DoXing people

These are my personal opinions of Doxing someone a.k.a gathering the personal information of some one on the internet.

First things first, you can’t rely on the validity of other people’s “work” so say we have Internet Relay Chat (IRC) logs from a “private” chat, with your specific target. How do you know they are not made up and leaked on purpose?  You can not DoX someone properly in a month, it takes MUCH more than just “leaked” private chat logs, Domain “look ups”, it takes work lots of work, with the ability of anyone to become anybody on the internet, with prepaid and basically untraceable credit cards that are accepted the same way as any others on the internet, and tat you can put in any info you want into domain registrations, and forum registrations, it’s not hard to create a fake identity or use some one else’s.  Personally it’s smarter to use a real person’s info when setting up an invisible online life, reference this article by @adrienchen. Proper DoXing requires infiltration, more than just getting into an IRC chat channel, and logging what is said, you have to get to know the Target what they like and like to do, figure out what their mental weaknesses are, what they like to talk about, you need to create a “friendship” you need to come across as trustworthy, honest, and truthful to your target, you need to make them comfortable with you, and feel like they can tell you ANYTHING. It’s this fairly lost skill called Social Engineering (SE), I have seen a few instances of minor and poor attempts at SE, that were fairly poor attempts at it. SE can be done in a matter of minutes for it could take months or years, every one does it we just don’t realize it most of the time. Think about this when you want to get what you want from someone, you do your best to convince them that it would be in their best interests to give it to you correct? That in some way you getting what you want gives them something in return, may it be just the simple satisfaction of making you happy.

All of that being said, to properly DoX some one they can’t know you’re doing it until it’s done. What have we learned with this quickie little lesson on DoXing? Maybe you should only use the information that you yourself gather, don’t make claims based on someone else’s work, otherwise you may make yourself look dumber than you already are/do.

Enjoy,
Karnaj/K4rNaj

@LulzSec Fox and beyond.

LulzSec really propelled themselves into the InfoSec lime light by attacking Fox.com and leaking the database of user names and passwords of affiliates they also gained access to atleast one local fix TV stations website and twitter account, they also invited the internet too ravage the list and several FaceBook accounts were atleast defaced. They then released a database of UK ATM’s (why might you ask?) Because it was pointless (and that’s the point) and funny (lulz), their next release wasn’t a release just a statement, that they were going to release some information, from “An FBI related Website”, as well as AT&T, neither came to fruition, as they said they felt the should keep that information.  The next adventure for what they call The LulzBoat (not the twitter account) was a @Sony Japan website small database leak. We are now up to the current days. @LulzSec attacked and gained root access to the PBS.org website, posted to http://www.pbs.org/lulz/ they also posted a story stating that Tupac was actually alive and living in New Zealand. Why? Because it’s funny and they didn’t care for the recent Wikileaks program.

Have a good day
Karnaj

Sony v. George Hotz Settlement.

The Sony lawsuit against the iPhone and PS3 hacker George Hotz (GeoHot) has been settled out of court.  I don’t see how it can be a good thing for the Hacking community, I know that GeoHot is not allowed to ever hack or disseminate hacks for anything Sony or face $10,000 per offense in penalties.  With with what little details of the settlement are available my summary of what I have seen can not be good, for the Firmware hacking community.  In my own opinion this settlement has left open an enormous Lawsuit Arena for companies too take action, on what you personally do with your own equipment, Even if you are not Pirating software, according to Sony just because the ACT of hacking your own equipment now can potentially open you up to law suits by big technology corporations with expensive lawyers hiding behind the Digital Millennium Copyright Act of 1998, which was designed to prevent people from circumventing, Digital Rights Management (DRM), iPhone hacking was just added as an exemption to the DMCA last year, so my question is.  What is the Difference? You can run pirated software on a Jail-Broken iPhone as easily as you can a Jail-Broken PS3, personally I think it’s about the money… Considering most software on a iPhone at most is 4 or 5 dollars and 20 -60 dollars for a PS3 game. But in my opinion as of right now about this whole thing is it can’t be good for the Hacking Community, or Innovation, I hope I am wrong. I was reading some of the PlayStation Network comments on the Sony Blog Post, and it drove me crazy people talking about how much they hated GeoHot for what he did and how he was demonized for it, just made me sick.  People like GeoHot that keep our technology from stalling are good for everyone including the people who claim they hate him for doing it. Where will this take us I don’t know, I do hope that the road we go down, does not restrict our freedoms, when it comes to Technology.

The Belief Systems

Ok touchy subject I know. But I am a true Atheist I don’t believe in heaven or hell. If you do then good for you, but please do not try too sell or push your beliefs upon me I don’t want them.  I will respect you as a member of our planet. If you can not respect me for what I have chosen too or not too believe then that is your loss in life. Many people have been killed in the name of religion and many more will be killed. Before you say “My Religion Never has…”  chances are you are wrong, I don’t have numbers on it, but one person wiped off this earth in the name of religion is too many I don’t care how wacky the perpetrator is.  Why does God and or Jesus need your money? Your church is richer than u and chances are depending on the religion your pastor or what ever you may call him may make more money than you but he will still require u
You too give money too support him, ok and seriously how fucking backwards are you that women can’t be pastors!? These are MY personal issues if you have read this far obviously I am not forcing what I think upon you. Most of our major wars through history has been caused by religion. Of you are happy with what you have then good for you.  All I want is for people too respect each others differences, even tho I think you are wacky for believing in something that you can’t see or hear or touch I can respect the fact that you do.

Have a Good Day

ME

Our Fear Mongering Society…

Ok, we live in a world of Headlines the bigger and the scarier the Headline, the more attention it gets.  “Commander In-Chief turns his back on America’s Military” extremely scary sounding article, about the possible veto of a stop-gap bill for a week that was designed to keep the government running, seriously!? Why can’t we just report news like we should, this is what happened, ok the President said he would Veto a Stop Gap Bill, but if you couldn’t agree on something at work and your boss told you that there would be no extension to get the work done would he be turning his back on the people who work for him?  I understand that it is a rather disproportionate example, but government shut downs generally won’t last long and anyone who works will get paid, maybe retroactively but they will still be paid, this whole ordeal is a fight over cultural beliefs, it’s basically a children’s argument, “No my idea is better!” we as a society need to do something that is seemingly impossible, settle our differences and get along for the children, so that we don’t scare the kiddo’s.

The Current Sony Predicament

Recently Anonymous launched OpSony the systemic take down of Sony and Sony Computer Entertainment of America’s web sites, in the defense of a hacker named GeoHot (http://geohotgotsued.blogspot.com/) and requested the IP (Internet Provider) Addresses of any one that has visited his website and watched his videos. There was a question posed recently that I feel is a legitimate question too be posed to the general public, are DDOS (Distributed Denial of Service) Attacks on web sites a legitimate form of protest? Let’s look at it this way people in the US have been performing Boycotts since 1830, which involves a group of people making a resounding effort to not participate in the purchase of goods and services from a particular entity whether it be a Governmental Agency, or a Commercial Entity too correct a wrong that was committed.  In today’s society and the world-wide economy that we live in it is virtually impossible to make an impact by simply “not buying products in stores” so how would you create the same financial harm, in today’s world-wide economy, as you would be able to do in a 1950’s Boycott? That is the question that we have to ask ourselves when thinking about the legitimacy of the action.  Another way you can look at it, is do the means justify the end result. In my own opinion in today’s world-wide internet  economy, a company’s web site is everything, if you don’t have a web site you don’t exist online, it’s in my opinion  a forced boycott, people can’t visit your web site they can’t spend money, you also can not get information about their current or new and upcoming products, which if maintained for the long run could cost a large company millions, if the world could not visit your websites, or play games on your networks, which would create a new cost customers calling customer service. So I ask this question to you, “Do you feel you should be able to do what you want with what you buy and own legally?” Or should it be considered legally actionable, and you held financially responsible for something you do with what you own.  Also information should be remain free, and not stifled, innovation has changed and should not be held back, our definition of innovation is starting to change, in our world of technology.