This is a post exclusively for SanityInAnarchy to reply to when his NDA allows him to.

So... what's this method for beating piracy with next to no DRM that makes bit-for-bit pirated versions inferior?

Listen up, folks. I am about to share with you a practical way to own any corporate Windows network. Before you bitch, first let me tell you that I won't tell you anything you don't already know or is anything other than obvious. That said, this approach works 85-90% of the time. It is time tested. It works. I've done it many times. And if you try this outside of legitimate network vulnerability testing, I hope you go to prison for a long time. That said, on with the show...

First, the bigger the Windows network, the higher likelihood of success. You'll understand why in a moment.

Any company with greater than 100 workstations uses workstation images to deploy new machines. It's a fact of life. The trouble is, the machines are a bit too similar. No one thinks about the local Administrator account. Yes, the local admin account has the same password for every machine. This is the key. Sure, the local admin account password may change when they change the image. But more times than not, many/most/all local admin passwords will be the same.

Get access to a workstation. If you're a consultant, tell them you need one before you show up. That way, a nice fresh workstation will be waiting for you when you get there. If not, wait until everyone goes home and help yourself to one (or more). No matter. Get your hands on at least one.

Did you guess step two? Dump the hashes and crack them. If you're lucky, you'll have LANMAN hashes. If not, you'll have NT hashes. LM hashes fall faster than SCO's stock price. NT hashes can be cracked, but you better be prepared. Rainbow tables work for NT hashes too. Maybe you'll get lucky. Maybe you'll have a few hundred gigs of NT hash Rainbow tables. Whatever. Chances are good you'll have LANMAN hashes. (For you auditors out there, that's finding number two. Number one was common passwords for local Admin accounts.)

Step three is to see how many machines you can access with your new local admin password. Look up how to attach to other machines from the command line. Write a few batch files. You can test your newly stolen credentials against a couple of hundred machines in a few hours.

Find your Windows admin users. They may be smart enough to change the local admin passwords. With a big enough comapny, they won't all be smart enough. Keep plugging and keep good notes.

Review the file systems of the machines you can access. There may be some good nuggets inside. Maybe you'll find router passwords, maybe you'll find love letters to the admin's mistress. It's all valuable. (Keep good notes.)

When you find a Windows admin's workstation, bug it. You want to record all authentication sessions. There are many good keystroke loggers out there. If your paranoid, don't use them. Write your own.

Retrieve your Domain Admin creds and have fun. Make a new domain admin account. Call it something that fits in with the present members of the domain admin group. If the group is large (finding number four for you auditors), just make an account that looks natural. If not, make one that mimics another legit account. Many admins have extra accounts for whatever reason. If you see an account "bwilson", try "bwilson2". The admins will naturally think it belongs to Bill. Why did Bill make another account? Believe me, no one will ask him.

Obfuscation:

Change your mac address for each session. Better yet, change your network port.

Use another workstation you already own. Use an encrypted volume for your activities. Have the volume close after ten minutes of inactivity.

Steal the mac address of a lonely network printer. Use the printer's network jack too. Printers don't use 802.11x.

Use a wireless bridge. If they can't find you connected to a port, they can't find you.

Variations on a theme:

Tell the admin about the common local admin passwords. Chances are, he will make a job to run once a month to change all the local admin passwords. If the local admin passwords weren't all the same before, they are now. Be sure to thank him for making the vulnerability even bigger than it was before. (Hey Rob-The-Windows-Security-Guru: That one's for you, dumbass!)

Get stuck on a NetWare network? Consider yourself lucky. NetWare caches NDS credentials down to the local machine as a local user by default. Crack the local and you have NDS creds. Even if the NDS account is deleted, the local account stays, and may get you access to any machine the NDS user accessed when the account was active. I've accessed local workstations with two year old expired NDS accounts. Thanks Novell! (See what happens when you make interoperability with Microsoft a higher concern than security? With moves like that, you deserve to have Bill Gates eat your lunch.)

I will update this post whenever I feel like it, which may be never. If you have something to say about it, feel free.

-pegr

[Here's a 2nd try, as the first attempt evidently went to bit heaven.]

Saturnday night I went out with other Santa Cruz Astronomy Club members to the Bonny Doon airfield. I live about 15 miles from the site and was a bit put off when upon unpacking found the power cord had left its storage compartment on my portable power pack. I'd been there before, leaving it home, but this time it appears well and truly lost. (Sunday I picked up a new cord at Radio Shack and used a tie-strip to secure it to the eq. mount.)

So muscling the LXD-75 10 inch SNT around was the order of the night. Not terrible, but it meant no tracking, which is the feature I depend upon most. Around midnight Orion cleared the trees and I swung the tube over to examine the Orion Nebula (M42), in Orion's sword. It's one of my favourite sights and this evening would be one of the best for viewing.

Early on I could easily make out the four brightest stars in Trapesium and continued to check up as Orion progressed higher. About 1:00 AM I was easily able to make out five stars, by 1:30 AM I was able to clearly see six, which is the full known compliment of blue stars in that stellar nursery. Cue massive geek astronomical excitement!

After a bit I swung the scope over to Fornax and Eridanus to scan for galaxies, which were in abundance. About 2:00 AM I was still wide awake, thanks to my 1L Sigg full of green tea, but knew I'd need to head home eventually or be the worse for it while unpacking and transporting all this wonderful dead weight back into the house. After returning home I was still pretty awake and enthusiastic enough to plan my viewing for the next week while downing some soup.

Sunday proved to be a difficult adjustment, even with the extra hour to sleep in.

I've been living in California for just over 10 years. Prior to moving here I visited friends, Mark T. (game designer/producer who lived in Sacremento for a while before moving to the bay area then back to the midwest) and Paul Z. (Stanford grad and worked in silicon valley for a variety of network companies) and got a little look at the Napa county scene.

After moving to California in 1997 I made a few trips up to Napa and one Sonoma visit with Paul. On these trips we visited well known and lesser well known wineries. Generally the more 'successful' turned me off with all the clothing, kitsch and food related items they carried, along with some prices which defied my taste for their wines.

I'm no wine connoisseur, I simply know what I like and don't like. I have found inexpensive wines in the past I liked fine. They usually came from unpretentious rustic wine tasting rooms. I took a trip through the Russian River wine country on Sunday and revisited some of these places I had in the past to see what they had and if I could score a couple bottles of something decent for not much scratch. Shock. Rochioli, which has IMHO a good chardonnay which was $11 or $12 a bottle last time through was now up to $30 a bottle and had a book on the counter showing how fabulously their wines had been received at the White House. Oof. Time to go.

Around the corner is Hop Kiln, which had some decent reds the last time I visited was now selling all the merchandise lamented above and their wines had also gone up a lot. Bye.

Next to last visit of the day was Ridge/Lytton Springs. Reknowned for their Zinfandels, I recalled a couple very good bottles several years ago and thought we might visit their rustic steel pole barn, which was inhabited by several large wooden fermenters and a number of cats. Shock. All new building, fancy stuff all around. The Zins were still good, still reasonably priced, but it's obvious success has hit these places. Further someone mentioned how good a year it is supposed to be fore Pinot Noir. I don't know Pinot Noir from Guinness, but evidently the film Sideways branded the variety a hot property and novuea riche (or wannabes) were swarming around looking for it.

We elected to search for one of Paul's favourites, Rochambeau and found an empty lot. Looks like they're going to put in a spiff new tasting room etc. We'll see. Last visit on the road was Rabbit Ridge which featured some very good moderately priced wines. I wish them success, with moderation ;-)

On Feb 14, 2002, to the best of my knowledge (and Google searching at the time) I coined the following from the All Your Base meme:

Rose are red
Violet are blue
All my base
Are belong to you

A variation I could find I had posted on the occasion of Rob Malda proposing in a most geekish fashion, using his own /. web site.

Now it seems to be everywhere, even on shirts at thinkgeek.com (I didn't think to submit it to them so haven't seen a penny of that.)

About 4 years ago I adopted my current sig.

A feeling of having made the same mistake before: Deja Foobar

It was common to refer to a programming error as a foobar in one place I worked, as they were usually the result of testing, rather than the older acronym fubar which I felt carried a stronger definition of erring.

The sig actually was born when I was reminiscing about Deja News, perhaps due to Google's revival of the Deja archives for Google Groups and coined the term deja foobar without particularly attaching it to anything. Eventually I would associate the term with the feeling of making the feeling of repeating programming mistake. And wanting a new, more original sig for my slashdot account made it such.

This is more easy to track than the AYB poem. I was almost immediately set upon by people pointing out I had it wrong and it should be fubar. As the original meaning was rather private I didn't care and shrugged off these "correction attempts" over the years. I recently wondered if anyone had picked up the sig and posted it anywhere.

Shock.

Indeed it has been, spelled foobar and fubar. Some others have even gone so far as to use it in their sig as well. The number of matches is surprising and shows how far an original idea spreads. Both are found with the core idea of 'feeling of having made the same mistake before' Interesting. I should probably post it to thinkgeek.com before someone else nicks it. :o)

Google results for
Deja Foobar
Deja Fubar

So this MIT student walks through Logan (Boston, MA area) airfield terminal with a Proto Board on her jumper and the cops jump Her. Many that's lame, as lame as the half a fibre drum of nail trimmers I saw at an airport a few years ago. It doesn't smell like explosive, does it? I bet terrorists just laugh themselves sick at how jumpy they've made everyone. Like the british security agents who slaughtered the brazilian electrician.

Got me thinking about Proto Boards though. I was just thinking about getting a tiny one yesterday. I'm converting a webcam to an astro-imaging camera, by changing colour CCD to B/W CCD and adding some solid-state cooling to it. I've got a circuit board to make, but a small Proto Board would probably work as well and give me some flexibility the soldered PCB wouldn't. I'll have to see what sizes I can find.

A funny old fing. I got into the pirate character for all of my posts on the 19th of Sept., "arrrs" here, "avasts" there and such. A bit of mental gymnastics trying to fit it all together and try to contribute to discussion.

Oddly, most of my posts which were modded were modded Funny, not insightful or informative or even interesting. Oh a point here or there, but still 80%+ funny, though the content wasn't meant to be. I'm sure it'll all come out in a month when someone metamods these things and thinks 'wtf!?!' since they probably won't make the International Talk Like a Pirate Day connection.

Let's see if we can game the journal system by posting a stub with a date/time marker, then editing it to reflect something prophetical after the fact. This is my stub. Stay tuned!

Mandatory prophetical placeholder... SCO will lose...

The original post is dated September 9, 2007. This edit (November 20, 2007) should reset that date. Let's see what happens... Hey! No date change! Now what can I predict after the fact? I'll have to wait for something big, then edit this post to reflect my uncanny ability to predict the future... This might be fun!

If anyone out there wantes to start a thread under this post to get in on the prediction (to be (n|g)amed later), now's your chance!

In considering Echelon, the world-wide signals intelligence program supposedly capable of recording, transcribing, and analyzing most any voice communication anywhere, I was intrigued by the technology it would take to do it. Better yet, can I make my own Echelon system? The answer is truly surprising, not in how simple it is to do, but in how utterly cheap it is, at least on a small scale.

First, we need a method to record telephone conversations. Since the conversations are to be processed by a computer, it makes sense to capture them with a PC at the beginning. Let's start with an interface device made to record phone calls to a standard cassette tape recorder. Here's one at everyone's "favorite" electronics store, Radio Shack. RS has been selling this kind of device for 30 years. It simply plugs into a phone line and toggles the remote switch on when a conversation is present. We don't care about the remote switch, we just want a tap that will convert a phone signal into something we can use with the microphone input on a sound card. This device is about $27 if you're too lazy to a) shop, or b) make your own.

Next, we need a bit of smarts on the PC side. While I'm a Linux user, I'll be using a Windows machine for this project because of the availability of off-the-shelf software components. What we need is a simple program that monitors the sound card microphone input, and when a voice signal is present, record the input to a file. When the input is no longer present, close the file and continue to monitor the input.

Well, it turns out there is just the utility to do this. Try this utility. This little program does exactly what I described.

So what do we have now? Well, we now have a system that will monitor a single phone line and record any phone conversations on that line to a wav file. The file name is encoded with the date/time the conversation took place. It even captures the DTMF of outgoing calls. Wow, our little Echelon system is coming together!

What to do now? Well, there are a few options. One is to simply have another script email any new files that appear in the recordings directory to you. I'm thinking a bit bigger, however. How about filtering the files through a voice/text converter, such as Naturally Speaking? Then, store away the transcription (along with the original recording) in a DB, and index by key words? In reviewing the features list of Naturally Speaking, the Preferred Edition (list for $199) has a feature that monitors a directory and auto-converts any new sound files that appear in it. Perfect! A complete batched system is within sight!

I haven't done this yet, but I can see no reason why you couldn't. If I can defeat my lack of organizational inertia (read lazyness), I'll update this post and let you know how it works!

Notice: In most states, you are only permitted to record phone conversations you are a participant in. Some states don't even let you do that. If you were to make a system like this and have it record phone conversations you are not a party to, you would very likely violate state and/or federal law. Yes, I understand the contradiction. No, I don't like it either.

So why would I make such a system if using it is illegal? It's more of an exercise to demonstrate that, whatever your take on government surveillance, phone tapping, key word searching, etc., you can remove from the argument whether or not they can do it. They positively and absolutely CAN, because I can.