alienbinary

Members
  • Content count

    154
  • Joined

  • Last visited

Community Reputation

1 Neutral

About alienbinary

  • Rank
    SUP3R 31337

Profile Information

  • Interests
    Kung Fu baby.
  • Location
    USA

Contact Methods

  • Website URL
    http://www.pa1n.org
  1. That would be a good beginner's challenge. This was one of my first projects, I may still have the program laying around... I have a couple laying around that I used for an engine on my old DES brute forcer. One generates random strings with a max length of 12 chars if I remember correctly. Another generates strings of exactly the desired length and composition (a-z,0-9,A-Z) and yet another does it, as has been suggested, sequentially. Since this was all in perl and took a negligible amount of time to throw together variations, I just ran different versions of the keyblock generators in tandem in the code, so the wordlist was generated on the fly using one of the three potential variations mentioned, and would continue to chew away at the ciphertext, prompting you to continue every 15,000 strings or so.
  2. If I was desperate/crazy enough to steal gas, I'd much rather steal it from Shell (who announced $27.6bn profit for 2007) or other gas company, than from people's cars off the street. Usually, the older the car the easier it is to steal gas. So some poor guy who's filled his aging car with $60 of gas can hardly afford to fuel another's habit too. Come the end of the month, if someone siphoned my car I'd be screwed - no work, no shopping, nothing. Stop stealing my gas Tao! This is a common problem in ethics when it comes to any aspect of hacking. In many ways, or at least in some demented way in my head, this makes a great parallel to some of the issues faced by people who like to get out from the computer lab and into the city for some exploration. I have definitely had a girlfriend or two hook her arm underneath mine with force because I was veering in the direction of an unlocked kiosk that some employee had neglected to re-secure. Although all I wanted to do in these situations was poke around and maybe take some pictures with my camphone, the ethical dillemma didn't occur to me until later: if I was seen on camera exploiting even the most benign of security holes, that employee could lose their job. Were they to expect that they had someone with a superior understanding of their systems hanging around in their stores looking for an opportunity to gain access? Not really. These people are underpaid and unfortunately, if I might make a sweeping broad generalization, undereducated. They're not being so much lazy as they just lack the foresight to see the implications. I, on the other hand, can see from over a decade of self education from internet newsgroups, zines and community just how much of an opportunity this is for a hacker. But perhaps, just perhaps, the implications of exploiting the physical security vulnerabilities in regards to the person whose simple mistake it might have been may elude me. It is that nagging girlfriend or overcautious best friend (also known as noob) who can sometimes save us from our overzealous selves. Man, I missed this place. Intelligent discourse isn't exactly... rampant on the internet these days.
  3. this is such a tremendous shock to me. microsoft supporting an oppressive, overarching, constantly voyeuristic society? No way.
  4. Well, didn't Johns Hopkins announce sometime last year that they had cracked the Mobil Speedpass? All the gas stations around here have some sort of RFID reader to make getting gas easier. Personally, I say good for them. I have trouble shedding a tear for some fat cat oil exec and the station is probably insured.
  5. I actually had someone try something like that today. What do you make of this? A new comment on the post #3 "Welcome to the new PA1N.org site" is waiting for your approval http://www.pa1n.org/2007/03/11/new_site/ Author : Bill836790185+ACc-,+ACc-738910707billy@msn.com+ACc-,+ACc-+ACc-,+ACc-90.168.55.169+ACc-,+ACc-2008-06-04 13:58:42+ACc-,+ACc-2008-06-04 13:58:42+ACc-,+ACc-+ACc-,+ACc-0+ACc-,+ACc-lynx+ACc-,+ACc-comment+ACc-,+ACc-0+ACc-,+ACc-0+ACc-),(+ACc-0+ACc-, +ACc-+ACc-, + (IP: 124.217.250.190 , svservers.com) Comment: <strong>None</strong> I'm not even sure what the little prick was trying to do. They did successfully post more characters than the script was set to allow, but it didn't "overflow" because it just gets sendmail'd to my gmail. Any thoughts?
  6. I use this at work: https://www.pdfonline.com/convert_pdf.asp The limitation is 2MB. Or, of course, get a mac, print to pdf.
  7. die in a fire. an hero yourself. do a barrel roll. I laughed my ass off at that.
  8. so against my better judgement, I've been browsing 4chan a lot lately. I admit it, I'm a bit of an addict. Regardless, on /b/, someone posts the following url: http://uk.youtube.com/watch?v=upvweQDrd5c I didn't actually realize that there was a seperate "british" version of youtube, but then again, I'm not huge into the video networking sites. Regardless, I paste the URL into a new tab in firefox and I get this message: "This video is not available in your country." Double-ewe tee eff. So either this was another anti-scientology video by anonymous that somehow got flagged out of the United States or it was something so bad that it needed to be restricted to an area code. Well, I really believe that regardless of the country you're in, you should have access to all information on this great internet, and this made me pretty mad. The chances of something meaningful being posted on 4chan were slim, but it was a matter of principle. So if you ever run into this, you're probably thinking "I could just use a proxy." You could, but a lot of proxies strip out important code that would make youtubes video sharing engine run, many web based proxies disable javascript and we all know that proxies can make accessing any file slow as dirt. Besides, using proxies is old hat. Time for new tricks. So I searched google for "online flv converter" and after checking out 3 of the top sites, most of which were unable to resolve the UK url (don't ask me why), I stumbled across a 4th, keepvid.com. Enter the URL in, the converter facilitates a transfer of the raw FLV to your desktop. rename the file from "get_video" to "get_video.flv" and open in your video player of choice. The screenshot attached is VLC, because it has a built in FLV viewer and I didn't have to convert it. So what was the video, after all of that? The intro the fresh prince of bel-air. Yup, the MPAA had it's hands in this regional censorship after all. Enjoy.
  9. This is the first I've heard of IP Stenography, but Steno usually refers to, as you (McGrew) have mentioned, the insertion of bits of data into the "white space" in imagery. It's most notorious claim to fame was when the CIA claimed that terror cells were using child porn newsgroups to spread information, more specifically, that they were using the boards, posting mages with encoded information under the impression that if any arrests were made, they wouldn't discover the actual purpose of the ring anyway. The validity of this claim is widely disputed. If you're looking to integrate stegonography into IP addresses, you have only a small amount of space to work with. You might consider packet fragmentation. A single permutation per address, all sent, you could get a sentence out in about 10 characters, with 10 addresses, all in the same subnet, same originator. The data would be parsed when all the packets had reached the destination. This is a total stab in the dark, but it's an interesting idea. The original reason for this post though was to clarily that steganography is the art of hiding in media, this would be obfuscation. You do have the potential to piggy back on data, which I suppose could be seen as evolved stego. I should watch the talk and see what I think.
  10. I've noticed an interesting bleeding of windows to linux and vice verse. When O'Reilly press released Knoppix Hacks, they included a modified distribution of Knoppix (three nine, I think) that had a built in windows virus scanner and windows registry editor. While conceptually, this is great, and it is, the computer builds a ramdisk, downloads the virus defs from a web server, plops them into the ramdisk, and scans the hard drive without having to boot into windows. Pretty neat. However, this does lead to some interesting points about how similar SOME open source code is to proprietary code, as well as how much access the software has to the hardware. Make sure your virtual machine does not have certain ports open, don't let it know the location of your NIC, keep it away from devices it can use to transfer itself. This is speculation, but if you can use a virtual machine to scan for infections, edit the registry and use wine to run an os within an os, it's not out of the realm of possibility that a windows binary could execute instructions to an OS neutral device, such as a network card. Before I make even less sense (I'm REALLY tired), I would make an outlandish (on these boards) suggestion, if you're afraid of using the wrong virus, you could actually use some skiddy warez and make your own if you don't feel comfy writing your own mmc from scratch. If you design the payload yourself and the means of delivery as well, you know what to block off, and your lecture should go well. Kinda wierd how that could work, actually... - alienbinary
  11. Government jobs come with a variety of perks, but it's kind of important to figure out what level of involvement or committment you're willing to take. However, a LOT of jobs at entry level will offer you at least partial tuition. In healthcare, which is where I'm working (as one of my jobs) for now, I could presumably take courses on a wide vareity of subjects and get partial tuition if they were outside the scope of what I'm doing, OR, full tuition depending on the course. In research, certain departments will pay for certification in a really wide number of subjects. If I could prove that it would help me to learn another languague to assist in recruitment, they would pay for it. Basically, what I'm driving at is that the USG isn't the only agency to give those sort of extra perks and they should be dealbreakers.
  12. oh how I miss my apple II. both of them. well, one was a IIgs, but that's neither here nor there. :rock: eff tee double-ewe. considering the amazing amounts of boards that ran off apple IIs during the 80s, I would totally consider setting up a dial-in BBS like we haven't had in.. a billion years. it would be really rewarding to see, and if you still reminisce about those days, it might be a lot of fun. one of the most noteable Apple ][ boards: the metal shop BBS, host to phrack magazine. if all else fails though, holy sh*t, install terrapin, the geometric/mathematic logo-esque program that totally rocked my world when I was a little kid. a link to a Terrapin LOGO programming page alienbinary
  13. your best bet is a can opener version of knoppix released by o'reilly associates with the book "Knoppix Hacks." While it's essentially just v 3.9 or something around there, it was designed to be shoved into broken pieces of sh*t and make them work. Also, as strange as this sounds, you might consider trying an old version of windows, installing it, then running the ubuntu disc after the install process. Sometimes OEM computers have trouble with an alt operating system taking hold and you need a fat32 or ntfs partition to install over. Don't worry, a good linux or beastie install over that will wash the bad taste out of your mouth. - alienb
  14. yeah, amen to the stickers and other schwag. Ubuntu gives out stickers... hint hint.
  15. Just a heads up, if anyone is still looking around for more free distros and software from sun, I was doing some reading on webmonkey and saw the link to the same form. They've added a free request for Solaris Express Developer Edition. I'm not a huge programmer, nor have I even had time to play around thoroughly with my solaris OS DVD, but I ordered the new one anyway. I'll keep you all posted on whether it actually gets here. alienbinary