In this power packed episode Chris explores ways to securely communicate using public key authentication. Matt gives us a healthy helping of Drive Backup utilities. Darren interviews Ashley Schwartau about the documentary Hackers Are People Too. Shannon brings you a few tools for organizing that mismatched MP3 collection of yours.
[ MP4 | XviD | WMV ]

Watch

Show Notes

Shannon takes the spotlight and opens the show. Darren threatens to vote her off the hakhouse. We postponed the open sourcing of the missile launcher due to finals. Thanks Jason. Our friend Mubix has a great article on Multi-Boot Security Live CDs that makes last weeks pick, UNetbootin even more amazing.

Our next LAN Party will be Half-Life 2 Deathmatch on Saturday, December 13 at game.hak5.org. Prepare to get smack in the face with a flying toilet! Check out all the details at our brand spankin’ new Hak5 LAN Site (with leetness by Squarespace)

Public Key Encryption

In this segment we show you how to setup public key authentication between a windows and a linux host. There are many different software packages through which to accomplish this but we used openssh and putty.

Requirements:

Linux machine or VM running OpenSSH (most distros have it in their repository, or you can find it here: http://www.openssh.com/portable.html

Windows machine with putty software (download the whole package) http://www.openssh.com/portable.html

Installing openssh on linux is relatively straightforward. Refer to their site for details. Once that’s setup, we generated a key using the command “ssh-keygen” and specified the filenames. You can customize the keys you generate as you wish, but we went with the defaults. After entering a passphrase twice, you’ll have a public and private key file, with the public having the extension .pub. The private key file stays on the server but we copy the public key over to our windows machine and convert it into putty format using Putty Generator. After you have the key, you can either pass it with scp using scp -i (pscp in our example since we’re using putty’s scp executable), or you can use the putty ssh client in order to pass the key instead of just a password to authenticate to the server. This makes an easy two-factor authentication mechanism. :)

Chris

Driver Backup

After installing a fresh copy of your Windows OS of choice, the biggest headache for most of us is the arduous task of trying to locate drivers for all of our different components. So this post is all about making your reinstall a little less troublesome.

Here’s a list of some of the better driver backup utilities!

DriverBackup2 is a lightweight driver-backup tool. The application is portable with a caveat: you’ll need administrative privileges for full use. You can opt to backup one or all of your drivers, the backed up files are dumped into a tree structure based on driver name. DriverBackup2 also allows you to restore and delete unnecessary drivers. If you ever hunted for obscure drivers online, when installing legacy or obscure hardware for instance, DriverBackup2 will save you the hassle of searching them out again.

Double Driver lists all the hardware drivers installed on your system and creates backups of both the actual drivers and lists of the driver names. While handy with any computer, Double Driver really shines if you have a computer that came with pre-installed drivers that are hard if not impossible to come by. With a few clicks you’ll have those archaic laptop drivers backed up and ready to put back to work after a fresh install.

DriverMax allows you to easily reinstall all your Windows drivers. No more searching for rare drivers on discs or on the web or inserting one installation CD after the other. Simply export all your drivers (or just the ones that work ok) to a folder or a compressed file. After reinstalling Windows all drivers can be back in place in less than 5 minutes.

DriverView is a helpful upgrade from looking through devices individually in the Device Manager, but the real value here is in the list generation. Create an HTML-formatted backup list for your future troubleshooting needs or export to text to show friends or forum members just what’s gone wrong. While it doesn’t actually backup drivers, if you’re still into doing things the old fashion way, DriverView is a great choice!

Now that we’ve got all of the corporate slogans and descriptions out of the way, my personal favorite is the first link we’ve talked about here. The interface is the least cluttered, and the process really couldn’t be any easier. For those of you who are looking to deploy driver backups in an automated fashion, there’s a built in commandline builder! Like I said, I’ve personally used it and really does make life alot easier after a reinstall.

So check it out and if you have any questions, remember: matt@hak5.org – Revision3 Forum or Hak5 Forum

–Matt

Congrats to Mesartwell who correctly answered last week’s trivia. Answer: “Tom is king” and “Jules sucks”. Grab yourself a copy of the Doom alphas

“Hackers Are People Too”

Ashley Schwartau joins us via skype to talk about her documentary Hackers Are People Too

–Darren

Music Organizers

I have thousands of songs on my computer and some of them are missing titles, artists, etc. So when I hop on iTunes to download my feed of podcasts (like Hak5!), I use TuneUp Media to clean up some of my music.

TuneUpMedia

TuneUp Media has the ability to find your songs basically by listening to them, and tell you the information for each one. You simply drag your song over to the clean up bar on the right, and TuneUp finds your songs info in a few seconds. It even gives you a choice of album art you can use.

I like TuneUp simply because I’m really organizational. There are a few bugs though… Firstly, once you download TuneUp, you don’t have the option to close it while in iTunes (unless this has changed recently). Second, there are two versions – free and not free. With the free version, you only have 500 songs to clean up. In the payed version- you can clean up as much as you want.

TagScanner

The second one is TagScanner. Tagscanner is good for someone who doesn’t like iTunes. In tagscanner, you can not only clean up the names and artists on your music, but you can also fix up the ID3 tags for each song, down to lyrics and album art. You can also export your music into a .txt or excel spreadsheet, which is pretty neat.

Shannon

Questions

Skybar Baron writes I have a computer from my school and was wondering if there was a way to wipe everything but like Microsoft Office and the OS?

Darren recommends Sdelete.

Until next week we welcome your feedback and remind you to Trust your Technolust

Leave a Reply

Your email address will not be published. Required fields are marked *

*

13 Comments

  • tvguy 5 years ago

    Another Great ep, Well done to all.
    Snubs looked very relaxed and you all looked to be having fun as always.
    Great skype interview really came over well, and that documentry sounds great i just orded a copy this morning. Cant wait to watch it
    Keep up the great work and cant wait to see the ces coverage
    tvguy

  • Scott 5 years ago

    The driver back-up was great. I hate having to download and install driver when computers become corrupt. This is a great time saver. The music tagging software was great too. I had heard of Tuneupmedia but never tried it. I think I will after I saw how easy it was.

  • patrick 5 years ago

    I loved your show guys and I’m gonna look into setting up my own missle launcher soon,,,,,,,,I have a program you might like atleast I think you can still get it free it’s called maxblast4 it’s for maxtor drives an other I use is killdisk it has the dod option for realy wipping a drive thats asumming you have a floppy drive,I’ve found quite a few older pc’s that wont boot g-parted so I still use both killdisk&maxblast4

  • Loved the work you guys are doing! Thank you for doing such a great job!

    I use MediaMonkey for my mp3 collection. I organized my messed up collection with it a year or so ago. It helped with getting the covers and either putting them into the id3 tag or placing the file into the folder with the music (so you aren’t changing the files). It also nicely organized my files into their own folders so everything wasn’t stuffed into one massive file. I also used mp3tag to help make sure the filenames matched the id3 tags or vice versa. Mp3tag is free and there is a freeversion of mediamonkey. If you don’t want to use itunes, mediamonkey (or the new Songbird) rock.

  • great to hear linux mentioned more ! puppy os is great ! its my only OS now for some time :)

  • miljenko 5 years ago

    nice shirt criss.

  • Wholly 5 years ago

    Did Darren even pay attention to the question Snubbs read?

    Skybar wanted to delete everything EXCEPT OS and Office from a machine he got from work. SDelete won’t help him. In my experience only an OS reload will clean up a machine like that.

    And the answer to Darren’s question is 10877 songs. 62.59 Gig. German 80’s Punk FTW.

  • RE: Public Key Encryption
    PuTTy using OpenSSH is great, what about covering other Windows clients like WinSCP?
    Shannon or Darren should go over how to use public key encryption for tasks like, say, connecting to a self-hosted WordPress blog to add plugins like reCAPTCHA =)
    Thanks!

  • Mike,

    We can definitely do alternatives to what I did in my segment. I actually have already gotten feedback regarding that and plan to do something with pamusb soon!

  • Chris,
    Like you said there are so many options there its hard to cover them all! Thinking back to using SSH in Windows Putty and WinSCP were some of the best, also many file transfer clients like FileZilla are crossplatform and support SFTP which is SSH compatible.
    Using PamUSB for login looks like alot of fun, does it support SSH certificates? Looking forward to it =)

  • Jan Hendrikx 5 years ago

    Dear Chris,

    When I watched episode 415, I noticed something in your explanation that, if I’m correct, is wrong. It’s something in your story about SSH and public key encryption.

    Quote 1:”…and you use the public key to encrypt your, you know, to encrypt and along with your passphrase…” (AVI file: 0h:11m:19s)

    Quote 2:”…everyone can encrypt a message or, within variuos implementations, encrypt it with the passphrase..” (AVI file: 0h:12m:13s)

    This suggests that if someone wants to send you an encrypted message/file, he or she needs your public key ALONG with the passphrase you entered during the creation of your key pair. This isn’t right in my opinion.
    The only reason for the passphrase to exist is to protect your private key from abuse in case someone steels it.

    (Also see: http://my.safaribooksonline.com/9780596101954/using_passphrase_protection_of_ssh_keys?portal=informit).

    That is why, each time you want to use your private key, your ssh-agent program will prompt you for the passphrase.

    Cheers, Jan Hendrikx.
    (Location: The Netherlands)

  • Jan Hendrikx 5 years ago

    Chris,

    Sorry for nagging about the SSH / Public Key topic.

    Some follow-up on episode 415. The reason why you couldn’t directly import a PuTTY generated key file into the server OpenSSH environment is because a .ppk file contains BOTH the public and private key. (The “.ppk” extension probably stands for something like: public private key). When you copy the public key part into an “authorized_keys” file on the linux server you should be able to authenticate with the PuTTY generated key. BTW: This is also suggested in the “Key” field of “PuTTY Key Generator”

    E.g. see: http://www.ualberta.ca/CNS/RESEARCH/LinuxClusters/pka-putty.html

    The way you made your solution working is unsafe because you now have multiple copies of your server’s private key. And here is why:
    What you did was copying the private key (In your case “id_rsa”) form the linux server to your XP machine and imported it into PuTTY. (You normally don’t want to do that! Remember your Fort Knox remark about the private key.) So you actually “stole” the private key from your linux server, re-generated the public key with PuTTY and stored the key pair in a .ppk file. The only reason why this worked is that you knew the passphrase of the server’s private key. (Normally Hackers work this way).

    When Darren asked you to open the .ppk file in Notepad++ you could clearly see the linux server’s public AND private key… (This is not probably what you want). When finally connecting to the ssh server you used your local copy of the server’s private key.

    The normal way to setup these kind of connections is demonstrated in the hyperlink mentioned above. So, the PuTTY generated public key should be copied to the linux server and added to a “authorized_keys” file, not by copying the servers private key to the XP system.

    Regards, Jan Hendrikx.
    (Located: The Netherlands)

  • Windows seven themes are some on the most striking themes. It’s got turn into a very hot option for all those people who are utilizing the operating program in addition as those, who’re nevertheless joyful with their XP and [url=http://themes4vista.com/areofire-v3-windows-vista-theme-free-download ]make your screen come alive [/url] Operating Systems. But contrarily, Windows 7 themes will not be compatible with XP or Vista.

    Ways to get it labored on other variations of functioning process? Scroll right down to get the tweaks which might allow you to give a Windows 7 look for your Windows Vista and Windows XP enabled computer systems.

    Install 7-Zip Windows seven themes working with “.themepack” extension.
    To extract information through the zipped Windows seven concept folder, put in free of charge 7-zip utility. This will likely extract your files right into a new folder.
    The many Vista customers that are operating Aero, a double click on on the freshly created theme folder would let you alter your windows borders in one on the downloaded theme outlook.
    Individuals consumers, who will be seeking to put into action Windows seven concept on XP enabled device, can it completed by especially clicking ‘set as desktop qualifications.’
    You can find another mild tool, which can help in putting together windows themes on XP. That is called “wallpaper shifter app.” This application picks random wallpapers from selected directory and sets it for the reason that lively Windows wallpaper.
    If you want to add theme sound and Icons, it is very very easy to do, as you only have to replicate the sound files (they’re commonly in.wav format) towards the default media folder.
    To include any windows 7 concept icons on your Windows Vista device, it’s important to suitable click at anyplace about the desktop and then opt for ‘personalize.’ It should be adopted by clicking on ‘change desktop icons.’ Now selected the icon, which you ought to.
    To change desktop icon in XP enabled machine, like Windows Vista, you will need to appropriate simply click everywhere on Desktop. Now pick out ‘properties’. This could be adopted by range of ‘Change Icon’ tab after which browsing of recent icons.
    To vary your Visa or XP screensavers or cursors’ seem into Windows seven, you could duplicate the screensaver information through the downloaded Windows seven concept pack and duplicate into windows technique folder. You’ll be able to alter them by getting a tour to regulate panel.

    Take pleasure in Windows 7 characteristics on your Windows Vista and Windows XP system… Your entire process is bit time-taking but glance is well worth the compensated time.