Meddling

It would’ve worked, too, if it weren’t for those meddling kids!

There are 617 posts filed in Meddling (this is page 39 of 62).

The need for probation reform

After digging up some info on the two suspects in my neighbor’s burglary, I found out even more distressing information. Edwards had been arrested March 30th for the very same charge, Breaking and Entering, skipped bail and missed court date, which apparently resulted in his Failure To Appear charge. This is of course all after he was convicted in December of multiple property crimes. I haven’t found out yet what Enyinnaya’s story is but I wouldn’t be surprised if it’s a similar one.

Where was his probation officer? Who knows? Edwards got a suspended sentence and probation for his December thefts but felt confident enough that he wouldn’t get caught to bust into more homes three months later.
Continue reading

Weatherford Drive burglary suspects identified

Bango Eninnaya


I heard back from Raleigh Police on the Weatherford burglary suspects. The two suspects are Bango Benjamin Enyinnaya, age 16, of 2334 Keith Drive in Raleigh; and Tyler Gregory Edwards, age 19, of 1317 Hazelnut Drive in Raleigh. Enyinnaya was charged with Felony Breaking and/or Entering, Larceny After Breaking/Entering, and Felony Probation Violation. Edwards was charged with Felony Breaking and/or Entering and Larceny After Breaking/Entering.

Tyler Edwards


Both Enyinnaya and Edwards have criminal records for breaking-and-entering. It seems around Thanksgiving of last year the two decided to go on a burglary spree. Edwards has a longer rap sheet, including an arrest in Charlotte for marijuana possession in August of 2010. He was arrested most recently on April 25th on a Failure to Appear charge.

No word on how many other burglaries these two are tied to. Raleigh Police tell me the vehicle did not belong to either suspect but was one that they had access to. That might explain the parade of strangers through our neighborhood following the break-in, returning to find the car.

Burglars busted!

Friday evening, I learned from my neighbor that two suspects who allegedly broke into my neighbor’s house have been arrested. I knew it wouldn’t take long, since the hapless burglars had fled on foot and left their getaway car in the driveway. Rumor has it that at least one of the kids was arrested when he was caught when he was breaking into another home.

Friday afternoon, I took note of a strange car making a loop down Weatherford Drive. There was a young kid in the middle of the back seat and it looked as if he were being chauffeured around. I remember from our own break-in a few years ago that police detectives will drive burglary suspects around to the homes the suspect might have burglarized, giving the suspect the opportunity to own up to each break-in. I don’t know if this is what was taking place with this kid but it made me wonder.

I haven’t heard back from my police contacts about the details of the arrests. If I get those details I’ll post them here.

Update 1:15 PM: Info on burglary suspects is here, courtesy of the Raleigh Police Department.

The Art of Deception

The recent LinkedIn password crisis got me looking for good book on hacking. Sadly, Kevin Mitnick’s book The Art of Deception is not that book. On the foreward page of the book, one reader scrawled a message that said:

WARNING! THIS BOOK COULD HAVE BEEN A MAGAZINE ARTICLE, FOR ALL ITS SUBSTANCE!

I got through about ten pages before I concluded that the previous reader was right. Mitnick’s a terrible writer, with many of his sentences tend to ramble and lack focus. It reads as if he was told by his editor to fill x pages and so he put little thought into what he is trying to say.

What’s more, much of what he says doesn’t rise beyond simple common sense. It’s not entirely Mitnick’s fault, as network security became far more sophisticated while he was serving time for his crimes. While he might have been a big fish when he was arrested in Raleigh in the early 90s, his hacking methods don’t compare to those used today. For instance, Mitnick recommends against writing down passwords, even though most security experts now agree that this policy encourages people to use simple, easy-to-remember passwords that can be easily cracked. Even if Mitnick was up on the latest techniques, though, it’s likely he can’t reveal these techniques due to terms of his parole.

What we’re left with is a book that is actually pretty boring. I’m a guy who enjoys learning about network security but even I can’t bear to finish this book.

Fake “morgue shooting” headline

"17 remain dead in morgue shooting spree"


A blurry image shared by the George Takei Facebook page showed an edition of the News and Observer that had a story headlined “17 remain dead in morgue shooting spree.” It looked fishy, so I went hunting for the source.

Turns out, Andy Bechtel already did the legwork:

So where did the fake N&O page come from? A Facebook friend points to the Brunching Shuttlecocks, a defunct comedy website, as the source of this image. If you happen to know more, please add a comment on this post.

Good job, Andy!

(For those who are curious, here’s the real front page appeared on September 7, 2001. [PDF] )

Your Paypal.com transaction confirmation.

I got a realistic-looking but fake notice in my email purporting to show someone spending money from my PayPal account. Needless to say, this is a phishing scam.

PayPal logo Transaction ID: 33746045
Hello supercoolguy@supercoolguy.educomnet,

You sent a payment of $357.48 USD to Xavier Parrish

Thanks for using PayPal. To see all the transaction details, Log In to your PayPal account.

It may take a few moments for this transaction to appear in your account.

Seller
Continue reading

More on the LinkedIn password breach

I found this analysis from a fellow network security geek in the UK to be quite interesting:

…which lends a little weight to the theory that the file primarily contains hashes which some script kiddie could not crack with basic tools, and hence makes us wonder what he’s done with all the ones which he did crack – and how much of the LinkedIn corpus that would represent?

He’s got a point. So many tools exist to easily crack these password hashes. I just tried hashcat on them using the standard Ubuntu dictionary file and cracked 20,000 of them in seconds using just my lowly laptop. So why would the hacker pretend to need help cracking them? Why post to a hacker forum where one is certain to face ridicule?

This leads me to speculate that the hacker is either enormously clueless or (perhaps more likely) aiming to embarrass and/or blackmail LinkedIn. Was this a staged demonstration of a hacker group’s power to disrupt a high-profile site? A warning to others, like Facebook and Google?

Another amusing aside is that just yesterday I used LinkedIn to send a message to a stranger who might know an old friend of mine. I tried several times to leave my email address in LinkedIn’s contact message but finally gave up: LinkedIn’s anti-spam measures are quite clever and blocked every iterations of email address obfuscation that I tried.

It’s amusing that LinkedIn can be so good at blocking spam to its users while being so bad on keeping their accounts secure!

LinkedIn password leak is confirmed

I did some hunting for the password hash list which reportedly includes the passwords of 6.5 million accounts. After downloading the file, I did a quick search on my password “tXrNNb706+” (which has since been changed, duh):

grep -n `echo -n tXrNNb706+ | shasum | cut -c6-40` hacked.txt

This spit out the following:

4096152:b0a6f8fba1a954de7d60bf4dbc3805d1056cf443

Boom! My hash appears on line 4,096,152. Yikes!! It’s a good thing I use unique, strong alphanumeric passwords for all of my accounts! That password was only used for LinkedIn, so I know the hash list was collected from LinkedIn.

But why is this file only 6.5 million hashes, if LinkedIn has over 161 million users? My guess is that an exploit was placed on the LinkedIn servers during a certain timeframe and during that time it collected the hashes of these 6.5 million users. My compromised LinkedIn password was last changed in December 2011, about six months ago.

The whole incident has given me reason to rethink the password problem, and the problem of authentication, to see what better methods exist for proving identity in a digital world.

Bonus link: read this detailed analysis on YCombinator (warning: heavy geek quotient).

Bad Day For LinkedIn: 6.5m Hashed Passwords Reportedly Leaked

This is bad. Very, very bad. Unhashed passwords are a no-no. I’m shocked that LinkedIn has been so careless.

If you have a LinkedIn account, you should change your password immediately!

And always, always use a unique password for each and every service you use.

Already in the spotlight over concerns that its iOS app collects full meeting notes and details from a device’s calendar and sends them back to the company in plain text, LinkedIn user accounts are now said to have been compromised, with 6.5 million hashed and encrypted passwords reportedly leaked.

Norweigan IT webite Dagens IT reported the breach, with 6.5 million encrypted passwords posted to a Russian hacker site. Security researcher Per Thorsheim has also confirmed reports via his Twitter feed, stating that the attackers have posted the encrypted passwords to request help cracking them.

via Bad Day For LinkedIn: 6.5m Hashed Passwords Reportedly Leaked.

Neighborhood break-in causes little concern

RPD is just a phone call away


Thursday provided a bit of unexpected excitement in the neighborhood. I had just stepped away from my home office desk for lunch when I read an email from a neighbor, saying that she had seen suspicious men at another neighbor’s home and had called the police. Looking out the window, I was amazed to see three Raleigh Police cruisers parked down the street!

I found out from other neighbors who were outside that the house at the end of the neighboring street had been broken into. Officers had the house surrounded, believing the perpetrators were still inside. I chatted a bit with my neighbors until a K-9 officer returning his dog to his car let us know that no one was inside.

It seems the perpetrators left out the back door as officers arrived, having had time to stack TVs and an Xbox outside but no time to take them with them. Fortunately for the police, the burglars very thoughtfully left their getaway car sitting in the driveway! I smiled as I watched the car being towed away, knowing how much evidence the burglars must have left in it. I’m sure it’s only a matter of time before the hapless burglars are caught.
Continue reading