Agents of the Revolution
  • Content count

  • Joined

  • Last visited

Community Reputation

1 Neutral

About ntheory

  • Rank
    data pillager
  • Birthday 07/02/1978
  1. .

    RPC stands for remote procedure call. RPC endpoints are the places where applications can go to request a service to perform some function for then. Windows sharing (SAMBA or SMB aka server message block) is a good example of an RPC endpoint. An application can say "Hey, give me this chunk of a file" and the server can spit it back to them. RPC endpoints are not strictly a vulnerability on their own. They can be secured with passwords, encryption keys, host restrictions, or all of the above. Some RPC endpoints have been historically vulnerable while others may not be. I have not used rpcdump.py before but I have programmed with lots of RPC-ish mechanisms before (RPC itself, WCF, HTTP RESTful service, SOAP). I think you may be confusing RPC (remote procedure call) with RDP (remote desktop protocol). While RDP may be a form of RPC depending on how you look at it, not all RPC is related to RDP. The majority of RPC is for services not related to getting remote desktop access. Hope that helps.
  2. Very cool, listening now. I had never heard of Mumble actually so thanks for mentioning it (I am way behind the times on that)!
  3. If you have the budget a company called Axis makes some IP cameras that are really good. Or, also with a sufficient budget, you can create your own DVR (digital video recorder) with a Synology NAS and their surveillance station module. If you are looking for a solution with an existing laptop you can try: - iSpy (claims to be open source but removes all comments from open source code, Windows) - ZoneMinder (LiveCD) However, your requirement was to run undetected. If this is a computer that the "nanny" will be using it will be a bit more difficult. If you are using iSpy you could always log in as your own user, run it, switch users, and then let the nanny have her own account. They would never see it running. If you want to be even more sneaky you could run the ZoneMinder VMware Virtual Appliance using VMware workstation in the background but that is a more advanced option that requires a bit of finesse. If the nanny isn't computer savvy you can try WebCamImageSave but it will be easier to detect. I have not used this software though and cannot attest to its effectiveness or quality.
  4. Anything that can be accessed legitimately can be accessed illegitimately. In a GPS tracking scenario typically what happens is a device posts data to a server somewhere and it is reviewed later. With access to the device it is possible at least to see how the data is being posted. At best you could find a vulnerability in that database and exploit it through a compromised GPS tracker. Even if the system has been secured (there aren't any easy vulnerabilities in the database) a compromised GPS tracker could post false data to it which would lead the authorities to wherever they would want.
  5. :cough: Sorry, I'm brushing my dust off... My Bell's Mind e-mail has been neglected. It didn't make it when I switched computers and I just now realized it. Looks like I have a few months of e-mail to sift through. I would be willing to give it a go again. More than hosting what I'd really like is for someone to offer to write a nice front end for it. If there are any takers I'd be more than happy to supply the data.
  6. Failed after 20 Ubuntu installs? That has to be a serious outlier. At that rate you'd have a production drive failing in probably a few weeks. I know someone who uses SSDs as the cache drives for their SAN and they haven't had any failures in a year or so. I think that there's a lot of paranoia about burning out SSDs. You shouldn't go out of your way, unless you're testing like you were, to bury any drive with write activity but I think that being afraid to write to the drive is overkill. With a 5 year warranty and adequate backups I wouldn't worry about it in the slightest if I had the cash and the need for 500 MB / sec throughput. Don't defrag them, it's pointless. But don't worry about wearing them out with a normal workload. That's MHO.
  7. I think it's the user interface. I'm willing to make it easier to use and more accessible. I just need input. Post any thoughts here or e-mail me at ntheory@bellsmind.net
  8. That's exactly what Bell's Mind is except that it's not a wiki. Check out an exchange, see what has been scanned, and scan any numbers that haven't been scanned yet. You can even submit dupes if your findings are different than what's there.
  9. You can post your scanned numbers on Bell's Mind. There's no batch feature. One was proposed a long time ago but I couldn't get any traction with it. If people want it, I will work on it. I really need to redo the UI but without suggestions from the users it's a bit difficult to build something that people want to use. If you want to submit numbers, go to BellsMind.net, click frontend, register, and then log in. ThoughtPhreaker and some others are still posting numbers. There are over 30K in the database already.
  10. Yeah, right now our DID options are pay only. Everything has a price that is per channel, per minute. Maybe I should open another poll/thread to discuss our other options.
  11. Ok guys, we're going to try to have an update in a few weeks. There are a lot of things to work out but we're going to give it a solid shot.
  12. Disclaimer: If you do weird stuff to a high profile .gov website you are probably a terrorist.
  13. Well, it's a little more involved than that... scrubbing user IDs/names, dealing with postfix, database, etc.
  14. Cool. I'll check it out. The current setup actually does have paid hosting but I chose to run the web server and mail server in different locations for security reasons and didn't want to worry to much about the web hosting aspect of it. If you run into any problems with it just e-mail me at ntheory@bellsmind.net.
  15. I was about to ask the same thing