Turn on thread page Beta
    Offline

    14
    (Original post by Dez)
    Nope. Think closer to home. :awesome:
    Acumen PI? :holmes:
    • PS Helper
    • Wiki Support Team
    Offline

    14
    PS Helper
    Wiki Support Team
    (Original post by Tathrim)
    Your sanity?

    In all seriousness, what've you been meaning to replace but not gotten around to doing so?
    :dontknow: I don't think I need to replace anything, tbh.

    (Original post by Dez)
    Same here. :moon: I have about £150 in Amazon vouchers lying about, and no idea what I should do with them. Hmm.
    £150 :eek2:

    (Original post by alexsheppard11)
    Seagate and WD hard drive prices are going up, so get them now
    I don't need any HDDs :emo: Why are the prices going up out of interest?

    (Original post by Dez)
    My vouchers will have expired by then probably. :p:

    Incidentally, I have a new job starting soon. You'll never guess where. :holmes:
    TSR?
    • TSR Group Staff
    Offline

    20
    ReputationRep:
    TSR Group Staff
    (Original post by ch0llima)
    Acumen PI? :holmes:
    Give the man a medal. :top:

    I'd have thought it'd be the first thing to spring to mind, don't you all spend your lives on here yet? :p:
    Offline

    1
    ReputationRep:
    (Original post by secretmessages)
    I don't need any HDDs :emo: Why are the prices going up out of interest?
    I think it was due to flooding in/around their Thailand factory
    Offline

    14
    ReputationRep:
    Bright sparks.

    My dissertation is on ecurity related issues regarding different peer groups and data loss. Doing a bit of research into it, however what would you guys say is best...

    I have a router and have my two laptops connected to it wirelessly. Laptop 1 will be my laptop and laptop 2 will be the target laptop.

    What is the best way to get the password for a hotmail account on laptop 2 (Note: I've already done and then ousted keylogging).
    The network is secure, but both laptops are connected.
    I am thinking of packet sniffing (not really in the know with packet sniffing, no idea how to use WireShark).
    What do you guys think?
    Offline

    14
    (Original post by Dez)
    Give the man a medal. :top:

    I'd have thought it'd be the first thing to spring to mind, don't you all spend your lives on here yet? :p:
    You'll get a nice red user title and a two character username then? :holmes:

    'Grats d00d, I need to start looking for graduate level employment :emo:

    (Original post by Puma)
    Bright sparks.

    My dissertation is on ecurity related issues regarding different peer groups and data loss. Doing a bit of research into it, however what would you guys say is best...

    I have a router and have my two laptops connected to it wirelessly. Laptop 1 will be my laptop and laptop 2 will be the target laptop.

    What is the best way to get the password for a hotmail account on laptop 2 (Note: I've already done and then ousted keylogging).
    The network is secure, but both laptops are connected.
    I am thinking of packet sniffing (not really in the know with packet sniffing, no idea how to use WireShark).
    What do you guys think?
    Well, Hotmail is SSL secured (at least in Europe) so immediate packet inspection is out of the window as it'll all be encrypted. Packet sniffing is a good start, however - I'm not going to give you any major hints but look into a tool called "SSLStrip" and research Man-in-the-Middle attacks if you haven't learned about those already.

    That would be my first guess
    Offline

    2
    ReputationRep:
    (Original post by Puma)
    Bright sparks.

    My dissertation is on ecurity related issues regarding different peer groups and data loss. Doing a bit of research into it, however what would you guys say is best...

    I have a router and have my two laptops connected to it wirelessly. Laptop 1 will be my laptop and laptop 2 will be the target laptop.

    What is the best way to get the password for a hotmail account on laptop 2 (Note: I've already done and then ousted keylogging).
    The network is secure, but both laptops are connected.
    I am thinking of packet sniffing (not really in the know with packet sniffing, no idea how to use WireShark).
    What do you guys think?
    Given that hotmail now uses https by default and you specified you want the password without keylogging, you're looking at ssl man in the middle attack I think.
    never mind
    This isn't very easy.
    You can actually do it locally with programs like fiddler and it demonstrates the basic technique - it feeds you its own certificate (which you will get warned about with an invalid certificate error), decrypts the traffic, logs it, encrypts it and forwards it on.

    Doing it with wireshark has the added complication that you need to make the target computer believe that you're the router/server (i.e. with ARP, dns spoofing (?)), you need to do all the certificate and forwarding stuff yourself and so on.

    I tried it once but quickly found I just couldn't be bothered.

    Reference one - http://wiki.wireshark.org/SSL (general overview of ssl capture)
    Reference two - http://htluo.blogspot.com/2009/01/de...wireshark.html (wireshark ssl man in that middle that assumes you know the private key (which you don't))
    Reference three - http://www.backtrack-linux.org/forum...l-packets.html (quite an old reference for backtrack linux, so some commands may be unfamiliar) - if you get what's going on here then you'll be off for a reasonable start.

    If you do manage to get it working or find a better tutorial I'd be very interested...

    Sslstrip looks like a very elegant way of doing it :holmes:
    I guess comparing mine and ch0llima's posts is a good demo of the movement of the security field and why non-experts are useless.
    Offline

    14
    ReputationRep:
    The password am looking for is also for social networking, Facebook account (and oddly a Caravan forum: don't ask...).

    I'll look into man in the middle. I have four days to come up with a viable option to present to my lecturer
    • PS Helper
    • Thread Starter
    Offline

    0
    ReputationRep:
    PS Helper
    :emo:

    I come to you guys as my last resort to figure out an idea for a honours project idea... I'm supposed to be working with Kinect but I'm stumped for any innovative ideas...

    Anyone?
    • PS Helper
    • Thread Starter
    Offline

    0
    ReputationRep:
    PS Helper
    (Original post by Puma)
    The password am looking for is also for social networking, Facebook account (and oddly a Caravan forum: don't ask...).

    I'll look into man in the middle. I have four days to come up with a viable option to present to my lecturer
    There's 'man in the browser' as well.
    Offline

    2
    ReputationRep:
    (Original post by mikeyd85)
    :eek3:

    No way! I really like the look of their price. So long as it's root-able I'll be fine with it
    $200 bounty for a reversible root and $800 bounty for Honeycomb/ICS ROM
    Offline

    14
    ReputationRep:
    My lecturer reckons Packet Sniffing is the easiest option. Anyone know of a simple packet sniffer which works over wireless networks and can get encrypted information?
    Offline

    15
    (Original post by spikeymike)
    :emo:

    I come to you guys as my last resort to figure out an idea for a honours project idea... I'm supposed to be working with Kinect but I'm stumped for any innovative ideas...

    Anyone?
    How good is Kinect at facial recognition? You could have some sort of set up going where it unlocks a door when it sees someone (like those floor sensitive sensors), or unlocks for specific authorised people when it recognises them -without swiping a card or ID, and it doubles up as a camera.

    Don't know much so I don't know if you're looking for something very Tech specific.
    • PS Helper
    • Thread Starter
    Offline

    0
    ReputationRep:
    PS Helper
    (Original post by Ape Gone Insane)
    How good is Kinect at facial recognition? You could have some sort of set up going where it unlocks a door when it sees someone (like those floor sensitive sensors), or unlocks for specific authorised people when it recognises them -without swiping a card or ID, and it doubles up as a camera.

    Don't know much so I don't know if you're looking for something very Tech specific.
    Yeah, I was thinking about facial recognition, not sure, need more research.

    Only problem with facial recognition and doors, is that... what happens if you're in a group, and 1 person of that group isn't allowed? He/She would probably be able to get in unless you implemented one of those things you get train stations. The 3 pronged thing that rotates as you walk through.

    Edit:
    or the Dundee library. :p:
    Offline

    0
    ReputationRep:
    (Original post by Puma)
    My lecturer reckons Packet Sniffing is the easiest option. Anyone know of a simple packet sniffer which works over wireless networks and can get encrypted information?
    http://www.wireshark.org/ maybe?
    Offline

    2
    ReputationRep:
    Wow, only 50 posts before thread close :eek:

    (Original post by Puma)
    My lecturer reckons Packet Sniffing is the easiest option. Anyone know of a simple packet sniffer which works over wireless networks and can get encrypted information?
    See the expand box in my post above - http://www.thestudentroom.co.uk/show...postcount=9943
    It's a little incoherent but might help you get started.
    Note that you cannot be completely passive (i.e. just sniff). You'll need to inject something to be able to get a foot in the door of the ssl encryption.
    Offline

    14


    Probably a repost, but I do like it

    That will let you see the traffic, but it will still be encrypted.

    SSLStrip (as I said above) is a good starting point and I've had it working. I was able to sniff traffic on my network at home and recover my own GMail password from the passing traffic - it seems Google aren't hashing the password before transmission, just bundling up the plaintext in the encrypted stream (or at least this was the case a while ago).
    • PS Helper
    • Thread Starter
    Offline

    0
    ReputationRep:
    PS Helper
    PC help ty.

    http://www.thestudentroom.co.uk/show...9#post34564249
    • PS Helper
    • Wiki Support Team
    Offline

    14
    PS Helper
    Wiki Support Team
    Will this allow me to connect two Ethernet cables as if it was just one long cable? It's too late because I've already bought it (cheap..), but I'm just wondering if it'll actually do what I want it to.

    -- edit --

    I don't think I want to know why Amazon are recommending me epilators :indiff:
    • TSR Group Staff
    Offline

    20
    ReputationRep:
    TSR Group Staff
    (Original post by secretmessages)
    Will this allow me to connect two Ethernet cables as if it was just one long cable? It's too late because I've already bought it (cheap..), but I'm just wondering if it'll actually do what I want it to.
    :yep:

    (Original post by secretmessages)
    -- edit --

    I don't think I want to know why Amazon are recommending me epilators :indiff:
    :lolwut:

    Very interesting first day at TSR HQ, some interesting things happening, very interesting. :holmes:
 
 
 
The home of Results and Clearing

1,340

people online now

1,567,000

students helped last year
Poll
A-level students - how do you feel about your results?

The Student Room, Get Revising and Marked by Teachers are trading names of The Student Room Group Ltd.

Register Number: 04666380 (England and Wales), VAT No. 806 8067 22 Registered Office: International House, Queens Road, Brighton, BN1 3XE

Write a reply...
Reply
Hide
Reputation gems: You get these gems as you gain rep from other members for making good contributions and giving helpful advice.