Category Archives: IT Security

IT Security-The small amount I know.

Cain and Abel-MAC scan

Posted on by

Running Windows 7 64bit Ultimate and attempting a MAC scan via WIFI and getting this issue

C&A Error

Looks to be an issue with Cain and Abel according to this thread

http://oxid.netsons.org/phpBB3/viewtopic.php?f=8&t=4222

So to fix it edit the registry as this

That’s pretty strange… you are running Cain with administrative privileges right? If so, you can try editing the value directly in the registry. It’s located under HKEY_CURRENT_USER/Software/Cain/Settings within your registry. ensure Spoofing is set to 0.

Potential PayPal/Ebay scam

Posted on by

Searching through PayPal forum to an answer to my question on removing my credit card I noticed this comment

customer friendly business processes are rare in the UK and Paypal is unfortunately no exception.

I have two credit cards registered, one was stolen and the replacement card is already confirmed.

Still Paypal supposes that a stolen credit card can be a funding back-up.

As a bank their business processes are designed by marketing aspects rather than logic, sense, and customer satisfaction. Generally Paypal restricts everything possible and arguments with security reasons even where it is obvious that they want to make some extra bucks over using their costly support lines to full capacity.

However, I will not call, and leave it to Paypal to identify invalid cards.

BTW, recently I helped a fellow ebayer to exploit a rather stupid security flaw in the Paypal ebay interface:

A seller had a writing mistake in her Paypal associated email address from hotmail. So Paypal grabbed the money, well knowing that the seller’s email address is unknown to them, and the transaction couldn’t be finished.

Don’t expect that they informed me by email, of course not, Paypal added this “unclaimed” money to their assets and leaves it to the “merchants” to find out why the ebay deal couldn’t be finalized.

However, I just registered an hotmail account with the erraneous name and gave the seller the password to register the new email address as additional Paypal payment email. The money just moved in an instant…

Note that anyone could create and add these email addresses to their Paypal associated payment addresses.

One should think every beginner in application development would start with verifying email addresses but not so a bank who relies most of its business on online applications, very strange… and frightening.

Best regards,

TheGerman

If true, that’s not exactly secure.

WEP Cracking using BackTrack 4

Posted on by

Little vid I created to show how easy it is to crack WEP. Shockingly people still have WEP set on their WIFI setups. You need to change it to WPA2 ASAP.

This vid is for educational purposes only as it’s illegal to crack anyone’s WIFI unless you have permission.

WPA and WPA2 is a lot harder to crack if you use a strong password as it requires a dictionary attack. If your password isn’t in their dictionary because you made it strong with special characters etc, then it will be harder for someone to crack.

You have to remember that you may think “So what if someone gets on my router. If they just download the odd e-mail then so be it.” Problem is once they are on, they can download anything. What with the new Copyright Bill act in place, they could download a Hollywood movie and it would trace back to your IP. You’re the one that would get the warning letters not them. Your internet connection is the one that would get cut off, not theirs. Also once they are on your network, they can perform a Man in The Middle Attack (mentioned in my other security posts). They could then intercept your banking details, e-mail login details and more. They could also, even jump onto your PC without you even knowing about it.

I’ll add more to these notes later when I can be bothered. To explain the commands and what it’s all doing.