Main Hantam Saja

For maximum security, passwords should not be cohesive words or phrases and should not be too obviously related to something like your birthday or the birthday of someone close to you. Personal information is one of the first things used when people attempt to break passwords.

This article assumes brute force is the only way to crack a password. It didn’t even consider rainbow tables. This article only talks about how to make a slightly more secure password. So instead of someone cant guess that your password is spiderman, because it’s sp1d3rman or something. Those are defiantly not uncrackable passwords. I guess it would be a useful reading for people that use common words and such for passwords.

Some web registrations won’t even allow special characters above the number keys let alone the “alt codes”. Besides, you can lock yourself out due to a different encoding setting if you use the special keys.

Some work requires these “strong” passwords. They have to have one number, one lowercase letter, one capital letter, ane one non-alpha char, and be at least 8 chars long. Also, the password needs to be changed every 30 days. So, since there is no way to remember this crap, everyone just writes their current password on a post-it note on their desks. That’s great security!

From a theoretical standpoint, a One-Time Pad should be uncrackable, however it does require the users to know which key to use at what time (and the key can only be used once and must be as long as the message). I find just using the standard password policy of: 8 characters, at least one upper, one lower, one numeral, one punctuation mark, no dictionary word, no date, no license plate works for most intents and purposes.

An even easier and arguably more effective method is to use a public-private key with a pass phrase. Pass phrases are great in that you can even use stuff like an exert from your favorite book and you should be pretty safe from brute force if it’s of any reasonable length.

No password is safe. It can only be more secure than another version, but nothing is uncrackable. A password is only as safe as the encryption and the amount of time the hacker has, and their determination to break it.

A step by step guide on how to execute various exploits or use certain tools.

I always wonder if it’s smart to publish this kind of stuff to all. Sure, there are those that want to exploit to point out weakness, but there are others that will fall to the dark side. Hmm… Those videos are so jerky and there better ways to do the things he show how to do.

Google or surf USENET and the Internet to find more useful things. Pages are good. Documentation and hacker portals are even better. Actually this guy is very, very intelligent. He is called Irongeek. He isn’t fat, (He is actually into body building) and he isn’t a loser. He is somewhat well known in the world of computer security. His tutorials are actually quite good. No one person knows all the tricks. This guy is just sharing some of what he has learned.

This has different classes of erasing, even the legendary Guttman Wipe and it’s completely FREE.

It’s a linux based bootable Floppy/CD that has different kinds of Wipes, it is very easy to use, all you do is run the program, put in a floppy, let it write to the floppy and then boot the computer off the floppy. Once you boot to you can choose what kind of wipe by pressing m, once you choose you can just start by pressing F10.

The main use of this program is not for an emergency, but for when you are selling or throwing out a computer that has your personal data on it. It is probably a bit overkill for that, probably as long as you over-write the whole drive once no one will get the information unless they have special equipment. But everybody likes overkill anyway, just in case. Physical destruction is probably the best policy in an emergency. If you were really doing anything to secretive you should probably keep everything encrypted initially (using something like TrueCrypt) from the start anyway, then if someone steals your computer they won’t have your info, unless they crack the encryption.

In the art of intrusion, some guys saved their asses by nuking their harddrive a few days before they got busted. Good utility if you plan on pulling something similar. This utility should be called “Self-important Paranoid Fantasy Enhancer”.

I don’t see why you can’t just use a very large electromagnet on max settings and pass it over your HDD(s) a couple of times? You can create an electromagnet with supplies from home depot, and it will erase information off your computer with the quickness. The DOD use such devices, although they refer to them as degausers. There is some sort of rule of thumb for the minimum amount of flux the magnetic field has to induce to provide the erasing results, but as long as you make the magnet strong enough, it will work. And by powerful I do not mean super powerful, you could actually rig it so that you can run it off a car battery incase the feds knock down your door with a l33t battering ram.

You can also erase your HDD without software in three easy steps:
1) Remove HDD from case.
2) Immerse HDD in tub full of water.
3) ROTF LMAO!!!
Errr… there would still be data on the disk. The sledge and or even a bonfire would work better.

The Platform Independant version that supports PPC’s has come in the most useful way. The people who refuse to update their computers due to “software conflictions” and “hardware” problems are the most gullable to believe that thir computer just fried on its own. Anyways, the PPC version is supported by any platform.

The National Security Agency (NSA) has written security configuration guides for many operating systems and applications. Very helpful when setting up a new network.

Wow! Your tax dollars being spent on something useful. I was expecting to see a lot more open source software on there. Especially under web servers they don’t even have a guide for Apache (which I am rather sure is still the most used web server).

Although there was an archived guide for redhat+apache, but it was from November of 2003. I like that in the “Guidelines for the Development and Evaluation of IEEE 802.11 Intrusion Detection Systems (IDS)*” they have to define the word “should” in the terminology section.

Too bad these sites like many others favor Microsoft products.

Whoa.. looks like I’ve got a live one here… Didn’t aware that some people took the time to update and compile all sorts of phrases and put it online.

People put cameras on the net without a password and we can get into them. The keyword here in Google is: inurl:”ViewerFrame?Mode=”

Anyone find any cool ones?

I found some dock and malls and street cameras and other crap, a beach view, some really nice cars, and a computer room somewhere. It is hilarious. Hint: Pan the camera around the room a bit. Zoom in to read the poster on the guy’s cubicle.

Link to the actual search query… or try this one

This seems to be a lot like unsecured WiFi from a legal standpoint. Who’s ultimately to blame for this? Is it the webcam owner for not securing their camera? Is it Google for not blocking this content? Or are we, the end users, to blame for “intruding” on their webcam. What happens if someone doesn’t secure a webcam in a day care center, or a hospital?

Personally, I think it’s clearly the responsibility of the owner of the webcam. I bet the law would feel differently, though…

Google can find just about anything. Here is THE Master list of all kinds os sensitive stuff Google can find. Password lists, Admin usernames/passwords, logs….EVERYTHING.

Words cannot describe how amazingly amazing this is. Google truly is a hacker’s/cracker’s best friend. But careful what you do with info on this site. in many cases, the stuff you’re accessing is against the law to access without permission, even if it’s accidentally made public. bear in mind that since many site admins are aware of this database, they may already have a honeypot waiting for you. just a word of warning for any script kiddies out there. have fun, and don’t put an eye out!

Here’s another one that i dont see there. Search this: inurl:service.pwd

If the link above doesn’t work, have no fear, google cache is here!

Google finds stuff people put online for all to see. If you leave a password file anywhere where Google can access and find it, deserves to be hacked.

Here’s another one that catches my eye, this guy basically wrote a tutorial on finding passwords using google.

I haven’t seen this here and I think that people should be aware of anti-phishing
software…plus its free and works good.

This is the White paper on wardriving (in .pdf format). It covers equipment and software needed. Also contains information on how to detect when you are the target. Another helpful link is the Wardrive FAQ. Put them together and you have a pretty complete guide.

Note that this guide is over 3 years old… It’s really not practical to have a dedicated computer (off your WLAN) constantly listening for *potential* wardrivers. Anyway, some information can’t hurt if it’s meant to be for your own safety.

Take K. Rose’s advice… If you’re going to Defcon, don’t turn on your laptop.

Anyway, this would be a good place to test your laptops security. Just make sure that you got nothing of value on it, and for good measure format it afterwards. As you can turn on your laptop, don’t be an idiot and transfer passwords over the network in clear text. People who throw out plaintext passwords on a insecure wifi network are just stupid. Wasn’t it Patrick Norton the one who said don’t turn your laptop on anywhere near Defcon? Best thing to do is just VPN to a machine outside with strong encryption….

If I go to Defcon for sure I’ll turn on my laptop, I’ll submit every phony password and username to make people think WTF!!!, ah the beauty of POST and GET requests.

One of the biggest issues at Defcon the last couple years has been rouge access points. It’s quite simple to spoof MAC addresses and over power genuine signals. Imagine hearing people whine after showing up on the wall of sheep will be awesome. Lots of people were taken by the wall of sheep, including Winn and even a Fed was spotted by reading the header from an email that was captured.

Five letters.. HTTPS…