP64 on client machines cause that little ram wouldn’t even be much use for doing touch ups at NASA level, esp. on bloatware OS that use it all for their desktops, lol). So do other OSs but they don’t tend to be as exploitable by skiddie methods.

btw to be fair, there’s a right load of freeware astronomy apps for Windows, that are damn good! But obviously for the beginner to amateur & hobbyist, like for garden telescopes and portables.

» Posted By zupakomputer On August 6, 2008 @ 3:05 pm

I think they want him tried in the US so nobody hears how he actually got into the systems and what he did.
True, leaving your door unlocked so anyone can get in doesn’t mean you are inviting them in -

but legally, if you had indeed left your door unlocked and were robbed for example, the insurance wouldn’t pay out would they.

He’s saying he scanned their systems and found admin accounts with blank passwords, which he used to go in their network and look at things like UFO files and pictures.

If I was representing this, I’d go for the angle that any system/network that is said to be that important that hacking it could cause terrorist type of damage – well how can anyone say that when they have open admin accounts.
That’s not a ‘oh it’s a new thing that no-one in security knew about until a hacker exploited it’ – it’s a ’so you didn’t actually secure one of the most basic of all things that is always secured by anyone, on any network that they don’t want others to access’.

» Posted By zupakomputer On August 4, 2008 @ 4:21 pm

Site Guesses Your Gender via Browsing History

hmmmmmmm. When I eventually found the site with the script – it comes up as an ‘unresponsive script’ for me and doesn’t work anyway.

Doesn’t anyone find it extremely fake-coincidence that the URL/URI is mikeonads? = my gonads, and it’s about gender identification….

» Posted By zupakomputer On August 1, 2008 @ 5:53 pm

JD: that is very like something else that has taken over every job and college / higher ed (and more besides) applications in the UK. ‘They’ always hand out question sheets that claim to be about Equal Opportunity Monitoring, and they contain questions on race, religion, nationality, gender, disabilities, and recently they’ve begun to add sexual preferences too.

It’s extremely disturbing, because they are asking for that information from everyone – while claiming none of that information matters! So why do they ask for it.

Why do they need stats on all those kinds of things, if those things do not matter to them.

It’s also very disturbing that they claim it is anonymous! It’s not – you have to hand it in alongside your name-and address (and all your other CV details etc) form, or in person. So anyone that wanted to see what was in the forms can just read it there and then when you hand it in, or they can file it along with your applications.

I used to just fill them out routinely, like everyone else; you’re instructed at school etc that it’s “normal”, but recently I have just been ignoring them entirely. Some people deliberately fill them out wrong – I think I might start doing that too. Put in ‘black male lesbian hare-krishna asian’ for example – they can’t say anything because they aren’t meant to be reading it!

» Posted By zupakomputer On August 1, 2008 @ 2:18 pm

Yeah, now they can waste their lives even moreso by making graphs and other visual aids up to assist in describing the effectiveness of why anyone would want to target anyone else, in the vague hope they might buy something off them.

They’ll probably create a whole new department just to produce booklets on the subject, none of which will actually convey any usable information, and all of which will feature the same photos as all the other companies use, all lit and composited in the same way.
But despite the dept. being new, any applicants for the jobs will have been expected to have worked in a similar place for at least three years.

And oddly, all the tangible wares you might be able to buy off them are all produced in sweatshops then end up on landfills later.

» Posted By zupakomputer On July 31, 2008 @ 4:54 pm

I agree (about the 1984 feel of it). It’s not so much that they are gathering stats; we all know the internet was put together by (amoung others) the US military in the first place – it’s the way they think about using the information they gather, and how they are ok to categorise people into behavioural patterns that way. It’s ugly and soul less, and a disgrace to the real human race.
People never think about the obvious indications of what is wrong with ‘this picture’: who decided that boys play with robots and girls play with dolls for example, and why is anyone stupid enough to just accept that ‘has to be true’.

Additionally these kinds of information harvesters make it all the easier to exploit things like personal accounts. Why should that be allowed to happen, just so talentless people with no practical skills can make money by pushing their unwanted adverts; and they’re using up internet bandwidth and creating loads of extra server traffic and power usage. It’s bad enough that transmitting power over centralised grids to begin with loses 2/3 of what was generated at the plants.

» Posted By zupakomputer On July 31, 2008 @ 1:17 pm

raWPacket HeX – Network Security Monitoring & Analysis LiveCD

What you don’t want, with any security monitoring equipment or set-up, is to have the monitoring equipment get hacked or in some way compromised – to be on the ultra-safe side from outside attacks then you’d need router traffic monitoring (and configured alerts) – as in addition to the router itself and its configuration. I think this more and more, as I leaf through catalogues and see expensive firewall readymades on sale, and IDS units and the like. Easy pickings for organised folks – just learn the standards in use, and – well let’s hope it doesn’t get worser in this direction – because some folks are only trained in the use of whatever package or equipment, and not the operation of the network holisitcly.
Anything with Tao in it must be holistic – I’ll need to look that book up. Sounds good.

» Posted By zupakomputer On August 14, 2008 @ 3:49 pm

Exploit for Kaminsky DNS Bug Goes Wild

It’s nothing new (the idea of original people being replaced) – the same soap operas of the gods and illuminati are described in the Vedas etc also.

=And so-and-so redirected his rival and nemesis to the honeytrap he had lain out, and lo it was so sticky that they became trapped for generations in which time so-and-so sired 20 children with thingys wife whilst pretending to be thingy

until an angel / root server did notice this transgression, and appeared to thingys wife in a dream / automatic update=

……..the usual.

» Posted By zupakomputer On July 31, 2008 @ 5:21 pm

You know, this whole topic isn’t much different from all the claims that various officials are replaced with lookalikes and then some. Sometimes at their own behest, no less.

» Posted By zupakomputer On July 31, 2008 @ 5:00 pm

I haven’t had an updated IE online for ages so I can’t test that out; I’m using Seamonkey here.

Mine is back to normal – now it justs prevents comments going through if I’ve been typing on the page so long that its timed-out.

» Posted By zupakomputer On July 31, 2008 @ 4:58 pm

Right – so, as should have been part of the default design in the first place, ANY nameserver that holds information on what domains are linked to what IPs should ENSURE that their information held matches the ICANN data on the root servers. They should be checking that.

That doesn’t mean anyone with an IP won’t be able to host their own services from home and would have to register a domain or anything, but it does mean that if you do register a domain and redirects, then there’s zero possibility of your domains being linked to IPs that are not your IPs.

» Posted By zupakomputer On July 31, 2008 @ 1:25 pm

Well, that is a problem then. Maybe they should have the root name servers do automatic periodic updates and refreshes to ensure the right domain names to IPs are being served downtheways. Or more realistically, that should become a feature that the domains / servers themselves do (at whatever intervals).
It wouldn’t cure it entirely, as in theory there’d still be time gaps when an exploit could be run (if it were refreshed daily for example) but it’d certainly identify what servers and IPs and so forth were spoofing the real versions much more often, meaning they can be locked out or similar more easily.
Or perhaps they could use a process like any old free e-mail etc does to verify a password change: ie not let a domain name to IP be altered unless it’s verified by the account holder that set it up.

To be honest, the fact that such things aren’t being refreshed regularly is a really shoddy design fault. I mean hell it’s computers and all automated anyway, it wouldn’t take long to include a little script like that and send some traffic from the roots to the other name server levels, and back again.

Reminds me again of that computer factory I worked at – there were two main builds handled, and one was a bigger pain to deal with than the other. Someone mentioned one day about the covers being a design fault (following vast amounts of complaints that they just didn’t fit / got stuck / sliced your fingers), and the reply back was “that whole machine is a design fault”.
I can still hear the computers laughing; the only comforting part about it.

» Posted By zupakomputer On July 29, 2008 @ 2:20 pm

Just use ‘zupa’ that’s what most folk do!

Cheers for all that info, but I’m still wondering – does a successful exploit display the correct (real website) URL (or URI depending on who you ask / what you read / what fake parallel universe you woke up in ) in the address bar?

» Posted By zupakomputer On July 28, 2008 @ 4:22 pm

Mine comes up the same when I check it there at doxpara.

How exactly does the exploit work though – does it display the URL of what you wanted in your browser, but instead of going to that URL it went to another one?

I know that, well it should do this anyway, when you first lookup a website it should check the domain name with one of the (12? or are the more now?) root DNS servers, and thereafter it may indeed rely on other servers or your browser cache.

Not more than one registration of the same domain name can exist, hence why when you buy a domain you have to check what ones are available first – so how is the exploit changing what IP matches to what domain name? What I mean is: say you suspect you’re at a site that is a fake, so if you run something like nslookup or traceroute or anything that resolves a domain name to an IP address (and vice versa) – will the exploit have actually changed those records on the whole internet?

» Posted By zupakomputer On July 26, 2008 @ 5:29 pm

San Fransisco Mayor Regains Control of the Network

The comments are likely true, as is the fact that folks trained only on those kinds of certifications are borg-trained to company standards; you don’t tend to get work in those kinds of places if you are a real person.
You have to sell your soul to the Temple of Money and fit yourself into a pre-determined mould that’s the real-life version of taking the blue pill.

And it all adds more weight to some of what I had commented on this already – that most of us know or think that such unscrupulous methods by companies are bog-standard carried out, why does anyone bother to persist in playing a game whereby they pretend they are not aware that such things are commonplace.

Note how blase we are that anyone would even consider wasting time so they can get paid more: consider how many will read that and think ’so what, that’s how it is’. And anyone is condemning that guy for what he did? Such a world is headed for nothing but the worst kind of trouble.

That kind of thing is precisely why there are hackers doing the online equivalent of the Falling Down guy: ‘your system is bs & it deserves to die’.

Does anything happen these days that isn’t controlled by microchips somewhere along the line.

» Posted By zupakomputer On July 23, 2008 @ 3:45 pm

nUbuntu Development Kicking Off Again – Security LiveCD

Does it by default have an inactive root account (like usual Ubuntu)? I always find that amusing, that by the time anyone gets to security distro kinda level they would bother with anything less than root (well other than for messing about trying various things work at user level configs).

I’ll have to get this one too at some point; I take it it’s Hardy Heron based, given the release number. Maybe the final version will be based on the next one, something (I forget) Ibix, cause that’s already underway..

» Posted By zupakomputer On July 28, 2008 @ 5:40 pm

San Fransisco Officials Locked Out of Their Own Network

But realistically though if you’d transfered that money to yourself they’d have known it was you, and you’d have been easily caught anyway (unless – you happen to be a master of disguise and hold an array of fake passports?! private planes, etc; in which case you wouldn’t have been working a job!).

» Posted By zupakomputer On August 1, 2008 @ 2:02 pm

Yeah I know – I’ve been to a whole heap of Catholic masses in my time, but in this country they weren’t doing Latin masses anymore by the time I was at school. So I was just saying, what this guy I worked with used to do in reply, with his mates, cause ‘mea culpa’ phonetically sounds like ‘me a cowboy’. I don’t know – maybe you have to be Scottish to hear it with that inflection.

The best one for me was being in a Genova cathedral and the priest came out and sang in Italian, “we’re closing” to get people to leave.

Morgan: that would be the sensible way to do it though, have it decentralised like the internet itself. But if it’s not done right, then it’s still open to being poisoned.

» Posted By zupakomputer On July 31, 2008 @ 5:14 pm

Mea culpa – someone I worked with many years ago (in an IBM offshoot factory, when there used to be computer jobs here) told me the priest would say that phrase as part of mass, and they’d always do the reply as: “me a cowboy, me a cowboy, me a Mexican cowboy”.

» Posted By zupakomputer On July 24, 2008 @ 2:28 pm