cracking wep

Very nice article on tools you need to crack wep in most wi-fi networks. enjoy 🙂

http://securityfocus.com/infocus/1814

I am going to HELL!!!

Bryan Erickson (oh come on…google to find who he is) posted a newletter from St. Mary’s church in Colorado Springs that gives indications for parents so they can understand whether their kid is turning away from the Lord….It specifically talks about gothic culture and stuff like that.

Please seek immediate
attention through counselling, prayer, and parental
guidance to rid your child of Satan’s temptations if
five or more of the following are applicable to your
child

read the “signs” here… http://www.livejournal.com/users/hexfix93/52879.html

My favorites:

  • Drinks alcohol
  • Complains of boredom
  • Is excessively awake during the night
  • Requests time alone and quietness. (This is so that your child may speak to evil sprits through meditation
  • Expresses an interest in sex
  • omg I am doomed…

    I am going straight to hell for what I do and what I’ve done all those years…who cares…could be fun…I’ll certainly meet a lot of friends there 🙂

    btw if you haven’t seen the latest video clip from velvet acid christ…do it now! Pretty toy

    The World’s Smallest P2P Application + unix file wiping

    While reeding my rss feeds today I came up to this interesting article. 2 guys wrote a p2p application in 15 lines of python code just to prove how hard it is to restrict p2p apps. Everyone can write or customize one. It may not be fancy with buttons and stuff like azureus…but it surely is achievable. Buttons and colors and and and….can be added at any time later on since the base application works.

    There was an interesting thread on bugtraq too these last days about secure file deletion on unix system. It’s pretty interesting and there’s some clues about ZFS, the new solaris 10 FS. One of sun’s engineers says that they will add secure file deletion support sometime in the future inside their FS utils. Where does linux stand here ? I am not aware of any such future thoughts for it. Don’t linux users have sensitive data to protect or is it that linux is silently becoming so much a “desktop-OS” alternative to windows and forgets some of it’s main goals like security ?

    And again rises the same question…is “wiping” enough to protect our files or should we all create and use encrypted partitions/loops for our disks where we will save all sensitive data ? It’s far better to “wipe” (or think you’ve wiped) some encrypted crypto-loop than thinking you have deleted your new ATM card’s PIN or your company’s financial data or…or…..

    The great playlist meme of ’04

    Following the post of my friend Patroklos in his blog (who in turn follows the post of Diego Doval) I’ll publish my own list of 10 songs:

      1. Pink Floyd – A Great Day For Freedom
      2. converter – sadist
      3. lights of euphoria – fortuneteller (zillo club mix)
      4. icon of coil – everything is
      5.

    Configuring logging on cisco routers

    One of the latest tasks I have is to monitor the perfomance and stability of around 20 wireless schools in the city.
    Perfomance is quite is to do. I configured all routers to listen for snmp queries and fired up MRTG. The I set up smokeping to measure delays…and I had a fair view of what’s going on. Or that was what I though. I saw that the traffic was minimal. My guess was that schools were not using the broadband service we had offered them as they should. That is sometimes the case where teachers have no clue on how to use the broadband internet and/or kids have no intention to learn some new tricks and prefer to mock on people that use the internet as a tool.
    Later on I set up a machine with syslog-ng and configured all schools to log “wirelessly” there.

    logging trap debugging
    logging IP.IP.IP.IP

    where IP.IP.IP.IP is the IP of your host with the syslog daemon (preferably syslog-ng).

    Then one day the wireless BSU had probs and schools had to use their isdn backup to reach the net. I had to do sth so that logging to my syslog did not begin a new session by dialing from the isdn backup. If logging was enabled and no filters were activated, then when one dial session was terminated the syslog messages from the router to me opened a new session just to tell me that the previous one terminated. And this could go on for hours and hours.
    So I added a filter to the dialer and blocked syslog packets from opening the isdn.

    < previous rules >
    access-list 102 deny udp any any eq syslog
    access-list 102 permit ip any any
    dialer-list 1 protocol ip list 102

    If any of you use syslog-ng for your machines (and you should) then try php-syslog-ng

    spambots were pwned

    Today my blog “suffered” a flood from spambots trying to post ads…but unluckilly to them…NO posts were “allowed” in due to the new patches. There were 81 unique attempts to post a comment.

    Better luck next time boys!

    Today my best friends’ gf got her university degree…We are going out tonight to celebrate…I wonder when I’ll get mine…I hope I’ll have mine by Feb 2006 or sooner. We shall see! For the time being I have to study for my exams starting on December 1st. Wish me luck…

    being forgetfull…

    Yesterday I updated php to one of my machines to enable freetype and GD support. On that system I also had IMP webmail. I had forgotten the exact flags I used when I compiled the older php version I had at that machine, so the webmail did not work with the new version. After some googling for the error msgs I got, I found out I needed to add –with-imap and –with-imap-ssl flags to the configure script. I run the script but it couldn’t find the imap libs…I was sure I had them someplace…but where ? I found out where my imap sources were and recompiled imap. Then added some dirs after the flags

    –with-imap=/koko/lala/imap-2002e
    –with-imap-ssl=/koko/lala/ssl

    And recompiled php…restarted apache and expected the webmail to work. Nope…it didn’t.
    I opened up the servers.php file of the imp configuration, read the comments once more and changed the server type. It needed a /novalidate option because my certificate was self-signed. I wonder why it worked earlier….who knows….

    btw, the latest php 4.3.9 seems a LOT faster in many scripts, nice 🙂

    and again?

    ohhhhhhhhh yes…the damn spambots found a way to bypass all measures agorf had taken. So it was time for the gd library to come in handy.

    I found a patch for wordpress that creates a random text string on one image and someone has to copy that text to a text field to “validate” his comment.
    The url to the patch is here: http://www.gudlyf.com/index.php?p=376
    Then I had to install libjpeg, freetype,gd and recompile the latest php to use all that…DAMN these spambots!

    Let’s see how long it will take until the spambots find ways to figure out text out of images…I am not sure if I really want this to happen or not …If it happens it will be a great improvement for AI in general…but all that authentication measures based on images will go down the drain….

    Btw I’ve learned today that gentoo is not a “random” word for a distro…but rather a “penguin race”…You can find some info here:
    http://www.siec.k12.in.us/~west/proj/penguins/gentoo.html
    http://www.antarcticconnection.com/antarctic/wildlife/penguins/gentoo.shtml

    New spam attack

    And again another spam attack in my blog comments! It seems I am really famous! This time the ads were about medicines and diets and crap like that. Agorf re-patched my blog to stop this attacking pattern too.

    The spam comments looked like this:

    #

    Name: buy phentermine online | Email: byob@y1049o.com | URI: http://phentermine.one-phentermine.com | IP: 148.244.150.58

    1049 phentermine.one-phentermine.com
    adipex.one-phentermine.com
    tramadol.one-phentermine.com
    ambien.one-phentermine.com
    cialis.one-phentermine.com
    viagra.one-phentermine.com
    diet-pills.one-phentermine.com

    Posted Nov 23, 4:46 AM | Edit Comment | Delete Comment — Edit Post “Infosystem 2004” | View Post

    There’s a number inside the email of the “poster” and the beggining of the comment:
    email: byob@y1049o.com
    body: 1049 phentermine.one-phentermine.com

    Let’s see who’s next!

    another patch made by agorf

    For the ones that are not aware of the refer 2.1, I will quote a text from the website:

    What is it?

    Refer is a web application that tracks incoming referrers (visitors who followed a link found elsewhere) to your website.

    Check on the demo link: Demo

    Agorf has patched it a bit because I wanted on the who list to be able to lookup ips from the ripe database. He added a field to the database and changed the phps to enable the RIPE queries.

    Get the patch from here: refer ripe patch by agorf

    Blog comments update

    The official php coder of this blog has made a change in the way comments are being posted. agorf has added a checkbox that you HAVE to uncheck in order for your comments to be posted. Else your comment get’s ignored.

    No more comment moderation! I hope we won’t get outsmarted by the spambots…at least for a while!

    Cheers and thnx to agorf!

    PAT-NEEDS-YOUR-HELP + blog comment notes

    I guess that most of you reading my blog are already aware of Patrick Volkerding’s health problem that he chose to make public. (public announcement). I am not an MD but I think that he’s a bit overreacting here. He went to 2-3 MDs and noone told him exactly what he had…and he googled and found it ? Is this the way we will get medical treatment in the future ? Google our symptoms ? I wonder why a man like Patrick can’t get proper medical diagnosis, either the US medical system is a TOTAL wrack or Patrick chooses to go to the wrong ppl at the wrong time to examine him.

    Anyway…I hope he really gets well because he is a very important part of the linux community. Slackware is more than a simple distribution…it’s more like a symbol for linux and without Patrick this “symbol” will get lost…

    A friend of mine in his blog (out.of.sync) says that he is against blog comments in general and user comments could be posted on their own blogs. Well I disagree with this for 2 basic reasons. First of all not all ppl that are able to express an opinion on something they see written on a blog, have a blog of their own. Whether they should or not is a very long discussion and am I not willing to start it here. Secondly comments make the blog alive. Someone can corrent you on something you have written. Trackbacking is not always that usefull, and I wouldn’t really like visiting blog search engines every day to see whether someone has posted a note about my ideas and posts.
    Comment spamming is a serious problem for blogs…I’ve had 2 attacks so far (but only one showed up on the blog because when the second attack hit my blog comments were already under moderation). I wonder if it is possible to have a hack for wordpress that will only allow someone to post a comment when he writes on a text field some numbers that are created randomly on a image (using gd probably). Another quicker solution would be to force ppl that want to write comments, to write some predefined text to another field under the current ones. I think that the spambots on the net are not able to scan for extra fields in blog forms apart from the predefined ones in them. Any php coders around ? 🙂

    blog update

    Last night I updated (by mistake) my blog. I overwritten wordpress ver 1.2 with wordpress version 1.2.1. Unfortunately most (if not all) “hacks” that agorf had made from time to time were lost. I used a patch that agorf had made and restored 2-3 hacks though. I’ll see what’s missing cause I can’t remember right now and tell him to do them again 🙂 (and create a new patch file this time, hehe).

    Trying to play an Internet Game

    Yesterday me and a friend were pretty bored and we want to play an online game. We installed warcraft3 and were anxious to start….but..nooooo we couldn’t.
    We r both sitting at our homes behind dsl lines (and of course behind nat) and we couldn’t play because there was no internet game option inside the game…apart an option to play on battle.net. I thought that there should be another way to do it. I started googling and found out that I had to setup my own battle.net server called bnetd. (During this time I was uploading the latest patch I had for warcraft (ver 1.12) so that my friend would have the same version with me. ) But bnetd was no longer available because blizzard sued the creators.
    What now ? keep searching. I came up with another battle.net replacement called pvpgn. Latest stable ver was 1.6.6. I downloaded, read the configs, downloaded a loader for the warcraft3 client it needs and started it. Server was up but I couldn’t connect my warcraft to it. After some googling I came up with the Battlenet Gateway Editor. I changed my battle.net server settings and now I could log in to my battle.net server and create a new account. But still I could not play…That’s the part where one goes crazy…
    Googling and googling I found out that there’s another, newer, official patch (ver 1.17). I started downloading…it was “just” 35Mb…After it was finished…I applied it…but then I needed a no-cd crack. After some swearing and googling I’ve found that too. So now I had warcraft3 ver1.17, a no-cd patch for it and a loader to be able to connect to pvpgn. Still I could connect to server and create an account but I could not login and play.
    Googling and searching inside forums I found out that there’s a newer pvpgn version (1.7.3). I got that version and it’s supporting files and fired up the server once again. FINALLY I could create an account and log in to the server.
    Then I had to explain all these to my friend. I’ve spent more than 2 hours searching google and downloading various software just because I did not know the name of the battle.net server (pvpgn) and because I had bumped to a semi-official mirror with older version of the files I needed.

    (Then we had to configure our NAT rules for the dsl modems in order to be able to connect to each other)

    How hard can it be to have some fun ? AND I DON’T WANT TO STICK WITH NETRIS for the rest of my life!

    Usefull links:
    PvPGN
    PvPGN Files to Download
    ver 1.17 crack and loader

    Project Ronja

    A couple of days ago while visiting some wireless forums I came across this link: http://ronja.twibright.com/. Quote from the website

    What is Ronja?

    Ronja (Reasonable Optical Near Joint Access) is an Free Technology (like Free Software) project of optical point-to-point data link. The design is released under the GNU General Public License: you get all the necessary documentation and construction guides free. The construction costs are minimal; it’s probably the cheapest wireless system ever. The operation is reliable and immune to interference.

    So someone can create cheap point-to-point links just with optical technology. The materials needed (not the tools) cost less than 100E to create a receiver and a transmitter. What’s really shocking is the speed of these links..10Mbit Full Duplex with simple led lamps. It might be possible to change the led and the circuit to gain in distance and/or in speed. And that’s what me and some friends from the university will try to do. Unfortunately I have no idea to help with electronics…so my only contribution in the beggining will be ideas and money.

    I hope we finish this sometime because it’s both interesting as a project and usefull. Wireless noise inside cities is steadily raising…it wouldn’t be bad to replace some backbone links with a couple of these…if they work as expected. And why shouldn’t they….a lot of ppl use them alredy.

    Check this: http://images.twibright.com/tns/7a3.html