Yesterday I read in the FAZ (Frankfurter Allgemeine Zeitung) that hackers are nowadays concentrating on hacking printers instead of workstations. To sum things up, the basic assumption is that important information will not merely remain in the digital form, but will soon or later printed. Especially in bigger companies, multi-national corporate giants, printing is done over the network.
To many hackers joy, the printers are not secured that well. Compared to workstations, servers or file-storages, the security measures aimed at keeping unauthorized access out is laughable. I did some testing with my Brother MFC 7820N Printer, which operates over the network here.

Read on | Printer hacking, the new way to go

This post was written in reply to keasone.de kind of survey of website (and web2.0 elements) usage | Initially, the questions were asked in German, but due to the international audience over here, I am going to translate them to English.

English: Do you use Social Bookmarking/Networking pages such as Digg, Yigg, Mister Wong or Del.Icio.Us? If so, which?

German: Nutzt Du Social Bookmarking/Networking Seiten wie Digg, Yigg, Mister Wong oder Del.Icio.Us? Wenn ja, welche?

On my website h4x3d.com I am using digg, technorati, del.icio.us (hate to spell that!), sphere.com, blogmarks.net, ma.gnolia.com and furl to offer my users all the social bookmarking tools that are currently popular. Mr. Wong is not yet available in English, so a strict no-go for me. Personally I only use digg and del.icio.us.

English: Do you watch videos on video portals such as YouTube, Sevenload or DailyMotion? If so, what kind of Videos?

German: Schaust Dir Videos bei Videoportalen wie YouTube, Sevenload oder DailyMotion an? Wenn ja, was für Videos guckst Du Dir meistens an?

I do not waste time on YouTube, because for some reason it is extremely slow whenever I am trying to find something. DailyMotion is great, but Videos you watched one day are gone the other. I used to collect Simpsons videos on the internet, but with one swift move, DailyMotion deleted them all. From time to time I watch the remaining FamilyGuy episodes on bolt.com. Actually that’s only because I am lazy, since I do own the original FG DVDs.

English: Do you know/use Flickr?
German: Kennst bzw. nutzt Du Flickr?

Who does not know flickr? I am using flickr to share all my pictures from university, trance events or whatever I capture using my crappy cellphone camera. When I need to post newly accquired vinyl covers, I use the flickr API which comes built in with some cool plugin in Wordpress. Really makes posting fun.

English: What do you think of services such as Twitter or Frazr?
German: Was hältst Du von Diensten wie Twitter oder Frazr?

I have been using Twitter only for testing their API (it’s actually only a RSS Feed…) and I am not using it daily. I think twitter is great waste of time and can be addictive for some people. Facebook offers similar twitter abilities. I don’t know Frazr. Cool name though! Oh btw. Alex, I deleted you from my friends list (it’s empty now), not as I don’t like you :p but as you were filling up my LifeStream (stupid RSS-Feed)!

English: How many RSS-Feeds are you subscribed to?
German: Wie viele RSS-Feeds hast Du abonniert?

Between 4 and 5, it really depends on the quality of content. I am subscribed to LifeHacker’s RSS-Feed and love it. However, sometimes it can become quite spammy, as they post 9–10 times a day. RSS-Feeds are a good way of catching up with other websites’ development, but again: also a great waste of time. I have subscribed to my own RSS-Feed in order to check if there are errors from time to time. I am using Feedburner to direct my posts to Feeds.

English: Do you read them daily?
German: Liest Du die alle täglich?

No, not really. Only if I need to waste time..

English: How many blogs do you maintain/author?
German: In wie vielen Weblogs bloggst Du? (Eigene oder Mitautor)

Only h4x3d.com and some minor small blogs that are not yet ready for public release.

English: Do you comment on other blogs? If so, what?
German: Kommentierst Du in anderen Blogs? Wenn ja was?

Yes, sure. Whenever I find something useful and commentworthy I leave my 5cent.

(there are more questions, but as I have to go now and have loads of other things to do today I am not going to comment on those. Thanks to keasone for throwing this stick to me, and hereby I am throwing back.. enjoy)

Read on | Website usage (web 2.0 related) questioned / Stckchn-beta-20

Ever since I owned the ICQ number 108039 I have been getting spam messages from all kinds of russians, turkish and eastern europeans. Since the ICQ UIN (Universal Internet Number) is one of the first numbers that was registered, it has become quite rare.
ICQ was developed in 1996 by Mirabilis. The company was founded by four young Israelis: Yair Goldfinger, Arik Vardi, Sefi Vigiser and Amnon Amir. After AOL bought it, it was managed by Ariel Yarnitsky and Avi Shechter.

Mirabilis (ICQ) started to give away ICQ # starting at 10000 so basically this is the 8039th number.

Anyway, I registered this PC when I was waiting for my dad in the office. I have always been interested in the Internet and always been reading stuff on the internet. Back then ICQ was announced in some news and I was so curious about this “new way of chatting” (before I was only using IRC - Internet Relay Chat) that I signed up.
Back then I didn’t have my own domain, not to dream of server or web space, so I was using a freemail service such as yahoo. Account registered, details entered (birthday, Nationality, Languages spoken, About etc) and then for long time (after some non-frequent use) nothing happened. ICQ kind of became unpopular for me, since all my friends were using IRC and no one could be bothered to sign up. So I kind of binned it, leaving the details “saved” on my (well actually this is quite important: it was not my PC, but my father’s companies one!) PC.

After two or three years, I can not really remember I started to use ICQ again, but I wasn’t really aware of my old account and thus registered a new one which I was from then on using more frequently to chat with my friends abroad. This was even long before anyone at school or in my class even knew ICQ as a chat tool, so much for the gap of internet knowledge at early times (not meant to glorify my internet use!).

Here is where it gets interesting, I think it was more a chain of coincidences, that lead me to my old ICQ account 108039: My father changed companies and brought home this particular PC (which I was using before, but then was given back to the office clerk, then back to my father for home use and so on.. back then (again) it was not very usual to format PCs every few weeks and forth)) and asked me whether I’d use it as a new router for our newly established DSL broadband internet access.

Since I didn’t have that much to do (contrary to today), I agreed to spend some time looking into things, googling for one-disk linux routers. But before I formatted thee ol’ mill, I had to look through files that had to be backup’ed. Under C:\Program Files\ I found something interesting which raised my attention. A folder called ICQ. Wow! I had discovered my old account! But I couldn’t login, since the PC was not connected to the Internet. So I had to go to the local PC store, get a compatible Ethernet card (one with a BNC clip - ugh) and set it up to connect to the net. Some hours later I was able to login using the saved password! And it worked! It worked out of the box like a charm!. You cannot imagine how happy and surprised I was to find all my old contact in place, people that I didn’t speak with for years.

But another problem occurred, I didn’t know the password but wanted to use the account from my own PC upstairs. After some research a found different programs that were able to unmask the stars and showed the password. The password I had it set was so stupid:
JAyJAy0208.
I used a program similar to the one I am using nowerdays, it is called SIW. See the information below (also links to download it).

SIW is a System Information tool that gathers detailed information about your system properties and settings. [...] SIW also displays currently active network connections, Passwords hidden behind asterisks [...] A standalone tool that does not require installation.

Get it at author’s website | direct download (exe) | torrent download | mirror (exe)

Anyway, I was using my new ‘old’ account on my desktop PC and decided to change the password to one that I was using for other services such as e-mail, bouncer etc.
It was lowercase letters and 6 digets only and contrary to the password I had used when I signed up (read above), JAyJAy0208 had a change of uppercase and lowercase as well as numbers.
In terms of security the old password was stronger then the one I selected.

This is, at least so I think, what lead to the loss of my account, from one day to the next I was unable to login anymore. At first it was some kind of issue with Trillian or the ICQ service in general, but since the error code was remaining the same (Wrong Password) for days I assumed there was something wrong with my account. Of course official e-mail to ICQ didn’t receive a reply, post in the forums where ignored or deleted and in general no one felt like helping. After some time I figured out that my account could have probably been hacked, because I was not even able to get to the security question which could be used to reset my password. Also most of my personal information was deleted from the account profile. The only things left were my date of birth, my nationality and my spoken languages. My name, e-mail address and nickname were erased.

I started to research things, and googled for sites where you could buy UINs on, here are two exemplary excerpts:

It seemed like as if people were willing to pay great amounts of $ for low diget ICQ account, such as mine (108039). I checked many sites, russian sites, turkish sites, czech sites, german sites and asian sites, to no success. So I started to add so called “UIN dealers or Shop owners” and asked them to acquire the UIN 108039 for me (I used another account and said I wanted this ICQ number badly and was willing to pay, just to check whether it was available from a pool of hacked icq numbers or not), but no one was able to get it.
So where was my ICQ number? Who owned it, or hacked it? Was it a database error or mistake by ICQ?
Obviously the account was not deleted because of inactivity because ELSE I could not have logged in initially and changed the password and then again used it for weeks before the loss occurred.

I was running out of ideas and started to accept the “loss”, I began to re-add the folks of my old contact list to my new account and let grass cover the hole for some days. I was then approached by some russian dude, who had read my post on the ICQ forums. He said that he was experiencing the same symptoms, and that he had gotten a contact to some ICQ admin (I am not allowed to write here, I promised) and that he was willing to share that with me for $5 to be transfered to him via western union. Quite promising I thought, also because he had sent me an e-mail log (conversation) with this particular admin and he seemed quite cool and helpful. Thus I decided to take the risk and pay the five bucks. I received the contact the day after, added the person and told him my story in short. I knew that this admin wouldn’t have loads of time and was also worried of his contact given around like a stray dog, so I summed things up, explained how I got the contact and my situation, said that I could proof that I was the legal owner of this ICQ account and so on. This admin was not working in the security/account department , so he couldn’t promise anything, and of course he had 100s of better things to do then to help out some random dude from the internet. But he was so kind to ask his mate who’d worked in the security department if he wanted to look at things. He told me that I had to convince this admin with good proof and reasons that I am the owner and not some scammer wanting to make some quick bucks!

So I scanned in my Identity Card, my driving licsence and my travel passport and sent it to his e-mail address. He printed it out and went with these documents to his friend in the lunchbreak, and the next thing I remember is that I received an e-mail from ICQ three hours later, saying that my primary e-mail address had been reset, to enter all new security questions and with a brand new password with lowercase, uppercase, digets and special characters. I logged in using this password and it worked like a charm! wow, amazing! I am so thankful, still.
The password is similar to this (of course this is not my password, duh): s&Bo$7i!

If there is anything, ever, that I can do to repay you guys, in case you read this, I will do my best to sort things out.

* As a response to increasing UIN theft of attractive or very short UINs by hackers, ICQ started to store email addresses previously associated to a UIN. UINs that are stolen with phishing or brute force techniques can since then be retaken by their rightful owners using the password retrieval service on ICQ.com, even after the associated primary email address has been changed or replaced by the hacker. This only applies if a valid primary email address has been entered into the user profile since 1999.

further reading (not encouraged actually)

That article does not contain the full and detailed description of system - at present it is impossible. We shall consider only general moments.

It is obvious, that it is necessary for usual users ICQ only with the maximal attention and severity to observe all rules of ICQ-security, to keep number ICQ, since to hope for changeable system of restoration ICQ it is practically useless.

Read on | How I got my 6-diget ICQ account back in 2005