‘Control-Alt-Hack’ tabletop card game

Control-Alt-Hack™ is a tabletop card game about white hat hacking, based on game mechanics by gaming powerhouse Steve Jackson Games (Munchkin and GURPS).

You and your fellow players work for Hackers, Inc.: a small, elite computer security company of ethical (a.k.a., white hat) hackers who perform security audits and provide consultation services. Their motto? “You Pay Us to Hack You.”

Your job is centered around Missions – tasks that require you to apply your hacker skills (and a bit of luck) in order to succeed. Use your Social Engineering and Network Ninja skills to break the Pacific Northwest’s power grid, or apply a bit of Hardware Hacking and Software Wizardry to convert your robotic vacuum cleaner into an interactive pet toy…no two jobs are the same. So pick up the dice, and get hacking!

Find out more on www.controlalthack.com


How to find out if your Linkedin password was found via PowerShell

First you need to download the combo_not.zip file and unpack it.
(for example read the comments on this post: http://tweakers.net/nieuws/82411/wachtwoorden-miljoenen-linkedin-gebruikers-op-straat.html )

Next drop the combo_not.txt file in your C:\ drive: C:\combo_not.txt

Now open PowerShell or PowerShell ISE and run the PowerShell script below:
(don’t forget to change YourPasswordHere):

cd c:\
$pass = "YourPasswordHere"
$sha1 = [System.Security.Cryptography.SHA1]::Create()
$bytes = [System.Text.Encoding]::UTF8.GetBytes($pass)
$hashArray = $sha1.ComputeHash($bytes)
$hashArray | foreach -Begin{$str=''} -Process{$str += "{0:x2}" -f $_} -End{$str}
$str2 = [String]::Concat("00000", $str.Substring(5))
findstr -I $str .\combo_not.txt
findstr -I $str2 .\combo_not.txt

I tested it and didn’t give a result, so that must be a good thing 😉 (let’s hope it is not due to this quick script 🙂 )

LinkedIn commented on the stolen passwords/hashes. Read it here: http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/

Update: apprently the first 5 bits need to be set to 0 to do another check if it is hacked
Update2: updated the script
Update3: reply from LinkedIn

Please post a comment if there are any suggestions/mistakes.

Learn more about the PowerShell pipeline script function: begin, process and end:

Intercept LinkedIn passwords via https


At the Microsoft TechDays 2012 in Belgium, white hat Paula Januszkiewicz shows how the tool Fiddler can be used to intercept the password of a LinkedIn user. The reason is because the password is not being encrypted by LinkedIn, although https is being used.