Tech and Gamer Gear Galore: Massdrop

Daniel Clarke

Massdrop (www.massdrop.com) is a group-buy website located out of New Jersey where people commit to buying a product. Once enough people commit to buying the product, the price begins to drop. After the drop has ended, Massdrop will place an order with the manufacturer. Massdrop has several different “communities” that it uses to list like products in the same area. A few of these communities include: Everyday Carry for knives and useful tools that you can keep in your pocket, Audiophile to suit your listening needs, and Tech for gadgets like a Raspberry Pi or other devices. Those are just a few of the (currently) 13 communities that Massdrop has to offer.

As an example, we’ll look at the DXRacer OH/IS11 Iron Series Chair. The drop can be located at https://www.massdrop.com/buy/dxracer-oh-is11-iron-series-chair. You’ll need to authenticate with Facebook or create an account using an email address; we suggest anonymizing services like Mailinator.com.

Each product has different requirements for the total number of people needed in order to get the discounted price. When the chair first “dropped” or came available for purchase, it was listed for $399.99. As more people purchase the chair, the price drops by $10 with every five people until it reaches the lowest price available of $369.99.

Stages of a Drop
Gamer chairs!

If you are interested in the product but only want it if it reaches the maximum discount, you can commit to buy the product at the lowest price. IMAGE (Commit) To compare the requirements for purchase, we will look at some GMK QMX-Clip Sound Dampening Brackets (located at https://www.massdrop.com/buy/gmk-sound-dampening-brackets).

Stages of a Drop: 2
Stages of a Drop: 2

These brackets are used to dampen the sound coming from a mechanical keyboard and are much cheaper than the chair. In order for it to be cost effective for both Massdrop and GMK, more people need to purchase the clips in order to justify a group-buy discount. In this case, at least 50 people are needed to get a discount with 100 people needed to reach the maximum discount.

Now, before you rush onto the site and place a bunch of orders, there are a few issues to understand about Massdrop.

One major complaint is the amount of time that it takes to receive a package. For example, I ordered a wicked set of keycaps on September 30,2015 (https://www.massdrop.com/buy/danger-zone-sa-keycap-set). The keycaps (I know, they’re badass huh?) didn’t arrive until February 17, 2016. Four and a half months is almost unheard of to wait for a product to reach you, especially when Amazon Prime will ship me something in 2 days. One reason is that it was a custom set of keycaps that was made specifically for those who purchased it from Massdrop. The other reason is that your order doesn’t drop ship directly to your door. The manufacturer sends the entire order to Massdrop who then sorts the order and ships it to the customer. I have since purchased other products from Massdrop and both of those orders took about three weeks.

Another major complaint that I have seen, especially recently, is that for products that are not custom made (think knives, chairs, headphones, etc.) it is possible to find the exact same or very similar product for the same price (give or take $5-10) on a major online retailer like Amazon or eBay. In that case, is it worth a few dollars extra to have your product within a week, or are you ok waiting significantly longer to receive it from Massdrop?

Nevertheless, I have used and will continue to use Massdrop.com and watch for new drops that happen daily. If I feel that it is a good deal, I will do my research to make sure that I cannot find the same product for cheaper elsewhere, and if I can’t, I will buy from Massdrop. As a price-conscious consumer, it would be unwise to do differently. As a techie, how can I help myself?

[Daniel Clark is an up-and-coming IT and security consultant in Albuquerque, NM, USA. This is his first contribution to School for Hackers, with more articles on technology and related goodies to come.]

Hacking Tips from the Article, “How To Not Get Hacked, According To Expert Hackers”

Backlit keyboard

TV personality Kevin Roose asked for it, and he got it. He wanted to research how people get hacked, so he decided to invite some prominent hackers to hack him. And hack him they did, cracking into everything from his webcam (pictures every two minutes) to all his online accounts (including banks).
Personally, I wouldn’t do this. It’s all too apparent, to the hack-literate, how people get hacked; the harder part is figuring out how NOT to.
Some of the solutions he proposes are familiar, like using a password manager, which is unfortunately a sword sharp on both sides. Others were new to me: have you heard of an app called Little Snitch? It monitors your outgoing traffic for suspicious activity. (Why is my computer uploading my credit card statements to China?)
And some “solutions” are as effective for the cracker as for the person trying to protect themselves: using a VPN, for instance. You’ll see more on that subject in this space going forward.
In the mean time, give this article a look, prospective crackers, hackers and security professionals.
(Image courtesy of User:Colin at wikimedia.org)

Are you that very nice or emphasized of security?

are you that goodWhen your neighbor sees the hosport you broadcasted, the very first thought he has is “oh, look at it, I’ve got my neighbor’s wifi, I might get access it luckily” and click!
So what do you up to? Are you so nice to let everyone access your wifi, or want to have privacy or share with specific people? If you concern about network security, you have better off from public. Keep in your mind that everyone who comes into your network is not but willing to use the internet access you shared.
At the movie Cinderella, the King held a party for the price to choose the girl he loved and the royal prince’s invitation said “Every maid in the town was invited to the party.” despite the one who the prince actually awaited was Cinderella. Unfortunately, the step-sisters and step-mother of Cinderella enjoyed the party. Then, the step-mother got eavesdropped the Royal Guard’s conversations then she blackmailed the Royal Guard, shortly. So, we could be considerate as everyone who enjoyed the party had willing not but to have the party, to dig their own advantages.
Immediately, min mg mg steps up from the moments of he was at the movie and said “Grandpa, we should maintain a protection at our wifi, we haven’t better give access to everyone.” And the grandpa said “protection? Does it make sense if I keep this inside my iron cabinet?”. “No it doesn’t make any sense, we have to keep it outside to be able to access from your smart phone and my laptop to share the internet access but others.” min mg mg said. “Look, here are so many protection options to protect most of attacks and firewall settings as well” he said with getting access his small business wifi access device via a browser. And he continued “Here are the options WEP, WPA, WPA2”. “What the heaven?” Grandpa responded. The grandson said “chill up, I’m putting you down, grandpa, WEP is wired equivalent privacy, the security algorithm for IEEE 802.11. It was recognizable by the key of 10 (or) 16 hexadecimal digits. Its primary encryption method is; the encrypted ciper text are generated by doing the XOR Gates (Exclusive OR gate) of the keysteam by the combination of (IV) Initialization vector and keys, encrypted by the RC4, the encryption algorithm ciper (cyper) and the plaintext. It was 64-bit encryptions increased to 128-bit, yet Wi-Fi Alliance announced that the WEP had been superseded by WPA in 2003. So, immediate question is what is WPA? WPA is Wi-fi Protected Access, IEEE 802.11i sometime referred to as the draft standard IEEE 802.11. It’s anticipated to a yet securer, more complex WPA2. WPA2 was started in 2004. WEP provided data confidentiality comparable to the traditional wired network and WPA was developed by Wi-Fi Alliance to protect wireless computer network. WPA-PSK (pre-shared Key) is the common WPA configuration, used 256-bit key encryption. And it is associated with a system called message integrity check, determined if an attacker had captured or altered packets passed between the access point and client as well. The most significant change between WPA and WPA II is, Advanced Encryption Standard (AES) has to be used mandatorily.” And Grandpa spill his guts and said “Just do your thing ahead, oh my, headache, headache” and he continuously said “so, use WPA, a yet securer”. He looks slightly got the point. Of course, having a bright grandson like min mg mg is gratifying.
Young people have intelligent capabilities. We should provide them to be able to implement their imaginations. Rather than teaching them how to do, what we can do and what will be in order are the needs. If you keep blocking their inspirations by any mean, they can’t be able to realize “why”, much less great intelligence. That’s the reason Hacker High School is going for, they intend youths to be great by doing great things with great humility. In our environment, likewise we need to have someone like min mg mg who to help us to be able to understand the technologies well, at least, to be able to purchase the technology materials in fair-deal.
Well, now min mg mg is getting busy for a school conference. He is working on a presentation, based on a real world scamming matter to present. “The Scammed IT Guy” he just bannered it.are you that good

Social Engineering

SE

“Social Engineering can be known as psychological manipulating in shortly, a legitimate lie, but yelling ‘Fire!’ in a crowed movie-theater and in a public is unlawful”

“Yes, this is definitely an attack vector, almost relies on human interactions. Often involve tricking people, indirectly prompting people to spill their guts and take advantages on their crush or their craziness, let’s talk social engineering” Min Mg Mg talked to Grandpa.

“This is a con game. For instance, an attacker pretend to be a co-worker who has some kind of urgent problem that requires access to office and asking his/her colleague to let him/her in.” he continued. “That’s a cheating. What different from a liar? Grandpa asked.

“Unlike a liar, it’s is more than a liar it is about to get what you want indirectly, because it is gentle.  Ok, I’ll give you an remarkable example. In the video called “Catch Me If You Can” there are a lot of the social engineering topics. Sr Frank asked his Jr Frank that “You know why yankee always win, frank?” and Jr. Frank answered “Because, they have Mickey Mantle.” Sr Frank said “No, because of the other teams can’t stop staring at the pinstripes”.

Next more notable example is; by the time Jr. Frank started his business. He needed to have PAN AM airline’s pilot uniform to be able to successfully mimic as a PAN AM’s pilot. So, he called to PAN AM airline.

Receptionist: Pan Am, may I help you?

FRANK: Yeah, hello. I’m calling about a uniform.

Receptionist: Hold for Purchasing.

FRANK: Thank you.

WOMAN: Purchasing.

FRANK (Southern accent): Hi. I’m a copilot based out of San Francisco. I flew a flight into New York last night but I’m headed out to, uh, Paris in three hours. The problem is, I sent my uniform to be cleaned through the hotel and I… I guess they must have lost it.

WOMAN: They lost a uniform. It happens all the time. Don’t worry; go down to the Well-Built Uniform Companyat Ninth and Broadway. They’re our uniform supplier. I’ll tell Mr. Rosen you’re coming.

So, in the event he could have PAN AM’s uniform. That’s one of the social engineering methods, grandpa. Frenk is a confidence man. Of course, (con man) that’s the very important skill that a social engineer needs.” Min Mg Mg just gives an example to Grandpa. And.

“Frank Abagnale was one of the most famous back there. And Kevin Mitnick who is very famous within people who love and studying computer hacking and security awareness. I’d love to talk about some well-known methods of social engineering.” Min Mg Mg said when he started opening a presentation file.

“Popular types of social engineering attacks”…..

Fedora 23 Security Lab card for Raspberry Pi 2

$29.95, shipping in the US $6.45

fedora_infinity_140x140



Note: Shipping rate is valid only in the USA. Contact us for overseas shipping rates.


The choices of OS for Raspberry Pies haven’t been many, especially since the fading of the Pidora distribution. Raspbian has stayed the top choice, among some smaller players, as well as the Debian-based Kali ARM distro.

Kali is a great tool, but learning the basics of security testing with Kali is like going to the shooting range with a bazooka. If you’re not aware of the many (many) interactions, dependencies and moving parts, it can be dangerous.

The people at Fedora both produce an up-to-the-minute ARM kernel for Pi and other ARM computers, and they also sponsor “spins,” which are specially-configured versions of Fedora for a large number of uses – including security testing. You can find some basic information at https://labs.fedoraproject.org/de/security/.

We’ve taken the trouble out of setting up the boot scripts, installing Fedora 23, setting up the Security Lab, VNC Server so you can use VNC remote desktop access, the sshd so you can SSH in immediately, and much more. The 8GB Class 10 card has room for your files and is the highest speed category.

This OS and card are for the Raspberry Pi 2.

How to Set Up Our Raspberry Pi microSD Card

You are about to have so much fun.

We assume you have a Raspberry Pi and know how to put it together. Simply place our Fedora Security Spin (FSS) microSD card into your Pi and power it up.

You’ll be prompted for a user name and password, of course. Your user name is hacker and your password is hack2live. Do not leave this password unchanged! Open a terminal and type:

passwd

and then enter a good, stout password. Twice, to prove you can. Don’t forget it; this is for-real Unix and won’t make things easy for you if your do.

Be sharp about installing updates as they become available; Fedora will let you know about these.

Notes on Fedora on Raspberry Pi

This isn’t an installer. This is a ready-to-go pre-installed FSS environment designed for hacking students and security testers.

Our Pi card ships with VNC Server already set up and running. Once you know the IP address of your Pi (an nmap scan is a nice way) you can use any VNC client and connect on port 5910.

The sshd daemon is running too, so you can ssh to your Pi’s IP address using the default credentials.

The screen saver is disabled for two reasons. First, if your Pi goes into standby, it shuts down the wifi adapter and is notoriously bad at bringing it back up. Second, because you Pi doesn’t have a BIOS/CMOS, it doesn’t know what time it is at boot until it syncs to a time server, so as soon as you log in, the screen saver will lock you out, forcing you to log in again. If the screen saver is important to you the configuration can be set up in the GUI desktop tool.

This installation uses the default Fedora ARM kernel. There are other distros available that use an out-of-tree kernel, usually based on Ada’s work, to enable things like tiny touch screens. Compatibility with some of the testing tools is problematic, my kernel developer tells me, so for the sake of a good hacking experience we’ve stuck to the mainstream kernel. This is cool. As new kernels come out you’ll get them (or refuse the update if you want, but you don’t, usually).