Security via obfuscation: MAC Address

| 0 comments

Every network interface card has a unique 48 bit identifier known as a MAC address. This address is burned into the EEPROM on the card, and often is used by networking equipment to track users as they come and go, frequently associating MAC address to a hotel, credit card, credentials, and so on. In fact, even most consumer gear will record the MAC addresses of all computers that have ever issued DHCP requests to them, and these logs usually cannot be purged. When you combine this with the fact that most Cable/DSL service providers will also record your MAC address and bind it to your account, and the fact that some of them don’t even seem to wait for a court order to turn your info over, it becomes apparent that your MAC address essentially is your identify, but I of course disagree with this! One particularly useful hack is to change your MAC address. This can be useful if you want to make it a bit more difficult to track your device down. Thus, changing your MAC address is highly desirable for a number of reasons. If you curious about finding the manufacturer and location of a given MAC …

Continue reading

Rip music from YouTube using youtube-dl, ffmpeg, and lame

| 0 comments

In a previous post I wrote about how to Rip DEFCON videos from YouTube and this got me to thinking about music. Is it possible to take a video that contains a music track and extract the audio to MP3 format? Well the answer surprisingly enough is yes. Now before you get to excited, you must understand that doing this clearly violates copyright laws and for that reason, I am writing about this purely from an educational point of view. Everything I am covering here is done on OS X and I used the homebrew package manager to install the required tools to accomplish the task at hand. I also want to state that I ran into a handful of installation issues that were rooted in ownership of various files and folders. I am not going to go into detail about these issues, rather I suggest you search Google as I did and you will very like find a solution, I know I did. The tools you will need are: youtube-dl: a small command-line program to download videos from YouTube.com and a few more sites ffmpeg: the powerful utility to process and convert any kind of video or sound file lame: …

Continue reading

Are you a Google Dork?

| 0 comments

Are you a Google Dork? Do you know what it means to be a Google Dork? The fact is Google is a wonderful search engine and it can very easy point you into the direction of your interest. However the darker side of Google, well depending upon how the search engine is used can often lead to information that you would never think would be indexed by Google. Before you begin thinking Google is evil here take note that the data is placed online by anyone with an Internet connection, therefore Google is doing nothing evil rather the search engine is acting in the manner in which it was designed. For example, recently Telstra Communications out of Australia somehow posted Excel documents online which was was then indexed by Google and uncovered by someone performing a search on Telstra Communication. If you are interested, you can read the full story at The Sydney Morning Herald. A word of warning to everyone who owns data that must not be public facing. Always ensure you control that data both with physical and computer security measures. Often there will be policies and procedures in place within your organization that provides guidance and if …

Continue reading

Learning BackTrack 5: The Art Of Penetration Testing

| 0 comments

BackTrack is an absolutely amazing Linux based penetration testing environment that is entirely dedicated to hacking. I must say that you should use common sense when you begin digging into the security tools provided because the last thing you want to do is break the law and find yourself in trouble. Now to say that there are many security tools available in BackTrack would be an understatement. In fact there is so many available that I would never start to list theme here. If you wish to see for yourself, simply execute the following within your terminal instance: dpkg –list To be honest I have just recently begun experimenting with BackTrack and I have a great deal of learning ahead of me. For that reason I felt compelled to share the following video tutorials, books, and how-to guides that I could locate. Should you have any tips or resources please leave a comment. Video Tutorials Guides BackTrack User Guide from Braton Groupe sarl.

Microsoft Baseline Security Analyzer

| 0 comments

If you’re running a Windows platform then you must secure your operating system and the Microsoft Baseline Security Analyzer (MBSA) makes it a breeze. Securing your operating system is absolutely the single most important step you can take to protect yourself. Computers have become so mainstream in homes today that often daily activities that they were previously down with pen and paper are all but extinct. There are a number of actions that should be taken which include staying up to date with patches and of course controlling user account but this just begins to scratch the surface. Unless you’re a security expert the typical end user most likely does not understand what the next steps are. This is where the Microsoft Baseline Security Analyzer is beneficial. Introduction to MBSA Microsoft Baseline Security Analyzer is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. A number of options include: Administrative vulnerabilities Week Passwords IIS administrative vulnerabilities SQL administrative vulnerabilities …

Continue reading