Wednesday, October 27, 2010

lol wtf, more hacked email?

I got this a while back. I dont know this guy at all, but he had my email on his contact list for what ever reason so when his account got owned the attacker "or bot" just mass mailed everyone this little gem:

Subject: SAD NEWS !!!!!!!!!

Hello !!

I'm sorry I didn't inform you about my travel plan. Am presently in
Wales ,United Kingdom but i experienced something horrible at a Park.I
was mugged at gun point, all my cash,credit cards,cell phone and some
other valuable things were stolen in the process but thanking God for
saving my life and keeping my passport.I need your financial
assistance to settle my hotel bills immediately and to return back to
the airport.

I promise to pay back soon as i get home.I really don't have access
to money right now,i need your help within twinkle of an eye. I
already canceled my cards immediately after the Incident. Am at the
public library where am making use of the free internet access.I would
be greatful if you can render your assistance on time. Am anxiously
waiting to hear from you cause my flight leaves in few hrs but need to
settle the hotel bills and please save me from being embarrassed.


Joe Maggio

Maggio & Associates
1181 South Lake Claiborne Road
Port Gibson, MS 39150

I have read about this scam "or ones like it" in a few places but never seen it in action. Not a bad attempt at SE really, well accept for the broken english. If i knew this guy and gave a shit i might have fallen for something like this, at lest would have tried to find out more information and waisted a few minutes. I still think this is a brilliant tactic and i can see why its been so affective in the wild.

Monday, October 4, 2010

It's put up or shut up time!

It's put up or shut up time on Net Neutrality.

The fate of the open Internet is now in the hands of FCC Chairman Julius Genachowski. He simply needs the courage to choose the right action... That's where you come in.

What should Chairman Genachowski do right now? (Answer by clicking your choice below):

A. Protect free speech and consumer choice on the Internet


B. Cave to lobbyists and let AT&T and Comcast take away our Internet freedom.
I'm guessing you clicked the first option. Seems obvious, right?

Genachowski has the power to deliver on Net Neutrality. He just needs to call a Commission vote to restore the FCC as a watchdog of our online rights by reclassifying Internet access under Title II of the Communications Act.

Genachowski has the legal clearance, political cover and momentum to make this historic vote happen:

... Last Friday, House Commerce Committee Chairman Henry Waxman told Genachowski to "move forward under Title II";1

... On Sunday, the Washington Post published a column saying that "it's put up or shut up time" for the chairman to protect Net Neutrality;2

... A majority of FCC Commissioners are ready to vote in favor of Title II and Net Neutrality. Genachowski just needs to call the vote;

... Major daily newspapers, including the New York Times, the Boston Globe, the Los Angeles Times and USA Today, have editorialized in favor of FCC action for Net Neutrality;3

... President Obama has publicly urged for Net Neutrality protections on at least nine occasions;4

... The leaders of the relevant committees in the House and Senate have given Genachowski a green light to move forward;

... And, most importantly, more than 2 million Americans have demanded that Washington protect the open Internet from blocking and discrimination by corporations.5

By taking action now, the chairman will put the Net Neutrality question to rest and will have the ability to achieve the goals of the National Broadband Plan.

Tell Genachowski: It's Time to Step Up

All of our work has come to this moment, right now, and to this chairman, Julius Genachowski. He simply needs to take the next step.

Please take 30 seconds to help make certain he does the right thing for Net Neutrality.

Thank you,

1. "Waxman Backs Reclassification of Broadband," The Hill:

2. "It's Put Up or Shut Up Time for the FCC's Net Neutrality Advocates," Washington Post:

3. "Chairman Genachowski: Can You Hear Us Now," MediaCitizen:

4. "President Obama Supports Net Neutrality,"

5. "Two Million for Net Neutrality,"

Want to learn more? Join them on Facebook and follow us on Twitter.

Sunday, October 3, 2010

Tcpcrypt on Ubuntu.

If you dont already know here is what tcpcrypt is and a run down on what it does.

Taken from
Tcpcrypt is a protocol that attempts to encrypt (almost) all of your network traffic. Unlike other security mechanisms, Tcpcrypt works out of the box: it requires no configuration, no changes to applications, and your network connections will continue to work even if the remote end does not support Tcpcrypt, in which case connections will gracefully fall back to standard clear-text TCP. Install Tcpcrypt and you'll feel no difference in your every day user experience, but yet your traffic will be more secure and you'll have made life much harder for hackers.

And yes its as good as it sounds, but it does have a few weaknesses. Heres a little blerb of how it works and more detials on its short comings.

Tcpcrypt is opportunistic encryption. If the other end speaks Tcpcrypt, then your traffic will be encrypted; otherwise it will be in clear text. Thus, Tcpcrypt alone provides no guarantees—it is best effort. If, however, a Tcpcrypt connection is successful and any attackers that exist are passive, then Tcpcrypt guarantees privacy.

Network attackers come in two varieties: passive and active (man-in-the-middle). Passive attacks are much simpler to execute because they just require listening on the network. Active attacks are much harder as they require listening and modifying network traffic, often requiring very precise timing that can make some attacks impractical.

By default Tcpcrypt is vulnerable to active attacks—an attacker can, for example, modify a server's response to say that Tcpcrypt is not supported (when in fact it is) so that all subsequent traffic will be clear text and can thus be eavesdropped on.

Tcpcrypt, however, is powerful enough to stop active attacks, too, if the application using it performs authentication. For example, if you log in to online banking using a password and the connection is over Tcpcrypt, it is possible to use that shared secret between you and the bank (i.e., the password) to authenticate that you are actually speaking to the bank and not some active (man-in-the-middle) attacker. The attacker cannot spoof authentication as it lacks the password. Thus, by default, Tcpcrypt will try its best to protect your traffic. Applications requiring stricter guarantees can get them by authenticating a Tcpcrypt session.

Now to install this guy we need to get our system ready so lets start by opening a term up and running this:
sudo apt-get install iptables libcap-dev libssl-dev libnfnetlink-dev libnetfilter-queue-dev git-core

Then run these commands:
git clone git://
cd tcpcrypt/user

Now we need to edit rc.local "/etc/rc.local"
sudo vi /etc/rc.local

Add this line before "exit 0"
sh /home/user/tcpdump/user/

And restart your done!! You may want to move the tcpcrypt dir out of your home dir but thats up to you. Enjoy!