Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "spoofing"
Got a phone interview for a backend dev job in an opsec company.
This is a very serious and prestigious position, we take care of the most important bits of code.
*Proceeds to talk introductory nonsense*
Do you know what a DNS is?
Yes, of course! DNS stands for Domain Name System.... Blah blah blah... I explain about the servers, about hosts file, about DNS spoofing and everything else possible on this topic.
See, I was patient with you - letting you finish. I'm not sure what you're talking about and where you got it from, but a DNS is that line in the browser where you type the site's name.
He didn't ask any more questions, just told me that they'll get back to me. I asked not to do that.
Three weeks later I got an email claiming that I'm not qualified.44
So apparently Congress knows what I'm up to.
"Uh, ma'am. You can't be 20 people at once. I'll send your message."
I guess spoofing doesn't work.15
Very long story ahead!
Yesterday in the evening a friend of mine (calling him F from now on) became the target of something new to me...
Apparently one can fake his phone number through some fishy ways and call people with that number. Someone (we think we might know who it was, the why is at the end) did this yesterday to F.
Here's the whole story:
We were just talking together on a TeamSpeak Server (a program to talk to others on the internet) when suddenly another friend said: "F, why did you just call me three times in a row?" That was the first thing that was a bit suspicious. After that, F got calls from random numbers (even Afghanistan, we are German), and they said something like "Have fun with the police coming to your house". Then there was silence. 10 minutes later his phone rang and there were a ton of pizza delivery services in his town that apparently got pizza orders from him. Then there was silence, again. Suddenly someone with a hidden number called him, a woman's voice said they were the police and if F doesn't stop calling the police there will be consequences. F then told her what was going on but I think she didn't really care. She then wanted to know where F lives, but I told him not to say that, because if it is the police they can find it out by themself and if it's not, they don't need to know that.
Now, a short break: There is some fake information going around about where F lives. I can't remember when we found out but the attacker thought he would actually live there. No idea what happened at that location...
Now back to the story:
Time went by, nothing really happened. Suddenly F shouted: "There are blue lights outside! The police is here!" He muted his microphone and (the following is what he told us what happened) went down to the door (remember, he is 16) and there were two police men. They were asking about why he called the police. F explained what we knew until then, about number spoofing and stuff... They sent a more technical person to him, he understood what F was trying to explain. The police men drove away and he came back to tell us what happened. (Now we get back to what I heared myself.) The mom came in, screamed something that I couldn't understand, and F went offline. We searched who the attacker could have been. And we are pretty sure we found him. That guy connected to our Minecraft server (that's where I know F from) with his real IP, and his main account, which made it easy to search. He also got a static IP which means it doesn't change. We also got some information that in the recent days this guy was talking about VoIP spoofing and such stuff. Another friend of mine, a bit older, found some proofs and I think he will go to the police.
That's it. Thanks for reading.8
Payed for 150MB of wifi on a bus ride and they fucking blocked spotify. Fuck them, one does not just let me pay extra for a bus that has wifi equipped without telling me that streaming sites are blocked. Using a VPN and spoofing my MAC now for unlimited data :)10
- popunder background bitcoin miners did become a thing
- keybase android beta uploaded your privatekey to google servers "accidentally"
- you can spoof email headers via encoded chars, because most apps literally just render them apparently
- imgur leaked 1.7 million user accounts, protected by sha-256 "The company made sure to note that the compromised account information included only email addresses and passwords" - yeah "only", ofcourse imgur, ofcourse.
I guess the rant I did on Krahk etc. just roughly a month ago, can always be topped by something else.
OS : Tail OS ✓
pass : 16+ ✓
Update password : every 15 days ✓
Mac address : spoofing ✓
Then you realise
Your Aadhar information is in gov DB.14
I absolutely love the dev community but one thing I just can't stand is the snobbery that permeates it. I don't understand why some devs expect non devs to know or understand the intricacies of computer programming or even computers in general when it's really not their job to do so.
"Ahhhhh!! How DARE this non dev PEASANT ask me about hacking Facebook accounts!! Does he NOT understand the basics of DNS spoofing and social engineering!!1!!1! bahh"2
to;dr: school, raspi, spoofing, public status screen, funny pictured.
So. At school we had these huge ass 2/3 TVs displaying some information such as which teacher is ill, which lessons won't take place and some school related news. Standard stuff.
They worked using a raspberry pi attached to the TV fetching a website over http every now and then.
Using nmap I discovered that these pi's were in the same network as the pupils devices: Sweeeet.
After trying some standard passwords at the ssh port and not succeeding I came up with something different: A spoofing attack.
I would relay all traffic from those pi's through my device, would replace all images with a trollface picture (I know I know) and flip all text upside down.
Chaos, annoyed faces and laughter.
It was beautiful.1
Anybody else want to DDoS whole Russia and China Hosting Companys for there god damn dead Servers?
Always get a lot of spoofing and ssh login try's from there.
I fuckin give up.
You can't use Android without fuckin gapps, you can but it's fuckin miserable.
And microG still sucks (I respect all the effort from the devs tho)
And there are not enough roms that implement signature spoofing
Almost all the open source apps look like shit and are outdated (also appreciate the devs efforts)
YOU KNOW WHAT GOOGLE JUST TAKE MY DATA
I DONT GIVE A FUCK ANY MORE 😡😤😭
*Flashes Opengapps pico*12
How do you prevent your software being vulnerable to IP address spoofing? Authentication? Certificates? VPN? Nah, just check the MAC address field of every packet. Nobody ever spoofed a MAC address before, that's just impossible. I thought that in binary there were only ones and zeros, but I guess nobody told me about the special tamper-resistant ones and zeros that MAC address fields are made of.
Oh, once you've done that, don't forget to tell the marketing people to put it in a brochure as an "innovation" for everyone to see.
I should post more of the crap the idiots I work "with" (quotes, because I am only here in body not mind) say. Especially when it comes to network stuff.
How do you guys handle wifi on laptop with i3 setup? Isnt it ugly as fuck to scan and connect to wifi multiple times via cli? I mean setting default dns per wifi, spoofing mac in public wifi etc?9
@dfox Was watching your live stream today and you talked about security... You should really add an HSTS preload directive to devrant.io to prevent spoofing.1