[The Asus Eee and the world outside... I'm sniffing trouble]

The Asus Eee is my first laptop, and my first opportunity to leave my home and sniff what kind of data is in the air outside. I'm using the built-in wireless and a Bluetooth USB dongle to "see" what's out there, especially in the train to work, or waiting in public places. These are basically my first proper steps in both Linux and wireless security (apart from a few fun tries with my Zaurus SL-5500), and I'm pretty much amazed by what's out there.

In the train, I'll always discover several enabled Bluetooth devices in my proximity. On a train station, you can usually access an open wireless network. Only paying for access goes through a secured HTTPS connection, after that, it's unencrypted unless you choose for security yourself (only HTTPS, use SSH, VPN etc.). I was really surprised by this, as it sounds like a lot of opportunities for "misschief" or worse, leakage of data off of business laptops.

For instance, I had my Eee spam every  Bluetooth device it discovered with an image. I walked through the train with the Eee in my backpack, and in the end I had spammed 22 Bluetooth devices!

I'm now trying out several other Bluetooth auditing/exploiting tools. I have no "black hat" aspirations, but I don't just wanna pretend everything's fine and dandy, and that every single person out there is gonna be a noble white hat hacker, refusing to listen to unprotected traffic out there just because mom said you shouldn't.

If you like to join me and learn from this together, maybe we can hook up and compare notes.

[Ways to read a website's directory contents with Directory Listing disabled]

GetRight has a function that does kinda that, so it may be worth hooking it up to wireshark and seeing what its saying.

GetRight the download accelerator? I don't use it myself, but how does this reveal the directory's content?

[Ways to read a website's directory contents with Directory Listing disabled]

I am wondering what ways there are to expose what's stored on a website. It's simple when directory listing is enabled, if the directory doesn't contain an index file. The only other way I know of would be to look for files like "WS_FTP.LOG", a logfile which contains the files uploaded to the website. It's not always up-to-date or even complete, but it does give you a good idea of what files are stored on the server.

Does anybody know of other logfiles, default settings or common scripts that can be used to expose which files are on the site?

[Windows Mobile 2003 - still useful for auditing, sniffing or hacking?]

Cheers guys, thanks for the replies.

At first I wasn't able to find a lot with google (mainly because I didn't realise that PocketPC/PPC/Windows Media 2003 were all more or less the same thing). I will definately check out your list, Darren, because that looks like exactly all the stuff I'm looking for.

Also, for people who're looking for the same thing, check out http://www.irongeek.com/i.php?page=security/ppchack (by the same guy who's article on the Zaurus SL-5500 helped me a LOT!)

[Windows Mobile 2003 - still useful for auditing, sniffing or hacking?]

I can pick up a couple of old Acer N10 PDA's for really cheap. The N10 runs on Windows Mobile 2003, and I was wondering how useful this is. I have no experience with Windows Mobile whatsoever, so I have no idea if there are any good sniffers, warwalking apps, ssh clients, etc.

I have to decide fast on this, so I'm googling in the mean time, but your thoughts on this are really appreaciated!

(On a side note, this little machine apparently can run Linux too, but not too comfortably, so I'm not really looking at that as an alternative).

[Asus Eee: a $199 lightweight laptop and potential hacker "swiss army knife"]

Yeah -- heard about the Medison Celebrity but it just sounds too good to be true and it looks like a scam. But seeing is believing, so when I read enough reliable sources that actually HAVE one, I'll change my opinion.

I read today that (predicably) the release date for the Eee has been set back to the end of september... The same article also said Asus hadn't decided on the final specs yet, so if THAT isn't even clear, I doubt it will go into full production any time soon.

[Internet TV shows like Hak5, Diggnation etc. about coding?]

I am really enjoying stuff like Hak5 and the shows on Revision3, but I'm really missing a show that focusses on coding and/or webdevelopment. Anybody know of anything out there?

[Asus Eee: a $199 lightweight laptop and potential hacker "swiss army knife"]

@metatron: souped up wifi reception and Bluetooh FTW. It should pick up everything that's interesting from the airwaves then. I'm never on the road for too long without being able to recharge, so a new battery isn't my biggest priority. I will be keeping a close eye on your - and others - findings though, and wait till the best replacement has been decided. GPS is also not a big priority for me, but I'd be very interested in the hack, especially if it's possible to keep it all out of sight.

Sigh... is it August/September yet?

[Asus Eee: a $199 lightweight laptop and potential hacker "swiss army knife"]

@digip: Yeah, well, if you would've read my first post you'd know the answers all your questions. Except for Bluetooth and an optical drive, it has everything else you would need. The 8GB version will be sufficient for hacking (you're planning on getting > 6GB kismet logs?).

[Asus Eee: a $199 lightweight laptop and potential hacker "swiss army knife"]

A few days ago I stumbled upon the Asus Eee laptop project. It's a small, lightweight laptop in the OLPC-vein, and basically has all the built-in stuff you'd want, check out the spex:

• Display: 7"

Processor: Intel mobile CPU (Intel 910 chipset, 900MHz Dothan Pentium M)

Memory: 512MB RAM

OS: Linux (Asus customized flavor)

Storage: 8GB or 16GB flash hard drive

Webcam: 300K pixel video camera

Battery life: 3 hours using 4-cell battery

Weight: 2lbs

Dimensions: 8.9 in x 6.5 in x 0.82 in - 1.37 in (width x depth x thickness)

Ports: 3 USB ports, 1 VGA out, SD card reader, modem, Ethernet, headphone out, microphone in

It will run a Linux distro called Xandros. The Asus Eee PC701 should be released in August this year, and the price will (eventually) be $199. This will be for the version with the 4 GB flash "harddisk" (although the above specs don't mention 4GB, others do), so I guess a usefull version with 8GB or 16GB -- especially early on -- will be more expensive, between $250 and $300. Google for more info, or check out this review at notebookreview.com: http://www.notebookreview.com/default.asp?newsID=3829

As some of you might remember, I have posted before about cheap, portable "hacking devices", like the Zaurus SL-5500 PDA, the Zipit Wireless IM "toy" that can run Linux, or even smartphones. I never liked laptops because they were just too much for me. Too expensive, too heavy, too much of everything. One of the users on http://www.eeeuser.com/ (an early gathering place for Eee enthousiasts) sums up why the Asus Eee would be perfect for people like me:

"After I dropped $1,400 on my MacBook I discovered something:  It's too freaking big.  Compared to other notebooks, it's relatively compact, and it's the smallest laptop Apple makes, so (being the Apple loyalist I am) I decided I'd just have to "make do" with it. I couldn't. A year later, I can count the number of times I've taken my MacBook outside of my house on one hand.  I just don't like the idea of lugging a full computer around - especially a shiny expensive one."

Here's why I think the Asus Eee will be popular and a great souped-up toy for hackers:

• [li]It's cheap. You can take it to more places knowing you won't be losing a $1500 device if you lose or break, or if it gets stolen/confiscated.[/li]

[li]It's got all the basics. From audio in/out to webcam, from built-in wifi to 3 USB connectors[/li]

[li]It runs Linux out of the box, and can run Win XP and probably many other *nix variants (like Ubuntu Mobile)[/li]

[li]It's one common platform. People can develop and finetune tools, and they'll work on all laptops. No driver conflicts, no hardware incompatilibilties[/li]

[li]Community. For the same reason stated above, I am sure this machine will get a lively community of hackers, coders and the like.[/li][li]

I am wondering how many of you are interested in this machine and are thinking about getting one. I know I've seen Metatron around one of the ealy forums around the Eee :) I sure am interested in the Eee, although Europe is unfortunately last as far as releasing the Eee goes. :(

[Programming / hacking books that are fun to read]

Yeah, you could try reading Kevin Mitnick's first book, although when I tried to read it I didn't think it was that good and couldn't be bothered to finish it.

Haha, the "Art of deception"-book? Same story here. I kinda liked the examples, but this is something I'd never use myself and I just got bored with it halfway through the book.

[Programming / hacking books that are fun to read]

if you have the slightest interest in learning ruby, read "Why's Poignant Guide to Ruby" which is availible online for free, just google it.

peace.

I was interested in learning Ruby, I have read that book, and it's a great example of a book I'm looking for! Really funny and not a "do this exercise before continuing reading"-book.

But I'm looking for one of those old school books made of paper ;)

I am particularly interested in books focussing on changing your perspective -- way of thinking -- on programming. I need something for inbetween my "The Spectacular Rise and Fall of Commodore" and my zillionth re-read of "Hackers: Heroes of the Computer Revolution"!

[Programming / hacking books that are fun to read]

I will be going on a holiday without taking my laptop. I would like to take a book with me to improve my way of thinking on programming and/or hacking, but which doesn't require me trying out stuff on a computer every few pages.

In other words: I'm looking for a book that's fun to read, not one with dry logic and programming examples.

Any suggestions?

[Back Online]

To quote Captain: "WHAT HAPPEN!!!"

[Automated wireless sniffing/snooping tools under linux]

Yes but the WRT54G is more cost effective. The nano-itx solution I've spec'd out is about $250-300.

That's a project I can't wait to hear more about! My goal is to stay under €100 (about $120), and to use devices that are already "complete" (PDA's like the Zaurus SL-5500, toys like the Zipit Wireless or handheld gaming devices like the Nintendo DS). Since this involves only little hardware hacks, I'm focussing on software mostly.

This is pretty much a learning project for me, and probably some of the things I "discover" will be old news to you. Nevertheless, I hope to have a draft of my experiences ready to post somewhere this week, for who's interested!

[Automated wireless sniffing/snooping tools under linux]

There are a few posts about this subject already. I don’t think they went too heavily into automation but if you code it’s not rocket science.

Depending on what OS you’re running on your PDA will reflect how much work you will have to put in. If you’re running Linux than it’s easy but if you’re running Windows, you will have a lot of work ahead of you.

Yeah, some of those are by me ;) I have been busy with another project that has been wrapped up, and I'm now diving back into this one.

The environement is running on is Linux, OpenZaurus (a Debian based embedded distribution) to be more specific. But, not in the least place for portablility, I'm trying to approach this under the same angle as the USB projects on Hak5 have been done, with user input and collaboration with peers. I'm not out to prove I'm überleet, I'm not asking people to prove their überleet, I'm just looking for people to work on a hobby project, and see how far we can get.

I'll be setting up a home base with a write-up of how far I got myself, would be cool if you're interested in joining.

[Automated wireless sniffing/snooping tools under linux]

maybe its just me, but I am really not to much of a fan for people who come here simply asking others to do work for them... maybe your post should have gone something more like:

Im trying to do this, can anyone point me in the right direction, or has anyone done this before?

I'm not much of a fan of people misinterpreting a question and then posting condescending replies of how they would've liked to have a question asked.

I'm asking for what's already out there, and if people are interested in teaming up to start a project for this. I'm not asking you to liek hax0r my girlfriends Hotmail password, liek OMG!!!11

[Automated wireless sniffing/snooping tools under linux]

For my little portable security device (PDA) I'm looking for people who have either strung together a set of tools, written their own scripts/tools, or know of tools that automate wireless auditing of all sorts and sizes (and hat-colors). Basically I'd like the PDA to go into "snooping mode" and gather as much info as it can from the airwaves around it.

Or maybe if you're looking for a project, we could work together and hack something up to be put in the wiki?

[More streaming radio for hackers and geeks?]

As "streaming radio hacking" gets me a lot of results considering hacking streaming radio, I wanna ask you for your favorite streaming radio shows with a hacking/technology angle. Because I'll listen to this from work I'm not looking for pure talkshows, I am also looking for new, free music.

Ofcourse I have checked out Hak5 Radio, but is there more?

[New XBMC Script!]

Sounds cool, got a fresh XBMC running this weekend, wil give your script a try!

[looking to get a PDA with linux]

Sharp Zaurus, for sure!

[Odd Question/Idea/Tiny Snowball (Homebrew Computer)]

You could just build your own Apple I ;)

But maybe this project is for you: http://www-scf.usc.edu/~cfenton/laptop.htm

[Your top (computer related) books to read]

The wiki mentions this book "has been superseded in practice by a spate of more recent, accessibly-written books"... Any idea what books they are talking about? I'd hate becoming a great software developer BEFORE you can understand a book about great software development...

I would say that the one who wrote that comment in wikipedia is a weak-minded fool. But still, it isn't a book for beginners but rather one for those who are ready for larger projects.

No, I would say the guy who wrote that comment in wikipedia was able to put aside his elitism and feelings of superiority towards non-übergeeks and give an unbiased, clear indication of the expected level of expertise of the person who'd buy this book.

There's enough programmers out there that would like to evolve without skipping half the steps necessary.

[Your top (computer related) books to read]

I would like to add one book every software developer should have on their shelf already:

Design Patterns, it will change the way you code. At the very least it will allow you to communicate with other developers more easily.

The wiki mentions this book "has been superseded in practice by a spate of more recent, accessibly-written books"... Any idea what books they are talking about? I'd hate becoming a great software developer BEFORE you can understand a book about great software development...

[Applying the Hacksaw from non-USB media]

I've read the thread about starting the Hacksaw from a CD-ROM, and that got me wondering if anybody has been busy getting the Hacksaw to be executed on the target computer in another way than from the USB drive?

If you would execute it by exploiting software on the target computer (with, say, IE), this all starts to look like an ordinary trojan, doesn't it? I wonder how long it takes before someone unleashes a trojan/worm/virus-like version of the Hacksaw. I wonder what your thoughs on this are.