Bob Barker

Members
  • Content count

    19
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Bob Barker

  • Rank
    I broke 10 posts and all I got was this lousy title!

Contact Methods

  • ICQ
    0
  1. I've been meaning to continue going but my shifts always end up hitting the day of the meeting.
  2. Are you a parody? No, This is. No seriously, sarcasm?
  3. Are you a parody?
  4. I've personally been attending the Vancouver 2600 meetings. http://www.vancouver2600.com/www/
  5. Unfortunately I've been unable to find a good place. My apartment building as sort of a party room which I'll inquire about using, I'm unsure if that costs anything or not.
  6. I sent some e-mails to the 2600 mailing list and the moderator who controls it never approved any of my messages. They also have seemed not to have had a meeting in a couple months, from what I can tell it's essentially on hiatus. Furthermore the 2600 meeting takes place in a pub (though I'm not sure if it's ID on entrance), this would exclude at least one potential member I know. I was thinking the same thing about finding a smaller mom & pop. We could get some serious perks if we agreed to a minimum tip/tab type deal, though I'm not entirely sure what perks we'd want. Considering I live in the downtown core I should get off my lazy ass and actually check out some places.
  7. Well we have 4 people now including myself and a friend who I plan to get involved. I'll try to do some location scoping but if anyone has a suggestion or can even offer somewhere that'd be great. For now this thread is the "Official Vancouver BinRev Meeting" website, if we have a successful meeting I'll throw a more official website together. //EDIT Thinking about it I don't even see a purpose for a website, this thread is more then enough. We should be concentrating on the actual meeting and not the peripherals.
  8. Sign me up! I think gloomer's from around these parts too. And unless I'm missing something about meeting codes, shouldn't this be 604/778 ? You're right, I'm retarded and had a brain lapse as I was thinking of the first three digits of someone else's phone number, I shall correct it.
  9. Does anyone want to start a meeting? I'd prefer to host it downtown near the burrard skytrain station so it is accessible to everyone. Optimal location would be a quiet and casual restaurant with WiFi. Members (in order of joined dates) Bob Barker Unnamed Friend of Bob Barker inaequitas gloomer Location Unknown
  10. A proprietary terminal emulator (which included most popular terminal types as well as telnet, but not ssh for some reason) is used for the telnet sessions. But there was an instance of one of the data clerks not getting proper access to the software due to a mix up so I setup a .bat script for them to launch telnet.exe with the address of the server which is why I know it's standard. I'm not from the United States and this database contained driver records so if something bad happened it's everyone who gets fucked, not the government. Furthermore risk is minimal, government is unionized and I have union lawyers to protect me if needed.
  11. Did Google Map lose the Click-to-Call feature? I no longer can find the "Connect Me" button.
  12. Yes, I was rather worried that there could be a backlash from this. Though as a former highschool student I can say that when they suspend you for "reporting" a security risk it usually involves a bit of fun before hand and not always consisting of an entirely innocent nature
  13. //Background Start The following takes place in a government office concerning judicial manners. As part of the data entry which takes place in this office the data clerks are required to be able to access an extensive database of personal information. Limitations can be set upon individual user accounts and in most cases all activity on this database is logged. The connection to the database is maintained through a standard unencrypted telnet session on standard ports. Once the user has logged into his or her telnet account the .login script will automatically run launching the proprietary database client.//Background End //Discovery Start The discovery of the security hole was completely and utterly unintentional; I very simply hit CTRL+Z. CTRL+Z is considered the sleep key by all *nix/BSD like systems that I know of. The sleep command forces the currently running application into the background; this allows the user to run commands into the shell without breaking or exiting the currently running program.//Discovery End //Examination Start This discovery utterly shocked me, I never attempted to pen test this server whatsoever and I had managed to get myself into the shell. I thought to myself that the administrators must have known this as a potential security risk. I decided to examine the .login script and I learned that they did attempt to prevent this from happening. Unfortunately their attempts were not sufficient as they only hardened the server for instances of CTRL+X also known as the break key which is used for forcing an application to shutdown. In the case of a break the shell session will instantly terminate. I decided to explore the system further, searching for anything of potential interest and how exactly deep this security hole was. I quickly discovered a great deal was at risk as the entire source code tree for the proprietary database client we used was stored on that very same server with at minimum global read privileges allowed. I knew that this was critical, but how could a potential black hat get this source off of this remote server? Behold, the standard command line FTP client which is bundled in pretty much every distro of *nix/BSD was fully intact. Furthermore there would be an incredibly high chance that one could extract enough information from the source code in order to dump the complete database of personal information.//Examination End //Reaction Start I promptly wrote a Threat Assessment Report for my supervisors. I outlined how I did it, what the problem is, the risks, how it can be fixed and finally including a glossary at the bottom in order for them to understand technical terms. I also mentioned as many times as I possibly could how the discovery was completely unintentional as to limit my own personal liability. My supervisors looked it over and forwarded it to half a dozen other people before it was finally forwarded along to the contractor who worked on the server. The problem was fixed by the next Monday and life went on. Though it was rather comical to read the administrator’s e-mail response because of the rapid-fire “cover my ass” mode he was in.//Reaction End //Conclusion Start I write this not because of sloppy administrative work or because of the importance of scripting. I write this to explain that is absolutely not the administrator’s fault that a script was not working as planned. Scripts never work as intended and need to be hammered on constantly in order for them to be perfected. The real problem is that the lack of shell hardening. When acting as a *nix/BSD administrator one must always assume that somehow someone is going to be able to get into the shell. You as the administrator must be prepared for when this happens. Simply running chmod -R 777 * under the guise that no one will ever be in the shell anyways is foolish and is defeating the whole purpose of not having everyone run as root.//Conclusion End
  14. The idea of recording from a speaker phone seems horridly crude. I knew there had to be some RJ11 to 3.5mm adapter or something and after some digging I came up with this article that laid out some of the options for when you want to somehow get an RJ11 directly into your PC. http://www.jakeludington.com/ask_jake/2005...th_your_pc.html One way which seems the best for BinRev's purposes is hooking the lines up through a modem and record the audio from that. I know of a piece of software that lets you "link" sound input/outputs (like outputting your PCM into your mic) in Windows. http://spider.nrcde.ru/music/software/eng/vac.html If that seems too complicated you can simply purchase a RJ11 to 3.5mm adapter.
  15. Making a flash site for the sake of learning how to use flash is fine. But in practice pure flash sites suck ass! You can't use the back/forward buttons, you can't read the source, you can't just copy text, you can't create links. Flash should be used as conservatively as possible when designing websites. Plus sites with music are just the worst.