I have been reading about the the way the crackers from Anonymous got access to her email account, I was surprised to find out that you can reset the password of an account with zip code and date of birth, one should consider using fake information for when one is asked for this information. With tools like Maltego out there profiling a person and their presence in the internet is extremely easy.

Well it has been a long time since my last blog, no excuses here. In this long time I finally got and iPhone and I have really love the user experience in this device but it has gotten me thinking, is the iphone helping with the problem of users chossing bad passwords? since it does not have copy paste and entering a long complex password starts becoming a problem I have seen many friends choosing porr passswords, specially since the iphone does not come by default with a good password manager nor copy and paste, on can use third party apps like 1password but still I do feel that the iphone is adding to this problem. what do you think?

I have been looking at several forums and one of the things that frustrate me the most is the lack of talk on the areas of proper target enumeration and intel gathering. Everybody is focused in running Nmap, fierce or any other host of tools and forget the true time basics of simply surfing the targeted client's site taking note of the contact information and sending someone from the attack team to do a physical recon, to look for:

• Wireless networks
• Trash disposal methods
• Physical security to the building
• Open and exposed Ethernet network ports
• Exposed USB ports
• Unlocked and unused machines

Last week Muts and the Remote-Exploit.org crew released the beta of Backtrack 3, many updates and some new tools. I have to say that I love this livecd distro, I like it specially for its flexibility for me to add new tools and packages and have it run from a USB stick. you can download the latest version from Remote-exploit.org

I highly recommend the USB version since it has some additional tools that the CD version does not have do to space, I added to my copy Oracle Instant Cclient, Tor, some ruby Gems and a couple of my own scripts on Python and Ruby. I also recommend reading the wiki for more info on this great Live Distro.

I work as a consultant for an IT company for 8 years, in the areas of security and networking. My nick is DarkOperator, I chose that name do to that a consultant that works doing pentests and audits in client networks acting like a cracker, I have to think and act as one, take my time, try to go under the radar, get in if possible and leave with out leaving a trace. I hope we both can enjoy my experiences in this blog.