Geek

Alas, I very nearly became the victim of bandwidth thieves. My monthly provider bill came in, and usage was higher than usual. Checking out the graphs which my provider — er — provides, I noticed that disk usage was the culprit. So after a bit of forensics, I discover that some bright spark was linking to a locally hosted image in a comment they’d made to another blog!

A free cigar if you can guess what this new configuration snippet will do:

Yes, I know that’s bandwidth theft as well, but let’s face it. Lemon Party is a site which I’m sure expects this kind of usage.

Recently, I’ve been doing quite a bit of research and usage in the field of Rainbow Tables. “Rainbow Tables” refers to an pre-generated series of hashes arranged in chains, ultimately exploring an entire phase space of hashing algorithms, enabling users to crack a password using the improved time-memory trade-off technique as proposed by Philippe Oechslin.

The practical upshot of which is that with a fully generated set of Rainbow Tables, it’s possible to crack any un-salted one-way hashed password in a reasonable amount of time (we’re talking minutes). Their usage includes, but is not limited to WPA-PSK, Poisoned NTLM/LM Challenge/Response, MD4, MD5, SHA-1, LM, MS-CACHE and NTLM cracking.

Free Rainbow Tables is a newly rejuvenated project which uses distributed computing technology in order to compute diverse Rainbow Tables for all to use on-line, and download for offline usage.

If this aired at the cinema before the film, I probably wouldn’t grumble, “It’s copyright infringement, not stealing.”

From the “No one asked for it, but just because you can” School of Thought. I’ve created a Facebook application that enables users to place a box on their profile, which displays a summary of their ET:QW player statistics.

It’s early days at the moment, but has been successfully tested in the recent ET:QW beta. This application will not work with the recently released Demo (as the demo doesn’t force user accounts). The application will function with the full game, which is scheduled for release on the 28th of September (2007).

Simply add the application, and supply it with your ET:QW username.

Any *hat worth their salt will probably tell you a lot of technical reconnaissance, enumeration and planning goes into a vulnerability assessment or attack. However, the same group will also inform you, in some circumstances it’s far easier to have someone let you into a system, than to force entry. Social Engineering carries it’s own form of information reconnaissance, enumeration and planning, but it’s an entirely different tool-set.

Google is a great first stop for many searches, but it doesn’t provide relational links to re-construct a person’s (or organisation’s) entire web-presence, including their relationships with other subjects and resources. This is where Paterva’s Evolution offering comes into play. To assess the power of the engine, there is a simplified web interface, however for graphical representation of association, there’s also a GUI based interface for Windows, *nix, and MacOS.

This is a very powerful and interesting way of manipulating search data via objects. This tool is a social engineer’s and auditor’s gold mine, and will probably also be gracing the desktop of any budding cyber-stalker :-| However, it’s all public information that’s available via searching through a number of online tools. What’s unique here is the ease of the search, and the representation of relationships and data. A great test is to audit just how much data you’ve leaked onto the Internet.