Falling in Love With a Robot

My ever-alert contributor Herbbert J. Rabinowicz sends me this provocative link, “Programmed for Love” at the Chronicle of Higher Education, http://chronicle.com/article/Programmed-for-Love-The/125922/. Check out this lead:

Imagine standing in front of a robot, gazing into its wide, plastic eyes, and falling in love. Your heart revs up, and you hope this Other—this humanoid machine—turns your way again, tilts its head in interest, likes you back.

It happened one summer to Sherry Turkle, at a lab at the Massachusetts Institute of Technology, where she is a professor studying the impact of technology on society. She met a metallic robot named Cog—made to resemble a human, with moving arms and a head—which was programmed to turn toward whoever was speaking, suggesting that it understood what was being said. To Turkle’s surprise, she found that she deeply wanted Cog to interact with her rather than with a colleague who was there that day. She realized this human-looking machine was tapping into a deep human desire to see it as alive—as good a companion as any human. She describes it almost like a schoolgirl crush.

Those of you who know me personally know I have a powerful interest in human/robot interaction. In high school I read Philip K. Dick’s “Do Androids Dream of Electric Sheep?”, which became (several versions of) “Bladerunner.” You know the story: people create robots for every use imaginable, including sex partner. I wrote a novelette, “Ivrin,” while I was studying writing with Tony Hillerman, that explored the issue from the robot’s side, as did Dick, certainly with no less bloody a conclusion.

The real question is, looking at the array of robots used in our world, here and now: why female robots? Why do we have on the one hand the robots we see in car manufacturing commercials, just articulating arms and flying sparks, or totally inorganic Roombas, while on the other hand we have FemBots? Why in the world should a robot have a gender, and if it has one, why is it so often female? And beautiful?

Just consider Lenny Kravitz’s “Black Velveteen,” at http://www.youtube.com/watch?v=46o23cX6DuA, a video I like to play so loud the plaster shakes off the ceiling. There is no real uncertainty what’s going on when he plugs in that cable, is there?

It’s not a sin
Titanium skin
Just take her for a spin

There’s a phenomenon of androidal robotics called the Uncanny Valley. Basically, people like robots more and more as they more closely approximate human appearance. We like a box with expressive plastic eyebrows. But at some uncertain point, the robot looks TOO human, which creeps us out, until that uncanny valley is bridged, meaning that the robot looks so extremely human that we have to force ourselves to remember: Robot. Robot. Robot.

Lenny’s human-playing-a-robot is way, way, way too sexy. On the other hand, you can, more or less anyway, see why “Actroid DER 2” might put people at ease, as say a (female) door greeter at WalMart (http://www.youtube.com/watch?v=WbFFs4DHWys). But scroll down that page: see the comment that asks the obvious question:

“Can you F**** it?”

Among a million ramifications that bewilder me: what’s going to happen to the “mail-order bride” market when you can mail-order a perfect robot instead, and put her in a closet when you’re done with her (and she’s done the dishes)?

IPv6 Day

Many of my students have insistently questioned when, where, why and how the heck IPv6 is going to be implemented? Well, kids, get ready for some fun, because World IPv6 Day is coming, and it’s the biggest network test I’ve ever dreamed of. And oh ho, most people will have no problem, except say 1,000,000 people trying to access Yahoo, for instance. In other words, there will be glowing coals here and there and hot flames in places. And that’s just tech support!

NetworkWorld has a nice writeup: “Yahoo IPv6 upgrade could shut out 1 million Internet users” at http://www.networkworld.com/news/2011/011911-yahoo-ipv6.html . Even more interesting is the “ugly hack” Yahoo has proposed to deal with the issue: creating a IPv6 DNS “white list” to determine who has valid connections, forcing a fallback to IPv4 if your network isn’t on the list. Hmmmm. More at: http://www.networkworld.com/news/2010/032610-yahoo-dns.html.

In short, get ready for June 8, 2011. See: http://www.networkworld.com/news/2011/011211-world-ipv6-day.html?t51hb&hpg1=mp . Polish up those IPv6 skills! And review v4/v6 tunneling, while you’re at it.

Using Backtrack: Network Mapping: Identify Live Hosts: AutoScan-Network



Scary fast and automated network enumeration. Really scary.


It uses a very nice GUI. Sometimes the English is a little garbled. It discovers routers, wireless access points, hosts, ports, services, default passwords and I don’t know yet what else. It found my new Sony BluRay player running VxWorks, for pete’s sake! This tool is an eye-popper.


Network Mapping: Identifying Live Hosts

Home Page:




Who the heck is Sonia Reeves?

There are so many crazy kinds of phishing going on that you can put almost anything in front of “-ishing” and you’ll be naming a real exploit. So what do we call this? Facephishing?

Check out this Facebook invitation:

Hi Glenn,
Sonia Reeves wants to be friends with you on Facebook.
The Facebook Team
Respond now:

To confirm (or quietly ignore) this request, go to:

This came by way of a (real) mutual friend, so I emailed him asking who the heck she is?

He replied, “Well, yesterday she hit me up for a chat on FB and then wanted to meet me on another site. I did not go! I’m not sure what kind of site it really was!”

Good man! This is a really scary tactic; anybody else running into this, with Sonia Reeves or anyone else?

Using Backtrack: Network Mapping: Identify Live Hosts: 5nmp



Finding live hosts.


This tool uses SNMP to scan for hosts, which is a different thing than simply pinging them. Hosts willingly spill their guts to SNMP queries, making this a good LAN enumerating tool.

Unfortunately, this is a Windows tool written in C# and ported to BackTrack via Mono. With my most recent dist-upgrade it finally works, using a GUI that’s supposedly “self-explanatory.” True enough, with the caveat: check the Dictionary Mode or Brute Force Mode checkboxes, or you’re not really doing much.


Network Mapping: Identify Live Hosts

Home Page:



Using Backtrack: Network Mapping: Identify Live Hosts: arping



To find hosts using address resolution protocol (ARP, which probes at layer 2) rather than ICMP, a layer 3 protocol that is usually blocked at routers these days. Initially it was solely a utility for making sure an IP address isn’t taken before you assign it.


The ability to slip through the network at the MAC level (layer 2) and detect hosts addressable by IP address

Be very careful of online man pages for arping. There are multiple implementations with wildly different options, in particular. A few examples:

Can I reach an IP address (a host) on a network even if I don’t have an IP myself?

[root@bt4]# arping -I eth0 -c 2
ARPING from eth0
Unicast reply from [00:8F:C8:E8:4F:8E] 3.519ms
Unicast reply from [00:8F:C8:E8:4F:8E] 2.596ms
Sent 2 probes (1 broadcast(s))
Received 2 response(s

A duplicate address probe: Is the address in use?

[root@bt4]# arping -D -q -I eth0 -c 2
[root@bt4]# echo $?
[root@bt4]# arping -D -q -I eth0 -c 2
[root@bt4]# echo $?

In the first test above, the answer is yes, while the second answer is no, meaning I can take that IP address. Note how you use the resulting error code to get your answer.

How about an “unsolicited arp,” which I blissfully expect my fellow network cards to accept:

[root@bt4]# arping -U -I {Interface-Name} {IP-Address}
[root@bt4]# arping -U -I eth1


  • -U : Unsolicited ARP update of neighbors’ ARP caches. No reply is expected.
  • -I eth1 : Name of network device to which ARP REQUEST packets will be sent. Required.
  • : The IP address I’m taking.

Or a “gratuitous reply” to a question that was never asked, which does the same as the above to update my neighbors’ ARP caches:

[root@bt4]# arping -A -c 3 -I eth0

See more examples below.

Opening Instructions:

Usage: arping [-fqbDUAV] [-c count] [-w timeout] [-I device] [-s source] destination
-f : quit on first reply
-q : be quiet
-b : keep broadcasting, don’t go unicast
-D : duplicate address detection mode
-U : Unsolicited ARP mode, update your neighbours
-A : ARP answer mode, update your neighbours
-V : print version and exit
-c count : how many packets to send
-w timeout : how long to wait for a reply
-I device : which ethernet device to use (eth0)
-s source : source ip address
destination : ask for what ip address


Information gathering, network mapping

Home Page:



A very simple one at http://linux-ip.net/html/tools-arping.html

Get the interesting PDF discussion of ARP at http://www.habets.pp.se/synscan/docs.php.

Consider the details of cache updating: http://www.cyberciti.biz/faq/update-arp-cache-for-ip-address/.

Exploit: IP takeover attack: http://hack2live.blogspot.com/2008/07/ip-takeover-attack-with-arping.html.

Using Backtrack 4: Information Gathering: Dradis Server and Client

Dradis Server and Client


To provide an online database application to manage information gathered by a team during exploits or penetration tests.


There are two components here. The first thing you’ll need to do is start the server, how to do this isn’t immediately obvious. The opening screen, below, tells you how to do it – but if you’ve launched a shell by clicking Menu > Backtrack > Information Gathering > Dradis Server, you’re not in the right place. You’ll be at
but you’ll need to run

cd script/

to then start the server:

ruby server &

Now open a web browser to http://localhost:3004, and if everything’s good you’ll see your server is running because you’re presented with a login screen. Just this once, you can enter a user name and password, and you’re good to go. However, don’t forget this user name and password!

At this point, go read the tutorial at Question-Defense.com linked below.

Opening Screen:

=> Booting WEBrick…
Usage: ruby server [options]
-p, –port=port                  Runs Rails on the specified port.
Default: 3004
-b, –binding=ip                 Binds Rails to the specified ip.
-e, –environment=name           Specifies the environment to run this server under (test/development/production).
Default: development
-m, –mime-types=filename        Specifies an Apache style mime.types configuration file to be used for mime types
Default: none
-d, –daemon                     Make Rails run as a Daemon (only works if fork is available — meaning on *nix).
-u, –debugger                   Enable ruby-debugging for the server.
-c, –charset=charset            Set default charset for output.
Default: UTF-8
-h, –help                       Show this help message.


Information gathering

Home Page:




Using Backtrack 4: Information Gathering: TheHarvester



Finding hosts and thus subdomains, as well as account names and email addresses.


Warming up your penetration test? Then you’re looking for these hosts, accounts and email addresses. Of course these list exactly your initial targets, and if you’re hooking for a particular person their account name is a plum to find. For instance.

Opening Screen:

*TheHarvester Ver. 1.6             *
*Coded by Christian Martorella      *
*Edge-Security Research             *
*cmartorella@edge-security.com      *

Usage: theharvester options

-d: domain to search or company name
-b: data source (google,bing,pgp,linkedin)
-s: start in result number X (default 0)
-v: verify host name via dns resolution
-l: limit the number of results to work with(bing goes from 50 to 50 results,
google 100 to 100, and pgp does’nt use this option)

Examples:./theharvester.py -d microsoft.com -l 500 -b google
./theharvester.py -d microsoft.com -b pgp
./theharvester.py -d microsoft -l 200 -b linkedin


Information gathering

Home Page:

This is one of several tools from Edge-Security. Get to know them.



Using Backtrack 4: Information Gathering: Searchengine: gooscan



To perform searches on enterprise Google Appliances. Just imagine what those internal search appliances can hold….


This is not just a command-line tool for doing Google searches. In fact, automated searches are specifically forbidden by Google’s terms of service. Instead, it is designed to exploit Google’s popular search appliances, which are deployed in all sorts of big corporations that have a hard time keeping track of their own information.

Opening Instructions:

gooscan <-q query | -i query_file> <-t target>
[-o output_file] [-p proxy:port] [-v] [-d]
[-s site] [-x xtra_appliance_fields]
(query)       is a standard google query (EX: “intitle:index.of”)
(query_file)  is a list of google queries (see README)
(target)      is the Google appliance/server
(output_file) is where the HTML-formatted list of results goes
(proxy:port)  address:port of a valid HTTP proxy for bouncing
(site)        restricts search to one domain, like microsoft.com
(xtra_appliance_fields) are required for appliance scans
-v turns on verbose mode
-d hex-encodes all non-alpha characters
Friendly example:
gooscan -t google.fda.gov -q food
-x “&client=FDA&site=FDA&output=xml_no_dtd&oe=&lr=&proxystylesheet=FDA”
Google terms-of-service violations:
gooscan -t www.google.com -q “linux”
gooscan -t www.google.com -q “linux” -s microsoft.com
gooscan -t www.google.com -f gdork.gs

Gooscan google scanner by j0hnny http://johnny.ihackstuff.com


Information gathering

Home Page:

Formerly http://johnny.ihackstuff.com, this site now redirects to hackersforcharity.org. The original downloads links do not work, so this is probably a terminal release.


Gooscan – Automated Google Hacking Tool