It was the first day of semester 2 of my final year today. The new free-elective module I was attending is called ‘Computer Security and Forensics’, but I call it ‘hacking’ for short. This module is gunna be great! It’s basically all the stuff I like to experiment with in my free time, but I get credits for doing it! Amazing.

The tutorial entailed sniffing FTP/HTTP/SSH/TELNET packets… nothing too intensive for the first lesson I suppose. It was cool though, helping Aryel learn the magic of Wireshark. The lecture was about the difference between Hackers & Crackers, what they are after, and how they go about it. Again not too intense, but it was entertaining never-the-less.

This has inspired me to write about some exploits of the past. The fun stuff that kept me entertained in my youth, that you just can’t do any more (wow I sound old);

Voicemail hax, Bluejacking, Netsend.

Voicemail hax

All voicemail boxes on mobile phones have default pin codes, these days you’re forced to change this pincode before you can access your voicemail remotely, this wasn’t always the case. Back in the days of BT Cellnet, before o2, you could take over someone’s mailbox, simply by knowing the default pincodes for whatever network the target was on. Of course this wasn’t hard to work out, because all mobile networks have their own range of numbers (today a lot of o2 iPhone numbers are 07525 for e.g.). So if someone’s phone was off (or if the rejected you !!) when you reached their voicemail greeting, you’d simply have to type * and then the four digit default pin. You could pretty much garuntee nobody had changed this pin, because most people don’t access their mobile phone voicemail remotely. Once in, you could listen to their messages, erase them, and the option that gave me the most fun was recording new greeting messages. You could leave any message, and the target would be none the wiser. Their callers might think they were a bit strange, depending what greeting you left, but hey, it’s all fun and joke!

Bluejacking

Let me start off my stressing, Bluejacking  is not aggressive. Bluetoothing is to hacking what Bluesnarfing is to cracking. Bluesnarfers focus on using Bluetooth technology maliciously, by stealing contacts/messages, making calls etc. That’s not what Bluejacking is about.

Bluejacking is about pranking. It’s a laugh. Basically you create a contact in your phonebook with a message, and then you send that contact via Bluetooth to a random recipient. Back when Bluetoothing was popular, the recipient phone would automatically accept the contact, and usually the text would display on the screen on their phone “YOU’VE BEEN BLUEJACKED!”. With some phones you could attach images to the contacts, and sometimes just send images alone.

There are still communities around Bluejacking. BlueJackAddicts was the most popular community site around Bluejacking, but they have since vanished to Oblivion. BlueJackQ is still around. The idea was to try and find the person you were Bluejacking, usually this was easy just by looking around for shocked expressions. You’d then try and take a sly photo, and post it on the community forums. Then you’d wait and hope that they would follow the link in your messages, and sign up to the fourms,  to post their side of the story. Of course the aim was to not get caught – but whenever you did, they pretty much always saw the funny side.

This was fun when out with friends. With either a PDA or a good Bluetooth capable phone. There were lots of different softwares available (particularly for Symbian phones). You can still get the software, but these days all phones require manual acceptance to recieve data over Bluetooth, so it’s practically impossible to Bluejack someone who isn’t actively looking at their phone, and even then it’s not easy.

I did write a few posts about the funny experiences I’d had Bluejacking, but this was on an old blog which has dissapeared into the blogosphere.

It was fun while it lasted.

Netsend

This one almost got me excluded from college… by accident of course.

Back in the days of Windows NT (XP was probably out at this point, but my college was tight), few non-geeks knew about net send. Of course in college we had no access to the command prompt, but we did have Microsoft Visual Studio – we were programming in Visual Basic at the time. I wrote a small application that used the net send service, to broadcast messages accross the network.

The problem arrose when I accidently sent my message to the whole domain, instead of just the IT room that I was in at the time. So this message “Yo wassup?” or something equally innocent was sent to every switched on computer throughout the whole college – including the Principle’s. Obviously i switched computers immediatly, once I’d realised what I had just done, and not a moment too soon. One by one, no less than 10 tutors/staff members came into the room asking who was on PC 13, because they had been very naughty and sent a message out over the network. Obviously I didn’t own up straight away, but it was obvious that I was the culprit, being that everyone in the class had seen me switch computers. After strict words from my course leader, everything was resolved. But tbh looking back, they really should have looked after their network properly.

Funtimes. I actually stopped playing around with the ’shady’ side of computer security when I turned 16, due to fear of prosecution. My mum always said “You’ll either end up being really rich and successful, or end up in jail”, lmao, which is probably true. I like to experiment, I’m a big believer in the Freedom of Information as well as Freedom of Speech. But that doesn’t make me a bad person. The world just doesn’t understand Hackers, or what we’re about. I blame the media (and Bill Clinton). It looks like I’m going to enjoy this module though.