Category: "Background" does not take security very seriously

by Jon on April 7th, 2018
in Background

Hilarious news about T-mobile reported in DerStandard. A customer asked T-mobile support if they stored customers' passwords in clear text. Answer came back: of course we do as our employees need access to them. Customer then asked the following. does not take security very seriously

Oh dear. Not surprisingly this has spread, T-mobile in the USA has assured it's customers that it does encrypt

Hacking with Metasploit

by Jon on January 27th, 2018
in Background

Always fun to play with Metasploit. For those who don''t know it was an open source project but is now run by the company Rapid7. There are supported versions but there is a free version called Framework edition. It doesn''t have a graphical interface, but I am a real man and like using command line anway.

The help page is great.

In brief:

  • Set up metasploit on a Linux box (if you are a real hacker and use Kali linux it is of course included).
  • Choose an "exploit" - I used one based on an old java version
  • Find a Windows box which has an old java
  • Point the browser in the Windows machine at the web site on your metasploit
  • The machine is hacked! From the metasploit machine you can run scripts, copy files, take screenshots, even use the microphone and camera.

It works even if the Windows machine is patched (except for the one vulnerability you are working on) is firewalled, and has antivirus. It is a great demo to show people just how vulnerable their PC is.

Full story »