rEph

Members
  • Content count

    145
  • Joined

  • Last visited

Community Reputation

0 Neutral

About rEph

  • Rank
    mad 1337
  • Birthday 07/23/1979

Contact Methods

  • AIM
    ac1dt3k
  • MSN
    ac1dt3k@hotmail.com
  • Website URL
    http://
  • ICQ
    0
  • Yahoo
    r0beph

Profile Information

  • Interests
    Perl, Regex, Gentoo, lotsa stuff...
  • Location
    Huntsville, AL
  1. Only thing I ever used vbs for was excel, it was a lovely thing for making sure users entered stuff in correctly. never really thought of using it for ms word.
  2. I disagree, wrong means malicious in my book, and people like you are why kids are so scared to learn. if my information is ANYWHERE on your system rest assure I'll audit myself. simply because I know ME auditing it leaves MY data safe...someone else may do something that could financially damage me for eternity. Do your job, if someone finds something messed up or insecure, if you can't deal with that pride hit, GTFO, quit your job, let THEM do it, cos obviously you're failing at it. and by punishing them, you reduce the likelyhood in the future they'd report it, not that they'll not find it.
  3. first of all, while not the RULE, but more likely than not, he'll never know. Nothing wrong with the box, why check the logs. Also if he has a simple password he's likely not very security concious, thus again less likely to check the logs. Don't mess with them, you never can know what all is logging what's going on. you may "delete" the logs and then only find he has a third party logging application and you're REALLY fucked since it's expecting the logs to be there when it polls or somethign and hey logs are missing, something's wrong...email admin...and oh yeah I have all the logs before they were deleted. wait about 2 or 3 months and call his VMB and leave him a message saying his password is too simple and he should change it if you really wanna. by then your ip would be lost in the sea of logs.
  4. why would you punish them at all? Listen, let me explain WHY in the past I myself have done this. MY information is there, enough information for anyone to commit identity theft, I am covering MY ass by telling someone about it. Same as anyone, while it isn't always their reasoning behind telling a sysadmin the problems with his system. People especially students are curious, students by their namesake are the most curious as the point of a school is to learn. If you so much as punish anyone for telling you any inadequacies in your security I have nothing but the HIGHEST level of disdain for you. Those kids should be given a reward, they didn't damage anything they didn't commit a crime, they did exactly what everyone should do in the face of a vulnerability. Personally I feel you are not only incorrect, but very very very much so. Often times I've found silly exploits by simply noticing something, I wasn't looking for it, a small glitch and I realize wow, this could be broken so easy. If my information is contained in a database or some such that I realized something may be easy to brreak through the securities...I would be VERY worried about it. Punishing anyone who helps secure not only THEIR data but the data of all the other students who due to the sysadmins inadequate security auditing missed, is a hero, not to be disciplined, that is entirely TOO much.... it really disgusts me.
  5. how difficult would it be to make a bootdisk that simply does what this does? some knoppix dirivitive prolly. I mean the only reason I can see for paying for this is that you want something cool to show clients that you mean business...
  6. Laptop passwords can be problematic, just for future reference. worst case scenerios - a) harddrive passwords via bios are almost a lost cause...unless you can do some sort of brute forcing to them as it sets the harddisk lock. (can't take it out and get the data either...sucks) and bios boot password is saved on a chip that doesn't lose data due to loss of power, some laptops have this a secondary security chip, I dunno the specs but was trying to get into a laptop that had this problem...was a really annoying problem and ended up being a brick...even gateway said nothing could be done even if I sent it to them and paid them.
  7. often if you show remorse and such and plead with them they'll give it back to ya...
  8. aside from the fact that disconnecting yer alarm system a) may trip it... I know some will if you cut the lines coming in, or it fails.. and may violate their TOS and if yer alarm system is registered with the city (like we do here) it may violate registration adding user modified equipment and thirldy could increase yer insurance costs if housing insurance considers alarms in their pricing.
  9. I wonder if the easiest thing would be to simply use a thirdparty (OS is likely) macro keybinding... if ya can do this, set yer control to send the keystrokes (CTRL-ALT-# or something) to unlock it, if not roll yer own, isn't hard.
  10. The one thing that I would've done first seems to be missing from this thread. Call the IT dept and ask them. 99% of the time troubles with a school's IT dept results in you being contacted IN person. Calling them and querying them on how they handle such things would likely yield best results. Also you needn't even say who you are, just ask if they send stuff out like that or not. If they do, go ask in person and show them. In the case that it is them, what more could come of that>?
  11. Used to a few years back there was a local (state) chat/forum site on al.com, we had written a logger that would log chat, while we had written it to allow searfdchable database of the chats that occurred in the main channel, we also had it log the private messages to the bot to another database...we said in it's profile that the bot was a girl age 14...you would be disturbed at the number of adults who made lewd comments, asked for sex, nude photos, etc....we publically posted all these messages and linked it from the chatbots profile...we got many a death threat
  12. Well it's obvious HOW it works, though I'd like to know what the hash is created from. though guessing from previous problems with windows WGA, ie adding hardware buggers it up for ya. I assume it's a hash created from the hardware on the computer and perhaps against thr serial key used for windows...though I really have no idea. Though I don't think the small flame ya tossed out with your reply is warranted considering he was simply relating the information and isn't really the one to relay the how, simply that it exists...what however I do suggest is if you see an exploit mentioned, and don't understand how it works, then YOU reseqarch it and post the hows of it...mindless flaming however isn't needed.
  13. heh man I have one I made a while back to track down a guy who made an alt myspace account... lemme suggest this.... A) make a myspace account, make another using the EXACT layout, c) get a flash redirect to direct to your fake login, d) make the fake login so that if the IP that is visiting it already has been phished out then auto redirect to the second page (so in the future they never have to go through the log in again) otherwise once they login send them to the second profile to produce a legit login.... how I made my page was simply stripping all the nonsense java stuff from the myspace login page (the one ya get when you aren't logged in and try to view pics) and simply redirected all the stuff to my cgi script, which was in perl...I may be able to dig it up, but I think I'd deleted it a while back once It'd completed its business....
  14. I've a 30gb ipod video, anyone seen any functional video linux hacks for ipods? I've not really searched...and chances are I'm not gonna brick my ipod for this as it gets plenty of use as is.
  15. not off hand, but google isn't neccessarily the best place to look, albeit sometimes it's useful, you have tons of other various search engines based on different data...try a phone listing service... att.com/directory, superpages, etc. I use these a lot in tracking people down and they work pretty well if they're not hiding...the problem you'll have with google is that they don't cache entire databases from request only sites, like phone directories.