Jason Cooper

As I have some spare time I have just done a quick check of what the nameserver available for hak5.org have stored as the record for forums.hak5.org and the duff record seems to be sat on the ns6.zoneedit.co.uk nameserver.

Let us know when it is fixed and then I can remove the definition from my hosts file. :)

Ok, Here is what is up with the forums, DNS. When I am getting the error message about the forums moving forums.hak5.org resolves to 66.11.227.169, when it is working it resolves to 50.28.75.68. My suspicion is that the old IP address is still sat in the DNS zone somewhere. Check over you DNS configuration and make sure that it isn't doing a round robin with a working and non working IP address. Just to make matters worse most local DNS servers will cache the result so users are stuck with the IP address first got till the cache expires, then they get chance to gamble on getting a working IP again.

Why does the phrase "we have moved them to a proper hosting provider" always fill me with dread. Oh yes, because it always seems to be followed by a long period of instability for systems that have historically run fine and don't need much in the way of technical power or maintenance :) Good luck in getting the stability back to where we can all take it for granted again and let me know if I can help in any way with diagnostics.

The hardest part with this sort of setup is that it has to be very easy for people to use. If it isn't then they will just start storing the confidential information on their machines, USB memory sticks, etc. not because they are trying to be insecure but because it is a pain to have to get it moved into a holding location between two networks and then get it from their. In the long run you end up with everything important being stored in the holding area. Like all security it comes down to finding the best compromise for the situation. If your confidential information is life threatening (nuclear launch codes, medical records, witness protection database, etc.) then yes you would be wanting to have the hardest security to break. Of course in these situations you also have a lot of training time to drill the procedures into each user and new users will have to go through the training as well. On the other hand if your security is financially confidential (bank account details, credit card details, etc) then your procedures and setup is fixed as you should be following the security guidelines set up by the banking association or credit card processor you are dealing with. If it is confidential because if another company got their hands on it then they would be able to undercut your bids and win customers. Well it is less likely that they would hack your network to get that information when they could simply give a bag of cash to an employee to get them copies of any information they want.

I think you may have over complicated the regular expression there, as well as missing a few key bits. There is no need to put the .* at the start or end of the regular expression for just matching as it will match anywhere in the string unless you explicitly tell it to match the start and/or end of the line. You should only put .* at the start or end of the line if you explicitly want to catch what is there (e.g. if using a regular expression for replacing everything up to or after a match). Having said that it is useful for anybody dealing with regular expressions to understand how .* and .+ will match (a + is similar to the * for repeating matches, except that it it one or more repeats instead of the *'s none or more repeats) As you say you can also drop specifying both the upper an lower case of each letter and instead simply set the regular expression to be case insensitive, I have yet to find a regular expression engine that doesn't have that option (though I am sure that they do exist they are rare these days). Finally you when specifying repeats you need to include them in braces, { and }, or it will try to match the value 'w3.go2gle.com' and not 'www.google.com'. Braces can be either a fixed number of matches, e.g m/w{3}/ will match www, or a range of matches, e.g. m/w{1,3}/ will match w, ww, and www. Well done though on pointing out the need to escape some characters if you want to match them as that can catch out a lot of beginners. Common characters that need escaping in regular expressions are, but not limited to, any of the following: [ ] { } \ . + * | ? ^ $ ( )

Sounds like a good project, you could try training a neural net to recognise faces in photos or try to identify key facial features and then use the ratios between them as a signature to identify people, or something else? Either way you should learn a lot from it.

if you are looking specifically for www.google.com in a perl script then I would use m/(www\.google\.com)/i If looking for it at the start of a URL I would use m/^https?:\/\/(www\.google\.com)/i If you trying to pull out the hostname from a URL then something like this m/https?:\/\/(\w+\.[\w\.\-]+)[\/$]/ Note I am writing these of the top of my head so they may need some tweaking for your specific requirements, or to even get them working.

The problem is that stop all the spam would require a complete switch from the existing protocols to completely new ones. They couldn't be backwards compatible as then the spammers would just use the same techniques as they have done. And seeing the length of time IPv6 is taking to roll out worldwide I suspect that spam will be with us for a long time yet. The only real solution, like so many of today's issues, is education. By making sure people can spot which messages are spam and should just be deleted, there will be less financial reward for the spammers. There comes a tipping point where the spammers returns for their effort will be so low that they move onto other methods to make money (in fact there has already been indications that a lot of spammers are turning to click fraud, credit card fraud, renting out their bot nets or even getting a respectable job).

You do realise that most of the time the from address in spam emails is not going to go back to the spammer? The chances are that you would just get yourself kicked by your ISP for sending spam.

Being Wordpress, you will need to drop into the admin interface and update the hostname of the server in there. That should update all the rest of the place that it is using it as well (script tags, images, etc).

Is it a .doc or .docx file? .doc files use Microsoft's proprietary binary format, while .docx files are really a zip file containing a number of files, mostly in an XML format.

I used to use FireFox for many years, then Chrome reached a level for web development that it just took over. A lot of the key plugins that I used in FireFox were catered for natively in Chrome, which is really important as you were never sure if a plugin would work after an update on firefox. OK most of the time you could hack the plugin to work, but in reality I don't want to have to do that every time the browser is updated. As already mentioned FireFox is still a must for testing webpages, but then so is Chrome, Internet Explorer, Safari and Opera. I still use FireFox in a set of Kiosk machines that I am responsible for, the main reason being that I already have a custom plugin created for FireFox that handles a lot of the requirements of the Kiosk mode.

Are you looking for a stream or block? TEA would suggest block but it might be that a stream cipher would be more suitable for your requirements. If going for a block cipher then I would suggest AES if you can implement it in your embedded system. Or if you feel like going old school then you could have a go at triple DES which is still secure.

Straight forward redirect would be the same as running the service on a different port. Most port forwarding configurations on SOHO routers will let you forward to a different port. So you could run the ssh service on port 22 and have the port 1234 forwarded from your external IP to port 22 on your local server. The main advantage of this is that you only have to remember the different port on devices connecting from outside your internal network, those devices inside can just use the default port.

Does your file servers logs and printer logs contain any indication if it is locking the printers out for a reason? That is where I would start to tackle this sort of issue. Also does access return after a while or do you have to manually reset something? Possible causes that spring to mind include the possiblity that there is a limit on the number of concurrent connections allowed by the server and when X number of multi-function devices (MFDs) have connected to it at the same time any more that try to connect are getting blocked. This sort of thing can be compounded if MFDs don't play nicely and disconnect after writing the file.

I don't know if winsshd supports the "match address" configuration option, but if it does that will let you specify different configurations for connections from different addresses. This can very useful if you want to use keys from outside your trusted network but are happy to allow password access from your trusted network. Simply set the defaults up to require keys and then use the "match address" option to define the IP ranges that you will allow passwords authentication from. It is also very useful for that third party supplier that needs password access to the server and can't use keys.

Have you tried the Backtrack live linux distribution, could be a good place to start. Otherwise don't stress over which distribution to use, pick one of the common ones (Debian, Fedora, Ubuntu) and there should be plenty of help, advice and tutorials available online for most tasks. If you think you have made a mistake then you can always install a different distribution and try that one instead. You don't need much hardware-wise to get started, as long as you can connect to a network then you should be fine. Any machine produced in the last 10 years should be up to the majority of tasks.

It looks to me like your driven element is a dipole so you shouldn't connect the two plates together. The little cable is a bit odd, especially as I can't see it actually connected to anything at the other end. My first thought was perhaps it was a balun, or similar, to avoid issues with impedance matching. Just to state the obvious, don't forget that the antenna is directional (i.e. you get a better gain on signals to/from some directions than others) and as such you might find that adjusting the direction of the antenna will get you a better signal. Don't just point it directly at the targeted antenna, try pointing it around it as well. Other things to check are the lengths of the driven element, director elements and reflector elements and make sure they are suitable for the frequencies you are using.

A useful trick when importing the initial data into MySQL is to switch off the indices on the table "ALTER TABLE <table> DISABLE KEYS;" and then after importing the data in to the table switch them back on "ALTER TABLE <table> ENABLE KEYS;". When they are switched back in it will use a different algorithm to regenerate the indices which is much faster than repeatedly running the routine to update the indices after each insert.

Do a traceroute between your machine and one of these IP addresses that are responding. Then look at the route the packet is taking, it may give you an idea of what is going on.

Well the ARCHIVE engine does indeed support INSERT and SELECT but the big question is, what performance do you need from the SELECTs? The ARCHIVE engine doesn't support indices so every select will require a full table scan, which with 11TB of data will be a lot of work. Given that you are planning on having using this with pyrit I suspect that the ARCHIVE engine will not be the best for actual use, and that you would be better off with one that supports indices. My gut instinct would be to go with the InnoDB engine unless you have a good reason to use something different.

I would go with sqlite, if you need text reports from the results then it wouldn't take long to code a script to extract the results you are interested in and export them in whatever format you want.

Having written the script in Perl I convinced myself that it wasn't anything to do with airodump-ng and decided it must be something in python causing the problem. I have tried specifying subprocess.PIPE for both stdout and stderr which caused it to block on communicate. I then tried ditching the recommended communicate method opting for pulling from the stderr stream directly, which seemed to produce better results. I have produced you some new python code that is closer to what you want #!/usr/bin/python import os import subprocess import time import sys import re proc=subprocess.Popen(['airodump-ng', 'mon0'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, executable='/usr/sbin/airodump-ng') time.sleep(2.5) macsRe=re.compile("([\da-f]{2}:[\da-f]{2}:[\da-f]{2}:[\da-f]{2}:[\da-f]{2}:[\da-f]{2})", re.IGNORECASE) for x in proc.stderr: macs=re.findall(macsRs,x) for mac in macs: print (mac); sys.stdout.flush() and for those who want to see the Perl code for the same, here it is #!/usr/bin/perl use stict; open AIRODUMP, "/usr/sbin/airodump-ng mon0 2&gt;&amp;1 |" or die "unable to run airodump-ng\n"; while(&lt;AIRODUMP&gt;){ my @macs=m/([\da-f]{2}:[\da-f]{2}:[\da-f]{2}:[\da-f]{2}:[\da-f]{2}:[\da-f]{2})/gsi; foreach my $mac (@macs){ print "$mac\n"; } } Note, both scripts will run as long as the airodump-ng process runs.

As I have my machine with airodump-ng with me today I figured I would have a quick look at how it outputs it's results. It prints the results to stderr as sitwon suggested, it also has some ANSI codes in the output to clear the screen and reposition the cursor to the top left of the screen each time it updates the result. If you really want to process the output rather than its dump files then try #!/usr/bin/python import os import subprocess import time import sys proc=subprocess.Popen(['airodump-ng','mon0'], stderr=subprocess.STDOUT, executable='/usr/sbin/airodump-ng') time.sleep(2.5) client_out=proc.communicate() for x in client_out: print(x) sys.stdout.flush() The key bits here are redirecting stderr to stdout and using the communicate method of the subprocess to get your output.