Ohm

Members
  • Content count

    3,178
  • Joined

  • Last visited

  • Days Won

    13

Everything posted by Ohm

  1. There was a vulnerability for DD-WRT that was published a while back. It's only a problem if you have decided to allow management of the router via the web. That's probably not a very good idea anyway. The info is here. http://www.dd-wrt.com/dd-wrtv3/community/developmentnews/34-dd-wrt-httpd-vulnerability-milw0rmcom-report.html Well, there's more to it than that. <img src="http://192.168.1.1/cgi-bin/;reboot"> Combined with an img bbcode tag on these forums (with a redirect if needed) and anyone who views your thread is kicked offline.
  2. How is Windows 7 superior to Windows XP? Many ways. UAC being a big part of it.
  3. The only one I listen to with any regularity is Off The Hook. It's not a great show, but since it's on the radio and has to have some amount of mass appeal, you can't blame them for getting too technical. They mainly talk about news articles and how they relate to technology. It's interesting, at any rate.
  4. The same for me. The nonstop headache of trying to run Linux as your primary desktop OS is not worth it.
  5. I use a DD-WRT variant out of necessity. Linksys thought it was a good idea to keep outgoing connection attempts in the state table for weeks. So whenever you fire up something like a torrent client and fire off a few hundred connection attempts (most of which will fail), you DOS yourself. There's no reason to trust or mistrust these distros any more or less than any other small Linux distro. One thing to remember is that people rarely upgrade these. Mine has been on there for 2 years or so, haven't upgraded it. If there are any remote vulns in the kernel, I'm really hanging out here. As for system security, there are not usually any services open on the internet side, so it's OK. It should be no different than the default firmware.
  6. You don't have to go that far. Just make the field write-only and prevent people from changing it to a normal text field. Additionally, display 8 dots or asterisks for saved passwords so it also doesn't give away the length of your password. Out of the 3 browsers I tested, IE is the only one that got this at least partly right. You couldn't change it to a text field, but as someone posted here, you could still read the value and report it in another way. Of course, the best way to avoid this is to not save your passwords. Use a password manager program for that.
  7. Handing your search data over to a third party. Not wise.
  8. I'm certain this question has been asked many, many times before here. Why don't you use the search function to see what's been said before?
  9. FYI, hit Ctrl-C on a dialog box like made by alert() to copy its contents into the clipboard. You can be in and out in no time with that.
  10. Doesn't seem to work on IE. Works on Firefox and Chrome though. Maybe the MS people actually thought of this?
  11. That's interesting. They're all on port 80. How is the list compiled? Will this even be any good in a week or a month?
  12. You need something like this. http://www.rainbow.co.th/smarthomesx10curtain.html And then something like this. http://www.smarthome.com/1091/X10-LCD-64-Event-Mini-Timer-XPMT4/p.aspx
  13. OK, but what about TEMP.N00? Maybe this is the encrypted part?
  14. I wonder if some of the passwords are from christian forums? I think jesus is kind of high on the list. It's interesting though, 1% used 123456. Statisitcally speaking, if you were to go to any forum and grab a user list, you could compromise 1% of the accounts with little to no work.
  15. What type of data is this? What program uses it? What algorithm does it use? Any information at all would be a help. Otherwise, you're in the dark (and likely eaten by a grue). Dumping some random file with zero information won't help you, and it won't help anyone help you.
  16. http://www.semiaccurate.com/2009/07/31/apple-keyboard-firmware-hack-demonstrated/ There's such a thing as being too smart. Why is it even possible to get to the firmware on a USB keyboard? It's a keyboard. It should just work. The fact that malware and embed a keylogger inside the keyboard (USB keyboard or laptop keyboard) is just scary. This is also an argument for variety in hardware. Even if all USB keyboards were flashable, if everyone had a variety of models, it would make it very difficult for malware to target them all. But you really shouldn't be able to flash the firmware on your keyboard. Pretty stupid on Apple's part. Much of the "security" in OSX seems to be "it's hidden because we haven't told anyone about it, therefor it's secure because no one will look there."
  17. Windows should actually come with an FTP client you can use to upload files. You can "script" this FTP client to open the correct server, supply a username and password, navigate to a directory on the local and remote host and put a file. You can also use Windows file sharing and just click and drag or use the copy command. Though, having just done this on Vista, it wasn't easy. They changed the dialogs all around and it looks like they added another layer of security or something. If you only know the old way of sharing folders, it's a pain in the ass Oh, as for the FTP server, don't really know what to tell you there. There are a lot of FTP servers around, not sure which ones will run well and are easy to run on Windows (or whatever your OS is).
  18. A keylogger cannot do that, unless you have a keylogger on both sides. A network sniffer could do that though, assuming the IM traffic is unencrypted (as most is).
  19. What PowerPC Apple?
  20. Which is why the Xbox 360, PS3 (in a sense) and Wii use them? Apple also hasn't used the PPC in a while now, so what are you talking about? The keyboard itself runs on a microcontroller of some sort. Maybe even something familiar like a PIC or AVR. Probably something they could integrate into their own chip design though.
  21. Yes, run configure. It looks like it's setting your shell as /bin/sh, when it should be using /bin/bash.
  22. If you have any troubles resetting your password, you can email me at infinite.ohm@gmail.com.
  23. No one cares about your skiddie tools. What makes you think people would be interested in this here? No one cares about your splash screen, or what your program looks like. We don't want to see what you created in Photoshop using the l33t tutorials you found on the intarwebs. If it's a tool people are actually interested in, the graphics are just going to get in the way. Way to drop your AIM username in that video, christacioustm. Retail hacking? Yeah, you couldn't have chosen a less apt forum. Did you look at the forums at all before spamming this here? To anyone that actually downloaded this, do so at your own risk. Skiddie tools like this often have a little extra something mixed in. I hope you enjoy being part of a botnet.
  24. ProFTPD actually does have documentation, and in particular a chapter on authentication. Authentication should be really easy, it just uses PAM. Create users for each of your FTP users using adduser, useradd, or whatever GUI tools your distro provides. If these are to be FTP-only users, make their login shell /bin/false or something. And... well, you're done. Since you didn't say how you were setting up authentication and what exactly went wrong, it's a little hard for anyone to help you beyond that.
  25. How well does the OS itself run? Is it usable?