Darren Kitchen

I remember in school a tech teacher telling us about this stuff. It turns out that when a fire alarm goes off peoples natural reaction is to get a big lung full of air and run for the exist. well, when halon goes off and you take a deep breath... *falls over*

If its something we could get the printing of down to $5 we'd actually consider doing a limited edition of the season 1 box set where the first 100 purchases of the dvd actually come in a signed hax0rflakes box. i bet that would get the ball rolling. too bad the printing is absolutely nuts. its always like that whenever your getting anything under a quantity of 1000 printed.

I did the same thing with no results. I just get a ding. :(

Still got ya beat ;)

Turns out it's something we could do. As for the food we could actually just buy boxs of cornflakes and swap boxes, ensuring that the serial bags are sealed. The printing is hella expensive but they look great. http://www.gopackaging.com/retail-boxes.aspx FTA: "While there is no hard and fast rule, the average initial cost for a retail packaging project is $2,500-$3,500 for a full-color, and $1,500-$2,500 for one color." And "Q: What if I need less than 100 boxes? A: You may want to consider our direct digital printing option which costs more per piece but carries much lower up-front costs. You can expect to pay about $20-60 per box for this service." Yikes! So who wants a $30 box of haxorflakes now?

The survey results from this season have been really good. One of the interesting results has been from the question "Would you be interestin in a season box set DVD for purchase?" for which the replies have been 33% yes, 33% no, and 33% "only if it came with a coupon for a free box of haxorflakes" (which I'm not sure if it means yes or no). So as we're working on these products we've been toying with the idea of actually including said coupon. Just something simple that said "Send in your box top and UPC code with receipt and we'll reimburse you for the box of haxorflakes". Now of course nobody could actually take us up on that since they don't exist, but I have a strange feeling that if the DVD does come with the coupon we may end up with a few fake box tops in the mail... I'd actually look into getting some custom cerial boxes printed if it werent so expensive and we had some decent graphics for it including box top, UPC, nutritional information and ingredients on one side, receipe ideas on the other side, and maybe a Haxor Maze or word puzzle of the back of the box. Food for thought.

Does anyone remember the buzz about that antomated wireless penetration testing tool from a while ago? I believe I hard about it on digg or sploitcast. Sounded like a little box that basically had two modes, OFF and HACK. Funny stuff.

I tried it and was given an Exploit> prompt. Not knowing the paramaters or programs I gave it "list" and it listed 22 exploits. I choose number 20, "MS Windows (ListBox/ComboBox Control) Local Exploit (MS03-045)" and was asked for a filename. Not knowing if it was going to give me the article or code I dumped it to a .txt and opened it. It's the article and code. I'm not sure if it's just this article but the file I ended up with contained an enormous amount of single forward and back slashes on new lines, and extra linebreaks. That said, this tool looks very nifty. I'm starting to really like ruby. On a related topic if anyone has some beginers tutorials on ruby they could send my way I'd really appreciate it. I'm familiar with C and PHP and have been thinking of picking up another language and this one looks really elegant and useful. (just PM me, I don't want to derail this thread into a ruby tutorial thread)

Windows 3.11.... FOR WORKGROUPS!

I'm rusty, I'm sure an online translator would turn it into "look frog smile wind plug to something not zero for life beer watch else jump nice cheetos"

Sounds like you'll need to learn a scripting language for the web, and possibly some basic SQL. A very popular option which I found easy to learn is PHP and MySQL. Registration pages are pretty simple since you write HTML form tags in your .php file which should post to itself, check if the forum was competed, and give out the PDF files while inserting the info into an SQL table. Aside from php.net I found phpbuilder.com to be a great resource. I'd also check hotscripts and sourceforge to see if there is existing code you can modify. And as always, there are plenty of tools for the job so I'm sure someone will chime in and mention perl, ruby, python, etc

It would be nice if we could encrypt them ourselves so that we all have different variations of the tool. would make it harder for AV to protect against this. Someone raised the point that this thread is likely being watched anyway.

I remember seeing a commercial about an NSA phone service. Obviously a lie.. ---Oh, wait. Hu? Really. Damn.--- Ok, nevermind. No, come to think of it nothing really strikes me. /me goes back to never getting security clearance

methinks we should have kept with the 1x0x naming conventions for the first season.

Danke Bizz oder mein Deutsch ist nicht gut. Ich habe nur zewi jahra in die schule und spreche "Guten tag, Ich heisse Darren Kitchen auf Hak5, und ich bin sechsundzwanzig jahra alt. Mirchten sie das Blumchen musik cassetten? Sie sent sehr toll!" Mein schwester spreche gut Deutsch fur ein jahra auf Duseldorf und Berlin. She gab mich die Toten Hosen, die Arzte, und Blumchen CD so singen "Ich bin wieder hier!" und "Ein Lied Fur Dich". Tschus und wiel gluck mit die grossen beer trinken! PS: TomB ist ein hundin.

armadaender is winning but is he disqualified since he ran it at work? I've got a 100mbit fiber line through cogent at work, would that count? ok, sorry, continue with the epeen battle.

Remember, nmap also has the unique ability to bring canadian podcasters back from the dead, and is readily available in boxes of haxorflakes world wide.

Remember in episode 1x02 or 1x03 the windows firewall automation script? My goal was to make changes to several windows firewalls without the use of group policies, so I'd have to physically go to each machine. While the script wasn't malicious in nature it used the same technique as Amish's hack to run my firewall script. The same could be done with U3. I could see it being used for white hat purposes such as installing updates, latest anti-virus definitions, testing for security best practices. But then again by the time that the automation part makes it actually start to break even in time spent administrating each machine you're probably already in a domain environment with enough flexability with the clients that this could all be automated from the server anyway. Ahh, thinking out loud again.

$15 512MB $25 1GB $45 2GB Those links are from the Staples store in my area (Williamsburg, VA). AFAIK it's nation wide. I picked up a 512 MB for $15 today in Vienna, VA in store at that sale price. Sale ends on the 23rd. We're not affiliated with Sandisk or Staples, but it's a damn good deal. Both the U3 method and Amish method work great. I think Amish made clever use of some social engineering, but personally I'm a bit more fond of the U3 technique since it doesn't require any key presses/mouse clicks. (No offence Amish)

Cooper gets a cookie!

Amish or MaxDamage technique?

Sorry for the double post but two quick things: 1. Staples is having a sale on the U3 enabled Sandisk Cruzer Micro drives. I picked up a 512 MB in store for $14.99. The 1 GB is about $25 and the 2 GB is about $45. The sale works both online and in-store and is good until September 23rd (this Saturday). Now that I've got two I can have a leathal and non-leathal USB drive on my keychain. 2. I just got off the phone with the Sr. Editor of a well known computer magazine in the US. They will be printing a story about the USB Switchblade on their website some time tomorrow (I'll provide a link when it's live), and possibly on next week's print edition of the magazine. Way to go everyone who's contributed, this project is totally rocking! I feel like we're actually bringing awareness to both regular users and IT pros about these attack vectors. Hopefully the editor will say something nice about us.

Since USB Keys went mainstream I've always been weary of the autorun threat, so much so that I've made it habit to hold the shift key while inserting any untrusted media.

It was a light hearted joke. I'm sure the security community at large has been aware of this attack vector for many years. The only thing new about it is the fact the U3 gives us the autorun abilities of a CD-ROM with the write abilities of a USB key.