This forum is in archive mode. You will not be able to post new content.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - m0ldy

Pages: [1]
1
General discussion / Re: What kind of passwords do celebs use?
« on: January 21, 2013, 09:26:54 PM »
Not sure if its been mentioned elsewhere, but CUPP is a nice tool for building, albeit simple, but effective wordlists. So if you can get basic info, you can use against the celeb.


Ive seen random passwords in the pw mgmt, BUT a simple password for KeePass, DataVault, LastPass etc.



Code: [Select]
http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Common_User_Passwords_Profiler_(CUPP)



2
General discussion / Re: Megaupload founder starts new file-sharing site.
« on: January 21, 2013, 08:42:19 PM »
50gb free?

Signed up.

TYVM.

Gots to love free online storage. Best places to store encrypted backups.

3
Projects and Discussion / Re: Ticket system for work
« on: January 21, 2013, 08:21:47 PM »
Def late to the game, but have you looked at the existing OpenSource Ticekting Options to see if any of those would meet your needs? Sounds like each MGR needs to simply have their own queue.


Code: [Select]
http://otrs.org
Code: [Select]
http://osticket.com

4
Anonymity and Privacy / Re: Receiving mail in the post anonymously
« on: January 21, 2013, 07:58:25 PM »
In some instances you can buy the Green Dot (PayPal recharge card), and setup a new PP acct. They only let you send 1-2k before you have to verify with a social/bank etc. But you can burn multi emails/paypals. Cards are bought with cash so nothing can come back.


Ive even had someone ELSE get the green dot card and then its even out fo state/country. But that means you must trust em. Some would argue that isn't as anon as it could be, but hey, were trying to pay for BTguard....

5
General discussion / Re: Java is vulnerable,why don't we discard it?
« on: January 21, 2013, 07:19:36 PM »
Quote from: Factionwars on January 21, 2013, 06:43:15 PM
Start with Adobe flash, and all the others waiting in the line. Company's often don't care about security. As long as it does not ruin themselves.


^^ Exactly....People choose easy over secure any day when it comes to having to maintain / test code. Enterprises choose keeping these vuln apps and patching them as often as possible (in some cases) to keep up. Thats not a good answer. But hey, it gives us more attack vectors. :) I love finding those old 1.5/1.4 installs >_<

6
News and Announcements / Re: SSL
« on: January 21, 2013, 06:49:03 PM »
Not to revive an oldie, but the correct thing would be to use mod_rewrite and force all over https. Many hosts provide this via .htaccess files.


Would it be an option to donate a real SSL cert? you can pick them up for ~45 now.


Anything I run on the web has paid SSL certs, as accepting self signed just gets you in the habit of accepting certs. MITM attacks can happen and you wouldn't even know.

7
General discussion / Re: Java is vulnerable,why don't we discard it?
« on: January 21, 2013, 06:41:38 PM »
Many good points mentioned above. While java is chosen for its ease of use and "write once, run anywhere concept," anyone really concerned with security should not be looking at java.


Enterprises that dont want java on every single desktop can develop their own solutions in-house, but that is much more costly.



Where possible; i like to rip java out completely, else turn up the HIDS & IDS.

Pages: [1]


Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.