StevenWhiting.com

A place for info I've learnt in IT & stuff. (I get a little kick back from affiliate ads & links, just so you are aware)

Browsing Posts published in May, 2010

In notepad type

dsadd user “cn=%1, ou=OUName, dc=YourDomain, dc=YourSuffix” -fn %2 -ln %3 -pwd fred -mustchpwd yes

Save as a bat file.

cn = command name (user name)
fn = first name
ln = Last name

Everything in bold you replace with your own info.

Name the file whatever, like adduser.bat

Example:

adduser testdummy Test Dummy

Would add the user Test Dummy

Problem:

Windows 7 64 is now installed. Works fine. You do a restart and it goes past post then black screen then slight white washed black screen as if it’s going to load Windows 7 logo but doesn’t. Just stays there. No errors.

Turn off and on again and it’s fine. It’s only if you do a restart.

Fix:

“In bios, advanced, power on options, try setting post mode to either Clear Memory or FullBoot.
I had the same restart issue and the above change resolved it.”

I set it to clear memory and it’s fixed it.

http://techierambles.blogspot.com/2008/09/outlook-2007-stuck-disconnected.html

Chris Conway Statement

Chris Conway Statement

Chris Conway Statement

Yes I know it don’t fit in the post but still 🙂 I’ve put a link to the image above.

I hate Mediums. They prey on the weak and gullible for money. This guy is just as bad. But its interesting here that he criticizes Most Haunted now he’s lost his contract with them. Most Haunted clearly having something to hide, had him remove it from his site. They forgot about Google Cache. It’s gone from that now too but I got a pic before it went.

Part 1

Part 2

Little vid I created to show how easy it is to crack WEP. Shockingly people still have WEP set on their WIFI setups. You need to change it to WPA2 ASAP.

This vid is for educational purposes only as it’s illegal to crack anyone’s WIFI unless you have permission.

WPA and WPA2 is a lot harder to crack if you use a strong password as it requires a dictionary attack. If your password isn’t in their dictionary because you made it strong with special characters etc, then it will be harder for someone to crack.

You have to remember that you may think “So what if someone gets on my router. If they just download the odd e-mail then so be it.” Problem is once they are on, they can download anything. What with the new Copyright Bill act in place, they could download a Hollywood movie and it would trace back to your IP. You’re the one that would get the warning letters not them. Your internet connection is the one that would get cut off, not theirs. Also once they are on your network, they can perform a Man in The Middle Attack (mentioned in my other security posts). They could then intercept your banking details, e-mail login details and more. They could also, even jump onto your PC without you even knowing about it.

I’ll add more to these notes later when I can be bothered. To explain the commands and what it’s all doing.

A quality and great interview with Richard Dawkins and Derren Brown. Explains so much, about cold reading, bullshit shows like Most Haunted and more. Best one is part 4 at 5:35. He’s talking about Most Haunted as I remember that episode. Most Haunted is fine if you look at it as entertainment. When it becomes an issue is if you base your beliefs on the message it puts across.

Oddly part 3 is blocked even though I’m in the UK. So I used www.hidemyass.com which is a US proxy which then oddly works.

Derren Brown Interview with Richard Dawkins

Yeah a new one

The best videos on YouTube.

🙂

Dan and Dan’s blog

Dan and Dan Films

Same idea as the other security flaw I found. The change password page I thought would at least be secure but it appears, even this page, Twitter is sending the passwords out in plain text instead of encrypting them.

Here the new password appears in the Username field of NetworkMiner. People may wonder what’s the use without a user name for these passwords. Well using other tabs in NetworkMiner you can get the username as well but I just never bothered to show that. Also, a lot of people have a bad habit of using the same password on other sites. So if someone gets your password for Twitter and you’re using it for, say, your googlemail account. If they find out your e-mail address then they’ll be able to get into that as well.

Further testing I changed the http to https before typing in the password. It’s making no difference. The password is still picked up by Wireshack and NetworkMiner. Meaning Twitter is sending the passwords in plain text.

I’m crap at explaining stuff so for a better and easier to understand explanation of a Man in The Middle Attack, check out Hak5’s vid

http://www.youtube.com/watch?v=N86xJpna9Js

UPDATE:

netresec.com used this video on their blog and said they reported this issue to Twitter security and got a swift reply. Good on them, but fuckers at Twitter never replied to me when I originally reported this. Besides, took them months to fix this which isn’t good.