PaulDotCom mailing list archives
party trick to shut up the non-believers
From: robin at digininja.org (Robin Wood)
Date: Tue, 4 May 2010 08:45:14 +0100
I like this, I'll have to look into putting this one together! Robin On 4 May 2010 03:00, Michael Douglas <mick at pauldotcom.com> wrote:
I got a little late to the party... this is *not* a hack, but it shuts everyone the hell up because it scares them. ?And I've never had any follow up questions Here's what you do. ?It costs a few dollars (pounds in your case right?), but it's so worth it. ?ssh into a server that's running some form of VoIP software. ?(skype can work for you i suppose, but I don't know CLI for skype) ?Setup a call group that has the phone number of a good amount of people at the party... the more numbers you have, the better. ?Have the VoIP software call the group all at once (the PC to phone rate is where you have to spend $) ... all phones ring at the same time. ? Even stranger, when they answer the call, they are all talking to each other. ?Warning: the effect is highly creepy. ?I thought folks would think it was funny (cause it is!) but it really freaked everyone out. That said, I tend to laugh off the "prove it" requests, unless it's some hot girl... in which case I wake up from my pleasant dream and remember there are no parties where hot ladies are asking anyone to show 1337 skills. ? ;-) - Mick On Mon, May 3, 2010 at 5:27 PM, Robin Wood <robin at digininja.org> wrote:Thanks for all the suggestions, I think I like this one the best, I might set something up on a site so I can access it from my phone. Tie this with an SMS service I've got that lets me specify the sender number I could have some fun. Email and SMS the person from someone else in the room. Robin On 3 May 2010 20:55, Andrew Ellis <only.samurai at gmail.com> wrote:A trick I've used for a while is keeping a protected email spoofing form on my web server. That way when I'm asked to "demo" my skills, I can simply send the person an email from theirself or the like. This has the advantage of looking pretty cool to laymen and, as far as I know, isn't illegal. It's definitely not a "1337 hack" but it's a nice way to show the types of things that can be done without getting in too much trouble. -Andrew On 5/3/10, Chris Clymer <cclymer at gmail.com> wrote:Rather than a live demo, better tactic might be telling a story about a vulnerability in joe sixpack terms. ?The pizza coupon thing (dominos?) a few months back is a good example. I see a lot of downsides to letting folks at a party pressure you into a live demo. ?You are basically allowing strangers to SE you. ?If you show a successful demo, you just know the next question will come: so can you hack into so-and-so's facebook account? ;) When you consider the potential for demo fail too, this is really a lose/lose situation :( ------------------------- securityjustice.com | chrisclymer.com On May 3, 2010, at 11:54 AM, Robin Wood <robin at digininja.org> wrote:Hi At a party the other day I was asked the normal question of what do I do for a living. I said security and kept it a bit vague but was pressed so explained what pen-testing is and roughly what I do. I then got the challenge, prove it, prove you can hack a company. People would say to a dentist, prove you can do a filling but this person insisted they wanted a demo. I explained the legalities and finally fobbed them off and got away but it got me thinking, has anyone got any good party tricks that they can pull in this kind of situation that give an instant wow but are easy to do and legal? Not quite legal but I was thinking if I knew any big sites with XSS I could rewrite but none came to mind at that time. Robin _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- Andrew http://blog.psych0tik.net _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- party trick to shut up the non-believers, (continued)
- party trick to shut up the non-believers Robin Wood (May 04)
- party trick to shut up the non-believers Chris Blazek (May 04)
- party trick to shut up the non-believers Mike Patterson (May 04)
- party trick to shut up the non-believers Craig Freyman (May 04)
- party trick to shut up the non-believers Rob Fuller (May 04)
- party trick to shut up the non-believers Bugbear (May 05)
- party trick to shut up the non-believers Robin Wood (May 05)
- party trick to shut up the non-believers Robert McGrew (May 05)
- party trick to shut up the non-believers d4ncingd4n at gmail.com (May 05)
- party trick to shut up the non-believers John Strand (May 05)
- party trick to shut up the non-believers Robin Wood (May 04)
- party trick to shut up the non-believers John Strand (May 03)
- party trick to shut up the non-believers d4ncingd4n at gmail.com (May 05)