PaulDotCom mailing list archives

party trick to shut up the non-believers

From: larry at pauldotcom.com (Larry Pesce)
Date: Tue, 04 May 2010 13:36:16 -0400

He is, and I know of....I mean Bob knows of a setup similar to this.
I'll see if I can get Bob to share his properly sanitized Asterisk
config to do so.

- L



On 5/4/10 10:45 AM, Chris Clymer wrote:

Im assuming Mick is referring to Asterisk

-------------------------
securityjustice.com <http://securityjustice.com> |
<http://chrisclymer.com>chrisclymer.com <http://chrisclymer.com>


On May 3, 2010, at 11:37 PM, Michael McGrew <mmcgrew1 at mail.csuchico.edu
<mailto:mmcgrew1 at mail.csuchico.edu>> wrote:

Michael,

I remember hearing about that software on a PDC episode. It has a
name, do you know what that is? It was either the name of the software
or they just gave the "attack" a catchy name.

Thank you

On Mon, May 3, 2010 at 7:00 PM, Michael Douglas <
<mailto:mick at pauldotcom.com>mick at pauldotcom.com
<mailto:mick at pauldotcom.com>> wrote:

    I got a little late to the party... this is *not* a hack, but it shuts
    everyone the hell up because it scares them.  And I've never had any
    follow up questions

    Here's what you do.  It costs a few dollars (pounds in your case
    right?), but it's so worth it.  ssh into a server that's running some
    form of VoIP software.  (skype can work for you i suppose, but I don't
    know CLI for skype)  Setup a call group that has the phone number of a
    good amount of people at the party... the more numbers you have, the
    better.  Have the VoIP software call the group all at once (the PC to
    phone rate is where you have to spend $) ... all phones ring at the
    same time.   Even stranger, when they answer the call, they are all
    talking to each other.  Warning: the effect is highly creepy.  I
    thought folks would think it was funny (cause it is!) but it really
    freaked everyone out.

    That said, I tend to laugh off the "prove it" requests, unless it's
    some hot girl... in which case I wake up from my pleasant dream and
    remember there are no parties where hot ladies are asking anyone to
    show 1337 skills.   ;-)

    - Mick


    On Mon, May 3, 2010 at 5:27 PM, Robin Wood <
    <mailto:robin at digininja.org>robin at digininja.org
    <mailto:robin at digininja.org>> wrote:
    > Thanks for all the suggestions, I think I like this one the best, I
    > might set something up on a site so I can access it from my
    phone. Tie
    > this with an SMS service I've got that lets me specify the sender
    > number I could have some fun. Email and SMS the person from someone
    > else in the room.
    >
    > Robin
    >
    > On 3 May 2010 20:55, Andrew Ellis <
    <mailto:only.samurai at gmail.com>only.samurai at gmail.com
    <mailto:only.samurai at gmail.com>> wrote:
    >> A trick I've used for a while is keeping a protected email spoofing
    >> form on my web server. That way when I'm asked to "demo" my
    skills, I
    >> can simply send the person an email from theirself or the like.
    >>
    >> This has the advantage of looking pretty cool to laymen and, as
    far as
    >> I know, isn't illegal.
    >>
    >> It's definitely not a "1337 hack" but it's a nice way to show the
    >> types of things that can be done without getting in too much
    trouble.
    >>
    >> -Andrew
    >>
    >> On 5/3/10, Chris Clymer <
    <mailto:cclymer at gmail.com>cclymer at gmail.com
    <mailto:cclymer at gmail.com>> wrote:
    >>> Rather than a live demo, better tactic might be telling a
    story about
    >>> a vulnerability in joe sixpack terms.  The pizza coupon thing
    >>> (dominos?) a few months back is a good example.
    >>>
    >>> I see a lot of downsides to letting folks at a party pressure
    you into
    >>> a live demo.  You are basically allowing strangers to SE you.
     If you
    >>> show a successful demo, you just know the next question will
    come: so
    >>> can you hack into so-and-so's facebook account? ;)
    >>>
    >>> When you consider the potential for demo fail too, this is
    really a
    >>> lose/lose situation :(
    >>>
    >>> -------------------------
    >>> <http://securityjustice.com>securityjustice.com
    <http://securityjustice.com> |
    <http://chrisclymer.com>chrisclymer.com <http://chrisclymer.com>
    >>>
    >>>
    >>> On May 3, 2010, at 11:54 AM, Robin Wood <
    <mailto:robin at digininja.org>robin at digininja.org
    <mailto:robin at digininja.org>> wrote:
    >>>
    >>>> Hi
    >>>> At a party the other day I was asked the normal question of
    what do I
    >>>> do for a living. I said security and kept it a bit vague but was
    >>>> pressed so explained what pen-testing is and roughly what I
    do. I then
    >>>> got the challenge, prove it, prove you can hack a company.
    >>>>
    >>>> People would say to a dentist, prove you can do a filling but
    this
    >>>> person insisted they wanted a demo. I explained the
    legalities and
    >>>> finally fobbed them off and got away but it got me thinking, has
    >>>> anyone got any good party tricks that they can pull in this
    kind of
    >>>> situation that give an instant wow but are easy to do and
    legal? Not
    >>>> quite legal but I was thinking if I knew any big sites with XSS I
    >>>> could rewrite but none came to mind at that time.
    >>>>
    >>>> Robin
    >>>> _______________________________________________
    >>>> Pauldotcom mailing list
    >>>>
    <mailto:Pauldotcom at mail.pauldotcom.com>Pauldotcom at mail.pauldotcom.com
    <mailto:Pauldotcom at mail.pauldotcom.com>
    >>>>
    
<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
    >>>> Main Web Site: <http://pauldotcom.com>http://pauldotcom.com
    >>> _______________________________________________
    >>> Pauldotcom mailing list
    >>>
    <mailto:Pauldotcom at mail.pauldotcom.com>Pauldotcom at mail.pauldotcom.com
    <mailto:Pauldotcom at mail.pauldotcom.com>
    >>>
    
<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
    >>> Main Web Site: <http://pauldotcom.com>http://pauldotcom.com
    >>>
    >>
    >>
    >> --
    >> Andrew
    >> <http://blog.psych0tik.net>http://blog.psych0tik.net
    >> _______________________________________________
    >> Pauldotcom mailing list
    >>
    <mailto:Pauldotcom at mail.pauldotcom.com>Pauldotcom at mail.pauldotcom.com
    <mailto:Pauldotcom at mail.pauldotcom.com>
    >>
    
<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
    >> Main Web Site: <http://pauldotcom.com>http://pauldotcom.com
    >>
    > _______________________________________________
    > Pauldotcom mailing list
    >
    <mailto:Pauldotcom at mail.pauldotcom.com>Pauldotcom at mail.pauldotcom.com
    <mailto:Pauldotcom at mail.pauldotcom.com>
    >
    
<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
    > Main Web Site: <http://pauldotcom.com>http://pauldotcom.com
    >
    _______________________________________________
    Pauldotcom mailing list
    <mailto:Pauldotcom at mail.pauldotcom.com>Pauldotcom at mail.pauldotcom.com
    <mailto:Pauldotcom at mail.pauldotcom.com>
    
<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
    Main Web Site: <http://pauldotcom.com>http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com <mailto:Pauldotcom at mail.pauldotcom.com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: <http://pauldotcom.com>http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

party trick to shut up the non-believers Robin Wood (May 03)
- party trick to shut up the non-believers Ron Gula (May 03)
  - party trick to shut up the non-believers Robert Portvliet (May 03)
- party trick to shut up the non-believers Chris Clymer (May 03)
  - party trick to shut up the non-believers Andrew Ellis (May 03)
    - party trick to shut up the non-believers Robin Wood (May 03)
    - party trick to shut up the non-believers Tim Krabec (May 03)
    - party trick to shut up the non-believers Michael Douglas (May 03)
    - party trick to shut up the non-believers Michael McGrew (May 03)
    - party trick to shut up the non-believers Chris Clymer (May 04)
    - party trick to shut up the non-believers Larry Pesce (May 04)
    - party trick to shut up the non-believers Robin Wood (May 04)
    - party trick to shut up the non-believers Chris Blazek (May 04)
    - party trick to shut up the non-believers Mike Patterson (May 04)
    - party trick to shut up the non-believers Craig Freyman (May 04)
    - party trick to shut up the non-believers Rob Fuller (May 04)
    - party trick to shut up the non-believers Bugbear (May 05)
    - party trick to shut up the non-believers Robin Wood (May 05)
    - party trick to shut up the non-believers Robert McGrew (May 05)
    - party trick to shut up the non-believers d4ncingd4n at gmail.com (May 05)
    - party trick to shut up the non-believers John Strand (May 05)

(Thread continues...)