[WIZZYWIG #2 released!]

SWEET!! I just submitted this to Digg (why wasn't it already on there?!).

If you have a Digg-acount, please help spread the word:

http://digg.com/design/A_hacker_s_graphic_...released_images

[Hotel Free WiFi Bandwidth "widening"]

Hak5 is not your personal army?

[SILICA, a mobile pentesting gadget for $3600]

It's not even a GUI by definition -- but nevertheless.

The closest I came across are Errata's Ferret and WifiZoo. Combine this with wesside-ng/easside-ng and some automated bluesnarfing and you're coming close to having your own "SILICA" on a $0 budget (if you already have the hardware, ofcourse).

[sharing files over Wan]

If you don't mind your stuff being stored on somebody else's server, try Dropbox ( http://www.getdropbox.com/ )

[SILICA, a mobile pentesting gadget for $3600]

I came across a blog post discussing a $3600 handheld device that will automatically scan, exploit and snarf (look for interesting data like passwords) wireless networks. (This is not new, the device was released in 2006)

The vendor site: http://www.immunitysec.com/products-silica.shtml

A review: http://www.informit.com/guides/content.asp...&seqNum=247

Another review with pics: http://blogs.zdnet.com/security/?p=19

The actual system behind it is Immunity's CANVAS, which seems to be a Python script you can buy for $1450. I'm guessing this is a front-end, and the actual work is done by the usual suspects (nmap, tcpdump, etc.). I would love to have a look at CANVAS, but I'm not coughing up that $1450 for it.

I remember reading more about this when I was reading stuff about turning a Zaurus PDA into a homebrew SILICA device. I think some projects were set up to have similar "autopwn" capabilities but I lost sight of them. Any Hak5ers interested in building one of these together?

[Unassociated clients... who are they and what to do with 'em?]

I'm using an Eee 701 so I'll have to dig into Karma/Karmasploit. I kinda figured there would be a more basic approach to this, sort of like a nmap-like scan of the client to see what kind of adapter/system/OS is behind it.

[Unassociated clients... who are they and what to do with 'em?]

In my daily communting from work to home, I do some random wardriving with airodump-ng to see what's in the airwaves. Lately I noticed some unassociated clients with interesting names under the "probes" tab. They're there all during the train ride home, and never associate with an AP. How can I find out more about these machines, see what runs on them, etc.?

[Slashdot article about Revision3 / Systm / Broken]

I read this when the Slashdot came through my RSS tube. One of the first commenters hits the nail on the head when he/she says:

I have also found [Revision3] to dumb down the old shows. But they just added Hak5 to their lineup. This show is great for advanced users. They really get technical with all things network, hacking, games, .... I also found the audio pod casts from Leo Leport to be good.

This sums up why I like Hak5 so much. You guys cater to the old school hackers and coders, instead of the geek-hipsters that think they're hackers because they had someone walk them through a point'n'click iPhone jailbreak. I don't mind these "dumbed down" shows though, and I love to just get the easy version of a story when it's about something I don't really need to know all the details of. But when it comes to the subjects Hak5 talks about, I don't wanna be treated like a n00b. That's why I love the new season so much. Keep up the good work.

(I'm not on /. otherwise I would've kissed you guyses asses over there as well ;) )

[whos your favorite comedian?]

10 PRINT "George Carlin!"

20 GOTO 10

But also:

Lee Evans

Mitch Hedberg

Eddie Izzard

[What's in your bag 2008.]

car

You got a car in your bag?

[Portable Packet Logger / Filterer?]

This article might interest you, if I may plug my own writing: http://hak5.org/forums/index.php?showtopic=9458

This would fit in your pocket and sniff wireless traffic with any Linux tool you're comfortable with. Wireshark, Wellenreiter, Kismet, Dsniff, nmap, tcpdump, etc.

You could use a Compact Flash ethernet card and plug it in, and scan for as much info as you need.

[EEE pc as a "Jasager"]

Didn't Darren say in the 2nd Jasager segment that they were gonna show how to run it on the Eee?

[Ideas for future eps]

That could actuall work very well as Hak Snacks segments :)

[Ideas for future eps]

I don't think a segment on the C64 (or other 8-bit computers and their scenes) should be a nostalgic trip down memory lane that only appeals to old-timers who used the machines. People who weren't into these computers "back in the day" will only be bored by this. You'd have to find something relevant to today, for instance looking at how filesharing worked back then, the demoscene as mentioned in my previous post, dial-up networking and BBS'es, etc.

I think the trick is to have the old school people enjoy a nice trip down memory lane, and teach the newbies something interesting at the same time -- a tricky thing to do.

[Ideas for future eps]

Don't know whats been done, but I still keep this list floating,

[...]

*Covering the Demoscene

[...]

I wanna second that one! I have always enjoyed demos back in the day when the limits of a computer were well known to its users, and it would therefor be a total mindblast when some programmer exploited a bug or used creative coding to produce something you knew the machine shouldn't be able to do. You'd think your computer could only handle 16 colors and 8 sprites at a time, and then suddenly there's a seemingly full-color image on the screen, with 256 sprites dancing in front of it.

It's a shame this artform pretty much died out when PCs started to become powerful multimedia-producing machines that could whip up anything on the screen you could imagine, without breaking a sweat. It was no longer needed to really raise the bar in coding to get something you want. Getting 8 balls to bounce around the screen, ray-traced in real time, is just a matter of drag'n'dropping stuff in Flash. You're not gonna do that by super-optimizing a piece of assembly code and make it fit in 4K.

I kinda hoped this scene would flourish again when lower CPU devices started showing up, like PDAs, phones, MP3 players and game consoles. But, unfortunately it didn't.

Seeing that it was a niche of the hacker scene, with only a short window of existence in all of computer history and future, I think would really be cool to look back and see why these demos were such a big deal back then, and how some really smart coding had to go in certain effects, and just see a really unique cooperation between hardcore programmers and graphical and musical artists. It was code that did only one thing: entertain you by showing what kind of beauty your computer could produce.

So yeah, in short: please do a segment on the demoscene!

[What's your favorite source code editor?]

Web developers using a Mac have even more reason to be happy:

http://macrabbit.com/espresso/

Looks like a TextMate on steroids!

[What's your favorite source code editor?]

You make it sound like it's a bad thing that you have to install plugins in order to get some of those features, why so?

I see it as an advantage, it makes the application modular and more stable, since you could just uninstall a plugin if it isn't stable. You can remove features you don't use, making the editor faster and more stable. You get more features through plugins, as other developers can make more specific plugins which targets features only few people are using, where you may be one of them.

It's all like with a vanilla Firefox, it is outperformed by Opera by far features wise, but when you take the addons into account the roles are turned around...

I think for a plain-text text editor, not having usefull features built in because of performance or stability issues should not be an argument. I can't see a text editor doing anything that a modern computer can't handle with ease. That said, plugins are ofcourse a god-sent gift for anybody who likes to customize his/her software.

I have never used Notepad++, I just saw this big list of plugins which all had the functionality I needed, and I didn't feel like installing 8 plugins. Maybe on a lazy sunday afternoon...

[What's your favorite source code editor?]

I see a lot of people using Notepad++ on Windows. Unfortunately I'd need to install a lot of plugins before I'd get PSPad's functionality (Function list, encoding conversion, hex editor, compare files, FTP synchronise, HTML tag matching, etc...).

I'm surprised to see no UltraEdit fanatics here :)

[What's your favorite source code editor?]

What's the source code editor that you use? I'm a webdeveloper (XHTML/PHP/JS/CSS), so I work on Windows to have constant access to IE. I used to work with Editpad Pro which worked like a charm. Unfortunately I had to ditch it because it wasn't free and had some annoying bugs. Functions I liked were fast-scrolling by using CTRL + mouse scrollwheel, highlighting search terms throughout the document, and the extensive search&replace.

I tried using Vim for Windows (as that's what I use on Linux) but I just work faster in a more Windows-like environement. I also tried the E Text Editor about a year ago (a Windows clone of the praised TextMate for OSX) but it was too basic had none of the really nice advanced features I'm after.

I'm now using PSPad which is freeware and has it's own nice features (for instance CTRL+SHIFT+UP selects the word at your cursor). Also most of the other advanced features I love are there: source reformatting, split windows, etc. Unfortunatly it also has some annoying bugs (hanging on FTP, for instance) and updates are slow.

So, I'd like to hear what else is out there. What's your favorite editor, and why?

[An idea about forums I thought I should share]

@10goto10: If someone is sniffing your traffic, he gets your login password which is different to the administration password. The attacker can post random things but can not delete or modify the account itself. For this he needs the administration or master password.

Of course the attacker can do a mitm-attack and displays a login page which prompts for the master password (let's say: authentication needs to be verified). Some users may enter the master password and by thus the attacker gets it. But I assume here users have experience with "100 percent genuine and valid paypal site click here" things ;-)

So basically the added layer of "security" is that because you'll use the administration password less frequently, the chance of it being sniffed is also less. But in the end, both passwords are still equally easy to steal.

Even if the administrator passwords would be seldomly used, if the attacker is able to sniff your traffic and has your normal password, they would be able to log in and make use of a "Forgot your administrator password?"-link, and sniff the resulting traffic for the new password.

The fact that SSL increases system load shouldn't be a concern -- if that alone slows down your server that much, you should be investing in a new server. Besides, opting for a client-side solution (one that requires the user to remember TWO passwords while most have problems enough with just ONE) isn't a pretty solution, especially when it's not even that effective.

[An idea about forums I thought I should share]

Why wouldn't they be able to get the "master password" the same way as they'd get the other password?

[Darren reviews Acer Aspire One]

i saw one today and they look ok but expensive

Really? It looks like it's currently the best price/value deal for UMPC's. Except for the various Eee models, there's only really expensive models out there.

[Darren reviews Acer Aspire One]

I read this review on your blog yesterday, and I really liked it. As an Eee owner I was especially interested in how the Aspire One compared to the Eee, and you answered all my questions. I was just a little sad that your love for the Eee melted away so fast by the first serious Eee competitior ;) A collegue of mine coincidentally got his Aspire One in the mail today, so I was able to look at it IRL. And indeed, the bigger screen and resolution, the faster CPU, and the keyboard are improvements you just HAVE to like, that's a no-brainer.

I gotta admit I'm keeping and eye on the Aspire One now... Not so much because I think the Eee "sucks" all of a sudden, but for two reasons:

1. buying "another one of these little laptops" isn't a huge impact on my wallet anymore

2. I have had many times that I thought "this little Eee would do this task so well". Serving as mini-server, home security, building one into a car, taking care of music in bedrooms and/or bathrooms, etc.

Thanks for the review, and I hope you find good use for your trusty "old" Eee!

[2 questions really. inspired by wess]

What the fuck are you all on about. A graphic tablet is more than just a mouse, it has pressure sensors to control the flow of whatever tool your using among other things. Just buy a Wacom Bamboo One Graphics Tablet, there only £20 and will shit on anything you could make with a mouse. I have a Wacom Cintiq 21UX I use with a number of things like Solidworks but you don't spend that kind of money on one unless you need it professionally.

Jeez, chill the fuck out man. You're coming off as a total elitist douche again. We all know you do everything better and know so much more than the rest of us clueless lamers, you point that out in these forums with great regularity. Why bash something that integrates hacking, hardware, creativity and a possible new tool for an artist, just because YOU'd rather just buy something off the shelf?

[low cost setup of a tv production?]

Thanks for the lead on Ubuntustudio, I didn't know about that. I've been keeping an eye on proper video editing tools on Linux, as this is the last hurdle for me before I really can have Linux on my desktop. Professional tools like Adobe Premiere Pro or Sony Vegas for Windows have no competition from the Linux front at all. For video editing it seems like you're stuck with Windows for now.

There's free tools for Windows though, they're a bit basic and probably on the same level als the Linux tools (VirtualDub and it's cousins for instance). If you have the patience and the motivation, you'll get stuff done.