ntheory

Agents of the Revolution
  • Content count

    1,757
  • Joined

  • Last visited

Everything posted by ntheory

  1. RPC stands for remote procedure call. RPC endpoints are the places where applications can go to request a service to perform some function for then. Windows sharing (SAMBA or SMB aka server message block) is a good example of an RPC endpoint. An application can say "Hey, give me this chunk of a file" and the server can spit it back to them. RPC endpoints are not strictly a vulnerability on their own. They can be secured with passwords, encryption keys, host restrictions, or all of the above. Some RPC endpoints have been historically vulnerable while others may not be. I have not used rpcdump.py before but I have programmed with lots of RPC-ish mechanisms before (RPC itself, WCF, HTTP RESTful service, SOAP). I think you may be confusing RPC (remote procedure call) with RDP (remote desktop protocol). While RDP may be a form of RPC depending on how you look at it, not all RPC is related to RDP. The majority of RPC is for services not related to getting remote desktop access. Hope that helps.
  2. Very cool, listening now. I had never heard of Mumble actually so thanks for mentioning it (I am way behind the times on that)!
  3. If you have the budget a company called Axis makes some IP cameras that are really good. Or, also with a sufficient budget, you can create your own DVR (digital video recorder) with a Synology NAS and their surveillance station module. If you are looking for a solution with an existing laptop you can try: - iSpy (claims to be open source but removes all comments from open source code, Windows) - ZoneMinder (LiveCD) However, your requirement was to run undetected. If this is a computer that the "nanny" will be using it will be a bit more difficult. If you are using iSpy you could always log in as your own user, run it, switch users, and then let the nanny have her own account. They would never see it running. If you want to be even more sneaky you could run the ZoneMinder VMware Virtual Appliance using VMware workstation in the background but that is a more advanced option that requires a bit of finesse. If the nanny isn't computer savvy you can try WebCamImageSave but it will be easier to detect. I have not used this software though and cannot attest to its effectiveness or quality.
  4. Anything that can be accessed legitimately can be accessed illegitimately. In a GPS tracking scenario typically what happens is a device posts data to a server somewhere and it is reviewed later. With access to the device it is possible at least to see how the data is being posted. At best you could find a vulnerability in that database and exploit it through a compromised GPS tracker. Even if the system has been secured (there aren't any easy vulnerabilities in the database) a compromised GPS tracker could post false data to it which would lead the authorities to wherever they would want.
  5. :cough: Sorry, I'm brushing my dust off... My Bell's Mind e-mail has been neglected. It didn't make it when I switched computers and I just now realized it. Looks like I have a few months of e-mail to sift through. I would be willing to give it a go again. More than hosting what I'd really like is for someone to offer to write a nice front end for it. If there are any takers I'd be more than happy to supply the data.
  6. Failed after 20 Ubuntu installs? That has to be a serious outlier. At that rate you'd have a production drive failing in probably a few weeks. I know someone who uses SSDs as the cache drives for their SAN and they haven't had any failures in a year or so. I think that there's a lot of paranoia about burning out SSDs. You shouldn't go out of your way, unless you're testing like you were, to bury any drive with write activity but I think that being afraid to write to the drive is overkill. With a 5 year warranty and adequate backups I wouldn't worry about it in the slightest if I had the cash and the need for 500 MB / sec throughput. Don't defrag them, it's pointless. But don't worry about wearing them out with a normal workload. That's MHO.
  7. I think it's the user interface. I'm willing to make it easier to use and more accessible. I just need input. Post any thoughts here or e-mail me at ntheory@bellsmind.net
  8. That's exactly what Bell's Mind is except that it's not a wiki. Check out an exchange, see what has been scanned, and scan any numbers that haven't been scanned yet. You can even submit dupes if your findings are different than what's there.
  9. You can post your scanned numbers on Bell's Mind. There's no batch feature. One was proposed a long time ago but I couldn't get any traction with it. If people want it, I will work on it. I really need to redo the UI but without suggestions from the users it's a bit difficult to build something that people want to use. If you want to submit numbers, go to BellsMind.net, click frontend, register, and then log in. ThoughtPhreaker and some others are still posting numbers. There are over 30K in the database already.
  10. Yeah, right now our DID options are pay only. Everything has a price that is per channel, per minute. Maybe I should open another poll/thread to discuss our other options.
  11. Ok guys, we're going to try to have an update in a few weeks. There are a lot of things to work out but we're going to give it a solid shot.
  12. Disclaimer: If you do weird stuff to a high profile .gov website you are probably a terrorist.
  13. I just threw together HushTxt.com so I could SMS people anonymously while at DefCon. I won't be going so I won't get a chance to test it out but I figured anyone here who is going might get some mileage out of it. All you, and the person you want to talk to, have to do is register by SMS'ing the register@hushtxt.com e-mail address. Then, instead of sharing your phone number with people you get assigned a HushTxt.com e-mail address and you can share that. It's basically an anonymous remailer designed for SMS (all headers stripped out so you get the full 160 characters). Let me know if it does or doesn't work for you. The site is super basic and I don't make any money off of the GoDaddy nonsense at the top. I just opted for their free hosting while I was testing the system out. It's beta so you might experience some hiccups.
  14. Well, it's a little more involved than that... scrubbing user IDs/names, dealing with postfix, database, etc.
  15. Cool. I'll check it out. The current setup actually does have paid hosting but I chose to run the web server and mail server in different locations for security reasons and didn't want to worry to much about the web hosting aspect of it. If you run into any problems with it just e-mail me at ntheory@bellsmind.net.
  16. I was about to ask the same thing
  17. Well, the things I wanted on the iPhone were: 1) 3G support 2) GPS 3) A keyboard No keyboard but the other two look good and the development community is really moving. I think I may break down and switch providers. :/ If the 3G support is real 3G (in other words it supports simultaneous voice and data... something I've been waiting at least 5 years for) then I won't even know what to do with myself. I know other phones on the AT&T network can do it so I'd assume that this one can too. So, who can talk me out of the iPhone? The only problem is application distribution. I'm not sure how it all works other than the 70%/30% revenue split and the news that they'll now allow free apps too. Do I have to get them approved? That stuff drives me crazy. Supposedly you can share applications to up to 100 people "ad hoc". Does that mean I can develop a Bell's Mind app and give invites to it without Apple stepping in my way? Do I get approval for applications for my company and then I can release anything or do I need to have every app approved (assuming there is still an approval process)? Lots of questions... not too many answers yet.
  18. I've gotten some leads on free DIDs. Please keep them coming. I'll be doing some testing soon with what I've found and it's always good to have backups. If anyone knows of a NY-based CLEC that offers decent colocation and a clean, carrier-grade voice network please let me know even if it costs a decent chunk of change.
  19. Seriously. Are you kidding me about MMS. I think I may give the iPhone an EPIC FAIL if they don't stop with this weird feature-lockout bullshit. I totally forgot to even look at that.
  20. Hey everybody. We're still stuck in the same cycle of DID issues. If you have DIDs or know providers that can give me DIDs cheap/free please e-mail me (ntheory@bellsmind.net). I'd love to get the site up and running with confs and other goodies I've developed over the past year but without DIDs it just can't happen. While the site gets a few thousand hits a day I almost never hear from any of the users. If you need/want something you're best off to contact me directly. The more interest I see in the site the more likely I am to get things running again. I had a lead on free, toll-quality DIDs but unfortunately that appears to have dried up while I was building the new server to colocate.
  21. Damn, I wish I knew where they got their patterns from... Awesome site.
  22. The PBX status screen works again. For some reason the website is VERY slow in FireFox but super fast in Opera. I'll try to look into that. Anyway, the status screen can show you if people are in the conferences in the 5xx range. If you want people to know you're on a conference then you can idle in there and people can see it if they log in. Also, you can sign into your account on the PBX by dialing zero and following the prompts. Your user ID and PIN are on the "My Account" page. After you're signed in people can see who you are and where you go on the status page.
  23. Ok, the RFA and BRR menus are fixed. The conference call quality is a problem inherited from my upstream provider. I'll try to tweak it if possible but for now it'll probably stay the same. I have a deal with a new provider to get really nice quality channels but that will take time to get going. Once it does I'll post the new number. Any other suggestions? Some of the other menu items are non-functional but should start working soon.
  24. Yeah, the prompts and such need work. It has been unmaintained for a while. When you dial an episode number and get disconnected it's because the episodes aren't there. Let's work on a BM wishlist and try to prioritize it so I can work on what matters most. So far you've mentioned these issues: 1) Conference call quality 2) Getting dumped when an item doesn't exist Anything else? I have my setup to do uLaw/aLaw so it's most likely that my DID provider is passing me instead. That's the easiest for me to check. The second item should be just adding a simple invalid context and an error message. I'll try (but can't promise) that I'll get to both of these items this afternoon. I really want to get things smoothed out so we can start making use of it again. Don't hesitate to suggest anything even if we don't do it already.
  25. We're back up with a temporary number. Call 914-380-1003 and let me know if it works. I have no idea what the channel limitations of this provider are so I'll hold off on putting this up on the website until we can stress test it a bit.