By the Gods, what have I become?

--Originally published at Miss F.

This week I decided to sneak in to a digital identity course that’s being taught by my security teacher Ken Bauer. My reasons behind this were to basically know what “regular” people  (by this I mean non-tech savvy people) are afraid of, what their doubts about the internet are and the reasons why they don’t feel safe online. This will give me a better perspective on what to talk about in this blog and how to talk about it.

Today’s day one and I’m writing this as we take the course, so I’ll talk a bit about the experience. We had a talk with Dave Cormier and people dared to ask several questions. Interestingly enough, all the questions so far have been completely related to security. Will hackers get me? Is my information safe? What do people generally steal from internet users? Will I ever get hacked?

questions

The answer to all of this was: you are always at risk.

Since the course is about digital identity, I will also talk about that. First of all, what is digital identity? It’s basically the way you represent yourself online. It’s how people will see you on social media. You may think “but it’s the internet, I can be whomever I want to be!” to that I say, of course you can! However be ready to face the consequences of that. Digital identity is similar to a tattoo. You choose the design and ink it in your body forever and ever. So, like a tattoo, be sure to create something you like, something that represents you and preferably something you aren’t ashamed of.

tattoo

Once you realize everything you do can be found by literally anyone, you can start worrying about all those terrible, terrible pictures from middle school. That bad hairdo will be

regretnothing
Continue reading "By the Gods, what have I become?"

All your passwords are belong to us

--Originally published at Miss F.

Passwords, the ones that keep our stuff safe. Or do they? In this particular blog post, I’ll be discussing the most known/common methods for cracking passwords.

magic word

It’s not uncommon for us to hear someone complaining about how an account of theirs was “hacked”. What they usually mean by that is that someone gained access to their profile and changed stuff while being there. In order to gain access into any system, you need to first crack the password. The following are 10 methods for obtaining someone’s password:

  • Brute-force
    • This is the most common method of them all. It consists of trying several alpha-numeric combinations until you get the right one.
    • It’s simple to program, but it can be very slow if your GPU isn’t your ally.
    • Examples of programs that use this methodology are:
      • Wfuzz
      • Medusa
      • Rarcrack

hacker glove

  • Dictionary
    • As its name says so, this method uses a file which contains words typically stored in a dictionary (and some others like the most used passwords) to search for the real password you’re trying to crack.
    • While it’s faster than the brute-force method, this one’s calculating time may vary from immediately to billions of years. This depends on the password’s length, combination and character usage.
    • Examples of programs that use it are:
      • Cain and Abel
      • John the Ripper
      • L0phtCrack
  • Rainbow Tables
    • Rainbow tables are a very elegant way for cracking a password. They consist of a series of lists of pre-compiled hashes (click the link to read more about hashing). These lists are the hashes of all possible password combinations for any hashing algorithm.
    • It takes way less time than the two previous methods, however it requires a LOT of GPU power. If a password is salted (with random extra characters), it may be impossible for a Rainbow Table to crack it.
    • giphy
      hackers mainframe
      surf
      strong_passwords_time
      Continue reading "All your passwords are belong to us"

My thoughts on the talk with Maggie

--Originally published at Mental Droppings of a Tired Student

For our second session, we had guest speakers come in and talk to us about different experiences they have had in their careers, predominantly with a focus on hacking and security of course.

Maggie shared with us her experience speaking in front of 2000+ people at Defcon about her  studies regarding GFCIs, disabling hairdryers using signals from a walkie-talkie.  She shared with us how she got her internship at Intel, how she worked with amazing people and how she was fortunate enough to transition to a job in the US under Intel as well. She even shared a bit of humorous personal experiences that related to her work and inspired her to continue to work on what she loved.

The only fault I found in her talk was that it was hard for me to relate, her story seemed like a fairy tale and I’m sitting over here like “wow it must be cool to have your life together”. So I started thinking, why would the teacher ask us to stand up and scream “It’s okay to fail”, and follow it up with a story of success?

cpqir25vuaa6b34
Maggie at Defcon (taken from her twitter account)

In the q&a session, I decided to take the opportunity to ask her to share a story of failure, so that an underachiever such as myself could relate. I think my delivery of such request came off a little more coarse than I intended. It wasn’t my intention to come off as such a Debbie downer, but it kind of comes natural to me. Hopefully my question wasn’t as memorable.

tumblr_lk8lx0z2ty1qe9igxo1_1280

In response to my request she spoke about how it’s okay to feel like a failure because it means you are constantly improving and shows your will to keep learning and bettering yourself. I had never thought

Continue reading "My thoughts on the talk with Maggie"