• Content count

  • Joined

  • Last visited

Everything posted by damienak

  1. LulzSec takes a break from hacking for a little bit of phone fun.
  2. This kind of a thing is tricky to do as there really is not a lot to go on. A couple of things that you possibly could do involve Social Engineering. Probably the easiest thing to do it call up the Blogger people and tell them that you are a journalist and that one of the posts on that blog are violating your copy rights. Under the DMCA the third party that is hosting the blog is required to take the site down and then notify their owner since they become responsible as well if they do not take it down. During the course of speaking with the Blogger people you could get the owners information, but I doubt that it would help you at all since surely the owner signed up under a phony name. WARNING: This is strictly illegal and also very ignorant since they would likely cancel the owners account all together. Another thing you can so is check out the logs for the site. If you scroll all the way to the bottom of the blog you will see a very small graphic for a "Site Meter" account. If you click on the "Who's On" link it will show you people that have recently visited the website along with the detailed info of when they visited. If you manage to read the blog a few minutes after a new post is made you will surely get the owners IP address because he will check his posting and make sure everything is correct right after writing it. The problem with this is you only get a partial IP address but it should be good enough to figure out the ISP and possibly the general area within the city where it is. Aside from that everything else is pretty much down to Social Engineering. I know a lot of people don't have the balls for that and expect a simple, click-here, download-this type of solution but SE is the most effective in these kinds of situations.
  3. Or how about you just learn about pot-odds, play on 4 different tables, learn to quickly analyze hands and only make profitable moves based on the math, and slowly beat everybody simply because the math never fails. This of course would require a certain amount of skill, intelligence, patience, and dedication and I you don't have those then there are programs on the market that will automatically track your cards and the cards on the board an tell you what your odds are and what the optimal move is, all you have to do is read and click.
  4. Without really looking at the technical side of this why not just reply to the message with nothing but the HTML link to a server where you can watch the logs. If the person goes through the trouble to sending you an anonymous message they would likely want to see your reply and click on the link. Anything other than this simple solution would probably involve a lot more thinking and tinkering and honestly I am not willing to waste time on facebook.
  5. ... I swear I'm gonna flip out. (backstory: As my day job I pay the bills being a head-hunter for a IT Staffing company). I swear nowadays everybody wants to be a "security Analyst" or a "security specialist" or a "Security ___________ [insert random job title here]. What is it with these people thinking that being an "ethical" hacker is something you can pick up by reading Hacking Exposed. "I'm working on getting my Security+ certification" great job deuche bag. who cares? Maybe I'm in a unique perspective being a recruiter, I get to see trends in the industry develop early. I'm just sick and tired of dealing with these Network Admins who think "they know a thing or two" about hacking. Sometimes I wonder why I don't just send my resume over to companies instead of trying to recruit people that think setting up WEP on your router at home should be mentioned on your resume under the security section right next to Norton Anti-virus and Zone-Alarm (oh wait, it's because I make over 6 figures a year). Oh well, enough of my little rant here. Just some job advice for any of the up-and-coming hackers on this board: Don't try to go into "security" if you don't know what you're talking about. If the recruiter you are interviewing with knows more about Metasploit than you it's a pretty good sign that you should stick to being a Network Admin. On that note being a Pen Tester pays a lot. I'm working on a position right know where the person who gets the job will probably make around $100-$120 per hour for a 3 month project (thats an easy 40-45K in three months).
  6. If you look at that code long enough images start to appear. It's kinda scary actually!!!
  7. Thanks for pointin that out cause usually I'm really not somebody to talk about money a lot. I had to rant yesterday cause I spent 12 hours at work trying to find a good pen tester to no avail. maybe I needed to remind myself why I do that stupid job :blowfuse:
  8. Since this is kind of related to my thread I started earlier I feel obligated to respond. You can't get into "security" if you don't already know about "security". It's not like a regular job where, let's say C# is a hot skill right now, you go out and you learn C# and you get a job developing some database front-end for a local real-estate firm. If you truly want to be successful in the security field you have to become an expert at it. The guys that are making the big bucks doing Pen Tests and being security consultants also happen to be the guys that are out there finding vulnerabilities, starting consulting companies, writing books, writing software, etc. Take for example the whole buffer overflow thing. So programmers are finally catching on, but guess what, Mudge wrote a paper on buffer overflows in 1995 (one of the first on the subject I believe, way before Aleph One). So it took about 10 years for people to smarten up, and before buffer overflows there was an array of other vulnerabilities, and even if they fix every single buffer overflow new methods will be developed. My point is that if you want to be in security you can't be the guy who reads about buffer overflows in Hacking Exposed in 2007, you have to be the guy who first reports on them in 1995. You have to be the guy who looks at a new technology and says "Hmm, I wonder what happens if I do this to this where this is supposed to go". If you're the guy who is sitting around reading books trying to get a job in the security field you are competing with the guy who wrote the book and the guy who helped him research the book, and the guys they hang out with and share their research before the masses find out.
  9. Those don't actually do anything but make it more convenient for the store to display prices. They still scan the UPC to figure out the real price. Would be interesting to find out how it works though, let me know if you make any progress.
  10. I have a dedicated linux laptop so honestly I have never tried out backTrackm but from what I've heard and read it's probably the best Live distro out there. Now I'm starting to wonder why I never tried it. Maybe I'll download it tonight and post a review or something of the sort tomorrow.
  11. One time I had somebody's local IP Address and I ate some Ramen noodles and went to sleep. What's the point of the story? There isn't one, just like your comments.
  12. It's pretty simple, you don't need to do much reading on it. it depends on your setup but since your buying a laptop i assume it's Windoze NetStumbler Wi-Fi card (make sure it has an antenna jack) Antenna GPS device if you plan on mapping (get one with a usb connection) AC converter for car lighter plug (unless you plan on driving around the block) Tinted windows (look cool and the girls like it, oh yea, people won't see what your doing) An XXL can of Monster lo-carb energy drink (my personal favorite) and if you're old-school like me, a Can of Pringles
  13. so if I get a couple of Gmail accounts and use them as a virtual hard-drive instead of for sending emails I have violated the Computer Fraud and Abuse Act? (I'm using it for something I wasn't supposed to) If I accidentally forget to fill in a required field and I get an error message that contains some juicy info I have violated the Computer Fraud and Abuse Act? (once again, the DOJ could interpret it this way). If I don't trust a website enough to give them my Credit Card number and I decide to run Nessus on them just to see if there something wrong I am now a criminal? Ok, I see a pattern here. Basically it's: keep your mouth shut, do what the website tells you, and if you accidentally stumble upon something close your eyes real quick and run away from your computer as fast as possible. We wouldn't want you to know what exactly is going on. Security through obscurity. It never ceases to amaze me how these idiots always think that the best solutions to a problem is just ignoring the problem.
  14. sorry to burst your bubble but a safe like that is reset by the little old house keeping lady after every guest leaves. the bolts are extended so you have to reset the password in order to close it (because people accidentally lock them). all you really had to do is call the front desk and ask for the default code or a lot of times it's posted in the instructions on the wall next to the safe. about the 4 digit codes, i think a lot of people use month/day of their birthday, last four of their social, last four of their phone number, etc. Stuff that they won't forgot, usually it's the same number for their ATM pin. and I'm not too sure about your commonly used passwords either, this isn't 88'. Most systems nowadays won't let you have a password under 8 characters, mixed with caps and symbols.
  15. if you want to learn Ciscos (which is what I assume you do), there is no use in buying a little Linksys router. Why would you fork over all that money for a router (an actual Cisco router used by large networks) when you can 0wn one for free? My advice to you if you want to learn routers is go out and buy one of those CCNA study guides that includes the virtual network game on the CD. It will teach you everything you need to know about how to set them up, configure them, blah blah blah, for about $40-$50.