For those of you who are using the latest and greatest version of Firefox or IE, you will notice up in the search bar an option to add Google Search by DCoT. Now, this is not some amazing new search engine. In fact, it is the same old results that you get from your regular Google. But, there are three differences:
I have been spending some time working on a network analysis system and I have been slowly adding different tools to the system. I have a lot of the basics such as wireshark, ettercap, dsniff, and kismet but I wanted a little something for the VoIP side. This is when I ran across UCSniff.
UCSniff is an exciting new VoIP Security Assessment tool that leverages existing open source software into several useful features, allowing VoIP owners and security professionals to rapidly test for the threat of unauthorized VoIP Eavesdropping. Written in C, and initially released for Linux systems, the software is freely available for anyone to download, under the GPLv3 license. Some useful features of UCSniff that have been combined together into a single package:
Allows targeting of VoIP Users based on Corporate Directory and/or extensions
Automatically re-creates and saves entire voice conversations to a single file that can be played back by media players
Support for G.722 and G.711 u-law compression codecs
Automated VLAN Hop and Discovery support
A VoIP Sniffer combined with a MitM re-direction tool
Monitor Mode
Sniffs entire conversation if only one phone is in source VLAN
This looks to be pretty cool. Especially if I can get a directory of users from the PBX and then select who to listen in on (which it appears that it can do according to the screenshots)!
I have been noticing lately that my eyes feel like they are burning coals simmering inside my skull. I’m sure the 18 hours a day behind a computer screen has something to do with it! So, I started experimenting with some different tools and techniques to at least reduce, if not eliminate, the issue.
Change Your Work Area
Sometimes, the biggest problem is our work area. Here are a few things that you can tweak in your work area to make your eyes happier:
Set the screen at an angle that allows you to work without bending your neck
Make sure there is as little glare on the screen as possible
Increase the font size that you are using on the screen
Make sure your work area is well lit
Get a bigger screen
Make sure the air is moist enough in your work area
If using a laptop, use an external monitor, keyboard and mouse whenever possible
Switch to a desktop, if possible, as they cause less eye strain than laptops
Keep the screen dust free
Do not put the computer in a position where the light behind the monitor or screen is brighter than the screen itself
Turn on ClearType if your are using Windows
Use an appropriate refresh rate. Some refresh rates create “harmonic” waves with fluorescent lights. Generally, the faster the refresh rate, the better
Work in full screen mode
Give Your Eyes A Break
Here are some ideas for an “eye break”:
Take a break every 20 minutes for 2-3 minutes
Frequently look at something that is more than 20 feet away
Blink! It is amazing how often we forget to blink, especially when we are under stress, regardless of whether it is real (panicking while trying to get that crashed server back up) or created (you are so close to breaking your record on Ms. PacMan)
Don’t use your computer for more than two hours at any sitting
Get Your Computer to Help
Here is some software that I have found which will help you to relieve eye strain and make you feel better:
F.lux
I distinctly remember once firing up my laptop on a road trip. It was about 11 at night and we were in the middle of nowhere. The sky was cloudy and there was no other traffic on the road. As I flipped open my laptop in the back of the van, I felt like the Nazis at the end of Raiders of the Lost Ark! The screen was so bright it took nearly ten minutes for my vision to return.
Essentially, the brighter the surrounding light, the brighter and cooler your screen should. So bright and cool at noon, darker and warm at midnight.
I found a great little program called F.lux that will do this automatically for you. Based on the time of day and your physical location on the planet, it will slowly change the color and brightness of your monitor. They even claim that it will help you to sleep better!
EyeDefender
When you are busy debugging that code or killing zombies, it is hard to remember to stop and give your eyes a break. EyeDefender will gently remind you to put down the gun, give the zombies a breather, and let your eyes rest. It can perform a number of actions including:
Displays pictures in a predefined folder;
Runs the visual training to relax the eyes;
Runs a default screensaver;
Displays a popup timed reminder in the system tray
Sometimes it takes the worst of situations to bring out the best in us. This is what happened to me the other day. A woman comes into the office that I work in, obviously quite distraught. We quickly discover that she is the widow of a popular local doctor whom recently passed away suddenly. She was carrying with her a laptop and was looking for some help.
It appears that when her husband passed away, he did not leave a record of the user names and passwords for his laptop and there was a lot of information on the system that she would be needing in the near future. She was hoping that we could help. Of course we could.
We Hate F8! We Hate F8!
Initially, I assumed that the users would not have changed the default administrative password from blank. So, all I needed to do was use F8 when booting, go into safe mode, then create a new account with administrative access.
Unfortunately, F8 was disabled on the system and the only way to enable it was to log into Windows. Time to look for something else.
Linux To The Rescue…NOT
My next reaction was to try one of the Linux based password recovery tools. There are a number of boot CDs out there that boot a small Linux kernel and then attempt to recover the password. After trying two different boot CDs, I quickly came to the realization that Linux was going to be of no help this time around.
It just so happens that this was no ordinary laptop. This laptop was a Dell XPS M1730. And, it came with dual hard drives running off a RAID array using the Intel Matrix Storage Manager. And, it had no Linux drivers.
Ask Bart
So, how was I going to proceed. It was obvious that there was no way to get access from a download and boot Linux CD. Then I thought of Bart. Since BartPE creates a self-contained bootable Windows CD, this might do the trick!
A copy of Windows XP Pro with Service Pack 1 (Sorry, you’re on your own for that one)
I installed the BartPE package to C:\pebuilder3110a on my hard drive. Then, I extracted the drivers that I got from the Dell website and placed them in the C:\pebuilder3110a\drivers\SCSIAdapter folder in a directory called iastor. The \drivers\SCSIAdapter folder is where you can put any number of non-standard drivers that will automatically load then you boot the BartPE CD. (For more information on the on adding drivers to a BartPE CD, see their Adding drivers page.) I then proceeded to create the BartPE image and burn it to CD.
Getting the Files
The next step was to get access to the laptop. I put my newly minted CD into the laptop and booted the machine from it. Everything worked like a charm and on first try, too! (That almost never happens for me!) I was able to access the files on the RAID array without any problem.
Now, I could probably have stopped here and copied the files that were needed to a USB drive or even burned them to a CD/DVD. But, I wanted to provide full access to the system so that they would not have to keep coming back to me for help whenever they wanted to get something off the computer. I would have to get the passwords for her.
All Your Passwords Are Belong To Us
To start the process of password recovery, I needed to get a few things:
I booted the laptop one again with the BartPE disk and made sure the USB flash drive was available to the system on boot up.
Next, I started to look through the system and I searched for two files:
C:\Windows\System32\config\SAM
C:\Windows\System32\config\SYSTEM
I copied these two files over to the flash drive, took out the flash drive and shut down the computer.
I then installed ophcrack on my other computer and installed the Vista tables.
Next, I used the Encrypted SAM option to load the files into ophcrack. It immediately recognized all of the accounts that were on the system. It also indicated that the Administrator account and the Guest account had blank passwords. That means that if F8 had been available, I could have gotten into the system in Safe Mode (stupid F8).
So, I started the password recovery process and DING! 29 seconds later I had all of the passwords for the three other accounts on the system. I tried all three and they all worked.
Looking back at the passwords now and the hints that were given in Windows for the passwords, I was on the right track to guessing them but this was a much quicker process.
Lessons Learned
Through all of this, I have learned some lessons about security, passwords, and computers:
Unless you encrypt your hard drive or use some other form of access other than a password (e,g, biometrics, smart card, etc.), it is relatively trivial for someone to get your passwords if they have physical access to your system
Someone does not have to have physical access to your system the entire time they are trying to hack your password. Simply grabbing a couple of files from your computer takes a couple of minutes and they can hack away at your system at their convenience
In the event of your untimely passing, would your loved ones know how to get access to your computer, e-mail, Internet accounts, etc.? If not, you may want to consider a way of getting that information to them
For those of you who are using the latest and greatest version of Firefox or IE, you will notice up in the search bar an option to add Google Search by DCoT. Now, this is not some amazing new search engine. In fact, it is the same old results that you get from your regular Google. But, there are three differences:
I have been spending some time working on a network analysis system and I have been slowly adding different tools to the system. I have a lot of the basics such as 
I have been noticing lately that my eyes feel like they are burning coals simmering inside my skull. I’m sure the 18 hours a day behind a computer screen has something to do with it! So, I started experimenting with some different tools and techniques to at least reduce, if not eliminate, the issue.
I distinctly remember once firing up my laptop on a road trip. It was about 11 at night and we were in the middle of nowhere. The sky was cloudy and there was no other traffic on the road. As I flipped open my laptop in the back of the van, I felt like the ![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=a98a5a6b-26b2-4aa0-8a5f-f7a9b657122b)
Sometimes it takes the worst of situations to bring out the best in us. This is what happened to me the other day. A woman comes into the office that I work in, obviously quite distraught. We quickly discover that she is the widow of a popular local doctor whom recently passed away suddenly. She was carrying with her a laptop and was looking for some help.![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=a7295472-0e24-412c-a4a8-df02fbb810a0)
