Azio’s Computer Log

Hi people, we all know what its like to have our content ripped off, its just somehow worse when its done not only blatantly, but badly, in mass, and without even asking first, let alone with permission. Obviously, this is a great problem on the internet, and I Ask all azio.org users to kindly support him in his mission to expose the “splog” , what I call a Spam Blog, for what it is. Unethical.
My Friend
http://blandname.com/2006/10/27/swik-stole-my-website/

Your Support is Appreciated:

Support blandname and digg his article here

Swik Page in Question/Proof/Picture:

http://www.swik.net/blandname

Diceware is a type of way to making cryptographic passwords, passphrases,
or other vars (variables). How it works is simple, the user uses real physical dices as a hardware random number generator. This is actually surprisingly more difficult than many people are aware, even some coders don’t know this. Basically its almost impossible to generate an entirely random number with an ordered function. A crypto expert can add such greater drift or collision protectiveness for it to take “100’s or 1000’s of years”, but that is obviously eventually surpassed, and the “random” number sequence is either “not random enough” or “not random at all”; and unless there is some secret NSA encryption i’ve never heard of, it is impossible to generate a solid encryption algorithmn. I’ve been in password cracking a little while I suppose, as a bit of a past time on my 10 x p3 600 supercomputer cluster. I’ve never found a password that , couldn’t in time, be cracked to high success rates over 90%. With improvement I see no reason why the random seed could not approach or even equal 100%. As technology becomes more prevalent and powerful, password hashing alogorithms of all types will become less prevalent, and less powerful. Simple huh?

Back to diceware

For each word in the passphrase, five dice rolls are required. The numbers that come up in the rolls are assembled as a five digit number, e.g. 43146 corresponds to the word munch. Lists have been compiled for several languages, include English, Finnish, German and Spanish. A diceware word list is any list of 6^5= 7,776 unique words, preferably ones the user will find easy to spell and to remember.

The level of unpredictability

Diceware passphrases can be easily calculated: each word adds 12.9 bits of entropy to the passphrase (that is, log2(6^5) bits). Five words (slightly over 64 bits) are considered a minimum length.

Diceware passphrases can be difficult to remember and some may prefer other methods, such as using the initial letters of a memorable phrase. If the length of Diceware passphrases are assumed to be known to an attacker, then passphrases yields less entropy than the idea 64.62 bits when used with dictionaries containing variable-length words. This is because the length of the resulting passphrases “leak” information about their composition.

Basically what this is is an old philosophy. It’s insecure, I could generate more secure passwords with pwgen -L , however maybe not passphrases. It’s just diceware that creates the password, it doesn’t maintain it’s integrity interms of disk storage (if you use dicware to create ssh password , the decryption ability will be directly related to the hashing algorithmn used to encrypt it’s strength.

Password synchronization is defined as any process or technology that helps users to maintain a single password on a given set of systems in one single security policy, this rotates on singular basis and is one of the most effective mechanisms for addressing password management problems. However, in recent articles we spoke a lot about how ease of use or exceptional functionality usually comes at a price. I feel that password synchronization could be very dangerous to a large proportion of people.

Advantages of Pass Sync:

1. Simpler way to manage passwords so..
2. less calls to the help desk.
3. money saved.
4. Users with fewer passwords are less likely to write them down (thank god).
5. Ease of use.

Disadvantages:

1. If one system is compromised all systems are potentially compromised also.
2. (Can turn out to be very expensive and damaging if executed badly).
3. High Risk

Password synchronization is much easier to implement and is more effective against password management problems than enterprise single sign-on (or SSO), as there is no client software deployment, and user enrollment can be automated. There is also no single, critical point of failure in a password synchronization system, as the system is not involved in user sign-on processes

Sync Types

• Transparent password synchronization, which is triggered by a change of password on existing systems. The password will be automatically sent to the other user objects in parallel systems, which allows for significant modularity, yet integration (without user knowledge in some cases). Certainly an effective way to manage your passwords.
• Web Based Password Synchronization is triggered by the user with a commercial web browser, instead of the native process being used, a new one is put in its place which allows the user to set multiple passwords at once.

Obviously a system such as this is a dream for a hacker. None the less, at least there are less hashes to be found , but whether that is a good thing, I really could not say

And Introduction to living with migraines
I have suffered from chronic migraines ever since I was a young child, occassionally I get the occassional migraine marathon and can be dehabilitated for days or even weeks, but mostly 4 - 5 hours or so in a dark room, away from sound, light sources and heat, really does the job. So today, when I got a splitting one, I decided that I was going to try and fix it, anyway, I possibly could at my disposal. I lay on the bed streaming for ideas, as my head ached the further that I thought, I wondered what would have an influence on my migraine , as much, or better than my medical prescription sumitrupan succinate (also known as immigram in the UK by GSK). There wasn’t much available short of a bunch of PC’s, an air conditioner, and a great deal of electronic equipment that wouldn’t be doing me any favours in a hurry.

The Find of a Migraine!
So, I lay there for a while thinking what could have an affect on the blood in the brain  (much like immigram works)… So… I look accross the room at a pc speaker, and think. nawwwwwww. That wouldn’t work. A regular PC speaker, with a fairly strong magnet which would all in all stick fast to the side of a fridge, so not the worlds most strongest, but certainly as strong as or stronger than those crappy little armbands that i’ll never touch. So I proceeded to disconnect the wires from my newly found prize so that I was left with the speaker and the magnet only (all in once peice but the wire). And placed it directly on my head, it was very cold, and that did help of course.. but not a lot. When it began to get warm, I picked it up with my left hand and helf it in my hand by the rim of the speaker, with the magnet facing away, after only 20 or 30 seconds my arm began to become weak, and  I thought , gee this is strange I’m not meant to believe in all that crap, im a technician. So as a control, I placed the speaker down , rested my arm and then proceeded to put it back exactly how it was when it began to sorta hurt (like all the muscles were twitching). Nothing.. to my surprise I put the speaker back in my left hand in the same configuration, within a few seconds it began to hurt, and I was pretty surprised by this. The way my headache feels is sortof “clockwise”, if your a migraine sufferer you might know what I mean, the pain sorta shoots around in a circle and works its way across the left of my head an arc over my forehead and down into my eye (sortof a spiral). I found that waving this fair magnet over my left head where my head hurt really didnt help so good when moving it clockwise, so I tried anti-clockwise..

figure 1.1 what could the magnet have done to this?
This might sound a bit strange, but this was of course purely on instinct, and , it seemed to work, very well infact that my migraine went within about 25 minutes, as fast or faster than medically effective drugs that I have been prescribed to take for this. Before I wrote this article I had a little search on digg , google, reddit and the usual, it seems like a few people have already discovered this amazing little idea/evidence/scienceifyouwill , and I feel suitably validated, and extremely relieved to be able to write this article saying

This could be a Placebo, but it worked for me, and seems documented elsewhere, time for me to make a migraine buster prototype, ahhhh another great project!

Read into this little gem as much as you like, but if you suffer from migraines, and don’t mind putting a pc speaker to your head and looking like a moron, then thats your doosy to migraine mishap medical magica because it certainly worked, and I think, will work again!

Just guess how many lawsuits microsoft have won with only your hands, its amusing..
Well in my last article I included some mock up graphics I made, here it is in its full glory. Hopefully my webhosting will stay up long enough for us all to get some satisfaction on this one.

Damnit somebody broke all the windows again

So you want to hack anonymously eh?
Firstly, I’m certainly not going to be held responsible for anything you do with this article, or indeed on any content you might read on my site. However, I’ve been making a little diagram to help map out how my computers on my local network talk to my gateway, which talks to my ISP provider. What if though, we borrowed next doors Wireless Network completely unsecured? Well, other than having a lot of fun we’d be breaking the computer misuse act. Hacking is a white colar crime but you still do hard time for it. So… anyway, you need some stuff:

Simple things

1. Laptop (preferably, because it looks cool) ;<
2. Clean HDD, all personal data removed, no personal data stays.
3. Putty or other SSH Client that supports Proxy Socks.
4. Friend (or not as the case may be) with a proxy.
5. Wireless Network Card for laptop (or pc respectively).

Ok, so you have all the parts you need, pretty much. Lets get started and connect to the wireless network next door. You are probably now (if you haven’t already been) considerng your target, this might be on a trusted network, Open Virtual Private Network or even a LAN off one of your SSH terminals. I’ve actually put together a really sweet diagram for you guys to look at.

Why use the proxy? Well, considering we’re using Wireless which is almost and completely untraceable, you might not want to use a proxy. It could just be a fast-track way to someone getting caught… Or you might be like me.. personally I find this interesting, beating a system is interesting. Trashing it…. is not, so I used a proxy (trusted) because it protects me (or my machine(s) ) from being detected immediately.

Its Time to SSH

but first look at this little diagram, infact, its massive, click on it for fullsize !
Right here we go, your all kitted up, you’ve got a working proxy with socks4 or socks5 and your going to use it to initiate your first SSH connection from your (probably) uber windows machine. If you have used the correct IP and port, login and password (+ set right IP authentication on the proxy SERVER side), you will be able to simply enter the first SSH session IP and port details, click Open/Connect, and authorise yourself.

If your using linux you will need to type something like this: