Tuesday, September 27, 2011

TEDxBoston: FBI adventure  Do you want to see how the FBI uses computers?  Apply!

Virtual Environment

http://cyberresearch.morainevalley.edu/

Here is the list of usernames and passwords for the VMs:
RHEL      root / password
BT 4       root / password
Firewall  root / vmwarez
2003      administrator / password
Win7 & Sniffer blank
http://www.geeksaresexy.net/2011/09/27/facebook-you-can-check-out-but-you-can-never-leave/

An interesting tidbit relating to facebook "security".

Friday, September 23, 2011

Philosophy isn't an expert-driven discipline; it's just about thinking hard.


You do have an important area of expertise, however: that is, expertise in thinking about computer stuff.


(Yup.  That's the sophisticated professorial term for it.)


And that's an important area of expertise.  Because you're learning how to do philosophy even as you're learning how to do hacking this semester, and there aren't a lot of people who do both.


I am not THAT tech-savvy, but I am unusually tech-interested among philosophy folks.  Many people who do and teach philosophy, *including* people I went to grad school with (i.e. my generation, which is also mostly your generation!), are highly skeptical of computers and would be happy to stick with pen and paper.


Thus, you are in an awesome position to help philosophy: you can formulate a way of thinking about digital-age issues with philosophical rigor. 


So let's go!


A really awesome philosophy concept is responsibility.  We ask questions like: when do I become responsible for my own actions?  Are infants less responsible than grown-ups, and if so, when does responsibility kick in and how and why?  How far am I responsible for the actions of people who belong to the same group as me--i.e. my countrymen, my co-religionists, my colleagues, people of my race?  Do I need to take responsibility for actions of people who "belong" to me or are associated with me somehow--such as my children, my spouse, my immediate family?  


The question of responsibility came up in this case:




SWAT Team Raids Home Because Guy Had an Open Wireless Router


ISP in File-Sharing WiFi Theft




Am I responsible for someone else's actions using my property?  If you take my gun and shoot someone, do I bear any responsibility for the killing? If you take my car and get into an accident and kill someone by accident, do I bear any responsibility?  

And, the REAL question: if I use your wireless network for nefarious purposes, who is responsible...you, me, or both of us?  How is a wireless network like and unlike a car or gun?



And, of course: WHY?

Social Engineering

I picked up this book over the summer and loved it.  The title is Social Engineering: The Art of Human Hacking by Christopher Hadnagy.  It's basically a textbook of how social engineering works (and why) and it goes into some of the techniques.

I can bring my copy next week to pass around if anyone's interested.

Wednesday, September 21, 2011

Tuesday, September 20, 2011

Other Hacking Sites to Try

Please remember the warning that these sites are often run by technically sophisticated individuals.  Use good judgement by not using your real name or email address.

http://samsgame1.t35.me/

http://www.hackquest.com/

http://www.dareyourmind.net/

See what you can complete and share your results here.

Friday, September 16, 2011

This is my submission for the Obscuring a URL but I had to post it as it's on post.
Enjoy
Permission is what your textbook argues draws the line between ethical hacking and naughty hacking.  Another word for it might be "consent".

What constitutes permission?
What constitutes consent?
Exactly how specific do we have to get about permission/consent?

This week, you have sexual consent, "implied consent" in the Girls Gone Wild case (which unfortunately, the woman lost!), and consensual cannibalism to think with as you consider the above questions.  I think the Antioch College and Girls Gone Wild cases are the most rewarding to think with, but Armin Meiwes, the German cannibal, has some interesting things to offer us too.

Missouri Woman Loses Lawsuit in Girls Gone Wild case

All Your Boobs Belong To Us: Some Thoughts on Consent While Female

Alan Soble, Antioch's 'Sexual Offense Policy': A Philosophical Exploration

Eva Feder Kittay, Ah! My Foolish Heart: A reply to Alan Soble

German Cannibal Tells of Fantasy

Murder, Cannibalism, and Indirect Suicide: A Philosophical Explanation of a Recent Case

Thursday, September 15, 2011

Hack This Site

What You Need for This Project
• A computer of any kind with Internet access.
• A lot of time to spend solving puzzles and doing research.

Part I: Basic Web Challenges
1. Be warned: in this project, you will be learning real criminal techniques from real criminals. Do not reveal your real name or address, or trust these people. As you will see in Part II, the creator of this site is currently in prison.
2. Open a browser and go to hackthissite.org
3. In the upper left, click on the green word register.
4. Fill out the form to create an account. Do NOT give these people your real name or any correct information, not even a real email address. I used the address sam@mailinator.com and I recommend that you use a mailinator address too.
5. After creating your account, log in. Then, on the upper left of the main page, in the challenges section, click "Basic Web."
6. You should see a page labeled Level 1(the idiot test). There is a form asking for a password. Your job is to figure out the password. There is a Help! Link at the bottom which can help you.
7. Solve as many puzzles as you can. There is a forum on the site which contains hints, tutorials, and even outright explicit instructions at solving the puzzles. The puzzles are very instructive, although not perfect. In my opinion level 8 is too frustrating—the code injection routine is too restrictive, so you don't get enough reward for coming close to the answer. But that's because the technique being used is so powerful that you could take over the whole hackthissite.org server, so they have to protect themselves.
8. When you have completed as many levels as you can, or want to, take a screen image showing how far you got. Saving the Screen Image
9. Press the PrntScn key to copy the desktop to the clipboard.
10. On the Start menu, click Run. Enter the command mspaint and press the Enter key. Paint opens.
11. Press Ctrl+V on the keyboard to paste the image into the Paint window. Select a Save as type of JPEG. Close Paint.
12. Upload the picture to the blog here.

Part II: Jeremy Hammond's Ethics and Fate
1. At the main hackthissite.org page, in the upper left, click Realistic Missions. Look through the missions, as shown below, and think about them from an ethical point of view, not a technical point of view.
2. Open a browser and go to en.wikipedia.org/wiki/Jeremy_Hammond
3. Read what Jeremy did, and what happened to him.
4. Write a couple of paragraphs about Jeremy Hammond and his case. Make sure to address these points: a. Was Jeremy Hammond an Ethical Hacker? Why or why not? b. Was his sentencing fair? Should it have been more or less severe? Why?
5. Reply on the blog with your thoughts here.

Tuesday, September 13, 2011

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,4435.0/

the above is a link to our current textbook, as reviewed by The Ethical Hacker Network.
Ha got here first!

LulzSec and Anonymous

Research LulzSec and Anonymous and post your findings (links) to share here.

Further, tell us what can we learn from these hacker groups?

People like Brian Honan (http://bhconsulting.ie/securitywatch/)
and security curmudgeon (http://attrition.org/security/rebuttal/rebuttal-lulzsec_ups_the_ante.html)
and Sam Bowne (http://www.rferl.org/content/lulzsec_is_utterly_irresponsible_anonymous/24272909.html)
have very different opinions on these groups.

Which do you agree with or do you have a completely different opinion to offer?

Obscuring a URL

Have you ever encountered a Web page address that looked like this: http://209.143.212.20/?

Yes? It was featured prominently in spam you got? Well, of course.

And of course you thought that spammers are so stupid they cannot even type a numerical URL right. Out of curiosity, you followed the link nonetheless -- and it worked!

Why do spammers use such obscure URLs instead of their normal, easy to remember alphanumeric form (in which the URL above would read http://about.com//)? They do not want you to remember them. They do not even want you to know them.

If they used regular notation for URLs, they could easily be identified via a whois query that lists who owns a domain name. This is why they try to hide by applying all kinds of tricks to their domain name.

As you probably know, when you type a domain name (like "about.com") in your browser's address field and press enter, the browser translates that easy to remember name into a series of numbers called an IP address. The IP address for "about.com" is "209.143.212.20", for example.

Your browser does not only translate the usual domain names to IP addresses, it can also translate other strings to the same IP address. One example is "20695733268", which also turns out to become "209.143.212.20" as well. There are a number of tricks you play on a domain name and still have the Web browser translate it to the same IP address (although some modifications do not work with all browsers).

If your browser can translate the obscure URLs used by spammers into IP addresses that make sense, you can do that, too. Then you can get the domain name corresponding to the IP address, and you can complain to the spammer's ISP.

Please check out this website (http://www.pc-help.org/obscure.htm) and try obscuring the Bunker Hill webpage address. Post your results here.

Thursday, September 8, 2011

Today, we talked a bit about contracts, and in class, you had two handouts: a few pages from a book, and a handout with five contract-oriented scenarios.

What do you think is necessary to have a good, valid, legitimate contract?  Why?  Remember, we're not talking legal, we're talking about what is right.  Think with what you read and with the scenarios you read.  Is the contract with the old lady and the shady toilet repairman legit?  What about Hume and his subtenant's contractor?  The newspaper guy?  The squeegee man?  The marriage with infidelity?  Is there a difference between a contract that is inherently not binding (for reasons of coercion, perhaps, or because it's unjust, or because you don't have the right to make the agreement in the first place) and a contract that is binding and legit, but may be voided under specific circumstances?  Someone arranged for his cat to agree to EULAs so he didn't have to: is this legit or not, and why?

Please get the conversation going!  Between now (9:30 PM on Thursday) and class time on Tuesday, you should have made AT LEAST TWO comments.  These comments should be thoughtful and engaging.  The degree to which the ethical part of the course is boring or awesome depends entirely on you.


Also, you probably know this already, but don't answer the above questions like a machine.  These questions are designed to get you thinking.  And hopefully, posting.


Project 3 - Research

For Project 3 you are to pick a target organization for which you will perform Internet research on. Please indicate the organization you have choosen and using ETHICAL and LEGAL methods obtain as much information (see below) as possible on the selected organization. Be sure to reasearch what Google hacking is and use some of the Google hacking techniques to acquire this information.

You can post your results here. All organizations selected must be unique; that is to say, please do not duplicate someone else's efforts. Good luck and have fun. :)

Target Organization Information

1. When was the target organization founded?
2. What is its mission statement?
3. What services does it provide?
4. Is it a for-profit company? If not, how is it funded?
5. Who is President/CEO of the company?
6. Identify any other executives:
7. Does it have a Board of Directors? If so, identify them by name:
8. What do others have to say about the company?
9. Who are its leading competitors?
10. Does it have any other business relationships?
11. Are there any intellectual property issues or lawsuits pending?
12. How many employees does it have?
13. Has the company experienced layoffs in the past year?

Target Organization Location Details

1. What is the physical address of the target organization: provide as much
information as possible:

Target Organization Phone Number(s)

1. Find as many phone numbers relating to the target organization as possible:

Target Organization Names and E-mails

1. Find employee names and E-mails relating to the target organization:

Target Organization Current Events

1. List any current events related to the target organization that could be used
against it:

Target Organization Social Networking Sites

1. List any social networking sites the target organization has a presence on
and/or uses:

Tuesday, September 6, 2011

Awesome first class today! Prof. L'Heureux and I were just talking about how cool you all are! Please do the following as soon as possible. 1. Fill out this form. 2. Reply to this post QUICKLY introducing yourself. This will also help us make sure that the comment function works and that you know how to use it. Since you are computer people, this will probably not be a problem, but better safe than sorry!

Welcome!

Welcome! This is the blog for Ethical Hacking at BHCC. Each week, there will be a blog post here, often with links to readings. This post will launch after class on Thursday. You are asked to make at least two comments; generally, one comment will be responding directly to the post, while the other will respond to something one of your classmates said. However, if you happen to be one of the last people to arrive at the party, you might find that you're more interested in using both of your comments to contribute directly to the conversation your classmates have started--that's awesome too!

If you have questions, please email me, Monica Poole, at profpoole at a domain called gmail dot com.