When I left British-Columbia, I had to leave my precious highspeed behind...it's been 3 long, arduous years on Dial-Up since then, however, at last I finally have Highspeed again!
My connection isn't THAT great, but it is certainly an improvement to my old 24Kbps Dial-Up connection I just got rid of...Highspeed I <3 you
After not being able to receive highspeed for years, my phone company has finally sent me a DSL modem to test a DSL connection in my area. Within 3 days (just bought the Router today) of connecting my modem, I already have a Wireless network setup (2 Wired desktops and my Wireless laptop) and plan on (eventually) setting up one of my older computers as a (probably Linux) Pen-Test server, hooray!
On top of that, a recent job opportunity has presented itself. Someone I know has a client that needs programming/scripting work done and wanted to know if I would be interested. Basically, I'd be creating Web Crawlers to gather specific information off of Government sites and store it to a database. I've already created a sample script for the job and will be going from there. This will definitely be a great opportunity for me to get some extra cash to pay for college, computer parts, and it will look great on a resume ^_^
Thursday, February 28, 2008
Friday, August 24, 2007
Summer's End
The end of summer is almost here, which means I'll soon have to go back to work and school. Right now I'm writing from Ontario, my friend I'm visiting is at work and I've got some spare time to spend on my laptop (thankfully she has Highspeed).
This summer has went extremely fast, and it feels like I've gotten nothing substantial done. I've done little bits here and there, added a couple small features on my site, got the downloads back up...but I haven't had the free time to do the most important things; Learn PHP, learn Perl, code a simple IRC bot...So I'll have to push those things farther down until I get time. I am starting with a bit of PHP and shortly after I'll learn a bit of Perl. Thankfully, I taught myself some CSS basics and have implemented a tiny example into my site that I'll continue to work on as time goes on. Also, I've installed the Apache webserver and PHP on my laptop so I'll be able to work/test some work without an internet connection.
Some useful links that helped me setup PHP on Windows Vista:
Apache in Windows: http://www.apachelounge.com/forum/viewtopic.php?t=570,
PHP installation: http://www.php.net/manual/en/install.windows.manual.php
System Path/Variables in Windows Vista: http://banagale.com/changing-your-system-path-in-windows-vista.htm
Some things I need to do when I have time:
Fix and upload WAR.exe (Website Automated Reloader)
Learn PHP
Learn Perl
Brush up on C++
Partition Hard Drive -> Install Linux
Think about installing MySQL
This summer has went extremely fast, and it feels like I've gotten nothing substantial done. I've done little bits here and there, added a couple small features on my site, got the downloads back up...but I haven't had the free time to do the most important things; Learn PHP, learn Perl, code a simple IRC bot...So I'll have to push those things farther down until I get time. I am starting with a bit of PHP and shortly after I'll learn a bit of Perl. Thankfully, I taught myself some CSS basics and have implemented a tiny example into my site that I'll continue to work on as time goes on. Also, I've installed the Apache webserver and PHP on my laptop so I'll be able to work/test some work without an internet connection.
Some useful links that helped me setup PHP on Windows Vista:
Apache in Windows: http://www.apachelounge.com/forum/viewtopic.php?t=570,
PHP installation: http://www.php.net/manual/en/install.windows.manual.php
System Path/Variables in Windows Vista: http://banagale.com/changing-your-system-path-in-windows-vista.htm
Some things I need to do when I have time:
Fix and upload WAR.exe (Website Automated Reloader)
Learn PHP
Learn Perl
Brush up on C++
Partition Hard Drive -> Install Linux
Think about installing MySQL
Sunday, August 5, 2007
Rant - motives
Tonight because I was bored, I thought I'd share with whomever, a rant of mine about people who call a hacking technique lame without knowing the motives for using that technique.
In the world of Network and Internet Security, many people believe that exploiting certain flaws/bugs/exploits is just pathetic, retarded or "un-cool". Personally, I believe that it all depends on your current situation. Alot of people I've heard from believe that DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks are utterly pathetic. However, if you really think about it, it's the exact same scenario as exploiting a vulnerability. The end result is still the same; the target is unavailable and/or damaged.
So, why exactly do people hate these certain techniques of disabling their target? A lot of the disliked techniques are old techniques that have been known for years, so I suppose that people might dislike them for that, but really, what's the difference? If someone were to use a DoS attack to temporarily disallow service to a database instead of using an SQL injection to achieve that same result (except the SQL injection would destroy the database), some might label the attacker as "pathetic", or "uncool". DoS might be easier to execute, so people dislike it more, but in reality, the end result would still be the same. It really annoys me when people label someone by the choice of flaw they use, instead they should be labelling them for their motives of using that flaw.
Another example would be something I hear often. People who say "XSS and Social Engineering attacks are lame". Are you sure about that? Social Engineering is one of the most powerful skills a hacker can have. As Einstein put it, "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former". In other words, no matter how much money a company spends on state of the art software, routers, hardware and firewalls, they will still be vulnerable (to a certain degree) to Social Engineering. What is Social Engineering? To put it bluntly, it's tricking someone. SE (Social Engineering) is hacking your target's mind, not computer.
So people say, "What about XSS? That has to be one of the lamest flaws in websites. They're everywhere and easy to execute so they have to be lame!" Wrong. Yes, XSS is found in A LOT of sites, and yes, XSS is easy to prevent, however, depending on your website, XSS might be the hole that could get your site defaced. What is a (relatively) easy way to get access to an administrator panel? Well, if it's vulnerable to XSS, an attacker can redirect the supplied credentials to his/her email address.
I believe that most people that hate the above mentioned flaws/techniques only hate them because of how easy they can be executed (depending on the situation that is!), but really, you have to think of the definition of hacking (which is different for everyone).
To some people, hacking is a learning path. To others, it's a game, an ego boost, or even a job. Before calling a technique lame, you should really ask yourself "What was the attacker abusing it for?". If you think about it, the technique itself isn't lame at all, what's lame is why the attacker used it. Taking over a site using an XSS vulnerability for an ego boost is lame. DoSing a site because they banned you for breaking their rules is lame. XSS and DoS itself isn't lame. Sure, sometimes they can be easier than looking for another flaw, but if you're the attacker, you want to accomplish your task as quick and as efficiently as possible. What were the first computers made for? To simplify calculations. So why should we go out of our way to find the hardest possible exploit in a site, when the easiest one (that can accomplish the exact same thing we need) is right in front of us? We shouldn't.
Now don't get me wrong, I'm not saying that trying to find an unknown exploit is bad(actually, I very much support the research of finding new flaws), I'm just saying that it annoys the hell out of me when I see people say that a technique is lame, without knowing, or wanting to know, the motive behind the attack.
In the world of Network and Internet Security, many people believe that exploiting certain flaws/bugs/exploits is just pathetic, retarded or "un-cool". Personally, I believe that it all depends on your current situation. Alot of people I've heard from believe that DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks are utterly pathetic. However, if you really think about it, it's the exact same scenario as exploiting a vulnerability. The end result is still the same; the target is unavailable and/or damaged.
So, why exactly do people hate these certain techniques of disabling their target? A lot of the disliked techniques are old techniques that have been known for years, so I suppose that people might dislike them for that, but really, what's the difference? If someone were to use a DoS attack to temporarily disallow service to a database instead of using an SQL injection to achieve that same result (except the SQL injection would destroy the database), some might label the attacker as "pathetic", or "uncool". DoS might be easier to execute, so people dislike it more, but in reality, the end result would still be the same. It really annoys me when people label someone by the choice of flaw they use, instead they should be labelling them for their motives of using that flaw.
Another example would be something I hear often. People who say "XSS and Social Engineering attacks are lame". Are you sure about that? Social Engineering is one of the most powerful skills a hacker can have. As Einstein put it, "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former". In other words, no matter how much money a company spends on state of the art software, routers, hardware and firewalls, they will still be vulnerable (to a certain degree) to Social Engineering. What is Social Engineering? To put it bluntly, it's tricking someone. SE (Social Engineering) is hacking your target's mind, not computer.
So people say, "What about XSS? That has to be one of the lamest flaws in websites. They're everywhere and easy to execute so they have to be lame!" Wrong. Yes, XSS is found in A LOT of sites, and yes, XSS is easy to prevent, however, depending on your website, XSS might be the hole that could get your site defaced. What is a (relatively) easy way to get access to an administrator panel? Well, if it's vulnerable to XSS, an attacker can redirect the supplied credentials to his/her email address.
I believe that most people that hate the above mentioned flaws/techniques only hate them because of how easy they can be executed (depending on the situation that is!), but really, you have to think of the definition of hacking (which is different for everyone).
To some people, hacking is a learning path. To others, it's a game, an ego boost, or even a job. Before calling a technique lame, you should really ask yourself "What was the attacker abusing it for?". If you think about it, the technique itself isn't lame at all, what's lame is why the attacker used it. Taking over a site using an XSS vulnerability for an ego boost is lame. DoSing a site because they banned you for breaking their rules is lame. XSS and DoS itself isn't lame. Sure, sometimes they can be easier than looking for another flaw, but if you're the attacker, you want to accomplish your task as quick and as efficiently as possible. What were the first computers made for? To simplify calculations. So why should we go out of our way to find the hardest possible exploit in a site, when the easiest one (that can accomplish the exact same thing we need) is right in front of us? We shouldn't.
Now don't get me wrong, I'm not saying that trying to find an unknown exploit is bad(actually, I very much support the research of finding new flaws), I'm just saying that it annoys the hell out of me when I see people say that a technique is lame, without knowing, or wanting to know, the motive behind the attack.
Tuesday, July 3, 2007
Summer is here?
So, Summer has arrived, school is out and I have all the free time in the world.....actually, I really don't. I thought that by this time I would have tons of time on my hands, I was wrong.
So, as a final goal before I graduate, I've decided to build my own desktop computer. I've already bought the case (which costed me 105$ + tax) and a power supply (95$ + tax). Next thing I'll be keeping an eye out for will be the motherboard. The case itself is pretty nice, it's the black "Hush" by NZXT.
This summer, my main goals will be learning PHP, Perl, continuing along with C++ and to complete the Perm Program mission on HTS that requires me to create a 'simple' IRC bot (which I'll probably create in Perl).
I was planning on going to UVic or University of Waterloo for a Bachelors in Computer Science, but I might head off to the Center for Arts and Technology as a Network Security Specialist...still haven't decided what to do but I'm keeping my mind open for any other areas (preferably in Canada) that deals with IT/Computer/Network Security....My plan is to join a Security Auditing company that deals with Penetration testing. Any suggestions on a path to achieve that goal?
So, as a final goal before I graduate, I've decided to build my own desktop computer. I've already bought the case (which costed me 105$ + tax) and a power supply (95$ + tax). Next thing I'll be keeping an eye out for will be the motherboard. The case itself is pretty nice, it's the black "Hush" by NZXT.
This summer, my main goals will be learning PHP, Perl, continuing along with C++ and to complete the Perm Program mission on HTS that requires me to create a 'simple' IRC bot (which I'll probably create in Perl).
I was planning on going to UVic or University of Waterloo for a Bachelors in Computer Science, but I might head off to the Center for Arts and Technology as a Network Security Specialist...still haven't decided what to do but I'm keeping my mind open for any other areas (preferably in Canada) that deals with IT/Computer/Network Security....My plan is to join a Security Auditing company that deals with Penetration testing. Any suggestions on a path to achieve that goal?
Subscribe to:
Posts (Atom)
