Michael, I remember hearing about that software on a PDC episode. It has a name, do you know what that is? It was either the name of the software or they just gave the "attack" a catchy name.
Thank you On Mon, May 3, 2010 at 7:00 PM, Michael Douglas <[email protected]> wrote: > I got a little late to the party... this is *not* a hack, but it shuts > everyone the hell up because it scares them. And I've never had any > follow up questions > > Here's what you do. It costs a few dollars (pounds in your case > right?), but it's so worth it. ssh into a server that's running some > form of VoIP software. (skype can work for you i suppose, but I don't > know CLI for skype) Setup a call group that has the phone number of a > good amount of people at the party... the more numbers you have, the > better. Have the VoIP software call the group all at once (the PC to > phone rate is where you have to spend $) ... all phones ring at the > same time. Even stranger, when they answer the call, they are all > talking to each other. Warning: the effect is highly creepy. I > thought folks would think it was funny (cause it is!) but it really > freaked everyone out. > > That said, I tend to laugh off the "prove it" requests, unless it's > some hot girl... in which case I wake up from my pleasant dream and > remember there are no parties where hot ladies are asking anyone to > show 1337 skills. ;-) > > - Mick > > > On Mon, May 3, 2010 at 5:27 PM, Robin Wood <[email protected]> wrote: > > Thanks for all the suggestions, I think I like this one the best, I > > might set something up on a site so I can access it from my phone. Tie > > this with an SMS service I've got that lets me specify the sender > > number I could have some fun. Email and SMS the person from someone > > else in the room. > > > > Robin > > > > On 3 May 2010 20:55, Andrew Ellis <[email protected]> wrote: > >> A trick I've used for a while is keeping a protected email spoofing > >> form on my web server. That way when I'm asked to "demo" my skills, I > >> can simply send the person an email from theirself or the like. > >> > >> This has the advantage of looking pretty cool to laymen and, as far as > >> I know, isn't illegal. > >> > >> It's definitely not a "1337 hack" but it's a nice way to show the > >> types of things that can be done without getting in too much trouble. > >> > >> -Andrew > >> > >> On 5/3/10, Chris Clymer <[email protected]> wrote: > >>> Rather than a live demo, better tactic might be telling a story about > >>> a vulnerability in joe sixpack terms. The pizza coupon thing > >>> (dominos?) a few months back is a good example. > >>> > >>> I see a lot of downsides to letting folks at a party pressure you into > >>> a live demo. You are basically allowing strangers to SE you. If you > >>> show a successful demo, you just know the next question will come: so > >>> can you hack into so-and-so's facebook account? ;) > >>> > >>> When you consider the potential for demo fail too, this is really a > >>> lose/lose situation :( > >>> > >>> ------------------------- > >>> securityjustice.com | chrisclymer.com > >>> > >>> > >>> On May 3, 2010, at 11:54 AM, Robin Wood <[email protected]> wrote: > >>> > >>>> Hi > >>>> At a party the other day I was asked the normal question of what do I > >>>> do for a living. I said security and kept it a bit vague but was > >>>> pressed so explained what pen-testing is and roughly what I do. I then > >>>> got the challenge, prove it, prove you can hack a company. > >>>> > >>>> People would say to a dentist, prove you can do a filling but this > >>>> person insisted they wanted a demo. I explained the legalities and > >>>> finally fobbed them off and got away but it got me thinking, has > >>>> anyone got any good party tricks that they can pull in this kind of > >>>> situation that give an instant wow but are easy to do and legal? Not > >>>> quite legal but I was thinking if I knew any big sites with XSS I > >>>> could rewrite but none came to mind at that time. > >>>> > >>>> Robin > >>>> _______________________________________________ > >>>> Pauldotcom mailing list > >>>> [email protected] > >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >>>> Main Web Site: http://pauldotcom.com > >>> _______________________________________________ > >>> Pauldotcom mailing list > >>> [email protected] > >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >>> Main Web Site: http://pauldotcom.com > >>> > >> > >> > >> -- > >> Andrew > >> http://blog.psych0tik.net > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
