Hack mission of the week 2/26 - Find out what town Peon Pinkish lives in! Mission Complete!

Find out what town Peon Pinkish lives in! 

Last week Peon Pinkish stopped by the restaurant I work at.

We chatted for a minute and it turns out we both live in East Boston near airport station.

In a serendipitous coincidence I received this as my mission this week.

Mission complete!

Chapter 5

For next week please read Chapter 5.  Also, if someone would be willing to create a presentation summarizing the Chapter and present it in class next week I would appreciate it if you would posted a reply here stating you will volunteer to do this.

Also, for Chapter 5 you will have to complete the in Chapter Activities along with the following labs:

Project 7: Port Scans and Firewalls 
Project 8: Analyzing Types of Port Scans

These labs are based on using virtual machines in a lab configuration slightly different than our VE.  So please adapt what you see to our VE so that you may complete the port scanning assignments.  If you are having trouble, please try to solve it on your own or use each other as a resource via the blog.  In class next week we will have some time to look at these as well and you can help each other then too.

Find some one to lend you a dollar.

Hallo buddies,
I found this rather an easy do. I engaged Premier Cyan into a conversation shortly after class. I was a little bit skeptical about telling him to lend me a dollar, just incase we had the same social engineering challenge. Well, i took a bold step and i was like, Maaan, do you have a dollar bill on you please so that i can grab a drink at the vending machine. I will pay you up when we meet next in class. He was like, sure, i think i do. At the end of the day, he had coins that didn't add up to a dollar, but he went ahead n gave them to me.
Thank you Premier Cyan. I have your coins buddy.

Hack of the week

Mr. Badman Thief's date of birth:
January 20 1984
I had a chat with like a brother trying to talk about our major and the career we want to pursue. So I asked him when he was gonna graduate.  And later asked how old he was.  He told me he was 29 and was born Jan 20 so I subtracted 29 from 2013 to get 1984.
I took me 2 days to get his date of birth

Social Engineering Game task for 02/19/13 from PreMieR CyAn

This is my task for last week to take a picture of someone's email inbox. Last friday, I spent time in computer lab at BHCC for a while, but it hard for me to do it. After that I came back to class to see if someone checking the email inbox. Finally, I found. I took this photo while I was talking with him.



recruiter

This was not one of my challenges, but I found the sucess of it satidfying none the less.
I have been getting the run around from a certain gate keeper at a hedge fund in long island that I want to work at. The gate keeper refuses to give me the name, email, or phone number of the recruiter that I will need to speak to in order to set up an interview. This fund usually seeks out it's own candidates, and does not take resume submissions. So I went on the Hoovers and manged to guess that name of the recruiter based off of the information provided about the company executives. I emailed the gate keeper from another email account and claimed to have lost the recruiters email, (provided the recruiters name and rank) and the gate keeper happily forwarded me all of the information I needed.
I have an interview set up next friday in Long Island.
Was this wrong?
- General Fuchia

How to make moral arguments

Get someone to hand you an unlocked phone

Out of all the challenges that I've had thus far, this was easily the one that was simplest to accomplish.  I simply walked up to multiple people and said that my phone had died, and I needed to make a brief call.  Out of 10 people that I tried it with, 8 of them unlocked their phones and handed it to me, 1 didn't have a password on their phone and handed it to me, and the last did not have any minutes left on their monthly plan and would not let me use their phone.  To test the limits of their humanity, I told them that my wife was pregnant (absolutely untrue) and that she was supposed to be in labor any minute.  She thought about it for about 10 seconds and still denied me the phone with a guilty look on her face. I was considering offering her money to cover the overage, but I felt guilty enough having conned her and making her feel awkward and uncomfortable.

Reminder: Test Tomorrow

Hi all!  This is a reminder that we will begin class tommorrow with a test that you will have about 1.5 hrs to complete.  Please do not be late or miss class or you will miss the exam.

Thanks!

Get _____'s Mother's Maiden Name

The person involved in this hack shall remain nameless because I'm still not aware of their class alias. This was one of two big problems I had with this hack. The second was the fairly personal bit of information I was to acquire. Even if I was able to engage this person in an extended conversation, I honestly couldn't dream up how to get around to extracting this tidbit.

My solution to the first problem was to E-mail their BHCC E-mail address. Many thanks to Mr. Pinkish for telling me about the smart phone app Mox. Somehow this app, using your bhcc credentials, allows you to access class rosters.

In the end I decided to simply ask for the information. I did this in the form of a user agreement. We all do this with companies in regards to our personal information. I believe the common naming convention is "EULA" for "End User License Agreement". Basically, you agree to provide information to a company which will us it for various purposes, and they agree not to sell or mis-use it.

I have not gotten a reply from our classmate yet, so I'm going to call this hack a failure. I really wish this had succeeded though because it could be a basis for working together during the semester.

Weekly hack-mission for 2/11. M.O

This weeks hack was "Take a picture of a classmates license plate".

I was, at first, ready to follow through with this task and stalked an unsuspecting classmate  through the main exit where I watched them board the T.

I went back to slink around outside the classroom to wait for my next mark!

I soon started to question the virtue of my mission as a twinge of discomfort set in - realizing I was being rather stalkery. But, looking back I would have gone through with the  assignment if my classmates didn't spend a lifetime in the computer lab.

Mission failed. But hey, I tried. Does anyone in this class even drive to campus?

M.O

Aaron Swartz

badman thiefFebruary 4, 2013 at 4:16 PM

 

 

Swartz was an American computer programmer, writer, political organizer, and Internet activist, who was involved in the development of the web feed format RSS, the website framework web.py, and the social news site Reddit, in which he was an equal partner after a merger with his Infogami company. He also focused on sociology, civic awareness and activism. In 2010 he became a research fellow at Harvard University’s Safra Center for Ethics, directed by Lawrence Lessig. He founded the online group Demand Progress, known for its campaign against the Stop Online Piracy Act, and later worked with the activist groups Rootstrikers and Avaaz. He also was a contributing editor to The Baffler. He co-founded the “Demand Progress”, an advocacy group that organizes people online to take action by contacting Congress and other leaders, funding pressure tactics, and spreading the word about civil liberties, government reform, and other issues.

Why do we care?

Man’s Ego and the quest for power and authority is a very big player in the unfolding of events the world over. This has led to the introduction of laws to control man and whatever he has to do. Why can’t we live in a free world without any laws? The problems with the criminal justice system and hacking laws in particular, can create depression in the tech world. The state piles up a lot of charges that make you freak out. The state has a lot of uncalled for authority. Many a time, issues are blown out of proportion. Why, when i am arrested for a hacking offense, other than being charged for one offense, i for example, end up being charged with 20 counts? Such issues end up leaving one traumatized, stigmatized, and or victimized for a case that would otherwise have been handled differently, costing you a lot in terms of money and time. If you do not have the money, then you either die of stress and depression, or you commit suicide. I have every reason to believe that Swartz committed suicide because of a combination of the factors above.

When I use steroids to win a competition, it’s only logical that if you think that you are better than me, then use them too, and challenge me to a competition, Other than pressing charges on me and bringing me down, when u can’t do what I can in the first place.

The state should keep to itself. It should not interfere with our lives. If I can successfully hack in your network system, then just be nice to me and invite me for a cup of coffee, because I will have shown you where the vulnerability in your system lies.
Why should we bring down people who only prove a point? Why why why?
I rest my case.

http://www.theatlanticwire.com/technology/2013/02/aaron-swartzs-girlfriend-convinced-depression-didnt-drive-him-suicide/61766/
http://en.wikipedia.org/wiki/Aaron_Swartz

Get someone's password.

Hey everyone,
My name is Mr. Badman Thief.

I have this friend of mine who i tricked into getting her yahoo login ID and password. I told her that i have some good contacts with employers that i initiated recently. I promised to link her to them, so that she could find her self a better paying job.
I told her to give me her email address so that when i go to talk to the employers, i could e-mail her the details.
after two days, i called her on her cell phone and i told her that i was actually talkin  with the employers, but for some reason, i was not able to send the details to her, some technical issues could not allow me to send e-mail to her.
I therefore told her to give me her password so i could directly put stuff in her inbox, and guess what, she obliged.
 The shocker though was, when i tested it with her face book account, i was able to login too.
That was pretty cool.

Clue name : Moonmanblack

My Task for last week was to take a photo of a anybody taking typing their password.

i basically did this task when i was called to fix somebodies computer, and in the process 

i saw him typing his password the first time but i wasn't fast enough. So i decided to 

send him a message and in the process of typing his password i took the photo.

Footprinting Assignment

Please create a professional looking footprinting report using the following model:

1.  Executive Summary:  This should be written in paragraph format summarizing the target company.
2.  Detailed Content About the Target Organization: Answer the questions about the target organization in detail.  This may be in bullet or numbered list format.
3.  Conclusion: Summarize your conclusions about how the company might be vulnerable to penetration or social engineering.

To complete this assignment you must footprint using the resources available to you legally and freely through search engines and websites.

The specifics of this lab are here:

Footprinting 1
Footprinting 2
Footprinting 3
Footprinting 4
Footprinting 5
Footprinting 6

Exam 1 and Homework Due Next Tuesday

As a reminder I am posting that our first exam will be next week and will cover Chapter 1 - 4 from our textbook.  In addition, all homework assignments from the textbook Chapters 1- 4 are due next Tuesday.

In terms of  labs you should complete the following:

CHAPTER 2

Project 2: Subnet Exercises

MSEC Project 3: Protocols and Default Network Ports - Transferring Data Using TCP/IP (VLab)

MSEC Project 4: Protocols and Default Network Ports - Connecting to a Remote System(VLab)

CHAPTER 3

MSEC Project 1: Network Devices and Technologies - Capturing Network Traffic (VLab)

MSEC Project 2: Secure Network Administration Principles - Log Analysis (VLab)

MSEC Project 7: Analyze and Differentiate Types of Malware (VLab)

CHAPTER 4

Project 3: Target Organization Research (Footprinting)

I will hand out the footprinting lab today in class.  If you need a copy, please email me.

 

Read Marc Rotenberg's annotated version of President Obama's executive order on cybersecurity. 

In at least two paragraphs, comment on this post:

What do you think are the most important ETHICAL issues raised by this executive order?  Stake a claim: do you think it is just, or unjust?  Why? 

Then, make at least one secondary comment commenting on someone else's comment.  (Got that?)  Do you disagree?  Do you agree?  Can you help your classmate refine his or her argument?

Please do this before we meet on 2/26.

Life and Death Online and Facebook: Who Controls a Digital Legacy

What moral issues do you think are raised by this article?  Are there issues of property, privacy, etc.?  And, what do you think is the right thing to do?

Aaron Swartz

Who was Aaron Swartz?

Why do we care?

What are the moral stakes, or ethical issues, associated with his situation?

Answer the above questions in a comment on this post, please.  This should involve at least two paragraphs--at least one on who he was and why we care, including a link for reference, and at least one more on the moral stakes.  First commenter: you're all set if you just follow the above instructions!  Subsequent commenters: in addition to the above instructions, engage in some way with the ideas of the comments that preceded yours.  Disagree, agree, build on the ideas, etc.

Please do this before we meet again--so, before Tuesday.

Good luck!