Iain

Good move - I know that it happens. I heard of someone who, with good intention, told a tutor that he'd found some holes in the security and it was, rightly, reported to the IT department. As well as fixing the holes, the guy was punished for probing where he shouldn't.

I'm amazed that this has happened. Presumably the admins are the same people? I may be cynical, but do you think that they have "lowered the guard" to entice folks into probing their system, perhaps to get themselves into trouble? I suppose a kind of honeypot?

Isn't this similar to replacing winlogon.scr (I think that's the filename) with, for instance, a renamed copy of cmd.exe? When that's done, reboot, wait for 15 minutes for the "screensaver" to kick in and a command screen comes up. The pain with that technique is the 15 minute wait (hence I like the idea of using utilman.exe), along with replacing the file outside of windows. I like the idea of doing the replacement at the next reboot, but just wonder how feasible that is. I hope that someone comes up with a way.

Hi everyone I have two laptops, each with XP Pro SP2 and built-in wireless. I know that I can connect them directly using a cross-over cable or via a router/switch to allow me to access one from the other, but can this be done directly without the need for any cabling or a router? If so, how? I guess I'd need to log one laptop into the other - but then I'm stumped!

I thought that was how this thread started and the technique presented has been kicked into touch for a fully patched XP Pro SP2. Use of MSOOBE.exe sounds interesting.

I'd be interested to know if this works. I know that the "at xx:yy /interactive ...." trick doesn't work on a fully patched XP Pro SP2 when logged on with limited rights. There *must* be a way of doing it, it just hasn't been found yet! I know that access to files can be obtained using Knoppix, BartsPE etc., but that seems like cheating.

And I thought that RAM was volatile, disappearing when the power's turned off! If they did find the hidden volume and you refused to divulge the key to reveal the data, couldn't they charge you with "obstruction"? Alternatively, couldn't they assume that you were guilty, just as they would if you refused to provide a blood or urine sample in the case of a drink/driving offence?

Whooppee - I have a V1 card! Come to think of it, it's logical that it doesn't specify V1 on the box or card. How could they know that they were going to progress to V2 at that time?

How can version 1 be differentiated from version 2? It doesn't say on the box.

Will MS actually listen to the comments of "Joe Public" regarding their software?

Hi everyone I'm about to start a networking course and have access to some old PCs. I'd like to get some old OS installation discs so I can play around with 98, ME, 2000 and XP interconnectivity. I have seen several vendors on eBay but I am apprehensive regarding the authenticity of the CDs that they sell. I have called a few local retailers and they can't help me with anything other than XP. What does anyone think? Are there any reliable sources of older OS installation discs? Has anyone else faced this dilemma? I really think that playing around with some live systems will help more than reading books about what parameters need to be set in the various systems.

@manuel_l and barrytone: You communicate directly or indirectly with other schools and I guess that the main concern of folks here is within the school context (either as an admin or student). I suspect that businesses also may want to block access to certain categories of sites so I just wonder how they would get into the "blacklist" circulation list. Are there any admins here from any businesses who could share their experiences of website blocking?

@manuel_l and barrytone: what collaboration is there between school and other network admins in creating a list of blocked sites? For instance, if an admin comes across a new site which has dubious content and it's not trapped by the current blocking mechanisms, does (s)he communicate it to fellow admins (in other organisations) in some way or are all admins expected to monitor network traffic and sites that students are accessing? If it's the latter, it strikes me that the blocking is not proactive but it's reactive. It may be that there is an informal communication of such information between admins but I'm intrigued to know if there's a "formal" mechanism of such communication.

[quote="moonlit 32k? Yes, come to think of it, it might have been 32k, rather than 32MB. It's so long ago! In some ways, I just wish I'd kept it. Who knows, it might have been worth something now even though it stopped working within about 5 years.

Some great ideas. I may have to buy a TFT screen (I'll make sure that the hardware all works together). It would certainly be easier to buy "off the shelf" than try to make the kit myself.

Hmm - if the picture is true, I think that unclejim is only a little older than me! I must admit that I feel like a daddy here (in terms of age) when I see that images of others here and the TV episodes that the guys produce. My first PC was a BBC Acorn (in the early 1980s) which had 32MB of RAM and plugged into the back of a TV. I don't remember any of the other specs. Programs were loaded from a cassette tape recorder and data was saved to the cassette. Oh, how things have changed!

Hi everyone I'm about to start a couple of IT courses and it's recommended to have some old PCs around so I can network/hack etc. at home and then reinstall the OS if necessary. As space is at a premium, is it feasible to have only one monitor as a display for 2 PCs? I'm thinking of having a cable from the back of each PC into a small box (maybe 6" by 4" by 2") and have a rotary switch on the box to switch the PC input to a single output socket from which I'd run a cable to the monitor. I guess it would be sensible to have a three way switch, so there's no possibility of contacts connecting one PC output directly to that of the other, albeit for a fraction of a second. The central position would not connect to any PC output. How many of the wires in the monitor cable are "live"? If this is feasible, this number would determine which kind of rotary switch I'd need. Maybe this is completely off the wall, so I'd rather know now and before I wreck some of the kit that I'm about to get. If it is, I might just have to ""bite the bullet" and see if I can make space to house two (or more) monitors.

Use something like Nero to burn the image file. Don't simply copy the image file to the disc.

Hi everyone I saw the episode of Hak5 TV when a number of "USB goodies" were discussed. An extensive list was published subsequently. I intended downloading these and playing around to see which I like and saw comments on the puTTY site about it being illegal in some countries. I was surprised, but I'm not familiar with the software. It said that the legal problem relates to the fact that it deals with encryption. Doesn't everyone use encryption at some time - whether making a purchase from eBay or viewing their online Bank Statement? Are these the same as that which is involved with puTTY or am I completely off track? If they are the same, is it illegal in some countries to use a PC for these reasons? Furthermore, I've seen world maps to say whether it's illegal in some countries and whether it's illegal to export or import. What on earth does that mean?

Interesting - so it seems to relate to those supplying the tools. If sysadmins are to be exempt, couldn't we all claim to be a sysadmin because we all have a system that we administer? I suppose it's down to intent. Surely it's not (or going to become) illegal for me to do a pen test on *my* system? I realise that it's wrong to penetrate someone else's system without their consent, just as it's not right to connect to someone else's AP. I know there's an argument about someone not securing a home network is simply asking for someone to use it - but I think that's another matter. What do other Brits feel - if it relates to posession, as well as supply, are you going to get rid of your pen testing software if this comes into action?

So that's perfect for a USB stick, isn't it?

Something like this would be an interesting topic for a future episode from the Hak.5 crew.