Recent Posts

626

General Software Discussion / Re: How to recover a MySQL Password?

« Last post by Stoic Joker on November 03, 2015, 06:49 AM »

Right, took a look at the MySQL Workbench sourcecode - passwords seem to be stored in workbench_user_data.dat, protected with the CryptProtectData WIN32 API - without any application-specific entropy. So it should be pretty trivial to decrypt - as long as you have access to the user account the workbench was run from

-f0dder (November 03, 2015, 06:30 AM)

hehe Well... I am the user account the workbench was/is run from, so that part's covered. However I fear we may have slightly different perceptions of what is trivial.. ..As I have no where near your background in Crypto. So if you could give me a hint or two on how to hang the code together it would be greatly appreciated.

627

General Software Discussion / Re: How to recover a MySQL Password?

« Last post by Stoic Joker on November 02, 2015, 03:13 PM »

If all went 'well', not the password is stored, but only a hash of it. Not knowing the hash method will make recovery very hard, especially if a generated password is used. Resetting the password may be the only plausible solution.

-Ath (November 02, 2015, 12:47 PM)

Shit... That's what I'd originally thought, but was hoping I was wrong.

The pw is stored in a copy MySQL workbench, so hopefully there are 2 possible angles of attack.

-Stoic Joker (November 02, 2015, 09:22 AM)

"Stored"? As in, you can start the workbench, and it will authenticate against the database? Then it should definitely be possible to extract.

-f0dder (November 02, 2015, 01:12 PM)

Yes ... But as to how to go about extracting it, I've not a clue.

The second part I may consider down the road, if Postgre is also free...and has the same level of readily available documentation. Is there a specific issue with MySQL that you're picking at here?

Other than that (or the dump method), I suppose you could write a program or script to brute force the password if you can come up with a set of passwords or password patterns that you usually use.

-Renegade (November 02, 2015, 01:33 PM)

Um... No. As I have a feeling I deviated radically from the mnemonics I usually use for this system.

628

General Software Discussion / How to recover a MySQL Password?

« Last post by Stoic Joker on November 02, 2015, 09:22 AM »

Well I managed to goof, and somehow forgot to document the password for one of our MySQL servers. So I'm looking for password recovery options to try and minimize the impact of forcing my way back into the account. If it helps any ... The pw is stored in a copy MySQL workbench, so hopefully there are 2 possible angles of attack.

I do not want to just reset the password, because of the ripple chasing potential.

Any ideas?

629

Living Room / Re: Our experiences with LED light bulb replacements

« Last post by Stoic Joker on October 31, 2015, 10:28 AM »

I have not had great experience with candelabra LEDs.

-mouser (October 29, 2015, 03:51 PM)

Hay, at least you have it narrowed down to a specific instance. Despite having carried an LED flashlight for the past several years, I cannot for the life of me get past the - mentally hardwired - perception that without the cast of yellowish incandescent light I can actually see what I'm looking at.


But more on topic-er-ish...

The biggest problem is if you have a candelabra fixture where the bulbs are mounted facing upwards.  A traditional incandescent candelabra shines a ton of light downward, but this is not the case with ANY LED i have come across, and it's much worse with candelabra LEDs where the base inevitably blocks most of the light.

-mouser (October 29, 2015, 03:51 PM)

Two different ideas come to mind:
1. (assuming the ceiling is while) Can you go with a brighter/harsher version of an LED bulb pointing straight up and work with the indirect/reflected light from the ceiling?

2. (This one is aesthetically subjective) Can you take down and disassemble the fixture, and then reassemble it with the bulbs pointing down ... without making it look completely horrid (or electrocuting yourself for that matter)?

630

General Software Discussion / Re: testing a wireless thrift store, garage sale printer with a tablet?

« Last post by Stoic Joker on October 31, 2015, 07:45 AM »

While the procedure varies widely from model to model, they all have some variation on an internally generated demo/test page. so if it has a UI of any kind, poke at it looking for the reports page. and if it doesn't have a UI try holding down one or more of the buttons for 2-3 seconds (don't go over 4 - that's diagnostic stuff), and then let go when the light pattern changes.

More often than not the report will also display the current ink levels...while demonstrating if the remaining ink can actually make it out of the print head.

631

Living Room / Re: Youtube Subscription Channels

« Last post by Stoic Joker on October 30, 2015, 07:00 AM »

I have done that, but I don't like to. Yes - I know... it's silly. I like the left on the left and the right on the right...

-Renegade (October 30, 2015, 03:20 AM)

Okay, then swap the wiring while replacing the plug on the end of the cable. Just think of it as hacking your headphones ... It's only 3 wires.

632

Living Room / Re: Interesting "stuff"

« Last post by Stoic Joker on October 29, 2015, 07:12 AM »

[ Invalid Attachment ]

50 pounds of pot mailed to wrong address
What would YOU do if you got 50 pounds of pot in the mail? Make brownies?

-Arizona Hot (October 25, 2015, 06:40 AM)

Good question... I don't partake, but I have friends that do... then again... I'd be paranoid having had that much arrive.

That's pretty scary, because whoever it belongs to will certainly want it back. Give it away and hope they don't find out that it arrived at your home? You pretty much can't give it to the police as they'd stick a flashlight & swab so far up your butt that the cotton would clean your ear wax while the flashlight would help your dentist...

-Renegade (October 28, 2015, 09:48 PM)

why would you even accept a delivery for someone that doesnt live at your address?
Maybe, unless it was really for you -- but then you notice that the package was tampered with and give it to the cops before they pay you a visit and charge you...

-tomos (October 29, 2015, 05:20 AM)

Well...

Not all deliveries require a signature.

Not all people that sign for packages bother reading the address label - There's a guy standing there with a stack of boxes and a hurried look on his face...

So somebody opens the first box...and oh damn lookie here...

Someone else in a supervisory capacity decides to be a total spaz and buzz the fuzz.

Everybody else forever forward considers said supervisory party as a $*@&$!#%$ freaking idiot until the end of time..

This scenario is - of course - to be construed as Strictly Hypothetical mind you..

633

Living Room / Re: Youtube Subscription Channels

« Last post by Stoic Joker on October 29, 2015, 06:33 AM »

About the only thing that I could really ask for is dual headphone inputs on both the right and left. The jack to plug the phones in is in the left headphone, but my computer is on my right side. Very minor issue, and probably a bit into the unreasonable area.

-Renegade (October 28, 2015, 10:05 PM)

Why not just turn them around? They don't appear to be physically/ergonomically directional, and the strict left right relationship is only really critical if you're taking a hearing test..

634

Living Room / Re: Internet of Things thread (IoT)

« Last post by Stoic Joker on October 25, 2015, 09:23 AM »

Information that hard to come by, will hardly be processed (by anyone). When others need to spend a lot of money on hardware and know-how to get only a minimal amount of data, it is not worth the effort in most cases.

-Shades (October 25, 2015, 08:28 AM)

I'm not so sure about that, as it's usually the fringe that's the most dangerous. All information is useful, so the harder a specific piece of information is to get...the higher its value will be to the right vertical market. So as this nightmare gets closer to critical mass there will be an in veritable stampede of dot com bubble level hopefuls clamoring for the hottest vertical market for whatever bits of information they've managed to pry out of people.

All you need is an angle, a database, and a must have widget that can/will/does keep the listings fresh enough for market..

635

Living Room / Re: Internet of Things thread (IoT)

« Last post by Stoic Joker on October 24, 2015, 03:15 PM »

In... just don't.  I like the idea of IoT.  But the most secure way of engaging in IoT is... don't.

-wraith808 (October 24, 2015, 02:14 PM)

Ah! ...I'm like totally okay with that angle..

636

Living Room / Re: Internet of Things thread (IoT)

« Last post by Stoic Joker on October 24, 2015, 02:04 PM »

So, for people that think the negatives of IoT outweigh the positives and are willing to do some work, they can get a sense of control back by getting, "grokking" and applying router software.

-Shades (October 24, 2015, 08:20 AM)

Why are air gaps considered one of the hardest security mechanisms to get around?

-wraith808 (October 24, 2015, 01:04 PM)

How did we get from locking IoT in a (Pandora's) box to the trials and tribulations of Air Gapping?? I've been thinking for a while now about angling towards Shades' plan of using a completely controllable firewall/border on/to/between the internal and internet networks to try and mitigate WTF is going on with Windows these days.. So how does air gapping - with its range restricted attack surface - play into this?

637

General Software Discussion / Re: Unique Solution to Pirates

« Last post by Stoic Joker on October 24, 2015, 01:48 PM »

Just thinking about my own software (link in sig below), my initial thoughts are to play back phrases and sound effects to make the user think that their computer is possessed by some kind of evil entity or demon.

• Hail Satan
• Kill your mother
• Kill kill kill kill
• It's on backwards, backwards, backwards, <echoing>
• <door creaking>
• <screaming in pain>
• <stuttering> I s-s-s-sold h-h-him
• Damnation comes
• Darkness grows
• Shave your head off
• I'm behind you

Oh god... the horrible, terrible things that you could do. Watch a few Rob Zombie movies and let your imagination go nuts!

-Renegade (October 24, 2015, 12:40 AM)

Okay... Ren, skipping past the fact that you obviously need fucking counseling... ...We should talk some time about a project that I've always wanted to try doing that combines the classic old Esheep prank with a network worm so the prank can be allowed to jump from machine to machine on the target network.

We could even team up and make a NANY out of it.

638

General Software Discussion / Re: Nirsoft's Antivirus Hall of Shame

« Last post by Stoic Joker on October 22, 2015, 03:21 PM »

For workplaces, it's one thing, but for the broader at-home audience, who will train them to read?

-Renegade (October 22, 2015, 12:39 PM)

You do realize they're the same people right?? Yeah sure, people have a tendency to turn off their brains when they get home...but some of it will still leak through. And we already know the current system isn't working for shit and never will.

But getting people to read? Not all that easy.

-Renegade (October 22, 2015, 12:39 PM)

Not that hard either, just be succinct and skip the pedantic jargon. 

I had one guy complaining about how my software didn't work after he bought it... he couldn't open any files, etc. etc. Turns out he never even installed it!!! You just can't compete with that kind of ignorance.

-Renegade (October 22, 2015, 12:39 PM)

You win.  We're doomed. 

-wraith808 (October 22, 2015, 02:38 PM)

Oh hell no he don't ... He's never been to the DMV.

639

Living Room / Re: Youtube Subscription Channels

« Last post by Stoic Joker on October 22, 2015, 11:13 AM »

Welcome to the internet: A place where you pay a bunch of money for a device, that requires you to pay more money for a connection, just so you can pay even more money for access to places that want you to pay money to see a bunch of stuff that you can/must/need to buy!

...And ^they call piracy theft. Ha!

640

Living Room / Re: Are RFID Skimmers FUD? Or a real, present threat?

« Last post by Stoic Joker on October 21, 2015, 05:09 PM »

An an interesting quote from the Slate article: If you’re going for maximum efficacy, however, few [RFID shields] work as well as simply wrapping your cards in aluminum foil.

-wraith808 (October 21, 2015, 03:15 PM)

Plenty of which should be left over from making the matching hat..

(Sorry couldn't resist)

I've actually been toying with adopting this practice.

641

Living Room / Re: Apple leads the charge: Root access is no longer root access

« Last post by Stoic Joker on October 21, 2015, 11:25 AM »

I reserve the right to fix anything that I perceive as broken..

642

General Software Discussion / Re: Nirsoft's Antivirus Hall of Shame

« Last post by Stoic Joker on October 21, 2015, 05:56 AM »

Can it be done? Sure. But I think the effort required for those communications (and the infrastructure to support the communications) is far more than most companies are willing to even entertain, even if they had the imagination for the task (which I doubt is there as it requires reimagining standard and common practices).

-Renegade (October 20, 2015, 11:15 PM)

It's actually not that hard to do if you get a bit of a buddy system going. If Email/system message X looks suspicious/odd/important., ask somebody, anybody...just as long as there is a second pair of eyes on it (it makes a difference). There will always be that one person in any group that is brighter than the rest, so use that person to your advantage and let the others go to them. Smaller groups of brighter people train the herd of others ... Leaving the IT staff to mop up the messes of those that don't catch on as fast.

Most importantly, force people to get in the habit of actually reading the messages that are presented to them. I've been informally training both our in-house staff, and the staff at our clients for years, and it's been quite successful. I do frequently get calls from client locations asking about strange messages/behavior from time to time ... But it's at the 'Just click no!' stage that I can get them out of on the phone now about 95% of the time.

643

Living Room / Re: Interesting "stuff"

« Last post by Stoic Joker on October 20, 2015, 03:47 PM »

^Dafuq?!?

They're going to have fun trying to regulate that.

644

General Software Discussion / Re: Nirsoft's Antivirus Hall of Shame

« Last post by Stoic Joker on October 20, 2015, 03:35 PM »

Anyone heard/seen any press releases like that? I know I haven't. Maybe it's just not happening that often...

-JavaJones (October 20, 2015, 01:57 PM)

Does bring to mind the old expression "Deafening Silence" doesn't it..

Your point 1 as stated would dovetail rather nicely with the Human Firewall (educational program basically) I mentioned earlier. If the AV companies toned down the jargon a bit, and just - 10 words or less - plainly stated we think this is trying to X the overall outcome would improve drastically virtually overnight. Hell some of these reports are so blatheringly unspecific that I can't even figure out what the heck they're trying to say half the time.

645

General Software Discussion / Re: Nirsoft's Antivirus Hall of Shame

« Last post by Stoic Joker on October 20, 2015, 07:19 AM »

Or the typical end-user should up their game and actually grow some sense! While that would be the best direction to go, it will never happen, because of 2 reasons:1). More savvy end-users do not benefit the coffers from anti-virus vendors.2). Typical end-users either have an inability to grow some sense or worse, they don't care.

-Shades (October 19, 2015, 07:22 PM)

While my reflexive cynicism makes me inclined to agree... The positively abysmal performance of AV software over the last several years have caused many of the top security companies to come up with a rather new concept called the Human Firewall. Which I'll admit is a much catchier name than what I've been calling it - Defensive Driving on the Information Highway - for years.


So perhaps play time is over, and it really is time for people to knuckle down and learn how to drive.

646

General Software Discussion / Re: The Hostile Email Landscape

« Last post by Stoic Joker on October 20, 2015, 06:53 AM »

I've run my own mail server from home for about fifteen years now and came across this type of issue a couple years ago.  What I had to do was ask my ISP to create a reverse PTR record so that the reverse lookup of my IP address pointed at my mail domain instead of their pool name.  This solved the majority of the issues I was experiencing and I also thanked my lucky stars that my ISP was cool enough to allow that on a home connection.

-skwire (October 19, 2015, 05:11 PM)

I have hmailserver installed and it works VERY well for a full-fledged mail server.  But I discovered that my messages were being bounced by the other recipient domains because I did not have reverse DNS configured for my domain.  That was an issued to be solved with my ISP.  We ended up using a Google Apps domain anyway so the problem became moot.

Oh, I just noticed that Skwire said the same thing...  hahahhaa

-BGM (October 19, 2015, 07:46 PM)

Well understood guys, but I'd already had the RDNS record created days in advance of the switchover. I'd also found the blacklist companies info in an NDR after sending a flurry of test messages to various systems (with permission...) to try and gauge to scale of the issue. So after much battling with frontline TS, I finally got ahold of someone that could actually comprehend the information I was putting in front of them and we had it resolved in a matter of hours.


@BGM - +1 for hMailServer. After years of running a basic IIS POP/SMTP server in my home lab. Microsoft's decision to remove the POP server from Windows servers forced me to shop for other options. Since I didn't have the hardware, or a need for running a full blown Exchange server. I switched over to hMailServer last winter and have been quite happy with it.

647

General Software Discussion / Re: The Hostile Email Landscape

« Last post by Stoic Joker on October 19, 2015, 03:01 PM »

MimeCast put my mail into a perpetual greylist.

-mouser (October 19, 2015, 01:02 PM)

Perpetual Greylist?? Greylisting just means to refuse everything on first contact to see if the try resending, because supposedly many(/most?) of the naughty mail servers don't do resends...to speed up Directory Harvesting I suppose..

Honestly it sounds like they got a semi blacklisted IP address from their ISP. I had that happen here when we switched ISP. Our mail servers previously pristine reputation (by IP) went out the window the instant I put it behind the new guilted by association because it was in an ISP customer address block IP address. MX-Toolbox said the address was "clean" but we were still getting rejections from (see above... ) other mail systems. After much - panicked 3am class digging - I found the system that had us listed as guilty by association and forwarded that info to the ISP who swore (front line support) that the address wasn't blacklisted. This resulted in me swearing, mild hostility (3am...), the finding of a supervisor...who dug up an engineer to "prove me wrong".

Thankfully the engineer was not nearly as retarded as the rest of the staff...and therefore was able to grasp the gravity of the situation, actually read the information I'd sent, and then contacted the listing company to have the address (actually a CIDR block of 16 addresses) removed from the naughty.


And the mail began to flow...

648

General Software Discussion / Re: 1Password Leaks Your Data

« Last post by Stoic Joker on October 19, 2015, 11:17 AM »

1Password has always known about this issue but doesn't seem to really care about it (it was a deliberate design decision), and doesn't inform their users about it. I wonder how many of their users just assume this data is all encrypted, because they haven't been told otherwise.

-app103 (October 19, 2015, 08:59 AM)

I'll go with the perilously close to 100% range. Aaannnddd... Therein lying the problem, because with the false assertion that all is fine-ly encrypted more people will be prone to expose the file publicly (for their on access/convenience) and subsequently end up hemorrhaging much useful personal data.


All data is (mis)useful...it's just a matter of figuring out how.

649

Living Room / Re: Anyone here using a standing desk?

« Last post by Stoic Joker on October 17, 2015, 06:26 AM »

Surprisingly through answer for a wise crack (mine that is).

Some people (not me, you understand) might say that any university that publishes supposedly epidemiological research of questionable use/quality may be more concerned with attracting funding than with adding to the body of useful human knowledge, but I couldn't possibly comment.

-IainB (October 17, 2015, 05:37 AM)

I do like the ball idea though. I've thought of trying it...(waistline has been better)...but just haven't managed to commit to it yet.

650

Living Room / Re: Anyone here using a standing desk?

« Last post by Stoic Joker on October 15, 2015, 04:00 PM »

study author Melvyn Hillsdon of the University of Exeter said in a statement. "Any stationary posture where energy expenditure is low may be detrimental to health, be it sitting or standing."

-The Article

They had to do an entire study just to figure that out??