Are you that very nice or emphasized of security?

are you that goodWhen your neighbor sees the hosport you broadcasted, the very first thought he has is “oh, look at it, I’ve got my neighbor’s wifi, I might get access it luckily” and click!
So what do you up to? Are you so nice to let everyone access your wifi, or want to have privacy or share with specific people? If you concern about network security, you have better off from public. Keep in your mind that everyone who comes into your network is not but willing to use the internet access you shared.
At the movie Cinderella, the King held a party for the price to choose the girl he loved and the royal prince’s invitation said “Every maid in the town was invited to the party.” despite the one who the prince actually awaited was Cinderella. Unfortunately, the step-sisters and step-mother of Cinderella enjoyed the party. Then, the step-mother got eavesdropped the Royal Guard’s conversations then she blackmailed the Royal Guard, shortly. So, we could be considerate as everyone who enjoyed the party had willing not but to have the party, to dig their own advantages.
Immediately, min mg mg steps up from the moments of he was at the movie and said “Grandpa, we should maintain a protection at our wifi, we haven’t better give access to everyone.” And the grandpa said “protection? Does it make sense if I keep this inside my iron cabinet?”. “No it doesn’t make any sense, we have to keep it outside to be able to access from your smart phone and my laptop to share the internet access but others.” min mg mg said. “Look, here are so many protection options to protect most of attacks and firewall settings as well” he said with getting access his small business wifi access device via a browser. And he continued “Here are the options WEP, WPA, WPA2”. “What the heaven?” Grandpa responded. The grandson said “chill up, I’m putting you down, grandpa, WEP is wired equivalent privacy, the security algorithm for IEEE 802.11. It was recognizable by the key of 10 (or) 16 hexadecimal digits. Its primary encryption method is; the encrypted ciper text are generated by doing the XOR Gates (Exclusive OR gate) of the keysteam by the combination of (IV) Initialization vector and keys, encrypted by the RC4, the encryption algorithm ciper (cyper) and the plaintext. It was 64-bit encryptions increased to 128-bit, yet Wi-Fi Alliance announced that the WEP had been superseded by WPA in 2003. So, immediate question is what is WPA? WPA is Wi-fi Protected Access, IEEE 802.11i sometime referred to as the draft standard IEEE 802.11. It’s anticipated to a yet securer, more complex WPA2. WPA2 was started in 2004. WEP provided data confidentiality comparable to the traditional wired network and WPA was developed by Wi-Fi Alliance to protect wireless computer network. WPA-PSK (pre-shared Key) is the common WPA configuration, used 256-bit key encryption. And it is associated with a system called message integrity check, determined if an attacker had captured or altered packets passed between the access point and client as well. The most significant change between WPA and WPA II is, Advanced Encryption Standard (AES) has to be used mandatorily.” And Grandpa spill his guts and said “Just do your thing ahead, oh my, headache, headache” and he continuously said “so, use WPA, a yet securer”. He looks slightly got the point. Of course, having a bright grandson like min mg mg is gratifying.
Young people have intelligent capabilities. We should provide them to be able to implement their imaginations. Rather than teaching them how to do, what we can do and what will be in order are the needs. If you keep blocking their inspirations by any mean, they can’t be able to realize “why”, much less great intelligence. That’s the reason Hacker High School is going for, they intend youths to be great by doing great things with great humility. In our environment, likewise we need to have someone like min mg mg who to help us to be able to understand the technologies well, at least, to be able to purchase the technology materials in fair-deal.
Well, now min mg mg is getting busy for a school conference. He is working on a presentation, based on a real world scamming matter to present. “The Scammed IT Guy” he just bannered it.are you that good

Social Engineering


“Social Engineering can be known as psychological manipulating in shortly, a legitimate lie, but yelling ‘Fire!’ in a crowed movie-theater and in a public is unlawful”

“Yes, this is definitely an attack vector, almost relies on human interactions. Often involve tricking people, indirectly prompting people to spill their guts and take advantages on their crush or their craziness, let’s talk social engineering” Min Mg Mg talked to Grandpa.

“This is a con game. For instance, an attacker pretend to be a co-worker who has some kind of urgent problem that requires access to office and asking his/her colleague to let him/her in.” he continued. “That’s a cheating. What different from a liar? Grandpa asked.

“Unlike a liar, it’s is more than a liar it is about to get what you want indirectly, because it is gentle.  Ok, I’ll give you an remarkable example. In the video called “Catch Me If You Can” there are a lot of the social engineering topics. Sr Frank asked his Jr Frank that “You know why yankee always win, frank?” and Jr. Frank answered “Because, they have Mickey Mantle.” Sr Frank said “No, because of the other teams can’t stop staring at the pinstripes”.

Next more notable example is; by the time Jr. Frank started his business. He needed to have PAN AM airline’s pilot uniform to be able to successfully mimic as a PAN AM’s pilot. So, he called to PAN AM airline.

Receptionist: Pan Am, may I help you?

FRANK: Yeah, hello. I’m calling about a uniform.

Receptionist: Hold for Purchasing.

FRANK: Thank you.

WOMAN: Purchasing.

FRANK (Southern accent): Hi. I’m a copilot based out of San Francisco. I flew a flight into New York last night but I’m headed out to, uh, Paris in three hours. The problem is, I sent my uniform to be cleaned through the hotel and I… I guess they must have lost it.

WOMAN: They lost a uniform. It happens all the time. Don’t worry; go down to the Well-Built Uniform Companyat Ninth and Broadway. They’re our uniform supplier. I’ll tell Mr. Rosen you’re coming.

So, in the event he could have PAN AM’s uniform. That’s one of the social engineering methods, grandpa. Frenk is a confidence man. Of course, (con man) that’s the very important skill that a social engineer needs.” Min Mg Mg just gives an example to Grandpa. And.

“Frank Abagnale was one of the most famous back there. And Kevin Mitnick who is very famous within people who love and studying computer hacking and security awareness. I’d love to talk about some well-known methods of social engineering.” Min Mg Mg said when he started opening a presentation file.

“Popular types of social engineering attacks”…..

Fedora 23 Security Lab card for Raspberry Pi 2

$29.95, shipping in the US $6.45


Note: Shipping rate is valid only in the USA. Contact us for overseas shipping rates.

The choices of OS for Raspberry Pies haven’t been many, especially since the fading of the Pidora distribution. Raspbian has stayed the top choice, among some smaller players, as well as the Debian-based Kali ARM distro.

Kali is a great tool, but learning the basics of security testing with Kali is like going to the shooting range with a bazooka. If you’re not aware of the many (many) interactions, dependencies and moving parts, it can be dangerous.

The people at Fedora both produce an up-to-the-minute ARM kernel for Pi and other ARM computers, and they also sponsor “spins,” which are specially-configured versions of Fedora for a large number of uses – including security testing. You can find some basic information at

We’ve taken the trouble out of setting up the boot scripts, installing Fedora 23, setting up the Security Lab, VNC Server so you can use VNC remote desktop access, the sshd so you can SSH in immediately, and much more. The 8GB Class 10 card has room for your files and is the highest speed category.

This OS and card are for the Raspberry Pi 2.

How to Set Up Our Raspberry Pi microSD Card

You are about to have so much fun.

We assume you have a Raspberry Pi and know how to put it together. Simply place our Fedora Security Spin (FSS) microSD card into your Pi and power it up.

You’ll be prompted for a user name and password, of course. Your user name is hacker and your password is hack2live. Do not leave this password unchanged! Open a terminal and type:


and then enter a good, stout password. Twice, to prove you can. Don’t forget it; this is for-real Unix and won’t make things easy for you if your do.

Be sharp about installing updates as they become available; Fedora will let you know about these.

Notes on Fedora on Raspberry Pi

This isn’t an installer. This is a ready-to-go pre-installed FSS environment designed for hacking students and security testers.

Our Pi card ships with VNC Server already set up and running. Once you know the IP address of your Pi (an nmap scan is a nice way) you can use any VNC client and connect on port 5910.

The sshd daemon is running too, so you can ssh to your Pi’s IP address using the default credentials.

The screen saver is disabled for two reasons. First, if your Pi goes into standby, it shuts down the wifi adapter and is notoriously bad at bringing it back up. Second, because you Pi doesn’t have a BIOS/CMOS, it doesn’t know what time it is at boot until it syncs to a time server, so as soon as you log in, the screen saver will lock you out, forcing you to log in again. If the screen saver is important to you the configuration can be set up in the GUI desktop tool.

This installation uses the default Fedora ARM kernel. There are other distros available that use an out-of-tree kernel, usually based on Ada’s work, to enable things like tiny touch screens. Compatibility with some of the testing tools is problematic, my kernel developer tells me, so for the sake of a good hacking experience we’ve stuck to the mainstream kernel. This is cool. As new kernels come out you’ll get them (or refuse the update if you want, but you don’t, usually).

Have you ever imagined of security is needed everywhere?

Security Everywhere

Nowadays, we theoretically call it the age of technology. But then, what is technology? People see computers, websites, networks, programs once you say technology. In fact, the word “technology” touches future more. Computer – it calculates the numerous calculations as rapidly as time passed. Website – used to search information – can be sized as scientists started this for their sake of information exchanges. Networking – for the information exchanges, of course, we need a better method to connect hops, devices and computers. Program – can be interpreted that “procedure”, – designed in advance to process the procedures of what will be followed up after an event, if a consequence of an event would be scored by a specific declaration which event will follow up or else the other event will be started functioning etc.
So, we need to consider, of course, the technology. What were computers, networks, websites and programs created for and why? Of course, we become need to build and use the better solutions, according to the difficulties and necessities of minute-to-minute, with every single eyes closed evolving.
Let’s consider the idea of a computer – A writer grandpa keeps using his old conquest-typewriter asked his grandson min mg mg “are there any different of your computer–you called it— against my typewriter? It apparently looks like, even copied my conquest’s typing-map, doesn’t it?” So what do you think of that, if the grandson was you? I don’t believe you would be answering that “Oh, the difference is my computer is a typewriter, associated with a TV”. Yeah? Just figure of speech. The grandson answered “computers are associated with computing programs. You will never need to calculate in your mind or on a paper then write it down and save the documents in folders and in iron cabinets. And you don’t need to have all day long to look for the documents, you want among the saved documents. You can do the typing and calculating at the same time and you can save these on a computer, this sound like you don’t need any geographical space to save the documents. And if you want to search what you want among your documents, so cool, there are search engine programs. At least, grandpa, you don’t need to replace carbon, occasionally. And the fundamental security process will be designed even on your own, easily, for instance copy data at other storage to cover the lost data. We called it backup.” Now, grandpa starts thinking to use a computer.
But, grandpa has something to be considerate “did you say backup?” he asked to his grandson. “Why backup? The computer – you called it – is not as safe as my iron cabinet?” Whew, min mg mg was facing a hard time.
But he weathered the storm instantly; “Grandpa, that’s about security. Let’s be considerate of iron cabinet – you called it. Even though you locked up your manuscripts in your iron cabinet with a gigantic iron lock, what will you say if your competitor tried to get rid of your iron lock and stole or rubbished your manuscripts by your target date? At this time I dare say that you would be so appreciate to have an idea of if you already have a copy of your manuscripts, while you will be sitting helplessly, hopelessly by your iron cabinet.”
That’s, the environment we are facing every day is the evolving. Every fact of what we want to protect, what we don’t want to lose, what don’t want to start from the beginning again, what we have to value the time passed for these sets the word “security” obviously in our thoughts.
If you believe that the security is not the necessary for yourself or no one wants to find out the weakness of a man like you, you have better be considerate of why every day do you wear clothes, why do you lock your desk’s drawers when you are out of office, why do you lock up your home when you are not at home, why do you wear shoes or slippers while going outside, why are you being under an umbrella in the rain or in the sunray, even if you are hitting a beach, why do you wear sunblock and sunglasses, when black exhaust smoke left behind of a car passed through, why do you block your nose and mouth?
Have you ever been curious of what is your neighborhood’s first thought while he sees your broadcasted wifi-hostpot around him?

How Not to Scam the IT Guy



My name is Min Mg Mg, I’m studying cyber security. I’m studying by “googling” and the main source of my studying is Hacker Highschool ( They are a non-profit organization that helps teens learn hacking as a method to figure out how things work, and to keep from getting scammed online. And for people like us, who can’t afford to pay much to learn technologies, we can learn free lessons there. Video trainings will be available soon and they are even starting ISECOM academy. Let me mention their motto of them and definition for hacking: Their motto is “Hack everything but harm none,” and their definition: “hacking is a method of problem-solving and learning.” And very soon, I’m going to study at the new org that’s being built by HHS’s project manager, called School for Hackers ( where tutorials and videos are being developed as well.

One security vulnerability all organizations face is that they have to rely on IT consultants. They can gouge you, or give you a great deal, and it’s hard to know which. In this case, doing some investigation proved the consultant was ripping us off. Instead of a sneaky and exorbitant profit, he got nothing, and our company learned a valuable lesson.

Let’s get our hands dirty

The investigator was good but his eyes popped when he heard the price quote for “what, for point to point wireless installation only costs about US$3000?” he asked. Then, “what’s the distance, what are the devices they used and is there some blockage between the points?”

“The distance is 5.6 km by car, but it is only about 4 km as the crow flies. I don’t know the devices used exactly” someone answered. Our investigator decided to get his hands dirty based on experience with his previous company. He made an immediate call to the secretary of the ABC company. (Obviously the names are changed.) She’s already a friend, which makes her a pore, or a place where a trust is being given. Because she trusts our investigator, she’s not trustworthy to her employer when he uses social engineering.


Investigator: Hello, Ms. Secretary, it has been so long. And is everyone good?

Secretary: Of course, everyone is doing well. And you and what are you doing there?

Investigator: I’m well too, and now I’m getting busy to find some providers to set up a point to point wireless connection but the lines are busy and I can’t get this done. And my boss is breathing down my neck. I’ve heard that at your company the wireless connection was installed recently. Could you help me with some information on this? I need to get my boss some kind of numbers or I’m in trouble.

Secretary: Of course, I could give you a hand but don’t quote me. I’ll send you an email with the price list our IT Manager applied for approval.

Investigator: Oh thank goodness!

Very soon after the conversation, the price list and the device information were sent from, and the investigator looked at them and seemed puzzled. “Umm, all of these devices are for point to point connection?” And the letter head seemed sketchy, less than professional.

Y Company
Att: IT Manager (ABC Company)
Subject: point to point wireless installation cost

# Item # Description Qty per Item Total
1 AM-5G20-90 4.9-5.9GHz airMAX Base Station, 1 850 850
Cisco Air 20dBi, 90 deg w/ rocket kit
2 ROCKETM5 5GHz Rocket MIMO, airMAX 1 350 350
3 PBM5 5GHz PowerBridge MIMO, airMAX 1 650 650
4 TC-Carrier TOUGH Cable, Level 2 1 100 100
6 IL-SRV2 Complete Setup Installation 1 1000 1000
TOTAL US$ 2950

“This lesser looks like a bad photocopy after someone modified the contents. And, the number one AM-5G20-90 at the top of the list is surely a Ubiquiti model but what actually is a Cisco Air ? And why is this size TC-Carrier being used? That’s so interesting.” And he decided to call the supplier company and try to know something real.

Investigation followed by social engineering

Investigator: Hello, is this Y Company?

Y Company: Yes, May I help you?

Investigator: I’m the consultant at the IT section of the ABC Company. Recently our company purchased a wireless service from your company. Now, I have to ask a favor, could you email me a copy of the receipt for the point to point service? Send it to our manager’s mail and I’ll bring it up at our budget meeting with the director. I just asked the favor because our IT Manager is travelling and we couldn’t contact him yet. Would that be ok?

Y Company: We’ll contact you back after the confirmation with our sales manager, sir.

Investigator:Iif I may, I’ll hang on the line because all including our director is waiting in the meeting room and I’m getting to a dead end. Or, just tell me the total amount of the cost, please?

Y Company: Hang on a moment, I’ll inform him and put you through.

Sales Manager at Y Company: We can help you with this, sir. The total amount of the cost was US$1601. But I’ll only send the softcopy of it to the address of your management’s email.

Investigator: You are so kind, our management’s email address is and it goes directly to director office.

While investigator was sitting at his computer with a cup of coffee, the secretary of ABC Company gave a ring. And “I’m calling you because now I just have received an email from the Y Company. They sent it to us but the subject says your name: per Mr. Investigator’s request,” she said.

“Yes, I asked them to send it to the secretary of ABC Company. That’s the real receipt of the real cost from Y Company so that you can confirm the price,” Investigator said.

The real weakness of the Mr. Scammer was: his deception required victims who were less technologically aware than he was..

So, let’s take a look at the real price list of the Y Company:

Y Company
Att: IT Manager (abc company)
Subject: point to point wireless installation cost
# Item # Description Qty per Item Total
1 AM-5G20-90 4.9-5.9GHz airMAX Base Station, 1 164 164
20dBi, 90 deg w/ rocket kit
2 ROCKETM5 5GHz Rocket MIMO, airMAX 1 98 98
3 PBM5 5GHz PowerBridge MIMO, airMAX 1 297 297
4 TC-Carrier TOUGH Cable, Level 2 70 M 0.6 42
6 IL-SRV2 Complete Setup Installation 1 1000 1000

We will close a curtain on the scene that followed.

We all have been scammed in areas we don’t understand, both with and without our knowledge. But there will be someone who can help us, frequently we think. Sometime, even the very one who is trustworthy to us might scam us. Let’s assume ourselves as the closest enemy of our own according to the one of the speeches of General Aung San; “get rid of the closest enemy, the first question we should ask ourselves is ‘Is it possible?’ And firstly we have better get rid of credulousness. And think about an insider. In this case, even if he’s a company’s IT staff why he was too bold to scam that amount? Does our management team need to be educated in technology related issues, or were some of them partners of the Mr. Scammer?

A company that’s using a lot of technology is like a house with many windows and entrances. Securing only some of the windows and doors doesn’t secure the house. That’s why we deeply need to engage an ethical hacker, and design tight computer and network security policies. Social Engineering can be called psychological manipulation, in short, a legitimate lie, but yelling “Fire!” in a crowded movie theater is unlawful. The issues here are not simple, and some experience and training is mandatory. That means we need to bring up more young security professionals, which is exactly what we are working to do at Hacker Highschool and School for Hackers.

Written By

Htet Aung @ Starry Sky
Translator at Hacker Highschool
Security Professional and IT Officer