Hacker spaces around the world and the benefit of them…
Posted: July 21, 2010 in UncategorizedTags: hacker spaces
I read an interesting article about hacker spaces around the world from wired magazine, the original article can be read here. Hacker spaces are basically like workshops/clubs for people that are interested in Computers/DIY/Electronics/Hacking or just likes to hang around geeks. Personally i have visited one hacker space and that was in Berlin Germany C-Base. C-Base was described by one word like heaven on earth for me and my fellow geeks. I really wonder why there is only one hacker space that is active in Finland and three others are in building phase, all of these are located in south and south-east finland. There is currently no hacker spaces in north or middle Finland, but who knows maybe we arctic geeks can do something similar here also, personally i would be excited if there would be a hacker space in North-Finland also.
from this link here you can find more about hacker spaces
The first real Nokia’s Symbian 4 pictures emerge…
Posted: July 17, 2010 in UncategorizedTags: Nokia, Symbian4
I found some images from engadget.com that seems to be the actual screenshots of the Nokia’s new mobile platform Symbian 4. Have to say that for me, it looked very similar to Android 2.1 os. I agree that the improvement is enormous compared to the previous symbian based operating systems. Hmm somehow it also makes me think that why post these images of the operating system??? Maybe they are trying to fight against the markets now… well isn’t it starting to be little late???
Steve Jobs has done it again
Posted: July 16, 2010 in UncategorizedTags: Antenna, Apple. iPhone 4, Steve Jobs
I just watched Steve Jobs presentation of the issue with iPhone 4 antenna problem and i have to say that i am satisfied with the solution. Starting from september 2010 every iPhone 4 buyer will receive a case for the iPhone 4. If the customer is not satisfied with the iPhone 4 before or after that, there is a 30 days full refund period… I have to say that Apple really knows how to take care of their customers. Personally i was already going for Motorola or HTC but after looking at that presentation i announce me legion to Apple once again. iPhone will most likely hit the finnish phone markets somewhere in september so we will see what is the situation at then.
well what else this time, well not much right now, ouh i got my new camera today, it is a Olympys SP-600UZ model with 12MPX. quite cool, ill post some pics here maybe tomorrow…
until that
Live long and Prosper…
I have been lately looking a lot of documents and reading a lot of articles about online copyright infringements, thats right it’s only a infringement in the end. I read a interesting article about a student who downloaded 30 songs from internet and the american court sentenced him to pay 675.500 american dollars that means that one song is worth 22.500 dollars. I mean seriously, what the hell is this shit now, seems to me that it is only about greed of money…
This case also reminds me of the case RIAA vs. The Pirate Bay, i mean the whole thing is only a big joke because according to Swedish laws the founders of TPB did nothing wrong. So my question is why should Sweden start following american laws??? RIAA is seeking 13,000,000 dollars in damages.
My opinion of all this crap that RIAA and others alike are stuck on old business models and are too cheap to start developing new models, so they start enforcing the american law on a international scale. Somehow all this still makes me feel sick.
I found this picture from cracked.com
TheFinnGeek announces its official support to The Pirate Bay…
Just got approval from my employer to go to the annual CCC conference in Berlin Germany on 26th of december….. wuhuuu its going to be so cool 4 days with my own kind of people around me. I booked and payed the trip already….
maybe i need to take my BackTrack4 machine with me there or just run it from the mac…
Cr3sc0
Per the best of the best in presenting, what breeds a good presentation slide deck? Simplicity
I want to pose a statement. “Simplicity is Security”. The reason I say this is that this day in age, at least in the US, ‘convenience’ is king. And we try to protect those conveniences with ‘security’. Let me start over a bit, this train of thought all started when I started to explain the insecurities in WiMAX to my wife. We saw a WiMAX device that plugged straight into your computer. I told her this was bad because by connecting to this you have no barrier between you and the ‘bad guys’ other than possibly the Windows Firewall. Her answer surprised me. ‘So?’ is all she said.
Japan doesn’t use ‘Check Cards’ or even really credit cards for that matter. To get such a card you need to go through a book worth of paper work, so it’s just not ‘convenient’ for most people, so they don’t get them. So guess what? They don’t bank online, and they don’t buy stuff online. I racked my brain to figure out what possibly could be on her computer that a ‘bad guy’ would want. I couldn’t think of anything (maybe you can). The government relies on paper backups of anything electronic (so they hardly make electronic versions). Signatures are based on stamps that are difficult to copy. The worst a hacker could do on her computer is use it as a zombie, and even then, their ISPs detect and disconnect excessive use.
Where did we as “Security Professionals” go wrong? Was it the fat paychecks we wanted? Was it the fear of the ‘underground’? Reality seems to dictate that we will continue on this path from the analog to the digital, from paper and clerks to networks and AI. The question I want to ask you though is; Should we continue down the path of “MORE SECURITY” or should we deviate a bit for simpler, possibly non-technical practices?
In these last two posts you may assume that I favor the Japanese culture and way of life over a US one. You would be mistaken, I simply learn, take the best parts of what I learn, and try to apply them where I can. Learning from others triumphs and defeats, strengths and weaknesses is a basic human function that we a humanoids should embrace.
Brute force, even though it’s gotten so fast, is still a long way away from cracking long complex passwords. That’s were word lists come in handy. It’s usually the crackers first go-to solution, slam a word list against the hash, if that doesn’t work, try rainbow tables (if they happen to have the tables for that specific hash type), and then the full on brute force. Some would say those first two steps are reversed, and it really is the choice of the the person doing it and the word lists they have to work with.
Matt Weir and company created a cool tool that has the best of both worlds, Dictionary based Rainbow Tables with Dr-Crack, which you can find here:
http://reusablesec.googlepages.com/drcrack
But, back to the reason of this post, word lists. Where do you get them? Here are a couple of my favorite places in no particular order:
http://www.packetstormsecurity.org/Crackers/wordlists/
http://www.theargon.com/achilles/wordlists/
http://www.openwall.com/wordlists/
http://www.outpost9.com/files/WordLists.html
I like to keep 3 size word lists:
1. small and fast: usually based on the output of one of the tools i’m about to tell you about
2. medium: this is my custom list that I add passwords I find / crack and generally think are good to add. I’m pretty picky about what goes into this list
3. huge: any wordlist I come across gets added to this list, it gets sorted and uniqued and restored
Now the two tools that I like for the small list is are CeWL and wyd
CeWL – http://www.digininja.org/projects/cewl.php
Wyd – http://www.remote-exploit.org/codes_wyd.html
They have some very similar lists of features, your mileage may vary. But they basically parse files and web pages for words and generate password lists based on the words found.
Disclaimer: I was given a demo license of the new free business product to break/review. No money has traded hands. This is my brutally honest opinion of the product.
I’ve played with a gambit of Astaro products, and personally I really hate UTMs, just like I do All-In-One Printer/Copier/Faxes. One thing breaks, they all do. However, Astaro’s .. before I go into my opinions of the product, or get on any soap box, here are the facts:
- Astaro Security Gateway was free for home use already
- (works awesome for VM demos)
- On November 16th 2009, Astaro Security Gateway “Essential Firewall Edition” is now FREE to any business that wants to run a copy.
- Essential Firewall Edition is basically a enterprise grade firewall w/ VPN and some reporting.
Why I like this product is not because it’s Astaro, but because it’s the bare essentials. It’s exactly what a small to mid size business needs for you to stop getting calls from your friend at 5 AM asking why the Linksys you put DD-WRT on to be slick is down.
There is no better gift you can give a business as an IT/Security guy, then the ability to see and log. Test it out, you’ll be amazed at what you see on your network.
Like I said initially, this is a brutally honest post, and I whole heartedly believe in FREE, and one tool for one job. However so far it’s been all fluff and daisies. In coming posts, I’ll show how it, and other free alternatives break, or stand up from an attack point of view.
On a site note, it works flawlessly with the iPhone 
– Use public wifi with no less fear, when all of your traffic is going through a VPN automagically. That’ll make the boss happy.
Hello ya’ll
The rest of the year is going to be so hard, CCNA, C++, Work, Baby,wife, IT-convention organizing. Well we live hard times now and i am glad to have a job that is related to the field i study.
Some good news i have for you, i have just received my Google Wave account, i was just testing it with a friend of mine and seemed to be working well, Good Job GOOGLE big up’s. I still think that it would work much better once i have gathered more people in my wave.
Apple has also been a big topic this week in several different medias with their law suit against pystar, apparently theres no more custom build macs available anymore 
This time i do not have anything more to write but if anyone is following this blog big ups to you all.
Cr3sc0 from hellhogs
