[Hak5 Live 001]

Good job! I was using VLC and it was getting all the boxes, until someone in irc mentioned kaffiene, and that worked flawlessly. The one thing I noticed was that it was impossible to read the text when you guys showed the command prompt on how to do stenography. Usually with the xvid downloads it is fine to see the text, but the resolution of streaming wasn't up to it.

It would be cool to get some graphics for when you do the video in video of the caller. You could include their irc nick or email. There were a lot of people in irc who had good suggestions, and if we had their name we could message them some ideas and be sure sure they get them.

Great job, again. I look forward to early January.

[programming a TI Calculator as a password Cracker?]

Sure, type out the hash in the TI-83, come home from school, put that hash onto your computer and let John the Ripper go at it.

While a TI-83 is Turing Complete, meaning that it can do any calculation any super computer can do, given enough time and memory, it is most likely going to be a whole hell of a lot faster just to let you computer do it.

[C2k Hack]

Work Friendly acts as a proxy. It is cool because it makes the web page look like a word document, so if anyone ever comes by, it looks like you are doing your homework. It doesn't include the pictures from sites, but it may be a decent way to do some browsing around the filter.

Boing Boing also has a list of things to try.

[Who here uses PGP?]

I sign (& encrypt) with the few people I know that have use PGP, not because I am trying to hide something, but just because I don't feel like having someone read my mail. It should be a default for everyone (it's not like the calculations are that demanding on the CPU), but almost no one supports. If you use outlook you have to copy the text an use WinPT--it's not a one step thing. Enigmail is great, but too few people use Thunderbird. You think people would be more interested in securing their communications, especially since it could cost them their job.

But that's a good idea, I'm going to start signing all my messages, and when people ask me what that is, I'll tell how to get gpg going.

[Dual monitors help]

I know this is slightly off topic, but I just went to a dual monitor set up, and it is great. Take a look at Ultramon or Multi-mon. I've been using ultramon (free for ~30 days) and it provides a lot of multi-monitor support that is missing from XP.

[Hacker/Security Conferences]

I was just compiling a list of some of the recommended conferences for myself, and thought I would share. I know some of these already occurred, but at least it gives you a general time period and location to expect future ones (bold dates are ones that have yet to occur).

Defcon 8/4/06 - 8/6/06. Las Vegas, NV

ShmooCon 3/23/07 - 3/25/07. Washington, D.C.

PhreakNIC 10/20/06 - 10/22/06. Nashville, TN

Black Hat DC 2/26/07 - 3/1/07. Arlington, VA

Black Hat USA 6/28/07 - 8/2/07. Las Vegas, NV

HOPE 6 7/21/06 - 7/23/06. New York City, NY

RUXCON 9/30/06- 10/1/06. University of Technology, Australia

Hack In The Box

Let me know if there are updated dates for these conferences or if there are more, and I'll edit this post.

[Quick Wordpress question]

The RSS fead is a feature of wordpress, but if you don't want to abandon your existing code, it probably wouldn't be too difficult to implement one yourself, since RSS is just XML.

If you have a news page that gets its info from a database, just make a php (or whatever language) page, feed.php, and have that page conform to one of the RSS standards. So basically, you would just have a loop to generate:

    

<item>

      <title>your article title</title>

      <link>a link for more info</link>

      <description>Any info</description>

      <pubDate>Tue, 15 Oct 2003 10:39:00 GMT</pubDate>

    </item>

Check out http://en.wikipedia.org/wiki/RSS_(file_format)

[Hacker/Security Conferences]

Thanks for the suggestions! I'm in Philadelphia, so New York and Washington DC are not far.

[Hacker/Security Conferences]

I think that one was HOPE. It seemed interesting: AMD virtualization for undetectable programs and rainbow tables from MD5Lookup.

[Hacker/Security Conferences]

I've never been to a conference, and it seemed like a lot of good stuff was going on at HOPE (2x01). I did some basic searching on google for some, but I was hoping to get some suggestions on what conferences there are for hackers (white or black hat) and people with interests in computer security.

Jinx list

Google Directory of Conferences

[like, ubuntu total sucks...]

I shouldn't have read this thread. I've just spent the past 3 hours apt-get'ing java, tomcat, apache, and ubuntu-desktop for my 1st time using ubuntu (figured it was time to get rid of mandriva). So now I'm going to have nightmares of waking up and having to reconfigure xserver everyday for the rest of my life :o !

[The hello Thread]

Good call--I'll put that on a couple machines.

[The hello Thread]

Hey,

Hak.5 is an awesome show, and the community seems great (i got all excited for helping out with the rainbow tables, only to find that they are all taken).

[Episode 2x03 Release]

Good stuff--I just started watching, I am disappointed that I have not been watching this from the beginning. I sat down and had a marathon of Hak5--From the first episode to 2x03. Now it's going to be tough waiting a month for another episode, since I just got to see 13+ episodes in a day.

[https, SSL, cain & able?]

If you have an extra box lying around at home you could set up a vpn (could be as easy as tunneling via ssh). Whenever you are out at a coffee shop or on an untrusted network, access your vpn. I usually tunnel vnc or remote desktop.

The problem is that at some point there is always going to be a point to sniff your traffic--even if you are tunnelling to your home, anyone who is linked to your home network or at the node above it can compromise your plaintext data.

[php/html scripts to control a Host pc system?]

What are you trying to do with firefox? If you want to use a PDA or phone to remotely control what you see on the monitor you might have a hard time. If you have a windows pocket pc, there is a vncviewer available for it, so you could control some of the stuff you see on the host monitor. If you are using firefox to try to download a webpage, take a look at curl--it is a library in php.

[PGP Locked Harddrive]

Is it really that important to you that nobody touches your Windows or Office installation?

But it may be possible to load a program into the the windows or office installation that could grab the data from the encrypted file system once it is mounted. You could just replace the executable (w/ a live CD) of some common program that the user will launch or the OS will launch with your program that sends the content of the encrypted drive to your computer. You could prevent someone from using a live cd by adding a password at the BIOS level, so you would have to log in before your computer boots.

Although this attack requires a very concerted effort to get one user's data. The attack would require you to mount the filesystem, so your data would still be safe if someone just stole the hard drive.

[cpu usage limit?]

I think using the "nice" command would help you.

nice -n 19 <your_command>

It could still use the cpu to the limit, but it would at least yield whenever another program wanted to use the cpu.

http://linux.about.com/library/cmd/blcmdl1_nice.htm

[Can anyone code this?]

Take a look at AutoIt. It allows you to create scripts that use window names to change certain aspects of that window. You could create you own gui autoit script with a toggle button that opens up that sound properties screen, changes that one drop down, and then exits from the sound properties page. You can do the toggle by just checking to see what the value is and switching it to the other (just some simple if-then). Take a look in at the demos.