According to Security News Daily, Anonymous has taken down more than 40 darknet-based child porn websites over the last week. Details of some of the hacks have been released via pastebin #OpDarknet, including personal details of some users of a site named ‘Lolita City,’ and DDoS tools that target Hidden Wiki and Freedom Hosting — alleged to be two of the biggest darknet sites hosting child porn.
Archive for IT / Computers
Instead of posting a cache of articles and comments here, I will just link to them:
At the DEF CON 19 hacking conference, which took place between August 4 and 7, it seems that a full man-in-the-middle (MITM) attack was successfully launched against all 4G and CDMA transmissions in and around the venue, the Rio Hotel in Las Vegas. This MITM attack enabled hackers to gain permanent kernel-level root access in some Android and PC devices using a rootkit, and non-persistent user space access in others. In both cases, whoever launched this attack on CDMA and 4G devices was able to steal data and monitor conversations.
For now the only evidence that such an attack occurred is the report of Coderman on the Full Disclosure mailing list. Coderman seems to be a relative veteran of security and open source mailing lists, though, and he says he has attended six DEF CONs. If he’s telling the truth, then this attack would represent the first ever man-in-the-middle attacks on two networks that have so far proven to be unhackable. For the ailing and nigh-stillborn CDMA this isn’t such a huge issue — but if 4G has fallen, just as AT&T, Sprint, Verizon, and cellular companies around the world begin to plow huge dollars into its roll out, this could be a massive blow.
Coderman’s report suggests that, like Wi-Fi MITM, which regularly harasses surfers at DEF CONs and other hacker conventions, the attackers were able to inject custom packets into the 4G and CDMA data stream. These forged packets allowed the attackers to create on-screen prompts that, if clicked, installed a rootkit on the PC or Android device. If you’ve seen “fake AV” pop-ups while surfing the web, then that’s a good analogy for what this man-in-the-middle attack is capable of. Once the rootkit (or similar backdoor) is installed, it’s simply a matter of connecting to the exploited device via SSH. Coderman says the attackers could also monitor conversations, which suggests that not only can packets be injected, but they can also be sniffed and decoded in real-time.
Without more information from Coderman, another savvy DEF CON hacker, or from the hackers themselves, it’s hard to prove that this attack actually occurred. It’s still very early days, too — Coderman only posted his findings to the mailing list a few hours ago — but if we see some more activity on the mailing lists or a reaction from a cellular carrier with an interest in 4G, then we’ll be sure to update this story. It’s also worth pointing out that we don’t know which version of 4G has been hacked. HSDPA, WiMAX, and LTE all use different transport layers and security methods, and the repercussions will depend on which one has fallen.
Last year I inherited a handful of 3com enterprise-level switches that had become discontinued models for service and support. The first thing to do of course is to tap into their administrative functions! Unfortunately, I have to begin from scratch and figure out how to reset them to factory defaults.
Resources and things to have available:
- Manual to the 3com SuperStack3 Switch 4400 SE (3C17206)
- Serial cable
- May need a serial female-to-female adapter
- May need a serial USB adapter
- Ethernet cable
- Internet browser
By default, the switch will configure itself to an IP address of 169.254.100.100. The default value for both username and password is admin.
According to the manual there are three possible ways to get into the switch (starting page 35):
- Serial port (COM)
- Set the COM port you will be using for your serial cable to use the following settings
- 19200 baud
- 8 data bits
- No parity
- 1 stop bit
- No hardware flow control
- Make sure your computer is plugged into the switch via ethernet; any port should be fine, otherwise use first uppermost top-left port
- Set your computer’s IP to 169.254.100.99 using a subnet mask of 255.255.0.0
- Using PuTTY, start a Telnet session to 169.254.100.100 and login
- You may also do Start->Run and type in Telnet 169.254.100.100
- Make sure your computer is plugged into the switch via ethernet; any port should be fine, otherwise use first uppermost top-left port
- Set your computer’s IP to 169.254.100.99 using a subnet mask of 255.255.0.0
- Go to 169.254.100.100 in your internet browser and login
That information is just good to know. How about resetting the switch? Nowhere in the manual is that specified. On HP’s website, they will list this switch under the following names and model numbers (jerks for changing the model number):
- HP SuperStack 3 4400 SE 24-port Switch (JE878A)
- HP SuperStack 3 4400 24-port Switch (JE034A)
- HP SuperStick 3 4400 48-port Switch (JE035A)
I went through the downloads page for the JE34A and checked out all the different types of manuals and only found that on page 49 of the Management Interface Reference Guide it states that you can do a hard reset by disconnecting the switch from power while it is in password recovery mode (after you have logged in with username and password recover).
- Serial port (COM)
- Login with both the username and password of recover
- Login with a username of 3comcso and password of RIP000 (or RIP0000 or RIP 000 or RIP 0000)
- Login with a username of admin but a blank password
- Login with both the username and password of manager
- Open up a session to the switch while the switch is off. Turn it on, and if anything comes up, interrupt the boot sequence of the switch with CTRL+B to access a start menu that should have an option to resetting the switch
- Issue the command reset system and respond with y for yes
- Connect the switch to a router with DHCP enabled to find out the IP address assigned to the switch through the router’s web-interface
I hope article helps someone. I meant to write it as an all-in-one, end-all article to the 4400 SE. Unfortunately, none of the information here helped to solve my scenario; I get a blank screen in PuTTY/HyperTerminal and cannot get its IP address when placing it under DHCP through a consumer router / mid-business Firebox.
Not that my laptop would need one, but I want to find a way to make my laptop even cooler and improve airflow through its chambers. Since this is the objective in mind, the primary factor for this would be the amount of air a fan in a laptop cooling pad could move in a minute, represented as cubic feet per minute (CFM). The problem is that when you start your research to find a laptop cooling pad that is actually geared toward performance, you will never actually find it. Instead what you will find are products tagged with the word “performance”, and that the way they are marketed is whether if they have blinking blue LED lights in the fan, how quiet the fan is, and if the fan can spin fast enough to slice your fingers off. None of these factors have anything to do with performance and are in fact realistically the opposite. There is a fundamental trade off between quietness and performance (aka by how much air it can feed to your laptop). Sometimes they even leave out the CFM from the details page of laptop cooling pad products. So much for being for “performance”.
Now I am writing this with my laptop in mind. My laptop sucks cold air in from the bottom and pushes hot air out the sides. Many laptops out there have this the other way where they suck cold air in from the sides and push hot air out the bottom. Personally, I think this is illogical. The advantage of my laptop is that it pushes rising hot air out the sides, but the disadvantage is that it breaths from the bottom. So when you cover up the bottom of my laptop that could pose some issues. The advantage of having it the other way around is that usually nothing covers the sides of your laptop so at least it can breath, even if it is just a little bit because the bottom might be covered up.
Yeah, I understand laptops aren’t really for hardcore stuff, but at the moment I cannot afford a decent video card with a full desktop setup (monitor and keyboard — not going to settle with an anchorboat CRT or a cheap keyboard) for my workstation. On top of that, my workstation actually needs more RAM too. All this would end up costing me several hundred dollars up to around $800. If I get a monitor, it might as well be something that I will want to live with and tolerate in the long-term, such as a 22″-24″ LCD. Video card? Please make it worthwhile so that I could at least play all the current latest games at medium quality — that will be more than enough for me. I actually need RAM because 4GB is proving to be not enough for my workstation with the things I do on it. I could also use another 2TB harddrive, and in fact might as well replace the 500GB and 1TB drives I have both with 2TB drives and look into getting one or two 60GB+ SSDs.
Now if your laptop pushes hot air out the bottom, it probably won’t make a significant difference which laptop cooling pad you get. After all, the fan in your laptop can only push out so much air. I mean, I am sure it will do a little bit to use a laptop cooling pad, but it probably will not be significant enough to make it worthwhile. This is another advantage of pushing hot air out the sides instead of through the bottom.
Would I design my own laptop cooling pad, it would consist of this:
- Walls with rubber at the edges of the surface protruding — you would fit your laptop onto the surface into this “seal tight” enclosure that prevents air from escaping around the sides of the laptop
- Higher performance fans ranging from 50CFM to 250CFM models to forcibly push air through the laptop and wherever there be holes and air spaces; the seat tight enclosure will increase the pressure of air through the laptop — sure maybe not astronomically — but to whatever the strength of the fan is. This will improve temperatures at least moderately
- Air suction from the sides
The pros of both without the cons. I would love to see a product like this, and would go for one with a 120mm Delta fan that pushes around 250CFM. Indeed it would be quite loud at around 60-75dbA, but I don’t care about “loud” — I want performance.
You can have all the firewalls and Internet security software in the world, but sometimes there’s just no accounting for human curiosity and stupidity.
Bloomberg reports that The US Department of Homeland recently ran a test on government employees to see how easy it was for hackers to gain access to computer systems, without the need for direct network access.
Computer disks and USB sticks were dropped in parking lots of government buildings and private contractors, and 60% of the people who picked them up plugged the devices into office computers. And if the drive or CD had an official logo on it, 90% were installed.
The full report on the Homeland Security study is due to be published later this year.
You may remember the Stuxnet Microsoft Windows worm last year, which targeted industrial software and equipment. Basically, computers with no external network connections were infected with the worm through what was thought to have been contaminated hardware, such as USB drives.
We’ve written a lot about IT security of late, much of which was related to the LulzSec hackers. Whilst systems that are pretty robust and ‘secure’ are still susceptible to hacks from those hellbent on causing havoc, it seems that the inherent curiosity and carelessness of humans is still at the root of many problems.
All this points to the much-used ‘user error’ acronym, PICNIC: problem in chair, not in computer.
Mark Rasch, director of network security and privacy consulting for Falls Church, Virginia-based Computer Sciences Corp., told Bloomberg:
“There’s no device known to mankind that will prevent people from being idiots.”
Recently I received a link from someone by the name of Paul to a website called Real Security (http://www.selectrealsecurity.com/malware-removal-guide). I took a look at the website and learned at least one new thing and found some useful information and tools. The one thing I learned was the existence of a Microsoft antivirus tool that runs outside of Windows designed for emergency situations where scanning and repair external to Windows is necessary; this tool is called Microsoft Standalone System Sweeper (https://connect.microsoft.com/systemsweeper).
Some useful tools I found on his website are tools for common post-disinfection symptoms where file associations are broken and start menus and desktop missing. You can find these tools at the above link to this website somewhere towards the bottom of the page under a category “Fix the Side Effects of Malware”.
Another section of Paul’s website that I found very useful is his Security Checklist / Prevent Future Infections and a link to How to Stay Safe While Online. I mean, really, the whole website is full of very related, useful information on security, infection and disinfection, and prevention. At the very least, a reading of the two links I provided in this paragraph would be a good idea to do whether you are tech-savvy or not.
For those that are tech-savvy, I might further recommend considering a bookmark to http://www.hlrse.net/Qwerty/cleanup.html. That is a webpage that I really put together for myself and sort of my co-workers (though I do not know how much they rely on it), but I find it useful because it has nicely categorized quick-links to things that I frequently access and need on a daily basis when working with other people’s computers.
Somehow my brain, so addled by pop-culture and videogames, drew a link between the alteration of the game-play mechanics in a 20-year-old series, and growing up. I want things to be how they were. I want to play the games I played when I was a child, only I want them to be new. Naturally, this just can’t happen. Things will never be the way they used to be. Summer days are no longer spent running around outside before collapsing on a sofa to try to beat Labyrinth Zone; instead they’re spent in a sweltering office full of morons who watch The Apprentice. Life has changed. Circumstances have changed. Even if the perfect 2D Sonic game were released tomorrow, it still wouldn’t feel right, because I’m no longer the person who played those games.’
This reminds me of 1 Corinthians 13:11:
When I was a child, I spake as a child, I understood as a child, I thought as a child: but when I became a man, I put away childish things.
It used to be that as we were growing up, technology rapidly advancing throughout the 1990s and coming to a smooth leveling in the 00s, computer games being developed alongside the development of technology, and our thrilling enjoyment of computer games during these times were our childhood. We remember these days because they were great. Today we seek for the same pleasures and amusement we once had, but many ask themselves and question generally why, what has happened, are developers really making bad games?
I think the truth really lies in our generation having grown up, simply. We grew up, unwilling growing out of our childhood, and seek for those times again. In addition to that, games have been watered down in difficulty from the 1980s and 1990s. The games then were great because they were hard. Nowadays, games are made easy. What is worse is that we fail to realize this, and so the coming generations are going to grow up with “easy” games and not know what a real, decent game is like. They will be too scared, too spoiled, too chickened to play harder games because it challenges them too much. As time goes, these new generations will grow up and replace the developers. Computer gaming as a whole is a sinking ship. While technology and computer games were initially advancing, things were great — yes, because of unexplored, unknown, inexperienced territories. But now everything has leveled off for the time being. There is no more new things to explore.
That is because we are now adults, grown and in a way mature people. We cannot think like we once did. Just take some time to observe children. Given enough time, you will find that a child’s desires and pursuits are in themselves quite meaningless, immature, unreasonable, and directionless. Take the extreme: a little baby just loves the same experience over and over again. It is almost totally mindless and thoughtless — they do not think of “why is this thing so meaningful to me?”, “what is this thing’s end?”, “where is this thing going?”. It is all just a repeating loop of directionless amusement (which by the way means “to not think”).
But we grew up, we thought more, and whether or not we really wanted this to happen “nature” has a greater priority in maturing us as we age than our foolishness over reality. And this is why today’s computer games are terrible: we have matured and grown old, we are spoiling the newer generations and making games too easy, and we don’t want to admit the fact that we have grown up and it’s time to move on. Why? Because we want to replace this empty void, these moments of absolute meaninglessness that drive us up the walls trying to get away from the experience of reality, and try to fill ourselves with as much material pleasures as possible to pass the time by without giving a serious thought to our existence and purpose.
There are two ways to enjoy a successful career in IT  — and they are polar opposites of each other.
The first is to be great at what you do . Some people seem to be blessed with the right combination of logic and intuition right out of the gate, like those with natural talent in sports or music . Others hone their chops through hard work and experience . Either way, whether you’re a network architect, a programmer, or an admin, if you can detect anomalies in a flash when troubleshooting or can clearly visualize a path to achieving a functional, stable outcome for any given project, the rest of your involvement becomes almost trivial.
For instance, a skilled network architect can design a large network while taking a shower so that the bulk of the time spend on a networking project goes toward more mundane things, like procuring hardware or dealing with telcos and last-mile providers. OK, maybe it’s a long shower, but you know you’re a pro when you spend no more than 15 percent of your time actually planning the network topology and layout for a large-scale network and consistently get great outcomes.
You can figure another 25 percent will go toward acquiring and configuring gear. Unfortunately, the remaining 60 percent of your time will be spent on stuff that’s a lot less fun: fighting with telcos, straightening matters with building management, begging for conduits that are clearly in the plans but were “forgotten” by the contractors, and other maddening issues.
Ironically, the better and faster you are at the hard part, the more you may leave yourself open to questions. When peers or customers see how quickly someone troubleshoots an infrastructure breakdown or architects a technical solution, they wonder just how hard it could really be. Also, why does this person get paid so much?
I have a favorite parable to illustrate the problem: A passenger train breaks down in the middle of nowhere with a delegation of railroad VIPs on board, including the president of the company. The locomotive simply won’t start and everyone is stranded. However, the president knows a passenger on the train was one of the designers of the locomotive and pleads with the man to help fix the problem and get the train back under way. The design engineer says, “Sure, it’ll cost you $10,000.” Desperate for a solution, the president agrees.
The engineer then takes a hammer, walks up to the side of the locomotive, and swings the tool against the steel panel. The locomotive immediately springs to life. The president runs over; instead of being pleased that the train is running again, he screams: “$10,000? Why in the world would I pay you $10,000 just to hit the thing with a hammer?” The engineer simply replies, “I threw in the hit with the hammer for free. Knowing where to hit it cost $10,000.”
This is the world that many highly skilled IT people inhabit every day.
The other way to succeed in IT is with little effort or proficiency at all. I hate to say this, but a number of people in IT positions work harder to make it seem like they’re busy as beavers than doing actual work. Quite often this dysfunction starts at the top: When an IT manager doesn’t know the technology very well, he or she may hire folks who have no idea what their job is other than to show up every day and answer the occasional email, passing questions along to others with more technical abilities, or to their contacts at the various hardware and software vendors. People like these populate many consulting companies. They rely almost completely on contractors to perform the actual work, serving as remote hands in a real crisis and as part of a phone tree for less pressing issues.
To be fair, these middlemen have a role in the IT organization. In many cases they can help bring a project to completion simply by knowing who to talk to and how to grease the skids, even if they’re no more technical than someone from a department with no relation to IT.
As with many other professions, those who are highly capable are scarce. But in the case of IT, a large gap in understanding separates those on the business side who commission the work and those who perform it. It’s very hard for those outside the technology inner circle to determine who has mad skills and who’s slacking, until it becomes obvious that certain IT ninjas  are the ones who step in to solve the problems again and again. The reward for that, my friends, is having more and more loaded onto your plate.
With luck, you may get compensated like the guy with the hammer. More likely, you’ll get the satisfaction of doing things very few people can do, even if you’re the only one who knows how heroically you performed.
This story, “How to succeed in IT without really trying ,” was originally published at InfoWorld.com . Read more of Paul Venezia’s The Deep End blog  at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter .
According to the reports at [url=https://www.microsoft.com/windows/compatibility/windows-7/en-us/Search.aspx?l=en-US&type=Hardware&s=Zen%20Vision%3AM]Microsoft’s compatibility listing[/url], my Creative Zen Vision:M 30GB Media Player should work fine on my Windows 7 Professional (x64).
Naturally, the first thing I should do is go to [url=http://support.creative.com/Products/ProductDetails.aspx]Creative’s website and find my MP3 Player[/url]. Since my Vision:M’s firmware is already up-to-date with the latest (1.62.02), I can skip over that part of the page. The first thing to do is select and submit Vista 64-bit in the list at the very bottom of the page on the left below the downloads. The reason for choosing Vista 64-bit is because that is the closest thing to Windows 7 64-bit.
I will download [i]Creative Media Explorer[/i].
Right, so now I will plug in my player.
And I restarted my laptop as necessary.
Eureka! It works!