krypted.com

Tiny Deathstars of Foulness

Recently I’ve read a lot of things about the attacks against Sony. I’ve read that they’re nothing more than extortion attempts by hackers that probably live in their parents basements (based on the fact that the initial demands didn’t mention North Korea at all). I’ve read they were orchestrated by China by people who felt North Korea was being picked on and couldn’t stand up for themselves. I’ve read highly unconvincing reports from the FBI that they were orchestrated by North Korea. No one really knows. I can send traffic to servers from anywhere in the world. Anyone can anonymize their web traffic as easily as using a ToR plug-in with Firefox. I’ve also spoken to friends at Sony that told me that they’re concerned about the future viability of Sony due to the business impacts of these attacks. I’ve also spoken with people at other studios freaking out about not wanting to “be the next Sony.” But in all of it, there’s something kicking in the back of my head. You see, if someone tried to blackmail me, I’d go to the press (or government) and allow the public to judge me for whatever it is, not cave to demands that are only likely to recur. Not giving into extortion demands is the right thing to do. If someone threatened the safety of people to go to a movie, I’d pull it as well, so that’s the right thing to do as well. There have been enough shootings in theaters and while financially potentially devastating it’s not worth the loss of a single human life to show The Interview in theaters. Of course, now that the attackers have backed off their stance, The Interview will be shown in hundreds of theaters. And it will likely be viewed online by millions of people over the next few days. And if this was carried out by North Korea, they couldn’t visit all of our homes to pull it (although the awful remake of Red Dawn by MGM might indicate differently). I believe that the good, American thing to do is show our support to Sony for all the brain candy they’ve given us in the past. More than that, our support for doing what’s right. And what’s more capitalistic of us than spending $6 on a movie (other than spending more)? What’s better for Sony than to make a little money? In America, we tend to root for underdogs. We love Rocky (which btw cost less than a million to make and brought in a breathtaking $225M – 1:225 ROI there). We wanted Rudy to score a touchdown for the Irish (TriStar – part of Sony). We practiced our kicks like the Karate Kid (Columbia Pictures – part of Sony). We watched Jerry Maguire (TriStar – part of Sony again) even though we couldn’t stand Tom Cruise and rooted for the guy who risked it all to do the right thing (Money, baby). We threw up in our mouth a little when we watched Dodgeball (Fox but a fun movie anyways). We adore Gandhi (Columbia – again part of Sony) because it won an Oscar and taught us the story of one of the greatest men of all time. We loved Charlie Sheen when he was Winning in Major League (Mirage). And we loved Kick-Ass (Lions Gate), one of the unlikeliest heros of all. Sony made Bond great again. Sony brought us Spiderman to the big screen. Sony told us about The Social Network (and were still allowed to have Facebook accounts. Sony gave us Eat Pray Love. Sony killed zombies awesome sauce in Zombieland. Sony gave us Superbad. Sony taught us a history lesson with The King’s Speech. Sony brought The Da Vinci Code to the big screen. Sony made a great movie in the Lords of Dogtown. Sony brought us Hell Boy, Adaptation (as a writer, a movie I love), Ali, Black Hawk Down and countless other movies. Some great, some not. That’s the game. Now, we have a chance to do a very small part by helping Sony escape financial ruin. And yes, they make more movies that suck than are awesome. Because that’s what all studios do. And yes, the film industry seems like a bunch of rich people being silly sometimes. But there are real people that work there. Normal people. With boys and girls and installations at burning man. Some of the best people I know. And they do great work. And sometimes the studio makes brilliant movies. And whether this was spearheaded (yes, bad pun on spear phishing) by a dictator with a bad fade, the remaining communist hardliners in China, another studio or something else, it’s up to the market to dictate the outcome. That’s capitalism. ‘Merica PS – It’s hilarious.

December 26th, 2014

Posted In: Business, Mac Security, personal

Tags: , , , , , ,

A dmg file is a compressed file structure, capable of containing folders, files, etc.  Dmg files can be used for a variety of purposes, from encrypting a home directory (ie – FileVault) to encrypting a file structure manually.  A dmg file can be encrypted fairly simply. From Disk Utility, create a dmg file by clicking on the File menu and selecting New and then Blank Disk Image. This will bring up a screen where you can provide a name for your home folder and a size, then select either AES 128 or AES 256, which is a bit slower. Encrypted Disk Image Go ahead and click on Create and then at the resultant password screen go ahead and provide a password to be used.  And let’s just go ahead and uncheck the option to create an entry in Keychain for the password. Encrypted Disk Image createIf you would rather do so from the command line I covered how to do so in a previous post. Now let’s download Spartan, a tool built by Ryan Kubasiak. Now download a dictionary file. I just used one of these (and for expedience sake I paired down the contents to only have about 100 possible passwords, one of which was mine). Now go ahead and open Spartan, clicking on Go! at the splash screen.
Spartan

Spartan

At the Choose a File screen, browse to and then select your password file, clicking Choose once you have done so. At the next Choose a File screen browse to and then select your dmg file which you would like to crack the password for. The password file will then be read into RAM and the password cracking will commence. Spartan Password Progress Screen, Crack Password, Spartan!, dmg According to the length of your password this could take a long, long time, but when it’s done you will have your password, assuming it was in the dictionary of passwords you used.  Dictionary files can be downloaded from a variety of sources, some collections taking up gigabytes upon gigabytes of space and covering every possible keyboard combination.  Therefore, the longer the password that you use and the more complex the password is, the longer it will take to break the encryption. “So, would your holiness care to change her password?” – The Plague

June 26th, 2009

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , , ,

Every hardware network adapter has a unique MAC address.  However, they’re not always what they seem.  According to Wikipedia:
MAC Spoofing is a hacking technique of changing an assigned Media Access Control (MAC) address of a networked device to a different one. The changing of the assigned MAC address may allow the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another computer.
I was talking to someone the other day about security and the topic of spoofing MAC addresses came up.  They seemed to discount that this was usually a concern except for in super secure environments because they considered it an extremely complex process.  Here’s my answer to that:
ifconfig en0 ether 00:00:00:00:00:00 
That should take you about 5 seconds to copy to your clipboard and paste into a terminal window…  You can then replace the en0 with whichever adapter you’d like to implement the spoofed addy on, and hopefully the series of zero’s here with the actual MAC address of a target host.  The next comment was that it was really hard to figure out a MAC address and that’s what makes it hard to spoof them.  If it’s local and you can ping it then arp will cache it.  Therefore, see the IP of the host you’d like to spoof the MAC on in your arp cache with a little:
arp -a
Which gives you something like:
? (192.168.210.249) at 0:16:cb:aa:dc:58 on en1 [ethernet]
Now, once you’ve set the MAC, you’ll need to reboot to undo it.  Or just set it back if you copied it before running the earlier command.

March 10th, 2009

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , ,