Rant Post: WHY DID EVERYONE STOP LEARNING!!!!!!??????

Everywhere I look nowadays, too many people are whining because something isn’t working the way it’s supposed to. They don’t even take the time to learn WHY something might not work. HEAVEN FORBID THEY ACTUALLY LEARN HOW SOMETHING WORKS!!!!!!!

people continue to accept “dumbed down” versions of applications because they don’t know how to do anything similar. Case and point, the acceptance of the term “The Cloud” which has no fucking meaning, but everyone just assumes things work because “The Cloud”. People, its the internet. Everything people are chalking up to “Cloud” services, have existed in one sense or another since computers had to “Call” each other with a modem to establish a connection.

Dropbox, Drive, OneDrive (basically any “Cloud Storage”) services are all basically fancy “Shared drives” like one would have used in windows or Samba servers in linux. You allocate a certain amount of storage space on a drive on the network and give a specific user rights to see their drive. that user can assign other’s rights to see some of or all of their share, but it still is the same place on the damn network.¬†

Where the problem comes in, is when everyone starts whining about “Privacy” or “Security” when some online service fails, or gets hacked, or uses what you upload to create some profile about you. HERE’S A FUCKING IDEA: IF YOU ARE WORRIED ABOUT PRIVACY OR SECURITY OF THE INFORMATION YOU ARE STORING, KEEP IT ON YOUR OWN FUCKING COMPUTER!!!!!!!!!!!!!!!!! Roll your own private cloud, or a VPN, or hell even your own server. if you don’t want to do that, you have no business complaining when Google indexes your email, YOU ARE THE ONE WHO OPTED IN TO THEIR SERVICE! If you don’t like it, DON’T USE IT!

Stop thinking everything is fucking magic, stop thinking your data is “safe” simply because some company says they keep things secure. Learn how to do things for yourself, or be at the mercy of those who DO learn.

there… rant over, now go learn something.

Advertisements

Why I’m Taking a Break From Twitter

I’ve been thinking about this for quite some time; Trying to figure out some things. I have not felt right inside my own head for months now, and honestly twitter has become a huge distraction for me, a time waste, a black hole.

I’ve let myself slip from what I really enjoy, and it’s time to focus on that stuff again: coding, hacking, tinkering.

so, I’ve decided to take the MAIN distraction that was allowing me to keep putting off my personal growth and happiness, and throw it in the trash. I have deleted all my twitter apps from mobile, deleted tweetdeck from chrome, and windows, and since I absolutely HATE the twitter website, I will not be logging in.

I will keep the account, because I may find purpose for it yet, like my blog. I have been told by many of you, that you like my blog, and can’t wait to see more from me.

That is exactly why I’m doing this. My blog will still post to twitter every time I put something new up here, I simply wont be responding there. If you need me, you can figure out how to reach me.

So, with that. I’m taking a break from twitter, to focus on becoming even more awesome than I already am, and hopefully none of you will take any offense to my silence.

Why hackers should oppose government

I suppose I could sum up an entire article with “because they lie”. However I don’t think that would cover the complexity of the issue at hand. Hackers, by both profession and mentality, question authority and push the status quo. By no means, do I mean “Hacker” as the black hat sitting in mommy’s basement in a poorly lit room purposely stealing credit card and identity information; by hacker, I am talking about someone who tinkers and tries to improve the way things are currently done.

The government, any government, is by it’s nature the opposite of the hacker mentality. We try to empower individuals to be self-reliant and build their own life where nobody can tell them how to live. Government tries to consolidate the power into a central entity that distributes resources to fit its goals, even if those under its authority disagree.

Right now, I see too much support for government from others. It’s starting to feel like everyone has forgotten that America was formed by revolutionaries fighting against oppression. Simply because we didn’t want to be told what we could do, and who we could do it with. Yes, laws have a place, but too many laws are bad because it becomes more possible to break the law.

That is what brings me to hackers. Right now, network security is a very dangerous field, and doing things 100% legally makes it hard to find the security holes. If you stumble upon big security problems but didn’t have a contract set up first, you risk possible jail time for disclosing it to the business, even when done discreetly as to not alert everyone and cause panic. Being a security good Samaritan is strongly discouraged because of government.

Think about it this way. Pretend you’re a kid and the government is your parent. when you were a kid, and your parents had a really stupid rule, or the rule was no longer needed, what did you do? You probably talked to your parents to change the rule, and they likely said “no”. For me, I had to break the rule in a way as to show i could act responsibly and the ONLY thing they could punish me for was breaking a rule that was silly. Sometimes, I would get punished. Sometimes, they would finally get the point. But the point is, for change to happen, rules need to be challenged and broken. This is at the very core of who a hacker is: we question EVERYTHING.

I don’t care if you’re a Republican, Democrat, anarchist, or communist, you should still oppose government intervention into our lives, and everyone’s lives. Do you really think that making a new law is going to stop criminals who are ALREADY breaking the law? No, you’re going to create new criminals. At the very least, current laws need to be enforced in full, so EVERYONE feels the pain of these oppressive laws. If you wouldn’t apply a law to EVERYONE, you shouldn’t have the law in the first place.

Hackers should unite against government power, fight against stupid laws intended to single out people, and fight for the little guy, because guess what, hackers? We’re the little guy. We are the antihero. We walk the thin line between good and bad. We need to push authority. We serve a vital role for change.

Stop wasting it!

I was thinking, after I hit “publish”; When I speak of a hacker, I speak of someone who questions things, someone who needs to know “why”, someone who strives for better than “okay”… I speak of myself, my friends, my family, hopefully, I am speaking to YOU as well.

Wireless hacking on android

With the power of the tablets coming out now, and the open platform that Linux provides, there is a great opportunity for hacking from an easily hidden, Trojan style device with lots of power to allow us to do many different wireless attacks.

Possible attacks:
1. ARP spoofing
2. Ssl stripping
3. Session hijacking
4. Vuln scanning
5. Port and service scams

These are just a few features available in a tool called

Dsploit

. Using the application you can select all kinds of attack vectors, you can capture packets in a pcap dump for reading in Whitehall later.

It works well in a small networks and labs, but my next task is to blow up a public network and see what I’m able to find. If the located information is enough, I will approach face to face with data, and options on how to fix their problems.

Other WiFi tools in my toolbox include, droidsheep, ding (network scanner), connectbot, and sshdroid.

I will be writing a follow up on how to use the tools, and talk about the other tools.

Should DDoS be Protected as Free Speech?

I read an article today, that quoted the lawyer representing some Anonymous folks saying that he thinks DDoS is a form of free speech, and should be protected as such. He equated it to the civil rights demonstrations where people would crowd a venue to the point that “Legitimate” customers were unable to use their services. While I can understand the logic, I find fundamental flaws with this argument.

In the cases of Sit-in protests, each participant is willingly making the free speech statement involved in shutting down the offending business for that day or period of time. in most, if not all cases of DDoS, it is done with the aid of bot nets, or zombie computers. this means that the people infected with the bot net virus, or other form of compromise, are most times unaware their computer is being used in such a form of protest. That means it is inherently NOT free speech, because the person who is making the statement (each zombie, or bot) is not intentionally making said speech, and would likely not even agree with the protest.

However, if the attack was legitimately conducted by thousands of people jointly flooding the site willingly, I can agree with the argument. That would be pure protest. My issue is that too often it is using unwilling, and unknowing participants to perpetrate the attack.

However, if it is protected free speech, does that mean we as white-hats, or even grey-hats be able to use the same form of attack against our targets or causes that we disagree with? In short, I think that legalizing DDoS attacks because they are “Free Speech” I believe opens a pandora’s box. If it was legalized, I think we would honestly see a much larger scale of attacks against companies, causes, and individuals increase dramatically. That would be the same as giving loaded guns to convicts upon their release from prison. Yes, guns are not illegal, and shouldn’t be, but there are restrictions applied to those who have demonstrated they lack the responsibility to handle guns in a safe way.

I created a poll, to see what you all think

Updated passgen.py

A while back, I wrote an article about coding my first python program, a password generator script. When it was first written it simply generated a password after the user gave it a value for how long they would like the password to be. Through some team work with grap3_ap3, we got it running as a module for our python IRC bot.

Now, I am proud to present version 0.3 that introduces the following new features

  • user can chose how many passwords to generate
  • user can chose a filename for the saved file (allowing for multiple password files)
  • cleaned up input & output

I hope you enjoy the work, and I hope to have more coming soon.

MediaFire link here

pdf copy of source: passgen-src

Adding to passgen.py

I decided to pick up my passgen.py script and add a few things to it, some things that will serve multiple purposes; a) add better functionality and make the script more user friendly, and b) help me learn more about the amazing language that is Python.

Some of the Ideas I had to add to the script are:

  • Option for generating more than one password at a time
  • allow the user to change the filename it dumps the generated password to
  • add a <Space> character to the mix, but possibly set a rule to only add a space every (x) characters

If you have any other ideas you would like to see, let me know (remember, I’m still a python n00b)