1) a lot more then people would suspect, but I couldnt put a number on it

2) that your computer is constantly being attacked even if you do not realize it

3) Not sure Ill try to think of something better but, one thing that stands out is a list of names/addresses/information of everyone who has ever contributed to mediamatters.org (when they first came out)

Ok, so when I was in the computer lab back in college (circa 1999) I was in an IRC chatting it up with some fellow college students and apparently the discussion got heated. I started berating some dude and he was threatening to do harm to me. I explained that he'd never be able to find me on campus. Then he was able to tell me that I was not using a personal computer and I was logged in at so and so computer lab, so i was like 'good guess dude'...and then all of a sudden my computer started beeping and making all sorts of strange noises. So apparently this 'hacker' was able to locate me. He never approached me or anything but I quickly looked around and saw no danger and casually left. Anyway, after that incident I was generally pissed off that this guy screwed with me and wish he confronted me so I could have told him off in person. How was he able to do this?

When you are in IRC, you can do a whois on someone and get their IP address, Im guessing that the campus segmented their networks and he know that your address pointed to a range that was assigned to that particular lab, and the beeping etc means the box was already compromised or had a remote exploit that he knew to run against it (more then likely it was already hacked, due to the fact it was a public computer that allowed ppl on IRC)

Just finished watching this, one of the best documentaries Ive seen on the subject and a lot of intelligent people, even , surprisingly enough, the government people, except for the whiny douche bag in the black shirt that runs whitehouse.gov, he encompasses all that is wrong with security, I didn't follow the Lamo case too closely, but when he said something along the lines of "the system administrator may lose his job, what do you think he is going to do pop champagne because Adrian Lamo hacked me?" I got tilted. If the system admin was any good at his job, it wouldn't have happened in the first place, its typical entitlement thinking from an overpaid government worker that is just like the monkey collecting peanuts--this is a meritocracy after all (well,increasingly less so over the last decade, but whatev) (from whatever read about lamos' elementary hacks) so ya, the sys admin should have been thanking him and treating him like an equal rather then being a douche, you get the sense that that guy is all about ego rather then tech, and is a typical cover your ass mid level manager but thats just my stereotyping from what I could get out of teh interview with him

you go to defcon?

not this year, but I have in the past, you?

Is there a reason why you didn't answer this:

?

sweet post

Very interesting read, thank you. I didn't see this discussed, so wanted to ask - what os do you use, both @ home and when working. In addition, how do you rank IBMs AIX os as far as security goes? Thanks in advance.

sry did not see this.

most satisfying, was getting my current job, lol. It was right when the economy turned oct 09, I had been professionally out of IT for a couple years, and my prospects did not look too good having no experience in a corporate enviroment (only IT job was installing point of sale etc), I put down a family friend that I had setup a VOIP system @ his place of business for as a reference, and just happened to be at his house eating dinner when my HR lady called, I literally sat there with a magic marker and a piece of paper coaching him through the questions, that was at like 8pm @ night, I got a call the next day at noon congratulating me on the job offer (after only a month of searching---i lucked out). He did not lie or anything like that, but I made sure that he used some certain key words that another friend of mine who is an upper level hiring manager at a multinational corp told me were key.

My first buffer overflow was awesome too, it was a known exploit, I didnt discover it, but when I was 16 or 17 I was trying to get into this l33t hAx0r group and one of the tests was a piece of code that had a bug, adn I had to write the exploit to take advantage of the format string flaw, nothing huge, but to me it was awesome.

the other work story I posted I was pretty proud of also, our client was super grateful and I thought it was a good hack (got a free lunch out of it too)

my best friends HD crashed, completely zonked out, and he had a bunch of pictures of his deceased grandpa, and his GFs deceased mom, and asked me to see what I could do, his GF was taking it hard, I used some forensics software (foremost) and recovered all his .jpgs, he was super super grateful, and is one of those things he gets emotional about when he gets drunk lol


also a couple of the pokerplayers that I found were being cheated as it was the first time I could put a direct monetary loss that I saved someone from due to hacking

I was into hacking for a couple of months back in high school(late 90's). I was able to slip a keylogger into a couple of my friends comps giving them a file through ICQ. The best was a program that would open their cd-rom drive. We'd be chatting and they would be like 'wtf, my drive just opened up!' Good times.

Not sure if it's been mentioned, but I never answer any security question correctly. I've gotten into my dads' and ex-gfs' email account through those questions.

does anyone still use AIX? lol jk its good I like it, I have not used it extensively though

I run windows 7 on my main machine (my poker PC), my laptop dual boots XP and backtrack; I keep XP on there because I like to hack cell phones also (cloning, jailbreaking, unlocking) and a lot of the software runs best on XP, my laptop I use for pentesting most of the time, because it has all my wireless stuff and I can take it with me to clients sites obv;

I have a SAN I built running redhat, and I do my programming, keep my daily schedule spreadsheets, do emailing, keep my workout log, general browsing and just daily stuff etc all on a modified version of centos

I have an old 900mhz box running snort, and a couple other things, and then I have some cisco routers etc I use to study for CCNA stuff; in the DMZ I have a box that I use for storage when Im on the road, or to tunnel into my other servers if need be

Not to derail, but more on this? Seems like it could be useful to know.

Thats kind of the fun of doing this stuff is exploring for yourself, so I probably wont say much more directly and let you guys do it for yourself, but EVERYTHING is a potential target, some things you may want to google:

google hacking
laundrymat hacking
coke machine hacks
grocery store pos hacking

I mean, even just figuring out how coupons @ the grocery store work is interesting to me (and could be profitable lol)

dont use any of this for monetary gain though, it is just fun doing exploring

Ill throw this one out there as my brother got a kick out if it when i showed him
search google for

inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
liveapplet
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
inurl:axis-cgi/mjpg


one cool one he sent me:

http://61.60.112.230/view/view.shtml...eo.mjpg&size=1


if you do a look up on the IP to see who owns it:

Host 61.60.112.230
Location TW TW, Taiwan
City Changhua, 04 -
Organization Second Maintenance Office, Directorate General Of
ISP GSN, Taiwan Government Service Network.
AS Number AS4782 Data Communication Business Group
Latitude 24°07'99" North
Longitude 120°54'25" East
Distance 8775.00 km (5452.53 miles)


and from here, you can probably tunnel into their infrastructure even further.

Haha yeah I remember when I read about using google to find open live feeds. I spent two days browsing through a bunch and found some cool stuff.

cool I havn't read some of those, was your nick guids on hackphreak? .. it was always filled with 40 or so people and no one ever spoke, but I remember some of the more prominent names..

LMAO

this thread is like the fourth google result for "grocery store pos hacking" from just this one post. Kinda crazy

At my old school, one time I put two quarters in parallel into the slot and then the screen was like "ERR FFFFFF" or something and you could get anything for free for a few minutes before it reset. I think my friends and I got over 50 bags of chips/candy bars. For some reason the rice krispie one would rotate backwards. I recreated this error like three other times in maybe 20 tries. The last year at the school the vending machine was out of service the whole year. I don't know why.

http://cam.thesandbar.com/axis-cgi/m...0x480&camera=1

O, I meant more on the service contract stuff.

can you hack into porn sites

hi, can you tell us more about what you found on the mid to highstakes player that other people could see... was this def a case where his computer was targeted by a pokerplaying hacker?