





My laptop is used as a cover in the velocity status page.
http://status.velocity.uwaterloo.ca/
Interesting!
Desire to Learn has poorly designed website. It doesn't scale well to higher resolution.
Example:
I attempt to fix this to something easier to read, into this:
Two changes I made: (1) Block the useless navigation bar which takes up vertical estate using AdBlock. (2) Resize the webpage into full width using a userscript (Tamperscript for Chrome people).
(2)
The source is here https://userscripts.org/scripts/show/390544
Read about an interesting article on Phrack regarding a heuristic algorithm for detection of similar objects.
http://www.phrack.org/issues.html?issue=68&id=15#article
Found a tool here for comparing Android APK similarities.
https://code.google.com/p/elsim/wiki/Similarity#Android
Will try this out sometime, on comparing my code with similar code - this is basically plagiarism software.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
TCP 32764 Backdoor
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
by Jason
Jan. 24, 2014
AKA Rooting Routers for Fun
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Firstly, I apologize, this is a little dated, but I think it is extremely interesting and worth sharing about. Unlike most other security related articles that just document an attack and tell the story in the past tense -this is an active, vulnerable, exploitiable backdoor.
About a month ago, a backdoor was discovered[1] on a Linksys WAG200G router. There is a process that listens in on port 32764, and it allows free access to many hosts on the internet. No patches are available, as this is an older router that is out of maintainence. The backdoor doesn't have any kind of authentication and allows some very dangerous commands[2], like giving access to a remote root shell, dump wifi, PPPoE creditials, and file copy! It's unclear as to what caused this backdoor, only that the program is in thefirmware itself. This vulerability is interesting because it's currently active and people are just figuring out how to systematically attack it[4].
Continue reading
Discovered this great free VPN service called spotflux - it is so easy to use. On public networks, every website you visit can be tracked - VPN tunnels your traffic to spotflux servers. Though - the price you pay is having ads getting injected into unsecured html (http).
For example, there is a black rectangle. For me, it looks like this (with adblock enabled):
Image compression using a discrete Fourier transform in matlab. We can compress a lot and still have excellent picture. I.e. drop ratio of 70% and still good quality.
Tutorial on hacking an Android APK file, which is an android app file, we decompile, hack it, and recompile. I will go through the setup and basic commands.
Apps in Android have an extension of .apk format - which is basically a special .zip container that is signed with a certificate. The signer could be somebody like Google Apps Store. The idea is that modifying the .apk file means the signature is invalidated, to prevent installation of modified apps.
The main line of defence from installing malicious APK files is to make sure they are downloaded from the Google Apps Store. But once the APK (app) is in the users’ hands, it is unprotected. Most premium apps can be rooted, so ripping apps is easy.
Came across a resort with this lame login page prompting the user to purchase access.
Ended up purchasing access. Hell, I don’t have my iodine server setup or anything. Will have to remember to do that before going out to resorts with lame $30 charges for 7 days of horrible net.
After purchasing access, the AT&T server basically records your MAC address and allows it for access for the next X amount of time you purchased it.
The obvious solution is to use a program like Virtual Router and create a local hotspot with the machine that was purchased access as host. But for some odd reason, mine didn’t work!
Continue reading