Monday, December 22, 2014

Cyberwarfare threats made using Reddit and Pastebin

The threats (supposedly) made by the North Koreans to Sony were reported to have been posted on Pastebin. What I don't understand is how this relevant to the legitimacy of the threat.

There seems to be a disconnect between reporting by the press and the source of the material that is used to support the claims. While most of the discourse relating to hacking and Cyber-crime-warfare-terrorism seems to take place on Social Media platforms, the "main-stream" media outlets, newspapers and TV, seem to give Internet sites more credibility than they should.

I can't see why we should believe reports that quote things that can be traced back to sites where anybody, with no real authority, can post whatever they like and it is quoted without any question about its validity or whether it could just have been posted by someone who just wanted to make a point.

Whenever I visit such sites such as Reddit or Pastebin, looking for backup on stories that are current, I am greeted by what is largely trivial and nonsensical postings. I am not saying that some of the things that are supposed to have been posted were not there, but they are buried in a "fog" irrelevancy. 

Saturday, December 20, 2014

SE Toolkit - an Android apk

The notion that Social Engineering tools can be run from an Android device is somewhat ludicrous. At best all that you can expect on your portable device is some `crib`notes to suggest what actions you can take to fool a potential target so that you can penetrate their security system.

The whole point of SE, or Social Engineering, is that you use techniques other than those offered to you by running a program on your computer or mobile device. The SE Attack will more than likely consist of a `cold call`in which the person making the call will post as a `Security Professional`that will attempt to gain the log-on details for an employee of a corporation.

Thursday, December 18, 2014

Command and Control Servers (C&C)

A term used by sercurity specialists to make them appear that they know what they are talking about.

Mentioned in the interview on the BBC about the Sony Hack and the pulling of The Interview from US cinemas Dec 2014.

C&C servers are more associated with Botnets and DDoS attacks than the hacking of a companies email servers and the extraction of intellectual property from a corporation or film company.

Wednesday, December 17, 2014

Guardians of Peace (Gop) and Aaron Sorkin

Aaron Sorkin has stated: News outlets more 'morally treasonous' than Sony hackers

He then goes on to say that GoP, and other hackers, are motivated by a cause whilst large corporations are after the nickel. Does he really think that hackers are not after their "15 Minutes of Fame"?  Does this not lead to the bucks?

It is a pity that the Guardians of Peace are referred to as GoP, this makes it indistinguishable from the Grand Old Party when making a search. I am sure the Republicans are pleased about that!

Tuesday, December 16, 2014

Sony and Hacking

I really do find it difficult to have much sympathy for Sony.

If there is a story relating to data breaches Sony are there centre stage. Sony, the company that thought it was a good idea to include a "root-kit" on audio CDs so that they could control the users of their media computers without telling them that it was there, are now in the news from data leaks and email hacking.

I don't really have to add more here as you can find all the "dirt" on them from other sources. All I can say is that in today's relatively mature technological age, Sony should have been able to work out their own security by now.

This, in my opinion, just adds fuel to the Security Industries fire to convince businesses to hire their services. Such a pity that Sony have not seemed to have listened!

Is get_iplayer working correctly or as it did before?

The downloader for BBC iPlayer programmes, get_iplayer, is chronically susceptible to changes made by the BBC in their attempts to "improve" their catch-up service.

Yesterday I observed a search for "get_iplayer works again"

Today I did an experiment and used get_iplayer and mamaged to get an index for Masterchef: The p
Professionals.  I searched for "masterchef:" and I got a result of 3 episodes, 16, 17 and 18. When I do the same search on the BBC iPlayer website I see that there are 12 episodes available to watch.

In its last major failure get_iplayer failed to retrieve any episodes, this was sometime in October 2014. Since that time it is claimed that a "fixed" version of get_iplayer has been made available on the get_iPlayer Lives website. I downloaded the latest version of get_iplayer when the last failure oocured, it still failed to retrieve an index of any programmes. However, you have always been able to download using the PID method.

Since that time, and I have not downloaded the so-called "fixed" version, the get_iplayer script seems to partially work and only retrieves the last few episodes of a series. Still, this is better than none.

It is unclear to me why this is the case and I remain highly skeptical about those that claim to have fixed it. One thing is for sure and the BBC are likely to make more changes in the future.

Monday, December 15, 2014

Ngunduh.com and downloading the aircrack-ng apk

Ngunduh.com came to my attention with someone searching for "ngunduh aircrack apk".

Ngunduh.com seems to be a rather suspect game download bog/website. I would not even bother visiting the site and if you do I would suggest that you are likely to infect your computer.

Sunday, December 14, 2014

Bitcoin - Hashrate Distribution

There has been a relative lull in the interest in Bitcoins on my website (www.tempusfugit.ca) but today I had a visit for someone looking for "tempus fugit pie chart".

The page that was found related to my research on Bitcoin. It is not known if the visitor was interested in Bitcoin but it was an excuse to review some of my page related to it.

I have posted at length about the philosophy behind  the creation and promotion of the use of alternative currencies but without much feedback from those that may have found my pages. If anything any comment that I have garnered has been related to the egotistical response of those involved in the development and promotion in that they have found that I made reference to their names and they have been looking for themselves on the Internet. - i.e. Googling themselves - Narcisurfing. 

Please feel free to comment here if you have a view on Bitcoins.

Saturday, December 13, 2014

FoxyProxy GeoIP Circumvention

A search: "foxproxy add-on firefox download"  was logged today.

There has been a long time since I featured the FoxyProxy add-on for Firefox. This was how FoxyProxy started out and it was, as per the name, a technique that was developed for use with the Firefox browser. It allowed the selection of free proxies so that GeoIP circumvention could be performed. This was useful if you wanted to access services such as the BBC iPlayer from outside the UK.

Since that time, 2010, FoxyProxy has developed in to a fully-fledged VPN service that can be used with all web browsers including Microsoft's Internet Explorer.

The search for foxproxy add-on is presumed to be a search for foxyproxy add-on - which I am pretty sure never existed. I am also making the assumption that there has been a reference to foxproxy in another forum. The visitor finding my site, www.tempusfugit.ca, did not find my page on what FoxyProxy became and how it looked in 2013. It gave me an opportunity to update my pages.

Friday, December 12, 2014

How to install wifite on Android

This is a popular subject that visitors to my website, tempusfugit.ca, seem to be very interested in.

Wifite is a popular wireless penetration tool that leverages the use of aircrack-ng by the use of scripts that pre-configure commands to perform specific aircrack tasks. To run Wifite on any device you need to install the aircrack-ng suite of software and confirm that it works before attempting to get Wifite to work.

Wifite is merely a scripting tool for aircrack-ng.  This means that you can perform the same penetration and wireless auditing tasks just using aircrack-ng. Wifite is a means to make this simpler. Wifite is NOT a tool that can be run on its own without aircrack-ng installed on your attack device along with compatible drivers to allow the injection and monitoring of wireless network traffic.

Contrary to popular conception Wifite cannot be installed and run as a separate programme.

Full details on the use of Wifite and alternative penetration tools can be found on my website www.tempusfugit.ca

Wednesday, December 10, 2014

windows 8 loader by exmi

As far as I can see this is a scam.


The file that you are supposed to download is exmi.rar. The .rar file extension is a common way that those that are trying to infect your computer with malware disguise "bad" programs in downloads.

If you download a .rar format file you don't know what it contains until you expand it. In many cases this will be too late and you will have compromised your computer.

Download reaver.apk

A search for "telecharger reaver.apk" was observed.

Like many other so-called "Penetration" tools, not many are available for the Android platform.

Reaver-wps was a tool developed to perform "brute-force" attacks on wireless routers that had been secured using the WPS encryption option that used to be popular on many wireless routers.

This vulnerability was expanded by Stefan Viehböck on his blog .braindump - here is quotes research peforrmed on WPS protected systems. He, and the Google Code page for reaver, make reference to this as a pdf that is supposed to explain the attack.

However, there is an admission: "On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours". This is for a now seldomly used WPS protected access point and on a regular computer, not an Android device.

The reaver.apk or reaver-wps.apk , if they existed, would not present a security risk to computer users.

There are some Android developers that claim to have written such apps. SWifis, Wireless Reaver and Buckynet WifiReaver.

Tuesday, December 9, 2014

cowpatty.apk

There still seem to be searches for CoWPAtty running on an Android device.

As far as I can  see this is just wishful thinking on the behalf of those that would want to promote bogus apks.

CoWPAtty is a very old wireless penetration script written by Joshua Wright and is now not maintained by him. Joshua is more interested in promoting himself and the courses that he presents for the SANS Institute. He is also the owner and operator of "Will Hack for Sushi" blog/website.

Friday, November 28, 2014

Smart Regenerative Charging (SRC)

Having purchased a 2014 Ford Fiesta Titanium 1.0 EcoBoost I was interested in finding out more about some of the economy features promised by Ford on their website.

I was mainly interested in the Fiesta because of its favourable reviews and that the ST model had been awarded the Top Gear Best "Hot Hatch Award".

While I did not expect the 67+ mpg that was claimed, I did expect great fuel economy.

Although the Ford brochure and other information found on the Ford (UK) website describes the potential economy advantages of the "Start-Stop" technologies and the use of SRC, that is supposed to control the alternator such that it is only in operation when your foot is not on the accelerator and will cut-in and charge during vehicle braking,  it is not made that clear.

The Ford website shows a Silver Calcium battery under the topic "A more efficient way to re-charge your battery", this battery technology is not mentioned and my Fiesta has a Enhanced Flood Battery.

On further research the "Start-Stop" technology needs a different type of battery technology to achieve the 10% increase in fuel efficiency. The EFB technology provides a "Deep Cycle" battery that overcomes the deficiencies inherent in normal lead-acid batteries.

Friday, October 17, 2014

Has anyone else not listened to the new U2 album?

Bono says that he is sorry that their new album was downloaded to thousands of Apple devices whether they wanted it or not.

I haven't listened to it, how about others?

Friday, October 10, 2014

New location

The Technology Muse and tempusfugit.ca are no longer updated from Canada.

All input will be from the Essex/Suffolk border.

Sunday, July 20, 2014

Looks like the BBC has finally made get_iplayer fail

The downtime that the BBC were having yesterday, both iPlayer and their main websites, seem to have resulted in get_iplayer failing to even get an index of what the Beeb have on their servers.


Maybe this is just a temporary thing and it will sort itself out but this seems to be a more spectacular failure than I have seen before. Unlike other times when the BBC had made changes resulting in the inability for get_iplayer to download media, this seems to be far worse.

Monday, June 16, 2014

Wireless Penetration Tools on Android

I am really amazed by the shear number of searches that I see from those that are looking for apks that
can be used to hack Wireless Networks.

Such searches include:
  • WiFite apk
  • WiFite for Android
  • Wireshark apk
  • install linux kali on android june 2014
  • wireshark for tablets
  • pwnpad install apk
  • aircrack-ng for Android   
This is strange as Wireshark seem to consider that a tablet or phone running Android or iOS is not a viable platform for this activity.

Saturday, May 10, 2014

Who cares abiout the Eurovision Song Contest?

I know this is a little off topic, but I am having to watch it. Well, not actually having to, as I could go into the next room.

What a load of crap.

Do I really care if it is "lip-synched"? - who is performing when? I can listen and interpret as well as any other person in the room. It is not as if it is that it is a foreign language.

It all sounds like Sky Fall to me - but then I was told to "Zip it!"

Wednesday, April 30, 2014

Spear Phishing

As a follow up on a BBC program I have updated my website with a page on this subject.

Spell-Checking on Blogger

I don't think that spell-check works on the Blogger App on the iPad.

It seems to on mine but not on the 4



Wednesday, April 23, 2014

Scalpers

Due to the fact that ticketbots.net feel that they can send me emails firstly complaining that I had given them a false review and then telling me about their "fire-sale". I feel that I have to make this post.






$18,000 of software for only $4,500 - looks like the "full Scalper package".

Which ever way you cut it, this is dishonest way of circumventing the legitimate businesses  of ticket sellers such as Ticketmaster and AXS. TicketBots.net seem to think that it is okay to jump the queue, to use their software to gain an advantage over those that are using the ticket sales website in the normal manner.

It is just the same as the "scalpers" you used to see outside the venues before the Internet age. Selling tickets at inflated prices and offering to buy your extra ticket from you, the friend that couldn't make it, for a price far less than the face value.

Tuesday, April 22, 2014

Photo on the fly

This is an experiment in how Blogger can be used to make a photo journal.



This  was to assist another party  who was interested in starting a travel blog. As far as this blog is concerned it is pretty much relegated to a test-bed and I am not really interested in who visits it and what comments they make on it. My main content is on my website tempusfugit.ca, so if you are looking for any recent information that previously was featured here, I suggest you look there. 

One of the things that I find amusing is that only me and one other person ever visit this blog on a regular basis. It is just not that important and certainly not that interesting. I still entries in Google Analytics where a certain page seems to be popular, along with a check on what new posts that I may have made.

Blogging using the iPad

Has the ability to add photos been added?


Yes it has but the text in the list on the right (index of posts) overlays the default photo selected from the Camera Roll.

Tuesday, April 15, 2014

Martin Winter IT Consultants

This is my new venture.

Offering  computer services to the city of Toronto

Please call (416) 342-6732 for a quote

Sunday, March 23, 2014

The "unsafe environment"

I blogged sometime back about that there was an over-blown reaction and response to the fact that Internet and computer users are unsafe when on-line. I have been reviewing my thoughts on the matter and I feel that I need to make another post to clarify a few points.

At the time, of the original post, I was criticized for not believing what I read in the press with regards to hacking. I thought that was strange at the time as I had been reporting my views on such matters for some time prior to that and that was definitely not the case. However, I still stand by my contention that the area of security is much over-stated and it is big business for those that are involved.

Since that time, Edward Snowden not withstanding, I have continued to review the software and hardware that is available presumably to allow the hacking of wireless systems. I continue to be amazed by the sheer scale of this enterprise.

It is my contention that most of those that make statements about security are those that have more to gain than loose. These are those that are using it as a business opportunity rather than an altruistic service for those that are really vulnerable. My personal situation is that I have a lot of potential risk, in the form of considerable cash assets that could be accessed on line, but I have yet to have seen any attempt to compromise my stash.

Thursday, February 6, 2014

Apple takes down Blockchain app

Perhaps Apple think that all Bitcoin/Litecoin activity is related to nefarious transactions and wants no part of it.

The fact that Google (Play) still has such apps still in its store is more of a reflection that the Google platform is far less regulated and hosts things that are less than kosher.

Tuesday, January 21, 2014