UK hacker fined for personnel database mischief

Once again the Media forces miss appropriate the word “Hacker”. This time in an article posted on the IT based site The Register, the article is titled “UK hacker fined for personnel database mischief” and the full article can be read here.

Now this could be fair I guess, lets see what the guy did. According to the article he “gained unauthorised access to staff contracts containing salary details and emailed this to around 400 workers at his ex-employer” Now, I can see why gaining unauthorised access to digital information could be associated to Hacking, Only lets read some more.

How did he manage to bypass the companies security and gain access? When he was sacked he stole his bosses laptop, and emailed out information he found on there. Yes. That’s right! The Mad 1337 h4x0r skillz this guy used was 1)theft of a object, 2)The ability to send an email. Wow.

The title should be X-employees fined for theft and breaking the Data Protection Act. Only the Media likes its word Hacker.

Just when I thought they couldn’t possibly be any dumber…

…..they go and do something like this… and totally redeem themselves!!

I am a true believer of the phrase “Customers are Idiots“, but sometimes they seem to go out of their way to prove beyond any shadow of a doubt that this phrase is true.

Recently one of our customers RedBack* ceased trading, and a load of their customers were emailed suggesting they move their hosting & emails over to the Insane Asylum. I was given the pleasure of helping a load across to us. Now some came across with little or no problems, where as others caused a variety of problems. And then there was Zoolander*.

So I copy their website and database from the RedBack server that’s shutting down over to one of ours, I change connection strings and paths accordingly and get it up and running. I recreate email accounts on our system and send them all the details with the instructions to change the nameservers over to ours and they will be up and running.

So a couple of weeks go past and I get a phone call from Zoolander that goes a bit like this.

Z:We’ve changed the nameserver things like you said and now our email has stopped working!

CN:Yes, it will since you moved over to us. you need to use the new email details I previosly sent you.

Z:I don’t understand, its all technically, can’t you just do it for me?

CN: Well you need to change the setting in whatever email client you use on your computers, but if you need our guys can connect to your machine and do it for you.

Z:I dont do email on my computer, just my phone. I just go to the webpage and do mail.

CN: You only use webmail? Then you just need to use the webmail address I sent you and you’ll be fine

Z:what? so my webpages address will change? it wont be on www.zoolander.com* any more?

CN:NO. just the address of the webmail you used has changed.

The following morning I get into the Asylum to find an email from one of the Zoolander’s Directors home gmail account, all urgent and shouty like. I could tell this as it was all written in CAPS! The basic gist of the email was that they had tried logging into the new webmail address i gave them, and their old username/passwords were not working. So I politely resend them the details I sent before the move with the NEW usernames/passwords and point out the NEW system required NEW details.

Two hours later the phone rings. And its Zoolander.

Z:Hello, We’ve tried using the new details, only we can’t work out what goes where, so could ou talk us through it?

CN:no problems, what problem are you having?

Z:Well we need to know what to put in the box that says username, and what goes in the one called password?

CN: What did you have in the email I sent you?

Z: email address followed by my email address, then username followed by a username, then password followed by password. I just don’t know which ones I’m supposed to use.

CN:OK. where it asks for your username, type in your username. and put your password in the one asking for password.”

Z:That seems to have worked. thanks

CN: *Unplugs phone for rest of the day*

I know there is a stereotype belief that people in the fashion modelling industry are not known for playing with a full set of cards. But at least try people…..

* As normal Names changed to protect me from lawsuits… err I mean to protect the innocent.

Vampire Eye

I am suffering from the medical condition “Vampire Eyes” again. “What is Vampire Eye?“you ask, Well you should read some of the earlier blog posts where its mentioned in detail.  OK! I’m nice, I’ll  give a quick re-cap for the newer readers.

VAMPIRE EYES:

A weird eye infection that causes the eye infected to glow red, be extremely sensitive to sunlight, spend all day trying to close, and all night trying to open.

So if you’re wondering where I have been recently, I’m hiding in the dark avoiding all sources of light, like for example monitors.

Missing: General Common Sense.

There are times when I really despair for the Human Race. When I see acts of such stupidity, or people not using the most basic of common sense, and I have to ask myself “Can we survive as the dominant species here on earth” This morning, on my normal commute to the Insane Asylum was one such moment. Let me share with you dear reader.

Part of my route is currently impeded by traffic light controlled road works.  They have been there for a few months now, slowly working their way along.  It was scary for a while as the light was just behind a speed camera, so when you saw the lights turn AMBER and you were tempted to speed up a bit to catch them before they turned RED you would be speeding into a speed trap. Anyway it currently cover’s a large stretch of road, the length of which is down to single lane.

So driving along and I get stuck behind several cars waiting at the red light, while traffic coming from the other direction get to go. After a while the traffic flow stops, and the lights change to GREEN, so we then proceed to continue our trip. Only half way through the traffic controlled area we are forced to stop by the Bin Wagon parked in front of us blocking the road as bin men load up the bins.

behind the bin wagon are all the other cars that had driven through the GREEN light and had got stuck when the wagon stopped. And now you had another long train of vehicles stopped in front of the wagon.  So the single lane of traffic was now blocked by dozens of vehicles trying to dive opposite ways.

Ah.. I know what you are all thinking, and what that guy there is actually saying loudly at the computer screen. Yes YOU. I can see and hear you, Nope, theres no use looking for the hidden camera, you’ll never find it.  You are thinking. “But its their job to collect the bins, there’s not much they could do about it?

I would agree in principle with you apart from an extra fact I have not imparted to you yet, and that is the bus stop lay-by that was a hundred yards behind the wagon. If they had any common sense and thought, “the lights will change soon and traffic will start coming from the other direction and we will all get stuck!” then they would have pulled their wagon off the road into the bus stop area, letting the cars behind them past, and then the oncoming traffic past until they had collected the bins, and traffic was agin flowing in their direction and they could join it without hassle.

But NO. instead they caused chaos. and dozens of drivers had to play the worlds largest game of tetris with their vehicles, and the binmen had to drive onto the roadworks. It was chaos and people were stuck for a lot longer than they needed to be, all for the sake of some common sense.

P.S. This is not a dig at bin men & women, they do a fantastic job and do not get the thanks they deserve, its a dig at the stupidity of people in general.

Password? Password? We don’t need no Stinking Password!

A fair while ago I found a document on my machine that was in a folder with short stories, poems, notes, and book ideas. Now I only had the faintest idea of what the document could be, but when I tried to open it to read I was prompted for a password to open the file.

Password? Password? SHIT!

So I typed in my usual selection of passwords……….. NOTHING

So I typed in every password I have used since 1994……….. NOTHING

This got me determined to read whatever was protected on the document. So I tried everything I could think of that I may have used as a password……….. NOTHING

At this point I decided “Frak This” and downloaded a password cracker, kicked it off on brute force mode and left it run. After a couple of weeks of running 24/7 it had reached the maximum digit number it could get too with no luck. Shit I must use good passwords when I’m in the right frame of mind.

At this point I gave up, Until I would re-find the document and try a different password cracker that guaranteed to break the open password on documents, only to leave it running for several weeks only for it to fail AGAIN.

Well I re-found the document two weeks ago, and was about to try yet another password finder when I had an epiphany. It was an old word document written while I was in UNI. so even if it had been updated there was no way it was last saved on anything later than Office 2000. Which means the file itself would only be encrypted with a weak 40-bit encryption. So where as trying to brute-force my actual password would take months if not years of 24/7 constant running, breaking the encryption key itself and simply removing the encryption would take less than a fortnight of testing keys.

Sometimes thinking outside the box is the way forward. I now have an unencrypted copy of the document thanks to a bit of software called GuaWord (and I only needed to use the freeware version, which is why it took 12 days to decrypt)

Abusing the Cat… The UniCat

Just a quick post to show I have not forgotten my series of small articles to show how the mainstream view of Hackers & Hacking is wrong, and we are not all evil misfits trying to do harm to YOU!

When I was in university, the library was short on Computer Workstations and you often had to wait for a free one to come available to check your email, play on the Internet, do work, etc. This was very annoying if you were in a rush and just wanted to check your email to see where you were supposed to be, or quickly email in an assignment to your lecturer.

Now, scattered around the library were UniCat terminals, simple terminals with a BBS style catalogue program running on them that allowed you to search the books in the library, see what they had, what was out (and when it was due back), order books and periodicals, and so on.  Another hand feature it had was the ability to connect to similar programs running at other universities.

Now the first time i connected to another university to see how the system work I saw the familiar.

Connected to ***********.****.****.
Escape character is ‘^]’.

So what do you do in such a situation, I pressed ^] which gave me the telnet prompt and decided to connect to a different address, that of my linux account. It connected fine. Which allowed me when in a rush to check my email & ICQ, Spod, code, and do anything else I needed too without waiting for a machine to come free. It also stopped me tying up machines that could otherwise be used by others.

Playing with these terminals also helped out, since there was a bug in the system and occasionally they would crash down to the VAXos, and be unusable until the one IT staff who knew the system went around restarting them. Unless I happened to spot it was down and would help out. Well I could not leave my emergency terminals out of use.

Captain America: A strange symbol of liberty and justice

Captain America Film 1990

Captain America Film 1990

Monday night I was in the mood for some good old fashioned cheesy superhero action, so  I watched the 1990’s film “Captain America

Plot Synopsis from IMDB

During World War II, a brave, patriotic American Soldier undergoes experiments to become a new supersoldier, “Captain America.” Racing to Germany to sabotage the rockets of Nazi baddie “Red Skull”, Captain America winds up frozen until the 1990s. He reawakens to find that the Red Skull has changed identities and is now planning to kidnap the President of the United States

Sounds good right. Bit of action with good ole Cap’ the symbol of Liberty & Justice & The American Way? A beacon light to lead the way, an inspiration to generations of Impressionable American Teens? Only. Watching the movie, The Captain was shown in a rather different light, and I wonder how many people saw past the Red, White & Blue and saw the Dark evil beneath?

Let me explain. Film starts with the Nazi’s making a super warrior with augmented strength, speed, agility, intelligence (AKA The Red Skull), The Yanks countered with their own SuperSoldier program and made a Soldier with  augmented strength, speed, agility, intelligence (AKA Captain America). Now both are about 18 to 20 years old at the start of the film.  They meet up in Germany, get into a fight and Cap is beaten and fixed to a ICBM, just as it fires he grabs the hand of the Red Skull forcing the Skull to cut off his own hand to escape. The missile fires, crashes into an ice field in Alaska and stays there undisturbed for 50 years.

Time moves on, To hide from the forces of good the Red Skull has plastic surgery and changes his name from the give-away name of Red Skull. He is the head of an international organisation of bad guys, and planning on kidnapping the President of the USA and implanting a brain control chip in him. Luckily the good ole boy The Cap is found in Alaska and revives from his frozen sleep. After sever Adventures we come to the climatic end of the film, the fight between the evil Red Skull and the Heroic symbol of all the Good in America, Captain America!  The captain beats up the Red Skull, and finishes by smashing him out to his death of the top of a cliff with a full on smash from his shield. Woo Hoo, Chalk up a victory for America!

Only…. There’s something niggling at my mind. You have Captain America, a man of 20 in the peak of his abilities. Abilities which have been expanded by secret techniques. And he is fighting the Red Skull, a man of 70ish, who has only 1 hand. Its not really much of a fair fight is it? The best champion of america fighting to the death against a geriatric amputee?

Come on America, Pick better a better Hero to represent your colours. You’d never catch Captain Britain doing something like that!

GN

Sherlock – Bringing the classic into the Modern age

Originally Posted at http://rockthelan.com

The BBC have just finished showing a new three part mini-series call “Sherlock” which brings the Arthur Conan Doyle’s Sherlock Holmes detective stories into the modern day, with modern technology. You have Holmas armed with smartphones, the Internet, modern forensic labs and all the benefits of modern technology. While Watson who’s just back from serving in Afghanistan no longer writes in leather bound journal, but instead has an online blog. Even the famous phrases from the books have been updated, Holmes’s statement when struggling with a hard problem of “This is a three pipe problem” now calmly states “This is a three patch problem” London is mostly no-smoking these days.

Episode 1: “A Study in Pink”
The first episode in any series (even a mini-series) is basically all about introducing the characters, and setting everything up. This can occasionally lead to a slightly slower “starter”. This was not the case with Sherlock, Yes they introduced the characters of Holmes & Watson, and showed their meeting for the first time, and moving into 221b Baker Street. While that was going on they also had time to show shadowy groups, secret criminal masterminds, and one of the best games of Russians roulette you could imagine. (With strong leanings to the princess bride)

Episode 2: “The Blind Banker”
Another brilliant episode that’s starts simply with Watson making Holmes take a simple case (They need the money) from Holmes’ old school friend. A simple “how did someone break into a secure room” case. It’s not long before the case expands into hidden codes, Chinese Triad assassins, Ancient Artifacts, Murder & Romance. With a very tense ending. Theres no relaxing in the middle episode.

Episode 3: “The Great Game”
WOW. What can I say about the season finally that will not give away any spoilers? It starts with a double case, Mycroft Holmes requests help investigating a suspicious suicide and some missing top top secret plans. Meanwhile after a suspected gas explosion across from Holmes flat a locked strong box is found with a letter addressed to Holmes inside. This leads Holmes on a series of challenges set by some mysterious person. Holmes gets less and less time to solve cases before some innocent gets  blown up.  This all leads to a climatic meeting in a swimming pool, and the most annoying “I NEED to see how it ends” endings you could hate to witness.

Basically this show is one of the best things I’ve seen on BBC for a long time, and the way they have brought such a classic character into the modern day is amazing. And I am now waiting for a Second and longer series to begin filming.

GN

Originally Posted at http://rockthelan.com

Formspring: Best Question Ever!

I was recently asked on Formspring a question that I thought was the best question I have ever been asked. I was so impressed with the random question I thought I would share it with you.

If an unstoppable force comes to an immovable object, what is the result?

WOW! Quick I need @dontrythis, 5lbs of C4, & a ton of Thermite STAT!. We’re going to do SCIENCE!!!!

Well to have an immovable object, you have to accept that no force in the Verse can move it. No nukes, no exploding suns, no black holes, no BIG BANGS, nothing. This would imply that the object exists in a slightly different phase/vibration/dimension to the physical world that we live in.

The unstoppable force would then pass directly through the immovable object without interacting with it, since they must by definition exists in different planes. so my answer is… They pass without interacting with each other.

Best Question Ever!

GN

CyberSecurityChallenge Cipher – Walkthrough

After seeing all the people posting on Twitter/Facebook/Blogs how they have solved the cipher challenge on the CyberSecurityChallenge website when all they have done is take the first step, I thought it might be nice to post a small walkthrough to give some pointers, help, and show them that first impressions are not always correct.

Only read on if you have stopped trying to solve the puzzle yourself, or if you just need a push in the right direction. AKA, here be spoilers.

(more…)