On 4 May 2010 18:36, Larry Pesce <[email protected]> wrote: > He is, and I know of....I mean Bob knows of a setup similar to this. > I'll see if I can get Bob to share his properly sanitized Asterisk > config to do so.
That would be good. > > - L > > > > On 5/4/10 10:45 AM, Chris Clymer wrote: >> Im assuming Mick is referring to Asterisk >> >> ------------------------- >> securityjustice.com <http://securityjustice.com> | >> <http://chrisclymer.com>chrisclymer.com <http://chrisclymer.com> >> >> >> On May 3, 2010, at 11:37 PM, Michael McGrew <[email protected] >> <mailto:[email protected]>> wrote: >> >>> Michael, >>> >>> I remember hearing about that software on a PDC episode. It has a >>> name, do you know what that is? It was either the name of the software >>> or they just gave the "attack" a catchy name. >>> >>> Thank you >>> >>> On Mon, May 3, 2010 at 7:00 PM, Michael Douglas < >>> <mailto:[email protected]>[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> I got a little late to the party... this is *not* a hack, but it shuts >>> everyone the hell up because it scares them. And I've never had any >>> follow up questions >>> >>> Here's what you do. It costs a few dollars (pounds in your case >>> right?), but it's so worth it. ssh into a server that's running some >>> form of VoIP software. (skype can work for you i suppose, but I don't >>> know CLI for skype) Setup a call group that has the phone number of a >>> good amount of people at the party... the more numbers you have, the >>> better. Have the VoIP software call the group all at once (the PC to >>> phone rate is where you have to spend $) ... all phones ring at the >>> same time. Even stranger, when they answer the call, they are all >>> talking to each other. Warning: the effect is highly creepy. I >>> thought folks would think it was funny (cause it is!) but it really >>> freaked everyone out. >>> >>> That said, I tend to laugh off the "prove it" requests, unless it's >>> some hot girl... in which case I wake up from my pleasant dream and >>> remember there are no parties where hot ladies are asking anyone to >>> show 1337 skills. ;-) >>> >>> - Mick >>> >>> >>> On Mon, May 3, 2010 at 5:27 PM, Robin Wood < >>> <mailto:[email protected]>[email protected] >>> <mailto:[email protected]>> wrote: >>> > Thanks for all the suggestions, I think I like this one the best, I >>> > might set something up on a site so I can access it from my >>> phone. Tie >>> > this with an SMS service I've got that lets me specify the sender >>> > number I could have some fun. Email and SMS the person from someone >>> > else in the room. >>> > >>> > Robin >>> > >>> > On 3 May 2010 20:55, Andrew Ellis < >>> <mailto:[email protected]>[email protected] >>> <mailto:[email protected]>> wrote: >>> >> A trick I've used for a while is keeping a protected email spoofing >>> >> form on my web server. That way when I'm asked to "demo" my >>> skills, I >>> >> can simply send the person an email from theirself or the like. >>> >> >>> >> This has the advantage of looking pretty cool to laymen and, as >>> far as >>> >> I know, isn't illegal. >>> >> >>> >> It's definitely not a "1337 hack" but it's a nice way to show the >>> >> types of things that can be done without getting in too much >>> trouble. >>> >> >>> >> -Andrew >>> >> >>> >> On 5/3/10, Chris Clymer < >>> <mailto:[email protected]>[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Rather than a live demo, better tactic might be telling a >>> story about >>> >>> a vulnerability in joe sixpack terms. The pizza coupon thing >>> >>> (dominos?) a few months back is a good example. >>> >>> >>> >>> I see a lot of downsides to letting folks at a party pressure >>> you into >>> >>> a live demo. You are basically allowing strangers to SE you. >>> If you >>> >>> show a successful demo, you just know the next question will >>> come: so >>> >>> can you hack into so-and-so's facebook account? ;) >>> >>> >>> >>> When you consider the potential for demo fail too, this is >>> really a >>> >>> lose/lose situation :( >>> >>> >>> >>> ------------------------- >>> >>> <http://securityjustice.com>securityjustice.com >>> <http://securityjustice.com> | >>> <http://chrisclymer.com>chrisclymer.com <http://chrisclymer.com> >>> >>> >>> >>> >>> >>> On May 3, 2010, at 11:54 AM, Robin Wood < >>> <mailto:[email protected]>[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> >>> >>>> Hi >>> >>>> At a party the other day I was asked the normal question of >>> what do I >>> >>>> do for a living. I said security and kept it a bit vague but was >>> >>>> pressed so explained what pen-testing is and roughly what I >>> do. I then >>> >>>> got the challenge, prove it, prove you can hack a company. >>> >>>> >>> >>>> People would say to a dentist, prove you can do a filling but >>> this >>> >>>> person insisted they wanted a demo. I explained the >>> legalities and >>> >>>> finally fobbed them off and got away but it got me thinking, has >>> >>>> anyone got any good party tricks that they can pull in this >>> kind of >>> >>>> situation that give an instant wow but are easy to do and >>> legal? Not >>> >>>> quite legal but I was thinking if I knew any big sites with XSS I >>> >>>> could rewrite but none came to mind at that time. >>> >>>> >>> >>>> Robin >>> >>>> _______________________________________________ _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
