• entries
    117
  • comments
    185
  • views
    161,341

About this blog

The deafening howls of a lost Dawg...

Entries in this blog

StankDawg

I confirmed last weekend that I will be presenting at the 6th HOPE conference again this year in New York City. I submitted 2 talks, but they were after the deadline, so only 1 was accepted.

The talk that was accepted is actually not a normal presentation, but more of an event. It will be the first episode of season 4 of Binary Revolution Radio and will have both myself and several others on stage with me including nottheory, zer0db, and others according to availability.

But what will the show contain? That is the question...

The show will be 1.5 hours long and will focus mainly on the conference itself and the experiences of the weekend. It WILL NOT be pre-scripted or planned. It will be impromptu and very light-hearted and will include interviews with several people from the audience, so bring your questions and comments with you. We will probably bring some random people onto the show and some special surprise guests as well.

We will have some free stuff to give out to audience members who participate in the show and we will be getting together directly afterwards to hang out and grab some food as a group activity for BinRev forum members and supporters.

There will be an announcement at the end of the show pertaining to the future of Binary Revolution Radio, so stick around until the end! "The Revolution Will Be Digitized!"

StankDawg

NOTE: this was originally posted on the same date in 2005, not 2006.

blogentry-1-125143056214_thumb.jpg

The AdWords program is an advertising system used by Google. It is a pay-per-click system like may others but Google doesn't give it the attention to design that it deserves. Not only does Google take some liberties with the Terms of Service and what they allow and don't allow in the program, but also have several flaws in the logical design of the system. There are several loopholes in this system and they will be explained and demonstrated with proof of concepts for every example.

There is also an upcoming article on this topic.

UPDATE!!! I was just informed that my speaking time has been moved to 3 PM Friday, July 29 on track 3 in the Apollo room! These people do not seem to have it all together, so all I can say is to check the schedule and see what other changes they make.

UPDATE!! 09/28/2005 - The mp3 file is floating around in the internet, so I am putting it up here for you to download.

blogentry-1-125143056214_thumb.jpg

blogentry-1-125143056214_thumb.jpg

blogentry-1-125143056214_thumb.jpg

StankDawg

NOTE: this was originally posted on the same date in 2005, not 2006.

blogentry-1-125184040106_thumb.gif

I arrived home from my local 2600 meeting last night to find the Spring 2005 issue of 2600 waiting for me in my mailbox. This confirmed the phone call that I got from Natas earlier in the evening telling me that my article on "disposable email vulnerabilities" was in this issue.

This is the same topic that I presented at the recent Interzone conference and is discussed earlier in this blog.

*** 08/07/2005 UPDATE! *** This file is now up on Docdroppers.org with my other articles! I have also added the presentation itself to this post.

.

blogentry-1-125184040106_thumb.gif

blogentry-1-125184040106_thumb.gif

blogentry-1-125184040106_thumb.gif

StankDawg

NOTE: This post was originally made on the same date in 2005, not 2006.

blogentry-1-125142989022_thumb.png

I mentioned on Binary Revolution Radio about a month or two ago that I passed the CEH (Certified Ethical Hacker) exam. Just this past week, I finally got a welcome packet with my printed certificate (which was very unimpressive) along with some other things.

I went from the stereotypical evil hacker to Certified Ethical Hacker and a "security professional" in the matter of a few hours. Does anyone out there really think that I am any different for having this piece of paper?

Also included in the packet was a sticker for the back window of a car that reminds me of those found at universities. I do not foresee myself putting this on the "StankMobile" anytime soon.

I also received a congratulation letter and some little papers repeating the mindwash of what an "ethical hacker" is supposed to be in their minds.

The final thing that was in the packet, and the thing that was most interesting to me, was a small business card sized CD with a linux distro on it. The CD itself said "CEH" on the front along with the word "membership card" and I got a little bit excited wondering if they had developed their own special little security distro. I always like playing with new bootable security distros. I was very disappointed to find out that the disc was nothing more than LNX-BBC with a different label on it. It has not been updated since 2003 and seems to be a dead distro, regardless of what their page says. If it hasn't been updated in 2 years, it is dead.

I really should have expected that, but oh well. I knew what I was getting into with that certification and I am still glad that I got it, just for the factor of knowing that I can pass an exam based on their view of what a hacker is. Of course when they say I'm an "ethical hacker" and I say that I'm an "ethical hacker" we are describing two totally different people.

blogentry-1-125142989022_thumb.png

blogentry-1-125142989022_thumb.png

blogentry-1-125142989022_thumb.png

StankDawg

NOTE: This post was originally made on the same date in 2005, not 2006.

Starting this weekend, the worlds phirst hacking/phreaking reality radio show begins! It is a LIVE show appearing EXCLUSIVELY on DDP HackRadio and YOU can easily participate.

This will be an enormously phun project that anyone can get involved in. It was another "phirst of its kind" project that required some interest setup and coding on our part. Nottheory did a phantastic job in coding up the interface and the connections between servers. Click below for more information.

We have set up a system that allows multiple users to call in to the BellsMind PBX and participate in the show. The show itself is really not a formal show like many of the others that we have done in the past. This is a freestyle show that is really just a conference call that is streamed live over the internet. That is what makes it a "reality" show. We have no idea who is going to be doing what.

Ideally, we would like to think that it will be a lot of phun phone calls and maybe some light-hearted jokes and phone system "exploration". We would also love to see people take it upon themselves to bring actual topics of discussion phor everyone, but that may be a little too organized phor this type of show.

The reality aspect of the show will be interesting to observe as well. While we hope and encourage people to enjoy the show, and while we will be liberal with the content, we also realize that some people will just be the complete jerks that they are and try to ruin it phor everyone. There will be people who try to TONE out the line and others who will spout abusive and offensive language. While we will allow an almost unlimited amount of phreedom, if someone does cross the line to the point where they endanger themselves or others, or commit act of an illegal nature, we do have an administrative system written to address these issues and kick people phrom the conference if they become a problem.

We are also in the process of implementing some other phun pheatures such as the ability to vote off other callers like the television reality shows (a la Survivor, the apprentice, etc...). These changes, when implemented, along with phull instructions (including the call-in number) can be phound at PhreakPhactor.net and all changes/announcements will be posted there phirst!!

StankDawg

NOTE: This post was originally made on the same date in 2005, not 2006.

In July 2004, I attended and presented at the 5th HOPE conference in NYC. The subject of my presentation was "AS/400: Lifting the veil of obscurity" which was an introduction to the AS/400, how it works, and where common mistakes are made from an administration standpoint.

While the MP3 audio version has been available for some time, it appears that 2600 magazine (the people who run the conference) have made all of the videos available on their web site now as well.

You can get a copy of my presentation for $5.00 on SVCD at the 2600 store. The entire list of presentations is at this page. I also made a 5-10 minute appearance on sl1pm0de's excellent "hacker radio" presentation as well, so I recommend you pick that up while you are there.

StankDawg

My presentation from interz0ne 5 is now available for download. The Powerpoint file is included below with this post and the article is finally up over on docdroppers.org right here.

The presentation covers a lot more than the article does, but the articles goes into more depth and does a better job of explaining some of the examples used. Feel free to use and/or redistribute these files as explained in our standard creative commons license.

The Art of Electronic Deduction.ppt

The Art of Electronic Deduction.ppt

The Art of Electronic Deduction.ppt

The Art of Electronic Deduction.ppt

StankDawg

April fools!

NOTE: This post was originally made on the same date in 2005, not 2006.

The spoiler below as the original post that I made here. The post that you see below was made after April fools day was over...

Despite the hopes and wishes of a lot of people, I am NOT in custody at this time nor is the site down. It was just a little April Fools joke! The original post is listed below and it was corroborated by several other sites which made it all the more real.

I'm sorry to burst your bubble with the reality, but it was all just a joke.

********** Original Post Below **********

I was notified today that I am under investigation for "aiding and abedding criminal activity" and some other charges that were filed against me for the actions taken by one of the users on our forums. Someone did something very bad and I was forced to turn over all of the logs for the last 90 days and the entire forums database.

I am hoping that they will realize that I am not responsible for the actions of others, but until they make that decision, I may be incapacitated for a while. I AM NOT IN CUSTODY AT THE MOMENT! I am on my own recognisance but I am being called in for questioning by several different agencies at this time.

I will post here if I get any news. If I am unable to post here for whatever reason, please check out OSP and I will communicate through Natas if possible. DO NOT INVOLVE YOURSELVES!

I will update this area if I get any news.

StankDawg

NOTE: This post was originally made on the same date in 2005, not 2006.

I recently presented at the interz0ne 4 conference in Atlanta on a topic entitled "Disposable Email Vulnerabilities". During this presentation, I announced the latest DDP project to go live.

The name of the site is "Will Hack For Food" (or WH4F for short) and it is a new Disposable Email Service that is much safer to use than any of the others.

You can download the actual presentation here which explains it better, but the short version is that this system cannot be backdoored as easily as the others. You can feel safe using this to avoid SPAM and protect your privacy and you don't have to go through the hassle of creating another hotmail or gmail account and filling out all of that personal information.

As for the unusual URL, it was actually a site that we registered as a joke a while back. We thought it a funny name and we registered it as a ".biz" simply because .biz domains were only 4.95 per year at that time. We were using this site simply as a sandbox to test things and decided it would be good to use for this project.

Thanks to Nick84 for all of his patience and work on this project and be sure to check out his site at rootsecure.net. Also thanks go to my friends over at memestreams who helped beta test.

StankDawg

The schedule for interz0ne 5 has just been released and my presentation (based on my blacklisted411 article) has been accepted. I will be presenting at 4 PM on the main speaking track.

If you are going to be at interz0ne, please be sure to stop by my presentation and our table in the lobby to say hello and hang out!

There are quite a few additions to the presentation itself as compared to the article...

The original article dealt with the amount of information that could be surmised from simply looking at screen shots or shoulder-surfing a person. A simple glance at a persons screen could generate a wealth of information. The first half of this presentation will give several examples of this. This presentation will be HIGHLY INTERACTIVE!! There will be several examples of questions for the audience. Anyone can play along and you may be surprised at how much information that you can put together as we go along.

The second half of the presentation will branch off of the visible analysis and move onto concepts of metadata. This is a natural transition depending on your visual clues that can continue your detective work with or without physical access to the machine. I think that we all know that with physical access, we can eventually find anything and everything that we want. But physical access is not always necessary to arrive at a conclusion. I hope to demonstrate that through this presentation.

NOTE: Here is a secret about the presentation for anyone who read this post... There will be a special question for the audience at the end of this presentation, so make sure you pay attention from start to finish so that you are prepared for it. ;)

StankDawg

Interz0ne 4

NOTE: This post was originally made on the same date in 2005, not 2006.

I just confirmed that I will be presenting at the Interz0ne 4 conference in Atlanta the weekend of March 11-13. The topic will be "Disposable Email vulnerabilities" and we will officially announce a new DDP project related to that topic.

I will also be doing a lot of other things while I am there. My tentative schedule is as follows:

I will not arrive at the conference until Late Friday night at around 9-10 PM. I have no specific plans Friday night other than checking in and getting some food somewhere!

Saturday, I volunteered and will be working at the registration desk for most of the morning. I will then probably break for lunch and come back and set up in the vendor area with copies of Binary Revolution Magazine 1-3 (sorry, 4 is still not done yet). I will take in as many other presentations as I can on Saturday as well.

Saturday night, I am tentatively scheduled to go on after the keynote speaker. Watch the official Interz0ne schedule for the final speaker schedule. After that, I will watch as many of the presentations as I can and then I will probably be hanging around and maybe filming some HackTV segments if anyone comes up with any ideas.

I will be recovering Sunday, but I still plan to take in some presentations and set up in the vendor area with the magazines again if I can. I will have to leave the con early Sunday evening to catch a flight Sunday night.

If anyone wants to say hello, just look for me at those areas in those times. I will be glad to sign copies of the magazine or anything like that. I am pretty approachable, so don't be afraid to say "Hi". I hope to meet a bunch of you there!

StankDawg

My most recent article, entitles "The Art of Electronic Deduction" is in the current issue of Blacklisted411 magazine.

blogentry-1-125184152107_thumb.jpg

This is my second article to be published by Blacklisted411 magazine.

The article is interesting because it started out as a silly little game that I made up for my local (at that time) BR561 meeting. It was surprisingly fun and a huge success at the meeting, prompting me to write it up into a formal article. I have also taken it a step further and put together a presentation on the same topic for my new BR407 meeting.

The article is posted here on DocDroppers.

blogentry-1-125184152107_thumb.jpg

blogentry-1-125184152107_thumb.jpg

blogentry-1-125184152107_thumb.jpg

StankDawg

NOTE: This post was originally made on the same date in 2005, not 2006.

I just found out today that an article of mine was published in the Winter 2004/2005 Issue of 2600 magazine. The topic is "Hacking Star Search" and shows how vulnerable and poorly designed their online voting system is. It uses the same voting engine that every other poll on the site uses instead of a special secure version for this particular show (which awards a $100,000 cash prize. Luckily, I think the show has been canceled since I originally wrote this article.

blogentry-1-125184055261_thumb.gif

I will put this file up on DocDroppers with the rest of my articles sometime soon.

blogentry-1-125184055261_thumb.gif

blogentry-1-125184055261_thumb.gif

blogentry-1-125184055261_thumb.gif

StankDawg

NOTE: This post was originally made on the same date in 2005, not 2006.

This is just a heads up to let everyone know that I am making some big server changes during the first week or two of February. Please bear with me and don't worry about any problems or site outages that you may encounter during this time. They will be temporary.

The following sites will be affected:

stankdawg.com

binrev.com

docdroppers.org

oldskoolphreak.com

phreaksandgeeks.com

fl2600.com

phreakphactor.net

geekloveradio.com

defaultradio.com

and one or two others that haven't been announced yet. ;)

StankDawg

NOTE: This post was originally made on the same date in 2005, not 2006.

While doing the editing for episode 2 of HackTV, I had some footage that didn't really fit in with the regular episodes of HackTV but it was too good to leave out! Instead of watching it rot on my hard drive, I put together a special episode called "PWNED" and you might be wondering why"

You see, I was fortunate enough to attend The Phreaknic 8 conference in Nashville Tennessee in October of 2004. While there I played a little prank on some of the guys in DDP (and one person who became "collateral damage") and that is exactly what this episode is about. It is about 8.5 minutes long and I didn't want to spend that much of the real HackTV episode on a prank, so I thought it was a great reason to make a special episode. It will also give you something to help pass the time until episode 2.

So you can find this episode, and all episodes of HackTV over at the official HackTV site. We hope you enjoy it and spread the word!

PS: Before you ask... Yes there is a new episode coming soon and no, I do not know when. I work on it on the weekends and when I get time. I try my best. Please be patient.

StankDawg

This is a very short item to announce that I am started a new BinRev meeting in the Orlando area. The local Orlando ORL2600 meeting seems to be non-existent/dead so instead of reviving yet another one, I am starting a meeting in am ore convenient location for me. Go to 407.binrevmeetings.com for more information.

We now return to your regularly scheduled pr0n surfing.

StankDawg

NOTE: This post was originally made on the same date in 2005, not 2006.

On Tuesday, January 4th BlackRatchet and I released our latest project on the unsuspecting Internet world. DocDroppers is a hacking library of sorts. On it, you will find not only all of the texts from myself and the DDP, but any and all text files from the world of hacking. People have attempted collections like this before, but ours is much different.

DocDroppers (or DD for short) is different for a number of reasons. First and foremost, it is organized and well maintained. We have started and maintained many projects and understand what an undertaking it is to maintain projects for a period of time. We know full well the time that would be needed to keep this site alive and we did our best to minimize the time needed to maintain it, but still be prepared to give it the time that it requires.

This leads to the second reason that I think this site will survive. It is wiki-based which means it was designed from the ground up to be a collaborative project. We got it started and added all of our personal articles, articles from many of the sites that we maintain, and articles from friends out there who have submitted material to us. This is just the tip of the iceburg. The project will really shine when people start adding their material to the site. We have barely scratched the surface.

Another reason that we expect this to live and grow for a long time is because we are treating it very seriously and taking a lot of care to maintain that it does not get shut down for copyright violations. We do not think that we need copyrighted material on the site. The hacking community is filled with people who write better stuff than many magazines and books anyway! Everything on the site is under some sort of open license or we have gotten EXPRESSED PERMISSION from the copyright holder to display their work and the copyright notice is displayed. While individual copyright takes precedence over the respective articles, all general contents of the site fall under a different creative commons license than usual. This "share-alike" license allows any and all transformation to the site, which enhances the collaborative environment so everyone can feel free to help improve the site. We don't need copyrighted material!

Finally, the thing that I like best about the site is the functionality. I sat down and hammered out a design scheme and a plan of attack before we even installed the software. Other sites out there collect files with little or no order. What good is a list of alphabetical files if you can't find what you are looking for? I wanted this site to be easier to navigate and fully searchable. I also wanted it broken down by keyword so that articles could easily be found by common topic or subject matter. You should be able to easily find anything you are looking for on DocDroppers and if you don't find it... please add it!

We hope you enjoy DocDroppers. We got it started and I know that with your help, we will keep improving it and making it the "go-to" hacking reference site