EvilZone

So with this being said, yes I feel you bro, the best way to  overcome the feeling is to just let the bad things happen. I wont help my friends out with ROS unless they really want me to; do I care anymore about the project itself? Not in the slightest bit. As a pen tester I'm sure you know how to stay anonymous should you try and do anything to your work place's network with Rapid; but other than that, I would say to just let it go, and since it's insecured, don't stay logged into your email, don't go to websites where you have to login and put credentials, and you'll be safe.

Yeah, of course I'm not logging into anything valuable to me with that network unless I'm sure it uses TLS. I understand what you are talking about but I don't think that going there and harming the system would be a good idea, if something is to happen let it be, otherwise just thank God (or whoever you believe in) that this time stupid people did not get burned with their own recklessness. It is wrong to exploit the flaws you have found unless you have a good reason to do it... Just as your friends I think they'll learn by themselves and if they are going to hit a wall then it's their fault.

GNU/Freesoftware/fanboy/"real hacker"/nerds like us, aside, Ubuntu/Mint/User friendly distros are a good thing for new people. I put my wife on Mint and she is happy, I am happy, and it's all good. Yeah she doesn't use half of the packages or most of anything that it has, or even knows the first thing about Linux. But she is happy to use it, she has Netflix, the shit I dl for her and webbrowsing, because that's all she ever did on Windows.

I'm happy, my network is happy, I can ssh into her shit and do updates and manage her shit and fix any issues that might happen. So it's all good.

Yeah, you are right after all. User friendly doesn't necessarily mean "shit" if it helps people who are not tech savvy enough... OT: didn't notice the python zen signature, that's cool!

That there are a lot of "useless" applications is evident the moment you install it. Of course what's useless to me could be useful to you, so I speak only for me. For what concerns the queries being uploaded to "enhance" the OS and the ads showed to you, I simply don't trust them anymore since they introduced that feature. I see it as a betrayal of the philosophy behind GNU/Linux. Surely you can say they somehow have the right to do so since Ubuntu is their product, but I don't feel like trusting Canonical as of now. Nor I feel like recommending it.

Just my two cents obviously, feel free to disagree.

I really don't understand the ethical concern about their network or their data. Just because you work there and they are your employers that doesn't mean that your concerns aren't important and worthy of respect. Plus, as you mentioned, by failing to provide security they also put you and your data at risk,. Respect should be mutual, and everyone should be treated with respect (until  they give you a reason not  to) having a title doesn't make a person more valid or important.

Well, indeed some ethical concerns are necessary, one just can't go around hacking other's network. Though you are right about the respect part of your post. He not only disrespected me but also the other guys working there. If it were only about me I would just accept it and change my working routine in order not to send important data unencrypted, but from the moment others are using the same network and almost all of them are not tech savvy enough to recognize the risks I feel it a duty to report what's wrong. Still I can't make damages or steal others' data, it's against my ethic and against the hacker's ethic too.

Sounds interesting. The description they gave made me think of the real life Stanford Prison Experiment, where Philip Zimbardo, a psychology teacher, ran an experiment where some students were assigned to be guards, and others prisoners, and set up a mock prison that Zimbardo was the Warden of. The experiment had to be cut short because things got way out of control (the behavior of the students, as well as the way it affected Zimbardo himself).

I remember having studied it at school, it's incredibile how, even without an authority imposing this kind of behavior, they just "got into the part" so much they ended up almost torturing the fake inmates. Plus many years later some of the "guards" had been interviewed and asked questions on that experience and they all recalled it as a happy experience they felt only as a joke... Strange thing human psychology.

So there I was again, confronting with blindness and selfishness of those supposed to be my superiors.

The place where I work has a strong sense of hierarchy. I started working there less than 2 years ago. As always when I get into a new place the first thing I do is watch for its security measures and test them (I know, awful practice, but I just can't help it). So as soon as I had the chance I fired up my laptop, went for Kali and started looking at the traffic of the WiFi with Wireshark to see if I could find interesting things.

It's always a nice activity, looking at the traffic of a WiFi, you see a lot of things and you can make a pretty accurate idea of the habits and interests of its users. This was the first thing that made me think: "WTF? Open network? No WPA?" but, but, but, wait. Captive Portal. Fine, a Captive Portal after all is a nice sol- WTF? No HTTPS? That means I can see credentials flying over the air?
It was just as I thought, all of the people credentials where sent with a POST request to the auth server without any sort of encryption.

So, no WPA2, no HTTPS, I bet there is more. The Captive Portal source had a fair amount of Javascript code so I thought "I bet I can find some XSS there!"
I wrote the classic:

"><script>alert('XSS!!!')</script>  

not hoping it would work as I was sure there would have been at least some sort of filt-BAM, the popup with "XSS!!!" came out. I did not know what was more appropriate, if crying or laughing

In the end the network had no AP protection, no data encryption and the portal was vulnerable to a very basic attack (I am not even remotely close to successfully exploit XSS to make real damages), so I thought I had enough data to write down some sort of report for the guys of the IT department with the risks we were going to take if the things I had noticed weren't to be fixed soon. I want to specify I was not going after glory or anything, I just cared (and still care) for the security of the place I work in and of my colleagues.

I had my direct superior send the report to the IT guys and, specifically, to the guy who is the head of the IT security office. Days passed, weeks went on, months started to pile one on the other, yet nothing happened. Not happy with the path things were taking I decided to go deeper and found something more to send to the IT guys. Most of them are nice and helpful truth be told. Though nothing happened again, worst of all my superior called me to his office and told me someone from there was playing against me.
Long story short, the head of the IT Sec office was willingly ignoring my warnings, telling my superiors I was pissing him off and I had no idea what I was saying.

What happened then? I took all the data I collected and stored it safely on an hard disk, encrypted. I'll be transferred in less than six months (for other reasons not related to this), but I'm preparing a complete report of more than 30 pages that I'll drop on the desk of the boss, underlining the negligence of this guy. Sometimes you just have to accept that you can't win fights going through all the procedure and sticking to the rules.
What makes me really angry is how people are ready to drop security and duty for their own selfishness. Did you ever find yourself in this kind of situation? Did you ever have to deal with this kind of people? I wanted to know your point of view, if someone thinks I'm wrong please say so, views different from mine are gladly accepted!

WARNING SPOILERS

To me it's a great show. Not only for the technical part (I had nothing to say about it 'till the bluetooth hacking just before the escaping of Vera from the prison, but the flow of the story needed it so I think I can get over it) but for the accurate study of the character's personality. We can see almost all kinds of personality we can find in today's society and I really like how they portrayed the main character. It really hit me, the authors managed somehow to create a link between him and the audience (probably thanks to the fact that the main character sees us as his imaginary friend).

Plus I have to admit that the cemetery scene really struck me, I couldn't believe it.

An interesting Easter Egg is the one where Tyrell enters the arcade and Elliot explains him what he did and why, pay attention to his words and the song playing in the background (tribute to Fight Club?).

Pretty good guide, I use windows 10 but I have the tor browser and several vms. I also fully encrypted my hard disk (fuck you NSA) and am setting up a proxy.

Nice tutorial tho,
Cheers

deltonos is right mate, don't even think you are even close to security by using Windows. Don't use proprietary software at all!! Stick to Linux, set up a good machine with good measures but reject MS products as hell!