Hacking

Some time ago, I blogged about how my blog was less of place for thought out editorials, and how it was more a collection of snippets that I was gathering from around the World-Wide-Web. Since then, many more sites support XML or RSS feeds for syndication of interaction, and their integration into software like Flock, has created a more social World-Wide-Web.

So I’m left wondering if Wordpress is the correct platform for this web-site. Because ultimately, I’m occasionally posting scraps here, and occasionally actually writing stuff. Then I look at how I use Facebook as a feed aggregator for my friends that glass over at the mention of syndication. Perhaps Facebook is the wrong place for that, and perhaps just by using social sites that have XML/RSS feeds, I’m effortlessly creating content, where posts like this are just occasional seasoning.

This brings us to Lifestreaming, and Sweetcron. Lifestreaming is pretty much automated tumblelogging. By posting a public photograph to Flickr, an entry is created, or by digging an article, or bookmarking a web-site, new entries are also created. If you want to see what I’m waffling about, head over to http://yibble.org/, where I have set up a Lifestream page. I’ve disabled commenting on the items, and changed the item links, so that they take you to source sites, but by default commenting and viewing items is done through the Lifestream site, producing a more blog like environment.

At the moment, I’m only experimenting with Sweetcron and Lifestreaming, but would certainly consider it as a potential replacement for Wordpress, if I could import all the posts, and all of my readers comments. What do you think?

Recently, I’ve been doing quite a bit of research and usage in the field of Rainbow Tables. “Rainbow Tables” refers to an pre-generated series of hashes arranged in chains, ultimately exploring an entire phase space of hashing algorithms, enabling users to crack a password using the improved time-memory trade-off technique as proposed by Philippe Oechslin.

The practical upshot of which is that with a fully generated set of Rainbow Tables, it’s possible to crack any un-salted one-way hashed password in a reasonable amount of time (we’re talking minutes). Their usage includes, but is not limited to WPA-PSK, Poisoned NTLM/LM Challenge/Response, MD4, MD5, SHA-1, LM, MS-CACHE and NTLM cracking.

Free Rainbow Tables is a newly rejuvenated project which uses distributed computing technology in order to compute diverse Rainbow Tables for all to use on-line, and download for offline usage.

From the “No one asked for it, but just because you can” School of Thought. I’ve created a Facebook application that enables users to place a box on their profile, which displays a summary of their ET:QW player statistics.

It’s early days at the moment, but has been successfully tested in the recent ET:QW beta. This application will not work with the recently released Demo (as the demo doesn’t force user accounts). The application will function with the full game, which is scheduled for release on the 28th of September (2007).

Simply add the application, and supply it with your ET:QW username.

Any *hat worth their salt will probably tell you a lot of technical reconnaissance, enumeration and planning goes into a vulnerability assessment or attack. However, the same group will also inform you, in some circumstances it’s far easier to have someone let you into a system, than to force entry. Social Engineering carries it’s own form of information reconnaissance, enumeration and planning, but it’s an entirely different tool-set.

Google is a great first stop for many searches, but it doesn’t provide relational links to re-construct a person’s (or organisation’s) entire web-presence, including their relationships with other subjects and resources. This is where Paterva’s Evolution offering comes into play. To assess the power of the engine, there is a simplified web interface, however for graphical representation of association, there’s also a GUI based interface for Windows, *nix, and MacOS.

This is a very powerful and interesting way of manipulating search data via objects. This tool is a social engineer’s and auditor’s gold mine, and will probably also be gracing the desktop of any budding cyber-stalker :-| However, it’s all public information that’s available via searching through a number of online tools. What’s unique here is the ease of the search, and the representation of relationships and data. A great test is to audit just how much data you’ve leaked onto the Internet.

I finally set aside some time to resolve my EMS USB II interface issues under Feisty Fawn. It was a lot easier than I anticipated. Thankfully, a patch has already been produced, so it was simply a case of compiling a replacement module.

Contrary to my initial belief, the issue does not lie in joydev, but in the usbhid module instead. I’ll summarise the steps I took to remedy this here, just in case anyone finds it of use (comment if you do.)
Read the rest of this entry »