Desperate Pandora Employees Scrambling To Find Song Area Man Likes

18 08 2010

I am an avid listener of pandora, it was interesting to read how their staff tirelessly try to please their listeners 🙂

OAKLAND, CA—The headquarters of personalized online music provider Pandora remained in a state of chaos Thursday as frantic workers struggled to find a song that 32-year-old Boston subscriber Dave Lipton would enjoy.

Pandora, which allows users to create virtual radio stations according to their individual tastes, confirmed its employees had spent most of the day rummaging desperately through the miles of shelves in the company’s massive 700,000-CD storage facility in search of a track to appease the increasingly fickle Lipton.

via Desperate Pandora Employees Scrambling To Find Song Area Man Likes | The Onion – America’s Finest News Source.





Metasplot and social engineering toolkit SET on iphone4

17 08 2010

Having recently (1 week & counting) upgraded my iPhone 3G to a shiny new HTC Desire (more coming on that later), I was quite interested to see that someone has successfully ported metasploit & SET to an iPhone 4 … now to see if it will run on my now spare iPhone 3G ….

Metasploit 3.4 and SET 0.6.1 on iPhone 4

Posted Aug 7 2010 by muts in Offensive Security with 1 Comment

iphone4 msf 03 Metasploit 3.4 and SET 0.6.1 on iPhone 4Metasploit 3.4.2 on the iPhone 4

Just a quick update on getting your favorite tools on iOS 4 – Metasploit and SET. You need to have a Jailbroken iPhone with SSH access for this. You will also need to install nano and APT 0.7 Strict via Cydia. Getting everything up and running is a breeze now. Open a console and type in:

cd /private/var/

apt-get install subversion nano ruby rubygems wget python

apt-get clean

wget http://www.metasploit.com/releases/framework-3.4.1.tar.bz2

tar jxpf framework-3.4.1.tar.bz2

cd msf3

svn update

Remember that everything takes a bit more time on the iPhone, be patient while running msfconsole for the first time. Once that’s done, its a quick path to a shell:

iphone4 msf 02 Metasploit 3.4 and SET 0.6.1 on iPhone 4

via Metasplot and social engineering toolkit SET on iphone4.





Social-Engineer Toolkit v0.6.1 Teensy USB HID Attack Vector | SecManiac.com Blog

17 08 2010

hehehe … it was only a matter of time. With devices such as the original yubikey that I have been using being able to be programed to auto launch a website when plugged in, its good to see the idea going to the next level:

Social-Engineer Toolkit v0.6.1 Teensy USB HID Attack VectorPosted by relik @ 8:31 pmThe Teensy devices http://www.prjc.com are Arduino based devices that allow you to utilize onboard memory storage on a microcontroller and emulate a keyboard/mouse. In the Social-Engineer Toolkit SET, gives you the ability to choose Metasploit based payloads and drop a small download stager either through WSCRIPT or through PowerShell to download a backdoor from a remote IP/machine and execute it on the system itself. Why this attack is so useful is that it emulates a keyboard 100 percent, so you can essentially bypass any autorun protections on the system since its a keyboard, not a flash drive or CD/DVD type autorun attack. SET handles the entire creation from a webserver housing the malicious payload, to the actually Metasploit handler.

via Social-Engineer Toolkit v0.6.1 Teensy USB HID Attack Vector | SecManiac.com Blog.

Original credit appears to be going to irongeek from his very detailed original posting – including pictures (we all like pictures) here: Programmable HID USB Keystroke Dongle: Using the Teensy as a pen testing device