Comment from blog: Security Matters Wired Mag

This was a good post to read, Mr Schneier makes a very valid point here about how life is mostly full of ‘BS’ about how a terror can happen everywhere. I personally am getting tired of all this small crap like the lady who had a baby bottle, I question how long until people just get fed up and stop wondering like cattle thru the gates of government.

Now you have a bunch of people “scared” about some brown man blowing up everything, to justify spending another dollar to prevent American's from having ‘the good old days’ – remember the day when we could bring our own booze onto a airplane so we didn't have to pay $10 a shot?

sigh.. 10 years from now is gonna suck. some point the government controls of the EU make it just as much as a pain as here, ironic when people flee back.

Im not saying hack a hotel for porn. But I will say you can hack it for free pay per view hbo movies they have. BYOTV (bring your own tv) poor Marriott, you must not enjoy the web. I dont know what's worse people that pay for porn. or that people actually watch hotel porn. yuck.

is hackable - thats funny. if this gets fixed basically your able to just enter a alert message into the url and have it pop up at the site. Only a laugh because the page is how to prevent this crap.

link (now dead)

this site get grandpas files will help you write letters to make some paper pusher mail you back FBI records of dead people. Most interesting is the fact that you can just prove someone is dead  no reference that you must be related. So you have a neighbor that died years ago and you can drum up some information on him or find on wikipedia that he is dead? better yet, you happen to come across a death record in the trash? find out if they were dooin bad things. Or just mail letters off and see what happens.

I was browsing a pile of stuff in my room the other day to come across a package of sea-monkeys, I was reading the back of the package about a 2 year guarantee they have on those brine shrimp. The guarantee states that if you mail one dollar to the address shown they will replace your seeds for free (minus the handling of course) At no time the notice states that you must provide proof of purchase of the original monkey pack. So it stands to reason that if you mail one dollar you get what they state is a six dollar value. So I investigated sea monkey guarantee on line turns out they have the same deal on line however you must mail three dollars. The online version also states that you get some free literature about the monkeys. Im not saying that anyone should exploit the financial stability of the brine shrimp business, but its a good example of what you can find if you bend rules. So its up to you, pay 1–3 dollars and see what they mail back to you. Or buy it in the store.

this is something way cool that isn't available to hacker-kiddys yet. using a tool like cache dump you can then use the hash you get to ‘run-as’ the hash user. then I can run as the user on the computer or network. this means that you don't need a Hash Table and it don't matter if its 127 character password or NT hash. Link to security blog

must find this code. – Msvctl

Update: I did my research on this and you can find tools that will show this by using the term “Passing the hash” I will detail more once I have more of a way to fix it. in a windows environment. I will also blog more once I have a good set of tools to show it off.

update: there is a copy of winexe that can be patched to pass hash and it works. I will not detail until later date but I can confirm it works the same as the blog link here.

never have I gotten a email as good as this.

“Kelly, I have a non-work related question and you may know the answer. I have guitar hero 2 for the xbox 360 and I am trying to use one of the cheat codes I found online to unlock all of the songs but can not get it to work. Do you know or heard of anyone that has been able to unlock all of the songs for the 360?

Thanks”

As I see this a valid question, that any self respecting person would be able to take time to answer I did, the following appears to confirm working from a message board I found.

Planet Heidi is a web comic about computer security. I did work with the writer, He now has a book its the content of the comic. You should go purchase it its $9 and you will learn something – or just find grammatical mistakes and let him know =). Either way check out the free version or buy a book.

Im sure RoadRunner DSL isnt the only ISP that will do this, however I stumbled across them as being particularly dumb. They list all the users on a home page and let you browse the personal sites, as well as gather assumed login names etc. simply google “@ .rr.com” to get regional areas such as HVC for Hudson Valley. then attach some data to the site and you get every home page there, that includes pages where people upload files, but think no one can see them but they nicely let you index browse. HTML 1.0 where they password stuff but you have no time out and retry is not delay. more importantly the google site:xxx.com trick where you can just search everyone for juicy data. here is some info to get you kicked off for about 1 hour of surfing fun. its like having a back door into angel fire site, all that blinking text fun.

http://home.nycap.rr.com/

http://home.hvc.rr.com/

http://home.cfl.rr.com/

 needless to say browse with firefox, who knows whats out there.