[remote desktop and program settings]

When you install software on a Terminal server you typically need to go into control panel and add remove programs and choose the install program option. This temporarily puts the server in "install mode", and records the registry and file locations for the program and then switches back to "user mode". Hopefully now when users run the program the server maps the process for that user to their registry and user profile directory.

This is not foolproof though, programs that use non standard data directories or try to use the program files directory for settings will likely not work. But by your description though it sounds like it is writing to a user writable directory, so unless it has made permissions changes on install it will probably sort it self out with an uninstall and reinstall in "install mode"

[Hak5 + Hackers movie = Trust Your Technolust?]

Just some more 'Hackers' movie trivia - there are a few other similar signs throughout the movie.

Two signs in the hallway of the school, seen when Dade comes down from the pool on the roof, and in the sprinkler scene: 'SURF THE EDGE' (yellow) AND 'IMAGES ARE PROMISCUOUS' (orange).

Two signs in the subway car, in the scene before Crash & Burn go to get Razor & Blade: 'INFORMATION IS PENETRATION' (blue) and the other one I can't make out completely (orange).

In one of the phone booths in the subway station: 'GIVE ME LIBERTY OR GIVE ME ROOT ACCESS' (red). The yellow 'Trust your technolust' sign is in another of the phone booths.

I believe the orange sign in the subway car says "There's no speed limit on the information superhighway" though it might be just highway

[Android & Pineapple Avoidance]

Will do, though still having issues with it, think there is a bit of an issue with file locking from the dialog popup. If the network is approved the wireless is enabled and it connects to the network again, this causes the pineapple task to rerun but still detect an unknown network.

[Android & Pineapple Avoidance]

If anyone wants the source files from Tasker I will happily attach them.

[Konboot 1.1]

Kon boot 1.1 doe not work with windows 8, Also when using kon boot 1.1 on windows7 when opening oulook it asks for passwords for every account ! am I doing something wrong ?

I think the credential manager that stores usernames and passwords is secured with the users account password, so credential manager may not be accessible when using Konboot.

[Hacked Facebook Question]

Have you visited http://www.facebook.com/help/hacked/friends that should be your first port of call. I know someone who went through there and got it sorted, not sure what they had to do though.

[Android & Pineapple Avoidance]

edit: arse, it doesnt append a new line character when it does a write line. actually I was using ';' where I should have had ','. Should work now

edit2: also the scene doesn't update when the button is pressed, not sure why.

edit3: fixed the scene updating by calling show scene instead of pop up dialog.

I think I have something fairly functional, though a native app might be more appropriate:

Profile:
    Pineapple:
        Wifi Connected: * > Launch Task: Pineapple

Tasks:
    Pineapple:
        # Clear the global %SSIDMAC
        Variable Clear %SSIDMAC
        # Launch task to fetch the SSID and MAC of the connected AP
        Task: getSSIDMAC
        # Launch task to check whether SSID and MAC exist in the database 
        # and if they match known combination. Return %isdb, 
        # 1 = AP exists, 0 = AP doesnot exist
        Task: CheckSSIDDB return %isdb
        # if the AP does not exist
        If %isdb <> 1
            # turn off wifi
            WiFi Set Off
            # notify user
            Vibrate
            Notify "Pineapple or Unknown AP!"
            # log to file
            Append file Pineapple.txt >>
                ====================
                %DATE - %TIME
                %LOCN
                %wific
                ----------------
                %WIFII
            # popup the Pineapple scene to allow the user 
            # to add it if safe. (blocks continuation of task
            # until the user closes the scene)
            Show Scene Pineapple scene > Show as Activity or Dialog
            # Destroy the scene
            Destroy Scene Pineapple
        End If

    getSSIDMAC
        Variable Set %wific To %WIFII
        # split %wific at all instances of "<<<" 
        # produces %wific1, %wific2
        Variable split %wific splitter "<<<"
        # set %ssid to everything after "<<<"
        Variable Set %ssid to %wific2
        # split %ssid at "Mac:"
        Variable split %ssid splitter "Mac:"
        # split with no splitter to clean up the 
        # whitespace %ssid12 contains just the ssid
        Variable split %ssid1
        # set %mac to everything after "Mac:"
        Variable Set %mac To %ssid2
        # split at "IP"
        Variable split %mac splitter "IP"
        # split again to clear whitespace, mac will be in %mac12
        Variable split %mac1
        # set the global %SSIDMAC to ssid,mac
        Variable Set %SSIDMAC to %ssid12,%mac12

    CheckSSIDDB
        # create counter
        Variable set %linen = 1
        # set label loop 
        label Loop:
        # read line number %linen in to variable %line
        Read Line %linen from file ssid.txt to %line
        # if %line == "EOF" the AP does not exist
        if %line == EOF return 0
        # split %line at ',' to give %line1 = SSID and %line2 = MAC
        Variable Split %line splitter ';' 
        # split %SSIDMAC at ',' to give %SSIDMAC1 = SSID 
        # and %SSIDMAC2 = MAC
        Variable Split %SSIDMAC splitter ','
        # do the SSID match?
        if %line1 == %SSIDMAC1:
            # if so then do the the MAC's match? Return 1 if they do
            if %line2 == %SSIDMAC2 return 1
        End If
        # if there is no match increment the counter
        Variable Set %linen = %linen + 1
        # and loop to the next line
        Goto label Loop

Scene
    Pineapple:
        -----------------------------------
         Pineapple or unknown AP Detected!    Text Box
        -----------------------------------
                     %SSIDMAC                 Text Box

        -----------------------------------

            file:\\/mnt/sdcard/ssid.txt       WebView

        -----------------------------------
                 _______________
                |   Enable AP   |             Button
                |_______________|
        -----------------------------------

    Button:
       Write line %SSIDMAC to end of ssid.txt
       Enable Wifi
       Refresh Webview
       Update Text1: AP Added!
       Hide button

[Android & Pineapple Avoidance]

No idea if the actual script works but the concept seems pretty good. I've not used tasker, I'm guessing it is just a simple scripting app, if so the only problem I could see is how often it runs, too often and it will drain your battery quickly and may (not sure) disconnect you from your existing connection to try for the new random one. Not often enough and you could be connected for a while before you notice. It also only takes fractions of a second for automated scripts to notice the network connection is up and call home, if any of those have clear text credentials in them they may slip out before your script detects what is going on.

A very good attempt, better than anything else I've seen but maybe not perfect and I can't think of a usable perfect solution if you want to be able to use open wifi.

Tasker is pretty efficient for most things and I'm pretty sure that the "wifi connected" trigger is from a system intent, so triggers pretty much instantaneously and should not be polling in between. Script definitely works and triggers, I temporarily added the open test network to my router and hardly had chance to look before it went off, I just wasn't sure if this would work well against a pineapple or similar device :)

I've also been pretty careful about the apps I have installed and I am pretty certain the ones that do have internet access are at least using SSL by default. I've wondered lately how possible it would be to modify a rom so that it can restrict a specified group of apps to only use the a certain network adapter. "Insecure" apps could only be allowed connections through the OpenVPN tun adapter then.

I think that if the pineapple were not to respond to the first attempt to connect by a client then it should completely negate this, its likely most people have more than one wireless profile and with android especially it will just kick through to the next most recently added profile and try to connect on that instead, but I presume this would screw up deauth attacks.

I think I can get round this though by having Tasker check the SSID and MAC against a text file and trigger if it doesn't have the AP on file or the MAC is different then disable until the user has validated it is a valid AP that can be added to the file. I could add location data in too, but it is not helpful for the "BT Openzone" or "BT Fon" networks where they exists all over the place and certainly would be a pain if you connect to anything portable you carry around.

[Android & Pineapple Avoidance]

I would be interested to know if this would work?

I have an android phone and tablet, I already run openvpn over ssl on both to force traffic through my home "server" (its a eeepc 701 running debian) but this takes a few seconds to reconnect on a connection change.

I use juice defender to manage my wifi on both devices, and although I could disable its control over wifi I wanted to have to do minimal connection management.

So I did some research and it seems androids gives highest priority to the most recently created wifi profile. I created a new profile with a random SSID that shouldn't exist in the wild and then created a tasker profile that triggers when it connects, pops up an alert and disables wifi.

Should this trigger as expected?

Profile
  Pineapple
    Wifi Connected "SSID=randomssid" > Launch task Pineapple

Task
  Pineapple
    # Set the local variable wific to the output of the system variabl wifi info (SSID, MAC, Channel, Speed of the currently connected network) 
    Variable Set > %wific = %WIFII

    Wifi Net > Disconnect
    Vibrate
    Notify "PINEAPPLE DETECTED!"

    # Write the current date, time, location (from gsm network) and output of wifi info (when disconnected from wireless it will have the info for all AP's in range)
    Write File > pineapple.txt >>
       =================
       %DATE - %TIME
       %LOCN
       %WIFII

    # Turn the wifi off here because the popup blocks task from continuing.
    Wifi Off

    # popup a custom scene and pass wific to it (my scene has a dismiss button and a enable wifi just in case)
    Popup > Text1=%wific

[Tablet Encryption]

I was just going to say, try the whole yubikey solution but not sure that works since you have issue with the whole USB key to begin with. If not, you could just use the USB solution to begin with and not need the Yubikey.

Truecrypt should work though I would think, I just don't remember how to do whole disk encryption for bootable windows drives but its definitely worth a shot.

Also a rubber ducky set to login for you, but you would need a ducky for each machine with different user logins pre-set and still requires a USB port to access the machine which it seems you want to avoid. I think for ease of use though, go with the USB solution if it gives you the encryption you need. Just means another kink in the chain though if they get lost or stolen and then you can't boot without the keys on the USB drive.

perhaps I am looking at the wrong product but it appears to me that there is only one usb port on the device and at least one usb port on the keyboard attachment http://us.acer.com/ac/en/US/content/iconia-tab-w500

[Tablet Encryption]

That's not really going to fly with Truecrypt is it guys? Do let me know if you find a solution, I had a similar situation and gave up in the end, could not find a suitable solution.

why not truecrypt with a yubikey in secondary mode and a fixed long password