So I got hooked into LinkedIn as I went crazy adding all my co-workers to get a friend base, I thought… I have been here before. I remember back in 2002 Adding friends to MySpace account. This is funny, adult myspace for the working professional. You can even upload a picture of yourself for what, to date?

All the funny social aside, this is a gold mine for social engineering. You have CxO level people all over the place adding each other and making connections.

Hello Mr.Thompson, My Name is Kelly I got your contact from John Doe who referred me to you for a security audit. I was wondering if i could find some time to meet with you next week. “Sure”

// or “yes kelly what is your last employer …google google”

…awesome

So I had to pull out a copy of VB6 today to do some project work, hunted down a burnt CD with all my former projects (needed a bit of code I wrote years ago) I burned this cd in 1998. Well looks like the statute of limitations for 1's and 0's are up. I couldnt read 30% of the cd and with RoboCopy it took about 30 min to copy out 100mb. a 4 meg file took 5 min to read from the cd. Sigh.... at least robocopy came to save the day. If only windows file copy was more like that think of all the time it would save people.

anywhoo, remember to re-burn all your old CDs before its too late!

so its been a while since a movie review, things that dont suck were Juno, if you havent seen it then watch it. But this blog post is about action movies that suck.

Spiderman 3 - what the hell was this? suck suck suck

Superman Returns - yawn, was this a action movie or a boring PBS drama?

updates crunched into one post as its been slow month for security and nerdy things...

Security:
new versions of fgdump for your slurp tool are out
http://www.foofus.net/fizzgig/fgdump

along with another neat tool for pass the hash type of information gathering
http://sourceforge.net/projects/incognito

a guy rolled his own version of the usb2ram tool that will dump WDE drive keys
http://www.mcgrewsecurity.com/?p=93

also anyone seen that USAirforce commercial about blowing up satellites? great security awareness video haha.

Wedding:
almost everything is done, we got the wine most recently, just need to set it in motion!

Work:
I offically off IT support again, now just do Security Consulting!

other news I also passed my test for General HAM you can now call me K7MHI

recently found a good use of VM Converter to change the disk size and no need to mess around in command line

 1) if you own a copy of converter thats a cheat

http://www.vmware.com/products/converter/

 if all else fails

http://www.ebswift.com/OpenSource/VMDiskSize/

then use diskpart (cmd tool with windows)

run the following commands…(on a different box)

diskpart

list disk

list volume

select volume=(your volume)

extend

list volume (check your work)

One thing I love about MSDN subscriptions is the ability to get Visual Studio. Now I dont program much but I did have a lot of fun with VB back in the day and when VS2002 went to .net I must admit that I lost interest as the code changed a lot.

Then comes VS2005 with all its cool context help.

Then comes VS2008, I must say this is the most impressive dev studio I have ever seen. Just like office2007 and ability to think what I want before I want. VS08 allows someone who just knows how to program, convert to .net and program up things that are awesome. Seriously the context help and auto-complete in VS2008 are way cool. If you are a programmer or have MSDN and did old c or vb then check out the new application its worth the time.

so myspace isnt your cup of tea? go to http://www.rottenneighbor.com and check out people that live near you. Or just talk about about people so they can go read how you dont like them… Awesome.

Yes I am aware of the ASP code crashes, My c: was full for a while and something died. I have plans to rebuild the server and fix this and all the other sites that I host.

I was just in the conference trying to swipe the memory from a laptop someone left there. Problem is that I had to remove the keyboard, then I broke my little screwdriver and when I did all this I realized I forgot my can of air. Then it was too late my memory had gone muy loco

 

This isn’t a "holy crap my shit is 3137 h4xor pwnd" but a "wow that’s a cool hack" sort of like Xbox running Linux or an oscilloscope that can print vector graphics from pong. This would be a cool Spy trick or uber 31337 bad guy. But if you wanted to get around it. You just use encrypted file mounts. I woudl imagine that the protection on the temporary mounts is protected or you just time out unmount the encrypted mount.

 

A elementary way to do this is the old keylogger. Works every time. I bet you arnt checking your docking station keyboard every morning? (thankyou centas for the use of the building custodial jumpsuit for access to your office)

 

I think the big thing here is dont let bad guys finger your ram!

 

Did you see all the things that will cause problems....

http://citp.princeton.edu/memory/faq/

 

I do want a copy of the RAM2USB boot application they have, as that would be handy in uses other then just hacking "secret keys"

 

or be totally insane and check this out