Dr Zaius

What about a U3 drive that auto-installed Windows hot-fixes, applied security polices, killed spyware, updated anti-virus definitions and that sort of thing? Sure you might have an awesome automatic network based distribution system for these types of updates, but what about when you go to your Grandma's or to a small business with ten or so computers that have never run windows update? Pop in your U3 drive and it begins to secure their computer, you could even give the thing to your Grandma and tell her to plug it in herself. I'm always having to do this kind of housekeeping on non-tech savy people's computers, it would be a lot less work to just plug in a flash drive. I'm thinking this would be particularly useful if for example you had to install an application on all the computers in a network where you have limited acess to the network itself, but physical access to the USB ports (Some admins and companies are rather touchy about outsiders getting access). The U3 Drive can install the app and make any necessary changes to firewall settings etc. The advantage of this type of solution is that anyone can go to 100 computers and plug in a flash drive, all necessary changes wouldn't require any user interaction. Another possible idea, tracking your flash drive. Each time it's plugged in, it simply contacts your webserver and gives information about the local computer(IP etc) you need and perhaps has an option for remote administration. So you have space shuttle plans on your flash drive and you get mugged, some evil hax0r has your U3 drive, he plugs it into his computer and it contacts your websever giving his IP, you contact the feds and they go bust down his door. Or you loose your drive and a normal person takes it home and plugs it in, you would have a backdoor on their computer that you could use responsibly to tell them that they have your flash drive and to please return it, although this would probably scare most people. This tracking system could also be used as a bit of a social experiment, drop a few U3 drives in the street and see where they end up. But what about if you have revealing photos on your flash drive that you don't want to risk anyone getting their hands on? You have them in a truecrypt volume and the drive is chained to your wrist but your still paranoid? Why not have a U3 drive that automatically scans the computer its plugged into for some sort of identification, as simple a text file in c: or it could do some kind of handshake with an app running on the computer or whatever. If the drive doesn't detect the computer as authorised computer it securely deletes everything on your flash drive, no more worries about those photos being posted on the internet. This would have to be implemented very carefully though, don't want to delete those photos when you don't mean too, you also don't want to end up deleting everything on a local drive instead of the flash drive. Sure theres going to be some problems with implementing these ideas and existing solutions might be better in some cases but I'm just trying to show that there are a whole range of ideas that are a bit more legitimate that this technology can be used for. Owning some n00bs box is fun and all, but it's even more fun to come up with innovative uses for technology so you can show off to all the n00bs instead, this is what Technolust is all about.

Ok, short version you can get what you want here: http://www.dynawell.com/reskit/microsoft/win2000/choice.zip Long version, a modern (and alot more stable) version of the choice command was included in the NT and 2000 resource kits, for some reason I couldn't find download links for these at Microsoft anymore, so I googled and found and tested the link above which contains choice for 2K/XP compatible systems. This tool was dropped from the XP/2K3 Resource Kits as it's a built in command in Windows 2003.

WM_Hunter hasn't provided much information on the circumstances but if he's in an environment (school, work, uni etc) where he has a limited account and the administrator won't install TrueCrypt on the computers (most likely running Windows), then I would say running a Linux Live CD would raise a bit of suspicion and possibly break any computer usage policies. You also have to consider if it's going to be practical to reboot into Slax everytime you need to copy your homework over. I'm not saying it's a bad idea, just it might not be practical depending on the circumstances. Another option to consider if you want to walk the line a bit is priviledge escalation exploits. But again this really depends on your circumstances and it seems like you want to avoid anything that could get you into trouble or raise suspicion.

All the manufacturer password protection solutions I've encountered also need administrator priviledges. Although perhaps a biometric flash drive could work? I've never owned one so I can't say. I'm not sure of the circumstances of your situation with regards to administrator privileges, but if you can get an Admin to install TrueCrypt on the computers your using then I believe it can easily be setup to allow normal users to run it and mount volumes. EDIT: Never mind I re-read and saw you've already considered the TrueCrypt being installed by an admin option.

Yeah the internet has always been a haven for such pointless information. I also enjoy reading Encylcopedia Dramatica: http://www.encyclopediadramatica.com

Uplink and Darwinia were awesome games, innovation instead of eye candy. I certainly can't wait for DEFCON. However I don't think I will be getting my copy over Steam, I would prefer my money to go directly to the developers.

I never make notes, as I'm a person who learns better by being spoken to than reading notes over and over. How much attention I pay or if I bother attending at all depends on how much the topic interests me. You'll encounter problems with accents/bad english in lectures all the time, although most of the lecturers understand english isn't their strong point and are happy to repeat things for you.

My bookmarks are used as a haven for sites I visit once every few months and for bookmarking things I don't have time to read depending on where I am and what I'm doing at the time. I suffer from chaotically unorgansised bookmarks like many people here, I really should sort them out sometime but I'm sure most Firefox users know the agony of that and I'm too lazy to do it manually.

"Hack the Gibson/Evil Server" It turns out that Evil Server is in fact a Gibson, which is involved in a most evil plot to frame innocent hackers for capsizing oil tankers all over the world. In a desperate bid to stop him, characters from Hak.5 zoom around inside the Gibson/Evil Server using VR googles through a dialup modem at a NY subway and attempt to retrieve the right garbage file to prove their innocence. While unleashing things like a Cookie Monster virus on the way and trying to avoid the insidious The Plague. Actually maybe we shouldn't perpetuate that movie, Cludo sounds good.

That reminds me of an old bash quote: http://www.bash.org/?142934 I guess for some people it is a bit hard to comprehend how global the internet is.

I'd definately be interested in a Hak.5 distributed computing team of some sort. Protein folding doesn't really interest me, but it's all for a good cause I guess.

http://www.knopper.net/knoppix-mirrors/index-en.html Tested the first one on the list and it appears to be live for both http/ftp: ftp://ftp.uni-kl.de/pub/linux/knoppix/DVD/ http://ftp.uni-kl.de/pub/linux/knoppix/DVD/ Too big for your harddrive? Do you have enough free space? It's under 4gig so you shouldn't have any problems with file system limits.

For the rare occasions when I defrag I also use O&O, it was what was recommended to me when I asked this question.

Just did a whois on the IP, your a kiwi? I sincerely doubt anyone here will help you to "hack" your school. Legalities aside, what can you possibly hope to achieve from this? Getting some girls phone number? Changing grades? (Little use apart from possibly for internals with the NCEA system we have here in NZ) The little bit of fun you will get out of these things is not really worth it in the end. You have but do a bit of googling to find story upon story of people who screwed with computers in school and payed for it. There are several school admins as members here on Hak.5 if you want the stories from the other side. I speak from personal experiance when I say System Administrators for schools, particularly in NZ are not usually the most hacker friendly people. I know overseas you may run into some dam good school admins every now and then, but here they are typically arrogant wankers with a 10 year old certificate from Novell. I had the pleasure of dealing with one back when I was at school, 3 days stood down and 6 months banned from computers in school, this ban was actually permanent as he refused to reinstate my account even when asked to by senior staff. In my case I had access to whatever I wanted, I never caused any damage but it was the *potential* to cause damage that got me in trouble. Well this potential coupled with the computer illiteracy of the senior staff responsible for the disciplinary action and the admin's hurt ego. Although this punishment didn't cause any major problems for me, it would have if I was doing any computer based subjects, or if I had of been suspended instead and it went on my record - Would have affected me enrolling for computer related degree at uni. Basically what I'm trying to say is, you mess with computers in school, especially in a place like NZ where most of your schools staff are stuck in the "good ol' days" then you'll pay for it. Regardless of how minor an action you take it will be blown out of proportion anyway. EDIT: Doing a bit of research I see your from Hamilton and want to do a computer related degree at Waikato Uni when you leave school. My advice is to leave your desire for hacking at home until you get to uni and then put it to a contructive use.

I presume you were using the manufacturers solution to password protect it? If you don't have any luck deleting the partition then check their website for recovery/fix tools. When my cheapo Rundisk drive got a bit screwed they had a utility which sorted it all out, was more of a case of the flash memory starting to die in my case though.

For king and country... and evil sever...

I'm not sure how accurate scheduling a task to run 2 seconds into the future will be. I remember back in the days of 9x there used to be a "choice" command that I used for delays, don't think it's around anymore. I don't know of any built-in commands specifically for waiting but you can grab the sleep.exe from the Windows Resource Kit which is for exactly what you want, waiting for a certain number of seconds in batch files: http://www.microsoft.com/downloads/details...;displaylang=en I have also been told that a nice workaround is to use ping, pinging the loopback a certain number of times. You see the first ping is sent immediately and then theres a one second delay before the second one is sent, so you could make your script wait two seconds with something like: ping -n 3 127.0.0.1 EDIT: Re-reading your post this might not be quite what you want, you want to schedule a command to run 2 seconds in the future but then have the rest of the script continue to run? Perhaps if you explain the context this is being used in it may help.

If you enable "Disable page caching" under "Misc settings" in your wiki preferences then it helps alot with the caching issue.

Well I know AMD does quite a bit of sponsership in Formula One with Ferrari and I think they've sponsered a few Nascar events too? Not really a motorsport person so I don't know the specifics. I believe AMD sponser the Discovery Channel Pro Cycling team, but again I'm not a cycling fan either, although I am an AMD fan. :P

Well I don't have any set "hacker" bag, casually walking around I'll only be carrying my USB Flash Drive and a few blank cds. If I'm going to do something specific then I'll pack my bag accordingly, I guess unlike some people here I don't expect to encounter hackerish challenges too often when I'm walking down the street. A question for Metatron and well everyone else with a similarly large kit of stuff. Have you ever been searched/questioned about all this stuff by police, store security, airport customs etc? To the average joe it must look kind of suspicious.

Yeah I wasn't thinking when I posted that, I knew there was some reason why I wouldn't work because I didn't post about it in my earlier post.

This seems rather insane to me, any computer with an NTFS file system provided you have to write access to any folder will then be able to give you complete read/write access to the whole file system and therefore complete privileges on that system. For example say you have a limited user account on an XP computer, you could make a junction to the Administrators "Documents & Settings" folder from anywhere you have write access (My Documents, Desktop etc) and from there you could steal all his cookies, cached passwords, bookmarks, personal documents, dodgy photos etc etc. Or you could just make a junction from the Windows or System32 folder and overwrite any number of Service executables, no more hoping you the Print Spooler executable is writable. I will have to do some tests when I get home, there must be some sort of restrictions or else junctions in NTFS file systems make any OS running on them vulnerable to quick and easy System/Administrator level privileges for any user.

Hmmm thats very interesting, I don't know many places that run Apache on a Windows Server though. But it did get me thinking what other processes running with SYSTEM level privileges that would be susceptible to this attack. I haven't had a chance to try this out yet, but I would have though you would need admin privileges to make the junction? I guess that MS just assumed you would try to access the junction with your own low privilege account.

DougTV definately has potential, although they did get a bit sidetracked in the second episode. Provided there is more leet stuff and less random drunkeness it will be good, a little random drunkeness is good but it dragged on a bit too long. Their parodies "The Broken" were awesome too.

http://www.tiaonline.org/standards/technology/cat6/faq.cfm Using gigabit speeds through cat5e is really starting to push it to it's limits, it's inevitable that we will keep increasing the bandwidth availible and the bandwidth needed on our networks in future. So it is a good idea to go with cat6 over cat5e. As for cat6 not being as good with sharp bends, I think some of the early cat6 cables had a spline in them?