Beng Hacks: July 2008

Sunday, July 13, 2008

Local shit

So after avoiding the HWZ forums for awhile, I decided to pay it a visit... still a sad lousy place with no useful discussion. Look around see only topic like why BT is throttled, which ISP is best with which online speedtest, Vista themes, which firewall or antivirus to use, etc... sianz.

There WAS one thread which caught my eye:

http://forums.hardwarezone.com.sg/showthread.php?t=1934815

This guy was convicted and jailed for CMA, actually his friend was caught and bunknife him. Then he swee swee go confess to everything even when the police no evidence against him. Wa hero take a grenade for the team. Anyway la, now with criminal record he asking why ppl dun hire ex-blackhats.

Sir, I dun think you can be considered a black hat cuz actually in the eye of local company u're a criminal first. Maybe if you're in the US or if u're a disciple of Kevin Mitnick then ya no problem. Otherwise in kiasi singapore, how can?? Cool sidenote someone mentioned me by name HAHAHA...

Anyway la, dunno if is I dun visit enough local forums or really local forum no real technical discussion. Even my poly internal forums no technical discussion worth reading lor. Wonder if uni level forum got such discussion anot. By discussion I mean the stuff that hacker teams talk about. Like the chinese Security Teams, eg Phantom, Angel, etc. They are pro sia, publish zero-day exploits and code like nobody's business. Wonder if they're being paid by the chinese govt to attack US and defend their Great Firewall of China?

Wednesday, July 09, 2008

Vista and UAC

Recently I discovered something interesting about Vista. Maybe not interesting, maybe more shocking.

I found out that UAC will ignore certain applications and not prompt you to "Continue" or "Cancel". It has a list, haven't found where the list it yet. But I found one type of file that UAC will ignore: the Autoplay/Autorun.

If you specially craft an exe in a removable media and specially craft certain other files (try to guess what they are!), then rename it as autorun.exe, UAC will not prompt you if you run it. If you want to be technical, this is an exploit. U might need to do a few more things but not sure yet if they also help to fool UAC.

If you want more details, email me.



The other day I was talking to my poly lecturer and I told him about my interests and also my website. Yesterday he asked me to see him.... !!!! thought at first was cuz my assignment. But actually later he told me that he visited my blog and was concerned that I am breaking the law with my activities, like hacking and wifi mooching.

Something like Computer Misuse Act I read a few times appearing on papers, is quite a serious offense. So he thought that I should either be VERY careful with my hobby, or stop it. He did say that entries in a blog cannot be used to arrest me, so still ok. I know in NYP there's a guy there who is also like me (I met him b4 btw) and is on criminal record cuz he really did get caught under CMA. But even with that blackmark he escape jail cuz of age and still manage to go into poly. No need to mention names u can google him. Last I heard he is top of his cohort. Dunno whether true anot.

So far I'm still quite safe, no one knock on my door hahahah. But think need to be more careful esp online when people start asking for my personal info, say what la is a trust issue they must trust me first b4 they accept my help, and one way to gain that trust is to meet F2F.

Erm... u wan to trust me but how should I trust you? So muz be fair and both reach out and grab each other hands I guess. If dun like, walk away. If like, embrace with open arms.