by CodeNinja | Sep 9, 2010 | Media, Hacks
Once again the Media forces miss appropriate the word “Hacker”. This time in an article posted on the IT based site The Register, the article is titled “UK hacker fined for personnel database mischief” and the full article can be read here.
Now this could be fair I guess, lets see what the guy did. According to the article he “gained unauthorised access to staff contracts containing salary details and emailed this to around 400 workers at his ex-employer” Now, I can see why gaining unauthorised access to digital information could be associated to Hacking, Only lets read some more.
How did he manage to bypass the companies security and gain access? When he was sacked he stole his bosses laptop, and emailed out information he found on there. Yes. That’s right! The Mad 1337 h4x0r skillz this guy used was 1)theft of a object, 2)The ability to send an email. Wow.
The title should be X-employees fined for theft and breaking the Data Protection Act. Only the Media likes its word Hacker.
by CodeNinja | Aug 25, 2010 | Customers
…..they go and do something like this… and totally redeem themselves!!
I am a true believer of the phrase “Customers are Idiots“, but sometimes they seem to go out of their way to prove beyond any shadow of a doubt that this phrase is true.
Recently one of our customers RedBack* ceased trading, and a load of their customers were emailed suggesting they move their hosting & emails over to the Insane Asylum. I was given the pleasure of helping a load across to us. Now some came across with little or no problems, where as others caused a variety of problems. And then there was Zoolander*.
So I copy their website and database from the RedBack server that’s shutting down over to one of ours, I change connection strings and paths accordingly and get it up and running. I recreate email accounts on our system and send them all the details with the instructions to change the nameservers over to ours and they will be up and running.
So a couple of weeks go past and I get a phone call from Zoolander that goes a bit like this.
Z: “We’ve changed the nameserver things like you said and now our email has stopped working!”
CN: “Yes, it will since you moved over to us. you need to use the new email details I previosly sent you.”
Z: “I don’t understand, its all technically, can’t you just do it for me?”
CN: “Well you need to change the setting in whatever email client you use on your computers, but if you need our guys can connect to your machine and do it for you.”
Z: “I dont do email on my computer, just my phone. I just go to the webpage and do mail.”
CN: “You only use webmail? Then you just need to use the webmail address I sent you and you’ll be fine”
Z: “what? so my webpages address will change? it wont be on www.zoolander.com* any more?”
CN: “NO. just the address of the webmail you used has changed.“
The following morning I get into the Asylum to find an email from one of the Zoolander’s Directors home gmail account, all urgent and shouty like. I could tell this as it was all written in CAPS! The basic gist of the email was that they had tried logging into the new webmail address i gave them, and their old username/passwords were not working. So I politely resend them the details I sent before the move with the NEW usernames/passwords and point out the NEW system required NEW details.
Two hours later the phone rings. And its Zoolander.
Z: “Hello, We’ve tried using the new details, only we can’t work out what goes where, so could ou talk us through it?”
CN: “no problems, what problem are you having?”
Z: “Well we need to know what to put in the box that says username, and what goes in the one called password?”
CN: “What did you have in the email I sent you?”
Z: “email address followed by my email address, then username followed by a username, then password followed by password. I just don’t know which ones I’m supposed to use.”
CN: “OK. where it asks for your username, type in your username. and put your password in the one asking for password.”
Z: “That seems to have worked. thanks”
CN: *Unplugs phone for rest of the day*
I know there is a stereotype belief that people in the fashion modelling industry are not known for playing with a full set of cards. But at least try people…..
* As normal Names changed to protect me from lawsuits… err I mean to protect the innocent.
by CodeNinja | Aug 12, 2010 | Hacks
Just a quick post to show I have not forgotten my series of small articles to show how the mainstream view of Hackers & Hacking is wrong, and we are not all evil misfits trying to do harm to YOU!
When I was in university, the library was short on Computer Workstations and you often had to wait for a free one to come available to check your email, play on the Internet, do work, etc. This was very annoying if you were in a rush and just wanted to check your email to see where you were supposed to be, or quickly email in an assignment to your lecturer.
Now, scattered around the library were UniCat terminals, simple terminals with a BBS style catalogue program running on them that allowed you to search the books in the library, see what they had, what was out (and when it was due back), order books and periodicals, and so on. Another hand feature it had was the ability to connect to similar programs running at other universities.
Now the first time i connected to another university to see how the system work I saw the familiar.
Connected to ***********.****.****.
Escape character is ‘^]’.
So what do you do in such a situation, I pressed ^] which gave me the telnet prompt and decided to connect to a different address, that of my linux account. It connected fine. Which allowed me when in a rush to check my email & ICQ, Spod, code, and do anything else I needed too without waiting for a machine to come free. It also stopped me tying up machines that could otherwise be used by others.
Playing with these terminals also helped out, since there was a bug in the system and occasionally they would crash down to the VAXos, and be unusable until the one IT staff who knew the system went around restarting them. Unless I happened to spot it was down and would help out. Well I could not leave my emergency terminals out of use.
by CodeNinja | Jul 28, 2010 | Codes, Hacks
After seeing all the people posting on Twitter/Facebook/Blogs how they have solved the cipher challenge on the CyberSecurityChallenge website when all they have done is take the first step, I thought it might be nice to post a small walkthrough to give some pointers, help, and show them that first impressions are not always correct.
Only read on if you have stopped trying to solve the puzzle yourself, or if you just need a push in the right direction. AKA, here be spoilers.
(more…)
by CodeNinja | Jul 26, 2010 | Geek, Events, Hacks
On Monday the 26th July 2010 the UK Minister for Security Declares Cyber Security Challenge UK Open.
The Cyber Security Challenge is a series of national online games and competitions that will test the cyber security abilities of individuals and teams from every walk of life. It is designed to excite and inspire anyone considering a career in the cyber security industry.
The Challenge will identify talented individuals capable of becoming part of the UK’s cyber security profession now and in the future.
Why should I participate?
Participation in the Challenge offers three fantastic opportunities:
- The Challenge will award more than 30 superb prizes. These will include:
- Places on the Detica Academy
- Funded or part-funded places for masters-level university security courses
- Funded security courses provided by SANS Institute.
- Memberships of trade bodies and professional associations
- Professional mentoring sessions
- Time on the CREST penetration test rig
- Delegate passes to industry conferences
- An internship at one of the UK’s premier security companies
- Prizes will be allocated based on individuals’ ambitions and the stage they are at in their career.
- The Challenge will provide participants with the opportunity to use world-class technology and facilities that would otherwise be inaccessible.
- It will also provide a way for individuals to meet with, work with, and learn from some of the UK’s most prominent organisations in cyber security, education and politics.
Those who demonstrate excellent levels of skill and talent will be exposed to potential employers who will look favourably on anyone who can perform well throughout the Challenge.
- The Challenge offers an opportunity for all participants to publicly demonstrate their cyber security skills and build their reputation with peers and potential employers as the UK’s most talented security experts.
The first challenge to get yourself started with is up here
Get playing!.
