PenrodCC

Security and Technology Ramblings…

As usual, I use my blog for a secondary brain. This is just here so I remember.

nmap -p 80 -T4 -A -oG /tmp/output {net}/24

Disclaimer: Most things in this post would be considered a criminal activity if you do them. So, don’t do them.

I always marvel at the things in life that need no verification. The mischief you could cause someone just by making a few phone calls. You’d think you would need proof to make changes. But, surprisingly, all you really need to know is an account number, their name, and maybe their last four of their social security number.

But, before you start telling me how hard it is to gather this info, let me tell you it is not. You would be surprised about what online trails you leave every day. Facebook, Google, Twitter, and other social media sites are not your friends.

In this hi-tech world we live in with solid methods to prove who you are that can be unbreakable, we still have a thousand ways to do things “old school”.

Example…. Go buy (with cash of course) a magic jack IP phone dongle and port the phone number of anyone you choose just by entering it in the website when you set it up. Sure, they can get the phone number back, but it would cause a few weeks worth of pain. There is no process to verify that you actually own the number when you ask to get it to be ported.

Example…. My mother passed away a few weeks ago. In the process of letting various credit cards, utility accounts, and even retirement pay accounts that she had passed, very few asked for more information than I listed above. At least 25% didn’t need a death certificate. Now go prove you aren’t dead!

Example…. If you give anyone your routing and checking numbers, they can go to VistaPrint or anywhere else and have checks printed with your account numbers, but with their name.

Example…. There are millions of subscriptions that you can choose “bill me later” on.

I could keep going with examples….

Have a great day!

PS: Read this book. It’s one of my favorites and it is sure to scare you way more than my post did…

http://www.amazon.com/The-Art-Deception-Controlling-Security/dp/076454280X

Just a place holder for something I would prefer to not forget.

W32tm /config /syncfromflags:manual /manualpeerlist:pool.ntp.org
W32tm /config /reliable:yes
W32tm /config /update
W32tm /resync
Net stop w32time
Net start w32time

Looks like the folks over at KlearGear have gotten into a bit of hot water over their practices….

Up until a few days ago, you agreed to some rather questionable legal wording by purchasing from them. It has since been removed, but the clause stated this…

Non-Disparagement Clause

In an effort to ensure fair and honest public feedback, and to prevent the publishing of libelous content in any form, your acceptance of this sales contract prohibits you from taking any action that negatively impacts KlearGear.com, its reputation, products, services, management or employees.

Should you violate this clause, as determined by KlearGear.com in its sole discretion, you will be provided a seventy-two (72) hour opportunity to retract the content in question. If the content remains, in whole or in part, you will immediately be billed $3,500.00 USD for legal fees and court costs until such complete costs are determined in litigation. Should these charges remain unpaid for 30 calendar days from the billing date, your unpaid invoice will be forwarded to our third party collection firm and will be reported to consumer credit reporting agencies until paid.

More info can be found here: Article Link

Skype started out as an IM chat client based around end-to-end encryption. Since the purchase by Microsoft, it would appear that this has changed and now all sessions terminate within Skype servers within Microsoft. A security company in Germany claims to be able to show where a backdoor exists permitting “those authorized” to se the content of your communications.

Link to Article