[My Breifcase Wifi Pineapple Rig]

If possible I'd lose the inverter - they are incredibly inefficient. Everything ends up having to be converted back to DC again, so going from DC -> AC -> DC generates quite a bit of heat. Instead opt for a DC-DC converter. A switching one will also do good for battery life if there's a wide gap (Converting 12V to 5V for example). You can find universal DC adapters at plenty of discount and retail stores, but chances are they're linear. If you're good with a soldering iron you can whip up a very nice supply on a bit of perfboard and some small switching power regulators fairly easily, but even linear regulators would be better than an inverter.

Also, from what I've read about taking these to the airport, it should be no problem carrying a sealed lead-acid battery on board (they'd rather spare batteries of any type be in the cabin rather than in cargo, since fire extinguishers are at hand). Just follow the recommendations at http://safetravel.do..._batteries.html and tips at http://safetravel.dot.gov/tips.html — namely keeping them installed in your project or taping or otherwise protecting the terminals, putting the battery in a plastic bag for good measure. The TSA, believe it or not, does know how to spot the difference between an explosive device and an UL certified battery, and often have the appropriate equipment to check for actual explosives. Just don't opt for a DIY battery pack any time soon. I'd also stay away from any battery with lithium chemistry, however there are specific TSA restrictions to carrying them on board (no more than 25g equivilent lithium content). If you suspect you'll run into trouble, print the above links and carry them to show someone if asked. Bottom line is don't make it look remotely dangerous to anyone, and security shouldn't as much as blink an eye.

I am also in possession of a very nice aluminium brief case that I was interested in building a ruggedized laptop into, but this might be a far more interesting application :P

[Blade - Imagine An Internet Without Web-based Drive-by Malware Infections]

Great.

I see many statistics and plenty of scientific method here... except the system in question has been promised to be "coming soon" (as a free research prototype) for nearly a year now. It's not science if it can't be reproduced.

[Securing Your Fortress From Infiltration By Rubber Ducks.]

But USB mass storage isn't the problem (unless it's a windows box with autorun, a vulnerability in explorer, etc.) - it's emulated HID. However since USB keyboards and mice are so commonplace today this is a difficult vector to defend. Perhaps having a whitelist for certain manufacturers of keyboards/mice (although this could probably be annoying for end users, so would the banning of USB devices entirely). You could put this off to physical security, which is really what it comes down to, but it wouldn't hurt to hinder the exploit with even a little bit of work.

[The It Crow - Tv Series]

IT crowd was Channel 4, not BBC. I enjoyed it - it's not often you see any mainstream purely IT comedy.

[Securing Your Fortress From Infiltration By Rubber Ducks.]

That relies on the actual hardware - the controller in USB keyboards and mice can sense the PS/2 handshake and adjust the protocol. So it'd have to be a burned-in feature of the duck's hardware or of a Teensy.

[Securing Your Fortress From Infiltration By Rubber Ducks.]

Damn it, i was going to say that lol.

or just break the ones your not useing and glue in the keyboard and mouse.

If your really strict on the security (for a buisness or w/e) dont have them mounted to the case, and have the keyboard and mouse attached internally. All depends on your setup and what your employee's need. I like a physical security approach over a software approach. A guy using a flash drive is alot less suspicious than a guy with bolt cutters, or digging around behind his computer.

True, but there's many instances when controlled media is a necessity, keyboards and mice break, etc.

[Securing Your Fortress From Infiltration By Rubber Ducks.]

Haven't seen too many threads about protecting against rogue USB devices, or anything about testing to see if an USB device is "safe", as mentioned in the letter in episode 1023.

I got thinking of protecting against evil rubber duckies and realised that mass storage isn’t the problem. While it’s relatively simple to prevent FUSE from mounting mass storage automatically, the thing we want is to prevent the “mass storage device” from sending HID events.

Perhaps setting up a cheap and old box (or perhaps even a little RaspberryPi) with the usbhid module blacklisted (sudo modprobe -r usbhid) to plug a device to check into. A wireshark/usb dump can be done over ssh, et al to inspect the true intentions of the device. It’s a simple way to check for vendor ID, etc. and since it only requires runlevel 3, mouse and keyboard events/attacks can be rendered useless with a repurposed getty input (perhaps just an inkey program that redirects to a file to figure out what said evil rubberducky is up to).

I smell some utilities for testing for rubber ducks for *nix boxes in the future :P

I might test some of these concepts later, but I'll need to get my paws on a duck first.

[Wifi Suddenly Stops Working When I Use Wired Gigabit Anything]

Just recently, I noticed I had trouble connecting wirelessly to my Linksys E2000. After updating the firmware and resetting the thing a dozen times, I've finally figured out that the wireless would return to normal operation if I unplugged anything with wired gigabit. The old machine being used as a server has a 100T-base NIC and it works fine, but as soon as I connect a new machine or my laptop on wired, ping round trip time goes from ~1 ms to an average of 11256 ms. I'm less than a metre from the router. The same thing happen independent of device or operating system, or as far as I can tell from two linux boxes, and android phone, and an iMac. This didn't start happening until a few days ago and my network configuration hasn't changed the slightest. Any ideas?

[Zipit Image Woes]

same problem here. I can't even get the original aliosa27 user land to boot. 2 gig flash using

dd if=file.img of=/dev/sdb bs=1M

Then I eject the disk and throw it in the zipit, turn it on, and the LED for flash activity gives the impression that it's booting... then nothing.

EDIT: Update - this is what gparted tells me. Doesn't make much sense. Never had this problem before, and it's definately a 2 gig flash.

Grr. I'll try the 1 gig image. I wrote the above disc with

sudo dd if=debianZ2-diskimage-2G.img of=/dev/sdb bs=512K

Update 2: I was curious to find this in the image file:

redxine@redxine-laptop:~/Desktop$ tail debianZ2-diskimage-2G.img 

to:

 gspi8686.bin
 gspi8686_hlp.bin

And you should be good to go.

I guess it untarred incorrectly. I'll try again.

Edit: fixed it with some magic voodoo. No idea what did it, it just boot fine suddenly.

Here's a new question: I've noticed that whenever it's not connected to wireless, that startx is really slow. I have to press Ctrl+C after getting "Host name lookup failure" to get it to start. And the clock resets at every boot. Any suggestions?

[Car And Motorcycle Pc W/wifi For Wardriving And Media]

+1 for DC-DC converters.

As for controlling the car, if you want it to do cool things like roll the windows down and turn on the head lights, it'll need some kind of relay interface. But if you want to read sensor values you could interface to the GM port with parallel.

[Boxes Of Crap Hex Code]

http://www.hak5.org/oursituationonthisearthseemsstrange/

I feel accomplished now.

[Boxes Of Crap Hex Code]

Thanks. I'm almost done generating a master URL list I'm about to run with the following rules:

O------ATION/ON/THIS/EART---EMSSTRANG---
<eart.> only matches 'earth'

O-/-----ATION/ON/THIS/EARTH/--EMS/STRANG---
O--/----ATION/ON/THIS/EARTH/--EMS/STRANG---
O---/---ATION/ON/THIS/EARTH/--EMS/STRANG---
O----/--ATION/ON/THIS/EARTH/--EMS/STRANG---
O-----/-ATION/ON/THIS/EARTH/--EMS/STRANG---

O-/--/---ATION/ON/THIS/EARTH/--EMS/STRANG---
O--/--/--ATION/ON/THIS/EARTH/--EMS/STRANG---
O--/---/-ATION/ON/THIS/EARTH/--EMS/STRANG---
O---/--/-ATION/ON/THIS/EARTH/--EMS/STRANG---
O-/----/-ATION/ON/THIS/EARTH/--EMS/STRANG---

I sorted through dictionaries of two, three, and four letter words and took out uncommon words, leaving things like able, bent, gate, etc. So far I have a wordlist that follows the rules for 6 spaces, and it has 10992 entries. I think for this one I'll set up parallel wget scripts. ^_^

I'll post the list when it's done.

(moments later):

$ cat masterlist | wc -l
258120

I think it's back to the drawing board. Unless someone wants to help me rack up 30 megs worth of 404s on the hak5 server logs. lol. Here's the list and sources: http://dl.free.fr/pMpdo4hPP

Let me know if anyone wants to help make a joint effort and we'll figure out how to split the file. I'll go ahead and start running the list.

[Boxes Of Crap Hex Code]

Well I just burned through this word/url list with no luck. http://paste.ubuntu.com/447013/ Matched the missing words against /usr/share/dict/words, but the permutations are huge because the separation of the words is unknown. This list matched the following pattern:

o@@@@@/@ation/on/this/eart@/@@ems/strang@@@

The only entry matching eart@ is 'earth'.

I also tried a word list where o@@@@@@ation (O --- --- ati on) was assumed to be a whole word, to which the dictionary matches the following words:

obliteration

optimization

organization

ossification

update: burned through these too: http://paste.ubuntu.com/447030/

[June Desktops]

My Lappy.

[Executing An .exe File Automatically]

Ah - thus is entering the realm of buffer overflows. And that is quite a bit of an art. Looking at where a service has a memory leak and taking advantage of it to spill your code perfectly into the IP value of the next memory address, and having the processor run your code with it....

The only other thing I could think of is having it replace an already existing binary (such as one in cgi-bin [look for bad permissions]) and then calling it remotely with a request.

[Gps Ip And Mac Tracking]

Oh so you're talking about triangulating a wifi signal.

Effectively, it's fairly simple trigonometry. The only data needed is either distances at three points, or three angle values in the same situation. The more points and distances, the more accurate the result. The hardest part is collecting the data. In traditional GPS, each satellite has an extremely accurate cesium atomic clocks which accuracy to plus or minus 2 nano seconds. Each satellite therefore has the exact same clocks, and they are accurate enough to be able to measure distances between them by measuring the time it takes for a signal to travel (found by using those clocks as a basis) and dividing it with the speed of light. The earth side GPS receivers also have clocks, but they are not the accurate ones in the satellites, but are rather synchronized by subtracting a known latency. Using all these distances, the receiver can calculate it's exact position.

The same thing could probably be done with wifi using the same concept, except there is no real 'time format' or clock keeping that goes on in the 802.11 stack. SO, the only real way to measure distances would be by signal strength. Three stations should then be able to triangulate a single point this way. Perhaps a directional antenna would help too in providing angle values.

This would be a great way to locate rouge wifi users, but the concept is on a little shaky ground. I think I read a paper on it once...

[SSH and VNC access on *many* OS X systems]

There's a utility (for Linux, but I'll assume it compiles on Macs too) called clusterssh that sends commands to multiple ssh instances (say, in a cluster) all at once, making it easy to set them up all at once.

http://sourceforge.net/projects/clusterssh/

[http proxy, alternatives to phproxy]

They are of course on Windows at work, so ssh tunneling and doing a socks proxy is not really going to work.

Enter: Putty.

Works fine for tunnels. So does plink. In fact I recall that's what they used in the episode in which which tunnelling was introduced.

[Shared Ssh Tunnel]

I have a wireless ad-hoc network set up on my Karmic machine to connect some iPods (in the band room), and I'd like to get ssh tunnelling working with the ipods. Sure we could fork out the $7 for an ssh apps, but I should be able to share the socks proxy set up from the -D option in ssh, as by default it only allows sock connections on the loopback device unless specified, but

ssh -D *:9999 me@host

returns "bind: Address already in use" and

ssh -D 192.168.2.1:9999 me@host

shows up as open if I run nmap 192.168.2.1 from another machine, but the proxy doesn't work (firefox).

Any suggestions?

[Combining PSUs]

That could be. Ran a rough calc of total Wattage used and it's around 300W or so.

Make sure it can handle the power-on load, since it'll pull an insane amount of power to get those drives spinning.

Good luck.

Thanks. Yeah - it only really needs the power to start up. It's been running stable for 2+ days. Thanks for the help.

[Combining PSUs]

The Purpose of dual PSUs is in to have a backup in the event one of them fails. Specs of the system would be nice, since the one PSU might be too small to handle everything.

If the only thing you are powering with the second psu are the hard drives you should be ok.

It's Intel Xeon 3.00 GHz Quad core, 2gb DDR2 RAM, 4 500-gig Hot-Swap Hard drives attached to a hardware RAID 5 controller, DVD R/RW burner, Floppy drive, Ultrium LTO 2 Tape drive, (no clue about the motherboard), 5 or so mid sized cooling fans, and the above redundant hard drive. The behavior of the PSUs - how one beeps and flashes while the other just buzzes - makes me believe one might be faulty. I think I'll go ahead and try the dual PSU for the HDs.

[Combining PSUs]

I'm setting up a streaming server for my church and have a nice quad core, raid 5 server to put fedora and flumotion on. The power supply is apparently redundant (http://www.rackmountnet.com/istar-ps2-400w-hotswap-redundant-eps12v-power-supply-p-316.html) but upon trying to power up the machine one will beep constantly and the other will just kind of buzz and sit there until power is removed. After the beeps get annoying and both are switched off the capacitors slowly discharge and let out a final 2 volts and a decrescendoing beep. I've traced the problem to the hard disks; they draw too much power when spinning up and the supply complains until the load is removed. The system can be started fine if all the hard drives are started up in sequence after the PSU output is stable. So it can handle the load - just not all at once. Like this one: http://www.burningissues.net/how_to/power/psu.htm

As I am not a fan of spending money right now (and after telling my church it would cost next to nothing) I would like to find a good old hacker solution instead of doing the usual and buying a new one. So someone tell me why combining ground and pin 14 on the ATX connector and running the disks off the slave PSU.

In short, disprove this comment: http://club.myce.com/f7/wire-dual-power-su...640/#post908491

***WARNING*** connecting two power supplies together may cause serious damage to the power supplies and the equipment that they are connected to.

The master/slave setups illustrated in this thread should be okay. But, connecting two power supplies so that their regulated voltages are connected to each other, is BAD.

Background) Most power supplies use one circuit to power one transformer to make all of the various output voltages. Then, one output voltage (usually the +5Vdc) feeds back to tell the input side of the transformer what to do. The other output voltages are controlled by their relationship to the feedback voltage. (They come off the same transformer using different windings) [very over-simplified] So, the input side of the power supply regulates itself to make the regulated voltage come out right; and the other voltages drift according to what is happening to the regulated voltage.

Problem) If the two different power supply regulated voltages are connected to each other, they will make the power supplies unstable.

Lets say PSU 1 regulates it's +5 line to +5.015 volts. Let's say PSU 2 regulates it's +5 line to +5.013 volts. If the two regulated voltages are spliced together, PSU 1 will pull all the load off PSU 2 by pushing the +5V to +5.015 vdc. It's other voltages (+12V, -5 V, -12V and +3.3V) will go high. PSU 2 will reduce it's output to bring the +5V down to +5.013 vdc. PSU 2's other voltages will also go low. The motherboard and other devices will be caught in the middle of the conflict.

Real power supply sharing systems use extra circuits to prevent PSU 1 from affecting PSU 2 and vice versa.

So, link 3 is bad. Don't do it. Your hardware will thank you.

Two power supplies that do not connect to each other (other than to turn on the slave PSU) are okay.

I'm pretty sure a PSU doesn't care about voltage so long as it's within a certain window and with each supply adjusting accordingly it should result in a stable output. And really all I need is the 4 pin for disks. Any comments?

[Alarm Default]

If you still want the challenge (I know I would) and are Über bored, a few decade counters perhaps and some way to fire the combinations one at a time to the keypad.

http://www.led-depot.co.uk/WebRoot/Store/S...ry/4017_01a.JPG

Otherwise there's bound to be some type of serial connection for programming.

[November Desktops]

My Gateway CX210X - intrepid for the (non-new) version of X that doesn't completely use HAL for everything, so my tablet will work on the occasion I need it. FC11 on my 7 year old desktop. Hopefully a new build soon. ^^

[New Alfa AWUS036H 1000mWhat!!?1!!]

@Moonlit: precisely.

I think what i will do is put it very high in a cupboard above me and away from me attach to a long usb cable. Just in case...or send it thru the window and let it be outside attach to the wall.

You could make a tin foil hat. It does wonders, and protects you from the radiation that Heliosat3 was really made for. [/consipracy]