by m33b0

MAC Address Spoofing (the easy way)

July 19, 2011 in Information Security, Systems Administration by m33b0

(For defensive reasons of course! =P) Ever wonder what your “MAC address” really is? It stands for “Media Access Control address”. It’s hard-coded into your network interface card (NIC) – and is what’s used to identify your hardware on a network. Why would you want to spoof this? Say [hypothetically] you do something naughty (anything from looking at porn to hacking on company computers) and you want the IT guy to “look the other way” on the issue, you can make it look like someone else, or have just plain unregistered mumbo-jumbo. Maybe you’ve bought a new computer and your
read more

Cracking Passwd Hashes with Perl

July 17, 2011 in Information Security, Programming, Systems Administration by trevelyn

I usually post about how the LulzSec releases are good for penetration testers because when the “victim” is storing their customer’s passwords in plain text, it gives us a better foothold for password cracking. The most common word lists II can find online for offline brute force attacks are just words. Sure we can use Perl to change case, randomize case change, append numbers, etc. But when you have access to passwords that thousands of people have chosen, and thought secure, the lists are “organic.” Now, if we say to most people they need to change their passwords because our
read more

“Wi-Fi–Hacking Neighbor From Hell” Wired Article

July 14, 2011 in In the News, Information Security, Systems Administration, WiFi Hacking by trevelyn

[Source of Article] [Actual Sentencing Memo] From “Hell” ?? I just couldn’t help myself to talk about this article. This is awful. Ardolf downloaded Wi-Fi hacking software and spent two weeks cracking the Kostolnik’s WEP encryption. Seriously? 2 weeks? What did he use, wireshark and Aircrack-ng only? Kismac? LOL! A forensics computer investigator working for Kostolnik’s law firm examined the packet logs, and found the e-mail sessions sending the threats. In the data surrounding the threatening traffic, they found traffic containing Ardolf’s name and Comcast account . Yeah, so, what lesson(s) do we learn here? Don’t have your browser profile
read more