WifiWay 2, hack the air!

(Visit the brand new version of this old post in Spanish)
Today we will write about "WifiWay".

WifiWay is a free open linux distribution which is "the son" of the WifiSlax distribution.
This is a well known linux distribution related with wireless auditing.

From the older one, WifiSlax, WifiWay inherited a lot of utilities and tools, like the aircrack framework, including airodump, aircrack, aireplay... etc.

Those tools was great but they were not easy-to-use for new users or auditors with a low knowledge.

This distribution evolved to "WifiWay 1.0", that distribution was simplified with a ".sh" script called airoscript and airoscript.es (Spanish version); that script helped users to launch auditories without the difficulty of long command line sequences and lots of "parameter:values"

WifiWay 1.0 had an "hole", dictionary attacks was not automated and simplified, yet.

A few time ago, WifiWay 2.0 arrived and got us a more simplified interface and some utilities related with dictionary attacks; it included a new version of airoscript, easier and more powerful, again.

Now, the current version is "WifiWay 2.0.3 final" a free open powerful automated linux distribution. It has a improved airoscript with "auto crack" mode, it allows us to automatically crack or attack a wireless access point near to us, yeah!, full automated :)

You can get longer information about at  http://www.wifiway.org/

Hey man, don't forget, just for auditing, not hacking
 :)
Enjoy it!

"We are legion"
Next Post: "Google hacking, be careful with your website!"

What the hell is Nessus? Fast overview

Today we will write about Nessus (from my point of view) the best vulnerability scanner.

There are many network scanners:
 * nmap: a very simple command line network scanner.
 * wireshark: a network sniffer, GUI and command line.
 * airodump: wireless scanner.
 * airsnort: an old wireless scanner.


There are many scanners, but none of them gets the level of nessus. This is my favourite one :)
Why?

Nessus is a free vulnerability scanner, you can use it as GUI or command line, no problem.

Nessus works as client <-> server. This is (in short), our nessus server will do the work which we launch from the nessus client.

The GUI client interface is very friendly and easy-to-use.
The command line has a powerful engine that allows us to integrate nessus with metasploit framework (we will talk about metasploit framework in later posts)

Once installed, up and running, we have a "light" version of nessus, it has only a few plugins available.

We have to go to the nessus website and register our nessus. (I asume we are NOT a company, just home users; companies should buy a enterprise version of nessus)

After register our nessus server, we can download all of plugins and full update our nessus engine.
Then we will have our nessus engine ready to run.

Thus, which is the functionality for this plugins?

Plugins are used as working modules, they are used to detect vulnerabilities, each one is dedicated to some type of vuln. Then, you should keep your plugins updated, in order to have the best vuln detection.

Nessus works in a three module manner:

- Policies: policies are used to define the scanner behavior, which IPs will be scanned...
- Scanners: this is the main nessus function, a scanner is a "policy running"
- Reports: a report is created after scanner execution, is the output of the scanner, listing all the vulns detected and the exploit, if it is available.


Those reports can be read by metasploit, to execute commands like "db_autopwn"     :)


"We are legion"
Next Post: "WifiWay2, hack the air!!!"(English)
Siguiente Post: "WifiWay2, hack the air!!!"(Español)

Differences between DDoSing/DoSing and hacking

Today we will talk about differences between DDoSing a service and hacking a server.

If you don't know what't DDoS and DoS, go to posts about LOIC and RefRef.
I asume all of we know what the hell is "hacking", now, we are all DoS experts :)

Could be DoS or DDoS considered a type of hacking? I think it is not, at all.
From my point of view, hacking is all actions that uses some security hole to break something in our systems.

By the way, if a guy is lauching a DoS attack, this guy is not breaking anything.
The attacker is not getting any information from our system, he is not thieving, he is not breaking.

Thus, why can be a DoS considered an illegal action? I can't understand that.
I think that arresting a guy for lauching a DoS attack is not correct at all.

I think we can explain it with a example:

===================================================================
You are going home after work.


When you arrive at home, a guy is in your house door, just "blocking" it.
Your door is not broken.
Should be this guy arrested? Is that correct?  I think not.


Instead that, you should think what you did to motivate this guy to block your house door.


You just may use other door or push him out of your door (this is just, reboot a service) and you will be able to use your house normally.
===================================================================

After the example, all of we may agree, DoS should not be considered illegal, because is not damaging anything, right?

"We are legion"
Next Post: "What the hell is Nessus? Fast overview"

"URGE" (Universal Rapid Gamma Emitter) Hijacking Twitter

(Spanish follows | Después en Español)

Today we will talk about the new tool called URGE. This is a tool to auto-tweet, just that.

Are you tired of trending topics from twitter never reflect our interests?
Are you tired of those trendings like "sex" or other non-actual topics?
Are you tired of twitter never reflects our world news or problems?

URGE is here to solve it, now you can tweet your news many times without the need of continous copy&paste&tweet.

This a hijacking tool:
 - NOT hacking, URGE is not exploiting any security hole.
 - NOT DoSing, it is not blocking twitter access.
 - NOT DDoSing, it is not coordinating a DoS.

Let's free the twitter trending topics!

"We are legion"
Next Post: "Differences between DDoSing/DoSing and hacking"

=================================================================

Hoy hablaremos sobre la nueva herramienta llamada URGE. Esta herramienta sirve para twitear automaticamente, solo eso.


Cansado de que los trending topics de twitter nunca reflejen tus intereses?
Cansado de esos trendings como "sexo" o otros desactualizados?
Cansado de que twitter nunca refleje los problemas y noticias mundiales?

URGE ha llegado para solucionarlo, ahora puedes twitear y retwitear tus noticias y novedades muchas veces sin la necesidad de copiar, pegar y twitear.

Esta es una herramienta de hijacking:
 - NO es hacking, URGE no está atancando a los sistemas de twitter.
 - NO es DoSing, no está bloqueando ni colapsando el sistema de twitter.
 - NO es DDoSing, no está coodinando ninguna ataque DoS.

Liberemos los trending topics de twitter!

"Somos legión"

Siguiente Post: "Differences between DDoSing/DoSing and hacking"

RefRef - Creating a huge army

(Spanish follows)

LOIC was retired due to most of the hacktivists who were arrested last year used this software.
Their connection data was tracked by police and they were finally arrested.
They should used several hidding methods like VPNs, proxies, connetion through cyber-cafe...

RefRef is the brand new weapon which is being tested from a few time ago. RefRef is called to replace LOIC (Low Orbit Ion Cannon) and upgrade its capabilities.

The weapon will be available for download from this month. First news about the tests reveals that RefRef have a lot of power :)

This new weapon offers new possibilities, due to it's based on JavaScript, this means that can be used from most platforms like computers, laptops, tablets, smartphones...
And maintains older ones like the possibility of creating "zombies", that is, to build up a bot-net and launch a huge attack at the same time.

RefRef has a new one advantage that turns it more powerful than LOIC, RefRef is able to perform SQL-i to create a devastating effect combined to the attack behavior from LOIC.


What is SQL-i?

Have you ever seen a web URL like this?

        www.myownweb.com/post?user=JohnDoh

Just try to change the parameter "user" to access to another data, something like:

        www.myownweb.com/post?user=MikeH

Yeah! You have completed your first SQL-i attack! :)
Of course, this is not representative for the RefRef behavior but this is the essence :)

Do you remember when people talk about "Web 2.0"?
I think "DDoS 2.0" is comming.


"We are legion"

PS: www.myownweb.com is just an example. Do not try to SQL-i attack this URL
Next Post: "URGE (Universal Rapid Gamma Emitter) Hijacking Twitter"
---------------------------------------------------------
Next topics:
- "URGE (Universal Rapid Gamma Emitter) Hijacking Twitter"
- "Operation Icarus"
- "Differences between DDoSing/DoSing and hacking"
- "Can we effectively hide our data connection?"
- "What the hell is Nessus?"


======================================================================
                      Spanish / Español:

LOIC ha sido retirado debido a que la mayor parte de los hacktivistas arrestados el año pasado habían utilizado esta aplicacion.
Los datos de su conexión fueron rastreados por la policia y fueron finalmente arrestados.
Deberían haber utilizado de forma combinada diversos metodos de ocultación de sus datos como VPNs, proxy y/o conexiones desde luegares publicos.


RefRef es la novedosa arma que está siendo probada desde hace algun tiempo. RefRef es el reemplazo de LOIC y mejorará sus capacidades.

Esta arma estara disponible para su descarga durante este mes. Las primeras noticias confirman  que es muy poderoso :)

Esta nueva arma ofrece nuevas posiblidades, debido a que esta basada en JS, esto implica que puede ser ejecutado desde diversas plataformas como ordenadores de sobremesa, portatiles, tables o telefonos de ultima generación.
Además mantiene las ventajas de LOIC como la posiblidad de crear PC zombis, esto es, crear una red de bots para preparar un ataque a gran escala.

RefRef tiene una novedad que la proporciona una gran ventaja frente a su predecesor, es capaz de atacar con SQL-i, lo que aumenta muchisimo sus capacidades.


¿Que es SQL-i?

¿Alguna vez habeis visto una direccion como esta?

        www.myownweb.com/post?user=JohnDoh

Probad a cambar el parametro "user" para intentar acceder a otros datos, algo así:

        www.myownweb.com/post?user=MikeH

Toma ya! Acabas de realizar tu primer ataque de injección SQL!
Por supuesto, esto no es representativo para RefRef, pero es la idea. :)

Recordais cuando se hablaba de la "Web 2.0"?
Pues os doy la bienvenida a "DDoS 2.0"


"Somos legion"

PD: www.myownweb.com no es más que un ejemplo. 
No intenteis atacar esta dirección, por favor.
Siguiente Post: "URGE (Universal Rapid Gamma Emitter) Hijacking Twitter"
---------------------------------------------------------
Proximos temas:
- "URGE (Universal Rapid Gamma Emitter) Hijacking Twitter"
- "Operación Icaro"
- "Diferencias entre DDoSing/DoSing y hacking"
- "Podemos ocultar de forma eficiente nuestros datos?"
- "Que coño es Nessus?"

Low Orbit Ion Cannon - One of the best weapons

(Spanish follows) (En Español a continuación)

--------------------------------------------------------------------------------------------------------------------------------

This post is dedicated to a great friend and journalist.

Today we will write about LOIC, one of the most used DDoS weapons on the internet.
But we will start from bottom to top.

What the hell is a "DoS"?

It stands for "Denial of Service", that means: it is to perform a huge number of requests to a server, a number enough to don't let the server to attend other request but yours.

A cool example could be a pub

When you go to ask for a pint of beer, the waiter could attend other people, but, if you ask for ten thousand pints of beer the waiter will become very busy to attend other request but yours.

Thus, what the hell is "DDoS"?

This stands for "Distributed Denial of Service", that means: it is to form a team and all of you perform a huge amount of requests, each one of you. This is to say, to perform several simultaneous "DoS" attacks.

I'll try to continue with the example of the pub.

If your friends and you go to a pub and all of you agrees to ask for ten thousand of pints at the same time, the waiter will become very busy, really overloaded.

Moreover, depending on the time you maintain this attack, the result of it may change.

A short time attack could be useful to know how the system can resist a stress load.
But, if the DoS or DDoS is maintained for a long time could cause a full system lock.

On our example in the pub:

If the waiter is working at full of his capacity during many time, he can suffer a heart attack and die.
(I really hope nobody will suffer a heart attack, it is just a example)

Now, we are DoS and DDoS experts :)

What is LOIC (Low Orbit Ion Cannon)?

LOIC is an application designed to perform stress tests on systems but it could be used to lauch a DoS or DDoS attack.
On the last version, it has many plugins that will allow you to perform very advanced attacks.
One of this plugins allows to let the control of your LOIC to another person, your PC becomes a "zombie" controlled by another PC.
If there is a PC controlling one million of zombies ... this is an army!!!

"We are legion"
Next Post: "RefRef - Creating a huge army"

====================================================================

Spanish / Español:

Este post está dedicado a un gran amigo y periodista.

Hoy vamos a escribir sobre LOIC, una de las armas DDoS más utilizadas en internet.

Pero vayamos de abajo a arriba.

¿Qué demonios es "DoS"?

Significa "Denegación de Servicio", esto es: ejecutar una enorme cantidad de peticiones a un servidor, un numero suficiente para no permitir al servidor que atienda ninguna peticion que no sea de las tuyas.

Un ejemplo chulo puede ser un bar

Cuando vas a pedirte una cerveza, el camarero puede ir atentiendo a otras personas, pero si pides diez mil pintas de cerveza el camarero estará un tiempo demasiado ocupado para poner cualquier pinta que no sea una de las tuyas.

Entonces, ¿Que demonios es "DDoS"?

Esto significa "Denegacion de Servicio Distribuido", eso es: que un equipo de atacantes ejecute una enorme cantidad de peticiones al mismo tiempo. es decir, varios DoS simultaneos.

Intentemos conitnuar con el ejemplo del bar.

Si tus amigos y tu vais a un bar y quedais de acuerdo para pedir diez mil pintas cada uno al mismo tiempo, el camarero estará muy ocupado, completamente sobrecargado de trabajo.

Ademas de todo esto, en función del tiempo que se mantenga el attack, el resultado del mismo podria variar mucho.

Un ataque breve puede ser muy util para saber como puede un sistema resistir una carga de estres.

Pero, si el DoS o el DDoS se matiene en un largo periodo de tiempo, es probable que el sistema acabe por caerse o bloquearse.

En nuestro ejemplo del bar:

Si el camarero esta trabajando a pleno rendimiento durante mucho tiempo, podria sufrir un paro cardíaco y morirse.

(Espero encarecidamente que nadie sufra un ataque cardíaco, tan solo es un ejemplo)

Ahora que somos expertos en DoS y DDoS :)

¿Que es LOIC?

LOIC is una aplicación diseñada para ejecutar ataques de estrers en diversos sistemas aunque puede ser facilmente utilizado para llevar a cabo un ataque DoS o DDoS.

En su última versión incluye una gran variedad de plugins que te permiten ejecutar ataques realmente complejos.

Uno de sus ultimos plugins permiten ceder el control de tu maquina a otro operador remoto, de forma que tu PC se convierte en un zombi.

Si hubiese un PC controlando un millón de zombis.... menudo ejercito!!!!.

"Somos legión"

Siguiente Post: "RefRef - Creating a huge army"

AnonPlus is coming

Today I will think about  Anonymous and issues from last weeks.

Everybody already knows Anonymous and their fights against injustice all over the world.
Anonymous had protested all about other people but must protest about itself too.

Some weeks ago we heard about some news, some news of the Anonymous was banned from different social networks and/or other websites, like facebook or google plus.

I can't get this question out of my mind: "Why?"
- Could it be due to fight against corrupt governments?
- Could it be due to fight against corrupt companies?
- Could it be due to fight against corrupt all-types corrupt media?

I couldn't believe it when I heard that news.

But, I should forward and spread a news that appears just a few weeks ago, a new social network is comming, is being coded just now.
This social network will be absolutely free, the information will can be shared without censorship.

That will be great.

The information gets you powerful, the information gets you free.

At the moment we can access to http://www.anonplus.com


This website is available now with access to the anon-forums and the anon-chat (directly connected to some IRC servers to chat with other anons)

I think the most interesting zones in this web are: anonplus social network and other just dedicated to education about anon themes. Those two will let us to be informed people and we know that means: power and free :)

"We are legion"
Next Post: "LOIC - One of the best weapons"

Enterprise hacking

Today we will think about enterprise hacking.


I really think most of companies had ever paid for hacking another ones.
Even more, there are some companies that have contracted some white-hat hackers to hack it self.

There are a huge amount of histories  about companies hacking other companies, governments hacking governments...

I think many people will recognize the history and the company:

--------------------------------------------------------------------------------------------------------------------------------
Some years ago, there was a company that had a problem, somebody was filtering strategic information out of the company (that was a very famous technological north american company)


The company paid some white-hat hackers to get all the information needed to hack itself, in order to get information needed to discover the "traitor".


They should do all needed in order to get the truth.


Those hacker attacked some personal email accounts, bank accounts, telephonic information... a lots of information to discover who was filtering data out of company.


Finally, the company was able to found the traitor, but he denounced to the company to breaking into his personal data and accounts. 


At the end, the company president and some directives were arrested about piracy issues.
BUT, those authorized hackers were arrested too.
--------------------------------------------------------------------------------------------------------------------------------

This controversial history didn't end with a fair finish, specially for the hackers, who are working as security computer experts.
They are not  breaking into another company to get some advantage from one to another.

We are surrounded of managers who only can think about money and numbers, keep out of them because you could be affected about their decisions.

If you are a computer expert, feel free to learn and improve. Feel free to work as a computer expert.
Most of hackers are cool, they rules!  :)

"We are legion"
Next Post: "AnonPlus is comming"

How easy is to hack a server? (Part 2 out of 2)

Today we will talk about the second type of hacking.

From my point of view, this is the most powerful hacking type due to directly attacks the weakest point in every system, people.

There lots of ways to perform social attacks, sometimes we will get some information to directly exploit and access the target system, other times we will get some information in order to access other information, and using the second one, get access to the target system.

It depends on the system strength, we will need more or less information to obtain this access.

I will tell a history based on phishing to get access to a enterprise server in a short way:


We will suppose we know that we have access to the company "X", "X" is a big company with lots of manager hierarchies, most of the company employees could use "Linkedin"; scanning the company profiles we can find a guy who is fan of old stamps.


We must think that a big company employee probably access his email at working time.


Now we will build a website that looks serious about old stamps, like an antiquarian shop where buys and sells old stamps. At this website we will place a malicious frame in order to execute a web-client exploit.


Then we will send him an email full of stamp discounts related to a very exclusive stamp collection.
And.... "voilà": full access to the company network from the manager PC.



This is a very simple and short history in order to explain an example about how easy could be to hack an enterprise server.

We can get three steps in social hacking:
1) Get information
2) Preparing our trap
3) Exploit and access


We must know that time spent in the first step will improve our second step effectiveness
We must know that time spent in the second step will improve our third step effectiveness.

Between steps 2 and 3 can take a while, due to the company manager could be on holiday or very busy.

Now we can ask our question: How easy is to hack a enterprise server?

Very much.


"We are legion"
Next Post: "Enterprise Hacking"

How easy is to hack a server? (Part 1 out of 2)

Today we will think about how easy could be to hack a server.

When I say "server", I mean an enterprise server, not your home ftp server to upload two files a week.

If you have minimal knowledge about servers and hacking servers you will know that there are two major paths to hack a server.



Non social hacking and social hacking.

The main difference between them is the path which follows the first connection between the hacker and the objective. The first one, the hacker is trying to access the server; in the second one, the objective opens the communication with the hacker without knowing it.

Today we will talk a little about "traditional" hacking (non-social), this means using scripts: brute forze scripting, dictionary attacks, using critical exploits with security holes...


Any way that lets you a server console without interacting without hacking any person (without "social" hacking and/or social hacking, like pishing)

Nowadays, I think from my point of view that this way is really deprecated because there are faster, more powerful and easier ways.

This is hacking type has the easiest way to protect your systems: try to keep updated your SO, try to use encrypted transmissions like https, to connect by VPNs, to use firewalls, DNSSec and/or IPSec...



From the point of view from the IT personal of a company, it would be so easy to protect systems to this type of hacking.



Keep this in your mind: "If a hacker is trespassing the door is due to you forgot to close it"



Will be easy to protect to the brand new hacking? Will see in the next post.


"We are legion"
Next Post: "How easy is to hack a server part 2"

The weakest node in a system

Today we have lots of security mechanisms which provides us a big computer security.

https, ssl, tls, dnssec, vpn, ipsec, firewall, antivirus... there are enormous amounts of security protocols thought to keep secured our systems.

Then, why we are experiencing a wave of computer attacks?

Because, most of hackers discovered the weakest point in all systems:
Humans.

Nowadays, we are the weakest point of whichever network or system.

If a security hole was found at a OS, just in a while, we got a patch to the system.

If a person has a poor knowledge about computer security, he/she is the biggest security hole in the system.

This person must assist to security courses, have to learn a lot about security; that's expensive and slow.

Due to that, now we have words like pishing, trojan horses, malware... all of them attacks the weakest point, humans.

There are enormous amounts of information about everybody in the internet, forums, chats, social webs (like facebook)...

This information is used to "exploit" us and get the chance to attack.

Are the hackers breaking into our systems?

Are we letting them to access in a very easy way?



What do you think about? Keep your eyes open!


"We are legion"
Next Post: "How easy is to hack a server part 1"

Figthing hackers, is it possible? is it necessary? (Part 2)

Today, we will think about "Is it possible to stop a hacker?"

(Please, today we will think a "hacker" as a computer expert, that means ethical, unethical, students, vandals, thieves...)

Yeah, it is.

Is it possible to stop a team of ten hackers?

Yes, I think it possible.

Is it possible to stop a team of one hundred hackers?

I think so. It is not easy at all, but it is possible.

Finally, is it possible to stop hacker nets as the Anonymous one?

It is not possible at all, 100%, sure, NOT POSSIBLE.

By the way, many people will think: "why?"

Many answers for that question:

1) Because it is not possible to cut off the head of a "enemy" without head

2) Because if the police arrests two hackers, twenty new ones will raise.

3) Because everybody is part of Anonymous, LulzSec... all and none; everybody is welcome. Could be your neighbor, your son, your aunt, your cousin...

4) Because Anonymous has control about the most powerful weapon in the world, a big big big big big big bot-net

Btw (again), many people would ask "what the hell is a bot-net?"

First, I assume that it is not necessary to explain what is a "net", right?

What is a "bot"?

Have you ever played "Counter Strike"??  :)  A bot is a entity without brain, this means something controlled remotelly or auto-controlled.

There is a huge amounts of computer infected with a trojan horse, rootkits, virus...

Those infected computers are working normal at this moment, that means, the owner of this computer have no idea that his/her PC is already infected.

The bot-net is asleep now.

In the past, most of hacker attacks to governments had done by one hacker-one PC way, using DoS attacks to web servers.

What can happen in a near future?

A massive attack in a one hacker-one thousand pcs way.

I would like to tell to police which is the easy way "to stop" hackers:

To arrest corrupt politicians, to arrest company owners or manager who does unethical actions.

I've never be attacked by anonymous or other groups like this.

why? I've never provoked them.

That's easy. :)

"We are legion"
Next Post: "The weakest node in a system"

Figthing hackers, is it possible? is it necessary? (Part 1)

Is it really necessary to try to fight or to try to stop a hacker?

Absolutely NOT.

A real hacker will never break into your system without a serious reason, most of hackers are computer experts with a deep knowledge and huge expertise, they have more important things to do to break into your PC.

By the way, should most people (who have a personal computer at home) be afraid by hackers?

Again, absolutely not. You should be worried only about thieves or vandals, same as the life out-of-computers.

There are lots of internet thieves or vandals, most of them are called themselves hackers, but they are not! They are thieves and police should fight them.

Should companies be worried by hackers? Once more, absolutely not!

If that company does its work in a ethical manner and correctly, this company should not be afraid by hackers at all.

That company should be protected against hackers when they abuses their position to earn more money than they should/can. They should be afraid when they are stealing data or money from their users or customers.

In this case the company should be worried about hackers, and about the police forces too! Because they've been under unethical and/or illegal actions!

Are hackers a serious threat? If you don't provoke them, they will not attack to you.

Hackers have more important things to do that attack your personal computer where you stored your beach pics that took last summer :)

It's as easy as this.

"We are legion"

[Last - part 2] -> Is it possible to stop a hacker team?


"We are legion"
Next Post: "Figthing hackers, is it possible? is it necessary? (Part 2)"

Anonymous vs Police?

First, we'll start with some definitions to view differences between a hacker and a vandal.

A vandal (same as life out-computers) is a person who hurts or damages without a reason. He/She has no sense of honour or ethic. Just breaking things for his/her own enjoy.

There are thieves too (same as life out-computers) who breaks into systems to steal money or other things.

Last of all, there are hackers as a group: hackers, crackers, samurai, phreakers... each group has different objectives to study and/or work.

Today we will not study differences between them, we only try to view differences between a vandal (called "lammers" by most hackers) or thief and a hacker.

There is a only one reason to be a vandal, breaking things to enjoy doing it.

Hackers have lots of reasons to do all they do:

- Some of them works to find security holes in computer companies and report them to the company in order to fix that hole. (Most of them are working for this company, they are called "whitehat hackers")

- Others use their knowledge to find security holes and exploit them against a company to protest against any reason related to this company (they are "blackhat hackers")

- Others use their expertise to find those security holes in order to uncover tracks or evidences in order to help to police to do their work.

- Others only are trying to improve their knowledge, finding security holes on random web sites or company servers, only to study WITHOUT doing any bad action (they are "wannabes").

I would really want to have the chance to explain that to police in all countries all over the world, due all security forces in the world are confusing hackers with vandals.



We must remember the SGAE judicial case, some hackers uncovered many evidences from SGAE and sent it to spanish security forces.

One of my most favourite websites in the www is "The Hacker News", their motto is "Truth is the most powerful weapon against injustice"

I remember another one from the Linux BackTrack distribution (the one that I'm using right now) "The quieter you become the more able you will able to hear"

I think this two mottos could describe differences between hackers and lammers/vandals.

.
"We are legion"
Next Post: "Figthing hackers, is it possible? is it necessary? (Part 1)"

The lazy guy

The lazy guy and the engineers

When I started to work, some time ago, there was a guy who was already working there, just a year before me.

Then, my working team was formed by seven or eight people, they all was people that studied the same career as me.

All of them but one was engineer. Early working was great, we were happy at work.

Just a few months after, when I was talking with him who wasn't an engineer, he told "I'm very happy because I've the same job as an engineer without the need of studying. I think studying is not important, all of you've been wasting your time"

This was an issue that turned me so angry but I finally thought that he was not serious and he has no intention to hurt us. I never believed how much I had mistaken.

During this while our teamwork was growing and growing, a few months after I started to work six or seven people more increased our team. All of them were engineers too but this one, this one who was happy to not to be an engineer.

I can't remember when, but I remember I told this conversation to a new component of our team, he couldn't belive that, but when the time was passing some of my mates had similar conversations with this guy.

Bi-yearly our company gives a price to the hardest worker people in the company, to the three to five most able to do his/her work.

Our team has become important in our company, not for be the most pretty, not to be hard workers, just to be one of the teams that earns more money.

Due to that, the site manager selected our team to win the price, that was great! one of us will be rewarded to all the work we do all days, great!

From my view, this changed the course of our working trajectories. Our manager selected the "lazy man" to win the price, that was really frustrating.

the guy who told us that we wasted our time in university?
the guy who is the laziest one?
the guy who never done his work at time?
the guy who always accomplish to "balance/share" his work to another team mate?

Yeah, that really happened.

Today, the engineers in our company are still waiting for the end of the story because all stories has a happy ending.

We're waiting the ours one

Next Post: "Anonymous vs Police?"

The story of the baker and the computer engineer

Today I'm back to tell you a story, the story of the baker and the computer engineer.

Some time ago there was two friends, one of them works as baker and the second one went to the university and completed a carreer, computer engineer.

During this time,  the baker was working some years and he earned some money and every friday and saturday night he went out to the disco and pubs

In this same years, the second friend (the one who is engineer today) had to study very much but this is a work which didn't return him any money, he couldn't go out due to he had no free time neither money.

He had to leave his family and go to other city, bigger than his. He knew new people and fight very hard to get what he wanted.

Those years became harder and harder due to the friend who went to university couldn't see inmediate benefits.

Between this years, there was a weekend when they met. They were talking one or two hours about their histories.

The baker friend asked the another one to go home and try to fix his computer. The second friend went thinking to help his friend, he tried and he fixed that computer, he spent about three or four hours on that fixing.

The next day, at morning the friend who was studying went to the bakery's friend, he requested two pieces of bread, he really thought his friend will invite him due to the work of the previous day but his friend said "this costs 3€, please".

The student friend get so angry and told: "Do you really want to be paid? Don't you remember the work done yesterday"

And the baker friend replied: "Oh! really! I want to be paid, the work you done yesterday had no cost for you!"

The student friend paid and had never talked again to his old friend never.

Eigth years after,  the student has become a computer engineer, he lives in a rented house but has enough money to go to other countries, to travel around his own country, he has free time to go out with his girlfriend...

Eigth years after, the baker friend is still a baker and works very much to earn his money, day and night.



That story is based in my own experience. I'm not the baker friend.
Right now I'm on the roof of my house with my PC and a very cool beer, my old friend should be working, I think.




Next Post: "The lazy guy"

Differences between to work with computers and to be a informatic professional

Lots of times we heard: "My brother/sister/cousin... is a computer expert, he/she works in a big company"
Most times, he/she will break down our PC and then a real computer expert is needed (and very well paid).

In the last twenty years many people decided to become computer technician by reading a few magazines or manuals, most of this people today is between fourty and fifty years old and they think they are the most expert guy in their company.
More over, most of them has not completed any universitary career, even most of them never tried to start those studies.

Nowadays, we have two generations of "technicians": the older one who thinks they are the most expert in the company and the newest one, where most of them are computer engineers trying to adquire the work that they should own.

From my own, the first technicians has improved their jobs and they are now supervisors and managers of the new technicians. Some of this managers feels that their jobs are threatened by new technicians, who have more powerful updated knowledge; they feel can loss their jobs and need to fight this new technicians.

From my own experience, in the new generation of technicians there is high qualified smart people and others who are not smarter and qualified than other, that's very usual.
I saw many times how this medium-qualified engineers promotes their jobs and get major opportunities due to their manager feels lower danger to theirs jobs instead to promote a great engineer, due to this engineer implies a threat for their job status.

Just some months ago, my manager told us "You must do your jobs well or very well, but not excellent!, this is the way to improve in a company"

I hope you are not in this case because if you are a excellent engineer, you won't promote, due to "you are a threat" to your manager.

Nowadays, that's the difference between to be a computer worker or to be computer proffessional.


Next Post: "The story of the baker and the computer engineer"

Digital Illiterates

In the last days, we've read on newspapers, twitter, TV... how police and other security forces tried to stop some "hacker groups" and how they can't (from my view).

Nowadays, when we see somebody who didn't know write or read we think (so surprised) "I can't believe that there is still any people who cannot read and write without problem, shouldn't be any illiterate people in the world, we have to fight against this problem". But we must remember "El Quijote", novel where there is a guy who reads too much and people thought about him that he is crazy.

In the last ten years, a guy who takes so long with his/her computer was seen as a freak or an unsocial person even a crazy guy (remembers "El Quijote", right?)

I think those people is now carrying out the danger of become digital-illiterate. Those people could work as police and others security groups and they are trying to stop Anonymous, LulzSec and others like them.

Even more, some of them told "I challenge those hackers to attack again our company".  



I think: really? are you serious? Are you challenging people who can shutdown your PC on this moment? people who turn off all lights around your neighborhood? people who can access your personal data from the Play Station network? are you really challenging?

Now, we are starting the century when just a child sited on a little chair can attack your bank account and take out lots of dollars or euros  :)

Please, try to not to become a digital-illiterate...

Next post: "Differences between to work with computers and to be a informatic professional"

Breaking news

Hi there,

I've created my new blog, this will be my online public diary but this doesn't mean will be daily :)


I hope you feel identified by my stories.
My first post will be "Digital illiterates".

Follow me at @fvallejoluna
Next post: "Digital Illiterates"