Sunday, October 31, 2010

How to fight fire sheep users!

Well today i bring you a way to protect yourself and everyone around you on a public network. As ppl have commented that addon IS illegal to use on public networks. It was developed to test security and should be only used as such. Unfortunately the way it was released was very irresponsible. The developers took something that is a great tool and made it into a real problem on the internet.

Fortunately for everyone who wants to keep their info private there is a way to do this and mess with the people using firesheep.  I would advise anyone who is scared of someone running this program to download FireSheperd.

The only bad news is that this will only protect you from firesheep and not other ways to get this same info. Good news is the other methods are not as well known to every internet user. No matter what you should always be careful about what you do on a public network.

http://www.downloadsquad.com/2010/10/29/fight-firesheep-with-fireshepherd/

-----------------------------

FireShepherd, a small console program that floods the nearby wireless network with packets designed to turn off FireSheep, effectively shutting down nearby FireSheep programs every 0.5 sec or so, making you and the people around you secure from most people using FireSheep.
The program kills the current version of FireSheep running nearby, but the user is still in danger of all other session hijacking mechanisms. Do not do anything over a untrusted network that you cannot share with everyone.
-Know that this is only a temporary solution to the FireSheep problem, created to give people the chance to secure themselves and the others around them from the current threat, while the security vulnerabilities revealed by FireSheep are being fixed.

Saturday, October 30, 2010

Evils of Firesheep

Firesheep is a Firefox add-on that allows anyone to hijack other people’s social network accounts in open wifi zones. I'm not sure of the legalities of this is the US since state laws differ from state to state. I think cali has sticked laws on this. I think in the UK u can get into some legal trouble with their cyber security council thing.


This thing is extremely easy to use. Just head into a wifi populated area and boom your in peoples business like crazy.  I need to look up the laws on this because you can do some serious damage to people using this extension. The possibility of the amount of PII you will be collecting on people is scary. Whats even scarier is that people are more then likely doing it to you now since this craze has spread like wildfire.


Use of this addon IS illegal outside of private use to test network security.


The program was originally created to get people aware of the insecure login credentials on social networks. It has done its job very well and is out of control.


Tomorrow i will post a program for anyone in a public wifi area to use that will keep you and people around you safe from someone looking at your private information.

------------------------------------

When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests.
It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.
This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. Facebook is constantly rolling out new "privacy" features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room.

Friday, October 29, 2010

Hackintosh for everyone!

Looking around lifehacker today and found a article that i have been wanting to do for a long time. Hackintosh for those who don't know is a regular computer with Mac's operating system on it.  My plan for awhile has been to take my old pc and turn it into either a linux server or a hackintosh. Since i found this first i will be building a frankin computer for my hackintosh. I dont think you actually need the parts in this vid because you might as well just buy a mac for around the same cost. I'll research some more.

http://lifehacker.com/5672051/how-to-build-a-hackintosh-mac-and-install-os-x-in-eight-easy-steps?skyline=true&s=i



side note. 1st time putting a YouTube in here. how can i resize it to fit?
Thanks a ton didn't think to do that

Thursday, October 28, 2010

Smart Contact Lenses

Stumbled on this today and looks fairly awesome! Just shows how fast technology is constantly changing.  Personally I would be waiting some time to see the long term effects this will have on someones eye and body in general.  Will this be for the good or for the bad? It's hard telling since last i checked they still don't know what the radiation cell phone put off does to us.


--------------------------------

Imagine instant access to the latest market segment information at a meeting, or seeing the fourth quarter earnings for a company in (literally) the blink of an eye.
Although it might sound like something from a science fiction novel, scientists at the University of Washington are working on solar powered contact lenses with transparent LEDs embedded onto the lens. This technology could be applied in countless ways, from health monitoring to text translation right in front of the wearer's eyes.

In 2006, my team at SKD designed a very similar concept for our "Cautionary Visions" project. Analyzing current trends in technology and popular culture, from emerging demands for constant connection to the increasingly blurred boundaries between natural and artificial, my designers imagined the dark alleys down which these trends could take us.

One of the results was an "Assisted Living Contact Lens" that would project helpful information, such as the calorie count for a chocolate scone, or a GPS map overlay locating the nearest gyms.
Now it seems like our idea might become a reality. And the more I think about it, the more it seems like this concept could be the new Bluetooth headset. I still remember an article that ran in the Los Angeles Times: "Crazy? Or Cell Phone?" I used to ask myself the same question every time I saw a well-dressed man yelling and gesturing wildly to himself.

But I haven't asked that question in years. These days, the seeming psycho-social disconnect displayed by talking to oneself in public is rarely considered grounds for insanity. The small wireless headsets that were once novelties have now become the norm. This is the process that happens once a new technology proves its relevance in users' lives.

Bluetooth has been a massive benefit to the business world--the mobility allows constant communication with clients and its hands-free operation increases efficiency and allows for easier multi-tasking. And fortunately, most headsets have been implemented in ways that meet user needs for fit, comfort and functionality. Today, it's used ubiquitously by CEOs and soccer moms.

Relevance is the challenge that new technology developers face, and it’s an area where designers can add value. Relevance involves finding the right audience for a new product, then discovering the needs of this audience and building a product around the need. When developing Jabra's first line of Bluetooth headsets in 2000, my team at SKD looked at cultural factors and found that the increasingly blurred lines between work and personal life and the desire for constant connectivity made business professionals a great group of early adopters for Bluetooth Headsets. The capability of the technology solved an unmet need in their lives.Which takes me back to the Smart Lens. Since the Assisted Living Contact Lens was conceived, a slough of new Smart Phones have engendered a populace absorbed in palm-sized screens and created a widespread desire for on-demand information. In today's context, a Smart Lens sounds more convenient than creepy. Personally, I have a terrible memory for names. I might appreciate a contact lens that could provide labels over people's heads when I walked into a room.

So if you see me gazing off into a distant world of information that only I can see, you may have fun wondering, "Crazy? Or contact lens?"...until you get your own.

Wednesday, October 27, 2010

Microsoft is a dying consumer brand

I fairly agree with this article. Windows is still huge but from what i have experienced not everyone goes out and buys the new windows as soon as it comes out. They will either stay with their current os that came with their computer and either change to a newer windows when they get a new computer or go the Linux(free) route. 


God i haven't used IE in probably more then 10 years. Firefox to chrome master race.


As far as the zune goes, i really do like zunes but so many people are already comfortable with iTunes and wont go to a different brand once they already settled in. Microsoft still has a chance in the tablet market but it will need to get on that fast to pull people away from ipads which i think that a Microsoft version would be superior to ipad because it would have everything that the ipad has and doesn't have.


Xbox is still kicking fairly well but as the article stated wii rocks it hard on sales. I feel the ps3 even with no games available to it is far superior to xbox.


I never used bing because google is a unstoppable monster that i worship daily. 


But really is Microsoft doomed? God no. They have so much money they can stay in it for ages to come and they can turn everything this article said around in no time. They need to become as aggressive with all their brands as they did with the Xbox. If they do this then we can see some real quality products from Microsoft.


---------------------------------------------------------------------


NEW YORK (CNNMoney.com) -- Consumers have turned their backs on Microsoft. A company that once symbolized the future is now living in the past.

What's wrong with Microsoft

Internet Explorer's popularity has been waning for years, and one recent study showed that for the first time in more than a decade, more people are using alternative browsers.
Windows Phone 7 has promise, but Microsoft dug itself an enormous hole with the subpar Windows Mobile platform.
Microsoft's media platform Zune was dead on arrival.
Bing is growing, but substantially all of that growth has come at the expense of its business partner, Yahoo -- not its archrival Google. 
Microsoft's attempts to build a social network through Windows Live have failed to gain traction. It has no real answer to Facebook. 
Six months after Apple's (AAPL, Fortune 500) release of the iPad, Microsoft still has virtually no presence in the tablet market.
With Xbox, Microsoft succeeded at innovating: It created a competitive video game brand for hardcore gamers. But even Xbox was outdueled by Nintendo with the Wii, which outsold Xbox by appealing to casual gamers. 

http://money.cnn.com/2010/10/27/technology/microsoft_pdc/index.htm?hpt=Sbin

Tuesday, October 26, 2010

Good day so far getting back into Security

Stumbled on this today and since I'm getting back into cyber security I'll share this with everyone. Great article with some basic ways ppl still steal identifies.  Still cant believe ppl are geting phished. While working at the Census office we had multiple people trying to phish different workers in the office. Luckily all the people in the office were smart enough to question them and take the calls up the ladder to the supervisors. Even the older ladies who worked there wouldn't budge but i think they were more scared of losing their job over something stupid then thinking it was a scam.  No idea what happened to the person who kept calling, last i heard it was passed up the ladder and out of the office so someone got a visit from men in black.


---------------------------------------------------------------------------------


Cybercrime has become a trillion dollar issue. Hundreds of companies around the world estimated that they had lost a combined $4.6 billion in intellectual property as a result of data breaches, and spent approximately $600 million repairing the damage. Based on these numbers, McAfee projects that companies lost more than a trillion dollars in the last year.

There are several motives for this type of theft, but the most prevalent is to steal identities. Your identity is your most valuable asset, but most consumers lack the time, knowledge, and resources to protect their identities. Five of the most common ways identities are stolen online are through phishing scams, P2P file sharing, social networking, malicious websites, and malicious attachments.
Phishing: Phishing scams still work. Despite consumer and employee awareness, a carefully crafted email that appears to have been sent by fellow employee or trusted entity is probably the most effective spear phish. “Whaling,” or targeting a CEO or other high level executive with a phishing email can be even more successful. As they say, the bigger they are, the harder they fall. Never click links in emails, even if they appear to come from a bank or other trustworthy source. Instead, type the address in manually or use a bookmark.
P2P File Sharing: Peer-to-peer file sharing is a fantastic way to leak company and client data to the world. Obama’s helicopter plans, security details, and notes on Congressional depositions have all been leaked on government-controlled computers via P2P. You should set administrative privileges to prevent the installation of P2P software.
Social Networking: One of the easiest ways into a company’s networks is through social media. Social networking websites have grown too big, too fast, and can’t keep up with security. Criminals know exactly how to take advantage of this, so create policies and procedures that outline appropriate use, and beware of social networking scams.
Malicious Websites: Websites designed to attack your computer and infect it with viruses number in the millions. Hacked websites, along with out-of-date operating systems and vulnerable browsers, put your identity at risk. Use antivirus software to protect your PC and your data.
Malicious Attachments: PDFs used to be safe, but Adobe is the same boat today that Microsoft found itself in years ago: hack central. Adobe’s software or files are used on almost every PC and across all operating systems, and criminal hackers love it. Every browser requires software to view PDFs and many websites either link to PDFs or incorporate Adobe Flash to play video or for aesthetic reasons. According to an estimate from McAfee, in the first quarter of this year, 28% of all exploit-carrying malware leveraged an Adobe Reader vulnerability.

From
http://bx.businessweek.com/cyber-security?campaign_id=spnbx_Cyber_netsec

Sunday, October 24, 2010

Working

Finally motivated myself to look into some recommended reading and started C today. The forensics manual was fairly boring talking about 4th and 5th amendment rights. Got better once it went to file system for windows and linux. Got some new software i need to try out on my frankenmachine to see what i want to keep playing around with. Got a ton more reading to do with that and a ton more programs to check out.

Getting back into programing was fairly easy after have that semester of java. I found a nice compiler that wasn't a headache to use. I like C so far.

Saturday, October 23, 2010

wow....

why is it that the only computer books at the local book store is iphone for dummies and ipad for dummies instead of the file system and programing books i was looking for? I'm kinda blown away that those two gadgets are that hard to use. Two simple things you can tinker with and learn the same or read the manual.

Programing

hrm looking where to start this time. Have exp with C++ which i did not do so well in as my 1st language and java which was a ton easier and did very well with. Thinking about going back to C and move into C++ and back into java. Need to find a good C book.

VEGAS BABY!





Well i said i would be posting every day but since Fallout New Vegas came out i've basically been living in the Nevada wasteland prospecting and trying to hit it big. I'll give a little review on it with my opinion of the game so far.  I'll throw out the bad first and then the good because no games are released perfect.

Basically the game is great but as expected extremely buggy. I have honed my saving skills like its my job because until today the auto saves and saves in general are messed up and bugged. The crashes drove me INSANE until I started saving like a mad man every chance i got. I have noticed that some of the quest can overlap and interfere with each other like when helping a companion out and their rival has you doing quest for them that eventually have you bring the companion to them to kill. With the engine the game is built with you see the same weird stuff going on. bodies doing odd things and picking up a object off the table makes other objects on the table shoot in the air and fall. The good part of the bugs is they have been really good about patching and fixing the games major problems in a very timely manner.

Now the good. Honestly if you enjoy Fallout 3 or oblivion type games you will also love Fallout New Vegas. The game improves everything from Fallout 3. You have a real feel of a apocalyptic western. There is a ton of replay value in the game with around 10 or so factions you can align yourself with. Companions have side stories and you can finally have some control of them rather then them running around doing whatever they please. The weapons in the game are awesome! I wish my character right now was melee so i could use the bumper sword which is a bumper from a car pounded down to make a sword. With the new weapons come different ammo such as armor penetration and hallow points. You can also find mods for your new weapons such as extended mags and scopes. Finally your wasteland weapons can be TACTICOOL! The game seems a ton harder to me then Fallout 3 was witch is nice to have a challenge and not run around the game being a unstoppable monster. If my character was real he would have the most mangled body ever from all the damage he has suffered.

Well post is geting kind of long so i'll rap it up. There is no way i can really go into a ton of detail of what all has improved greatly with New Vegas but those are some big changes to the game. The last thing i have to say is i fear the new mode called "hardcore".  I have a feeling this mode makes life in the zone a picnic compared to life in the wasteland. With this mode you have to eat, drink and sleep to survive. Damage is even more lethal and ammo has weight.

Thats all next time I will be on track as i fix up my computer!

Intro

Well making this blog mostly for me to keep track of my progress through studying on my own and through my experiences next year at EKU. As this blog progresses i will be expanding my knowledge farther with more advanced IT subjects. My knowledge with computers is basically general networking and fixing almost anything that goes wrong with a computer or building them. Right now i have a associates degree in computer science and law enforcement. I'm currently waiting next year to go back for my bachelors in computer forensics or software engineering.

So i'll post some cool stuff i learn and have a place to keep my thoughts.

So bear with me this blog is my notes and will be used for a visual proof to myself that I am actually doing something to further my education.