This time on the show, the Gmail 2-step verification, the easiest screen shot utility in the world, Image burning, MD5 integrity verification and the auto-rickrolling pineapple of doom!

Download HD Download MP4 Download WMV

Hacker Headlines

Sony and George Hotz have called a truce. Settling outside court famed PS3 hacker GeoHot agreed not to be “engaging in any unauthorized access to any SONY PRODUCT under the law” etc… Following the settlement Hotz donated $10k to the Electronic Frontier Foundation, money left over from his donated legal defense fund.

Skype made a boo-boo. Android Police found this little vulnerability in the Skype app for Android, where it seems that the SQLite3 databases where all your chat logs and info is stored was never protected. Skype forgot to encrypt the databases. That means a rogue app could potentially steal data out of your Skype app and send it back to the bad guy. Android Police created this app called Skypwned just to show how the breached can effect you. Oops!

Revealed at the Where 2.0 conference this week, security researchers published details on how iPhones and 3G iPads have been periodically logging your location. Since iOS 4.0 the file consolidated.db has been storing timestamps with latitude-longitude coordinates. The researchers published an open source tool, dubbed iPhone Tracker, which maps your devices stored locations.

Looks like Skype isn’t the only one with trouble brewing. WordPress.com’s servers were hacked pretty deep, root-access level deep. They say a bunch of customer’s source codes were accessible, so they’re having the vulnerable site change their passwords and API’s. The breach was on Automattic.com’s servers to be exact, the software company behind the WordPress platform. Obviously, a lot of information was viewable, but hopefully all the customer’s have already fixed any problems on their sites.

Mad Scientists Photonicinduction bring happyness to the world with a video demonstrating how to erase the data off a CD by spinning between it between two high voltage transformers.

HakTip: zScreen

Want to capture print screens and share them, but don’t want to go through the hassle of saving, uploading, and all that jazz? Try zScreen.

zScreen will automatically capture screenshots, text, or files from your computer clipboard and upload them to a destination of your choice, as well as have the link to it automatically copied to your computer when it’s completed.

Simply download zScreen from code.google.com and install. Once installed, choose your destination for images, files, and text, and the type of URL shortener you would like to use. Under destinations, you can authenticate and authorize zScreen to upload to your FTP, ImageShack, Flickr, even Twitter page, and tons of others. For myself, I’m going to upload to my Flickr page. zScreen uses OAuth, so all it requires is your username, not your password. It’ll authenticate through your Flickr site. You can even choose settings such as what window you want the print screen to copy, you can add a watermark, and tons of other options. Once you’ve gotten your settings squared away, hit your favorite HotKey and watch as your image gets uploaded to your account automatically.

So I hit PrtSc, and my full size image gets uploaded to my Flickr just like that. After it’s uploaded I can easily copy the image link from my clipboard. The link is also saved in zScreen.

It’s a great time saver, and perfect for easily taking notes on your screen and sharing them with others. Thanks to Patrick F for sending this in to us. Do you have a time saver or something cool to share? Email tips@hak5.org and we’ll share them.

OpenWRT / WiFi Pineapple mod: Auto-Rickroll

“John Bebo’s Auto-Rickroll payload for the WiFi Pineapple is an excellent example of using Dnsmasq to forward targets to a hosted site. While this site could be malicious, perhaps hosing the Browser Exploitation Framework, Bebo’s payload is a safe and simple prank. Any web site a victim attempts to browse to brings them to a WiFi Pineapple hosted page containing Rick Astley ASCII Art and looping audio. It uses a similar technique employed by Captive Portals – something we’ll explore in more detail soon – except a lot more annoying.

Thanks to great documentation from Bebo and Hak5 forum member Psychosis setting up your own Auto-rickrolling WiFi Pineapple is super simple. In fact, this will work on just about any OpenWRT based wireless access point – but we’ll be focusing on the WiFi Pineapple specifically for its Jasager abilities.

Follow the step-by-step article with pictures and video at hak5.org/hack/auto-rickrolling-wifi-pineapple

scp * pineapple
mv *. /etc/config
mv * /www/
touch /etc/dnsmasq.conf
echo address=/#/192.168.1.1 > /etc/dnsmasq.conf
vi /etc/init.d/jasager
add to start()
wlanconfig ath0 create wlandev wifi0 wlanmode master 2>&1 > /dev/null
iwpriv ath0 karma 1
brctl addif br-lan ath0
ifconfig eth0 up
#comment out iptables
reboot

Trivia

Our last trivia question was: What is the name of this prominent computer club that was founded in Berlin in 1981? And the answer was: Chaos Computer Club

This week’s trivia question is: What is the name of this virus, considered the first known use of polymorphic code?

Answer at hak5.org/trivia for a chance to win some swag!

2 Step Verification in Gmail

Although I know all of you out there protect your online accounts like crazy, there is always a way to get more protection. Maybe you don’t like using an encryption program or you use the same password for all of your sites. Although this is really bad, I think all of us have done that once or twice in the past. So perhaps you want to try something new.

I just discovered Gmail 2 Step Verification process for my google mail account. I’ve been a little paranoid lately with all the cyber attacks going on, so I decided to up my security, especially because my email is the one site I really don’t want hacked.

2 Step Verification can help prevent unauthorized access that someone might have with just a stolen password. Now, when I sign in to gmail, I’ll not only need my password, but also a code that generates on my phone.

You might be thinking, ‘Well, what if your phone gets stolen?’. I set up a passcode on my phone, a series of random numbers that only I remember, and I set it so if I try brute forcing the passcode, after 10 wrong codes, it’ll wipe my phone.

Back to Gmail. When setting this up, first you’ll need your phone. If you won’t have a secure phone nearby when you sign in to Gmail, perhaps this isn’t the tool for you.

Click on “”Set Up 2 Step Verification”” and choose your phone. Androids, Blackberries, and Iphones have a special Google Authenticator app that will generate your random codes.

The first time you open the app, it’ll ask you to scan a QR code with your phone’s camera. This QR code generates your first series of random digits, and it ties you, the phone holder, to your gmail account. If you don’t have a usable camera or can’t read the QR code, choose to create a time-based key instead, and type your secret key into your phone.

Click next after taking your photo and verify your generated code. Gmail will then ask you to set up a backup in case your phone is lost or stolen. Next you will need a printer or a safe place to save your backup codes. I had a printer installed so I printed my backup codes. Each of these codes will let you sign in once to your gmail.

After printed, click next and choose a backup phone. This can be a home phone, a spouses phone, etc. Type in the phone number and you can then test it if you want. I set up my personal number to my home phone, and when I tested it, it called me and left me a message with a new generated code. When you hit next, confirm your account, and turn on 2 Step Verification.

When you first log in, you’ll type in your account name, password, then your verification code off your phone. You can also choose if you want the code remembered for 30 days or if you want it to ask you for a new code every time you log in.

You’ll notice after you turn on 2 Step Verification that all your devices tied to your gmail account are logged out. Things like gmail for iphone, the mail app, etc, don’t have a place to type in a verification code. To help your security, you’ll need to set up application specific passwords. To do this, under the 2 Step Verification main page, choose application specific passwords.

Choose a name of your device, for example, mine will be “”Shannon’s Iphone””. Click next and you’ll see a series of letters and numbers that you’ll have to type in to your Iphone. So I type in my username, and under the password box I type in this generated password and click next. I only have to do this one time, ever. So I won’t need to memorize this code.

But what happens if someone gets ahold of Shannon’s Iphone? Luckily, under the code, you can see my Iphone. If I choose ‘Revoke’, all access to my mail will be logged out on my Iphone until I authorize it again.

If at any time I need new printed codes, or I need to change my phones, I can go under account settings, 2 Step Verification and edit anything I need. I can even turn off 2 Step Verification if needed.

I LOVE 2 Step Verification. It makes me feel a lot more secure about my mail and personal information. Questions? Comments? Have another program for me? Email feedback@hak5.org.

Emails: CD Burning and nomnomfish

Max S writes: I have been watching your show since season 6. Since then you mentioned a program named Konboot few times.
I was curious and tried getting it. But I have a problem, I successfully download it, and extract it using winrar but when I burn it to a blank CD it doesn’t work.
Am I missing something or does konboot not function anymore?

Shannon recommends verifying the integrity of the download using a tool like Fast Sum or MD5SUM and burning with a tool like IMG Burn

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up feedback@hak5.org.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

10 Comments

  • citizenatlarge 4 years ago

    As far as checksum checking goes, I came across an integrated program called HashTab a couple of years back.. It integrates as a new tab under the properties menu when you right-click on a file.. Sleek simple and always ready.

    http://implbits.com/Products/HashTab.aspx

    http://i55.tinypic.com/s3q5ix.jpg

  • Colin 4 years ago

    Hi,

    Is it actually possible to register for the forums? I have tried but never get send the validation email.

    Maybe something is wrong?

    Thanks,

    Colin
    David

  • can you cat /etc/dnsmasq.options on the pineapple? I didn’t see where you included that in your download of the configuration files.

  • neomikagami 4 years ago

    As always, Shannon is “très jolie”.

    Thanks to the hak5 team. I always look you’re videos from France.

    regards,

    neomikagami ^^

  • OldTimeFan 4 years ago

    Hak5 is dead :( sad to say this but when I look at the dwindling comments and participation in the forums, its almost obvious.

    I think you guys need a complete reincarnation. The only thing left to see on the show is Shannon! and that too coz she is one of the few geek girls who looks and behaves sexy :)

    All the best! Hope Hak5 will bounce back soon!

    • And yet viewership is at an all-time high. Aside from the forum participation, what makes you believe the show is dwindling? How can we make it more enjoyable for you?

  • Great episode! I took your auto rick roll idea and put it into the ClearOS (another router/firewall distro worth looking into btw) content filter for rick rolling goodness when someone tries to access a blocked site. The video is here

  • DiTOH1 4 years ago

    I seriously support the show, and have gained a great deal of IT knowledged, but for the love of God, stop reading the tele-prompt, it looks horrible!!!

    and maybe shoot the show in more than one run?

    -DiTOH1

  • Good post. I’m going through a few of these issues as well..

  • I will right away take hold of your rss as I can’t find your e-mail subscription link or
    newsletter service. Do you’ve any? Please allow me recognize in order that I may just subscribe.

    Thanks.

  • ia52j2v2jy 1 month ago

    [url=http://skechers.buycopy88.info/]skechers鞋[/url] 穿上MBT鞋可以改變足底的受力,全面調整人體的力學狀態,具有強制人體重心後移,減小人體支撐面的功能,用於矯正人體的不良姿勢,優化和美化體態。 走路時的愉悅體驗及鍛鍊益處可有效治療肥胖症。 其基本功能是保護腳部割傷,擦傷和更嚴重的傷害。 減緩由於長期勞座引起的腰背酸痛的效果。 第鞋子可以追溯到近萬年的涼鞋。 [url=http://fitflop.com.tw/]fitflop[/url]

    [url=http://timberlandtw.verecondos.com/]timberland 鞋油[/url] 這項只涉及八個主題的研究項目最終得出的結論是,穿MBT者相對於穿普通鞋子的人而言,站立時肌肉活動較多,行走時膝關節和髖關節所受壓力較小。 證明給你的朋友和家人,涼鞋可以是一樣舒適的運動鞋與婦女皮亞從主戰坦克。 穿著MBT健體鞋的必須要以正確的站姿及行進姿勢才有辦法好好的前進,正確的姿勢下,圓孤形鞋底設計以滾軸式帶動雙腳走路時,可強化平時被忽略肌肉群;馬賽感應器與PU中底平衡區交互作用下,減輕關節及膝蓋所承受的壓力(就如同大廠牌的美國車通常避震器較軟,直線走的時候較有舒適性);也因為必須挺直背才會舒服的站立和行走,所以MBT有助於改善背部、臀部、腿部及腳部的問題,連腱炎和關節炎有關的狀況都會有所幫助;MBT獨有的不平衡鞋底就像一塊永遠的搖晃板,也因為穿著以後都等同是在運動,不論在站立或行走時都可以活化到對踝關節穩定的外側肌群,改善踝關節的穩定度,不但能促進肌力和肌耐力,也能強化協調性,所以也有美姿、瘦身的功能,而且這樣的深層運動能讓腿部線條較緊實,但不會造成蘿蔔腿喔!。 [url=http://timberlandtw.verecondos.com/]timberland 皮鞋[/url]

    [url=http://skechers.csubrotaract.org/]skechers門市[/url] 最後由只是穿著這些特殊的MBT它可能會導致你更加了解自己的健康,從而使你的鍛煉和吃健康。 鞋子應該總是緊自己的腳跟和周圍的腳趾舒服。 人類一直穿的鞋了很長的時間。 [url=http://mbt.the-mall.com.tw/]mbt鞋台灣[/url]

    [url=http://fitflop.com.tw/]fitflop 台灣[/url]
    [url=http://fitflop.icanri.org/]fitflops台灣[/url]
    [url=http://fitflop.flfupci.org/]fitflop行動塑身鞋[/url]

  • The other big downside: You will be flying a lot but not learning how to fly.
    Hopefully you’ll have skilled up to a standard-sized drone by then. Arrested with a knife, he had allegedly told a Secret
    Service agent that atmosphere was collapsing
    and he needed to notify the president so he could, in turn,
    warn the people.

  • ht67i6x1yp 1 month ago

    [url=http://fitflopmalaysia.sfcpa.org/]where to buy fitflop in malaysia[/url] John.Academy of Art University is a member of WASC, NASAD, Council for Interior Design Accreditation (Formerly FIDER) (BFA IAD), and NAAB (M ARCH).Academy of Art University School of Fashion,180 New Montgomery Street, San Francisco, CA 94105 http://www.academyart.edu / 1.800.544.ARTS (2787)###Americana Manhasset Presents Technology of Movement 8th Annual Concours D?€?Elegance The impression of this clarity is further heightened by the many colors Duo Wood is available in The School of Fashion houses six areas of specialization: Fashion Design for Womenswear, Menswear, and Childrenswear; Textile Design; Knitwear Design; Fashion Journalism; Fashion Merchandising; Visual Merchandising.Gladys Perint Palmer, Executive Director of Fashion, is a working journalist and fashion illustrator [url=http://oakleysg.movingimagementors.org/]oakley sunglasses singapore[/url]

    [url=http://fitflopmalaysia.sfcpa.org/]fitflop murah malaysia[/url] The Gardens Mall is almost 100 percent leased, which is remarkable as the national economy has not picked up noticeable traction in the past year in the retail industry, mall spokeswoman Enid Atwater said.The exciting additions are good news not only for those with homes in Palm Beach Gardens, but also for the local economy Each watch features Portero’s signature free one year warranty and is guaranteed authentic by Tourneau Marriott International assure la gestion de Marriott Executive Apartments, propose des appartements meublés pour hommes et femmes d’affaires, sous l’enseigne Marriott ExecuStay.et gère des centres de conférences [url=http://www.blueanthem.org/]mcm handbags sale[/url]

    [url=http://fitflopsingapore.mennosource.org/]fitflops singapore online[/url] The activity has recently been highlighted in Modern Family, Sex & the City, Water for Elephants, This Means War, and as the center of both Louis Vuitton and Chanel’s 2012 advertising campaigns And it’s about a short model making the most out of what she does have The Streaming Media European Readers Choice Awards allows end users to vote on who they believe are the market leaders for products, services and companies [url=http://oakley.marionfiredepartment.org/]cheap oakley sunglasses[/url]

    [url=http://fitflopsaustralia.masmcalumni.org/]fitflop australia[/url]
    [url=http://oakleysg.movingimagementors.org/]oakley singapore online sale[/url]
    [url=http://fitflopmalaysia.sfcpa.org/]fitflop malaysia online[/url]

  • Excellent post. I was checking continuously
    this weblog and I’m inspired! Extremely helpful info specially the final section :) I deal with such information a lot.
    I was seeking this particular information for a
    long time. Thank you and best of luck.

  • de98c9b9gl 1 month ago

    [url=http://fitflopmalaysia.sfcpa.org/]fitflop sale malaysia 2014[/url] GPP’s work is included in the recently published 100 Years of Illustration by Cally Blackman and the exhibition accompanying the book launch in London Ungless collaborated with Alexander McQueen on the first 10 collections shown in London and New York It caters to Canadian and American online consumers and carries name brands such as Chanel, Chloé, Dior, Fendi, Gucci, Louis Vuitton, Marc Jacobs, Prada, Yves Saint Laurent, and many more.About SacDunJourSacDunJour is an online website allowing users to rent designer handbags for a period of time at affordable prices [url=http://mcmsingapore.icanri.org/]mcm bags sale[/url]

    [url=http://fitflopmalaysia.sfcpa.org/]fitflop malaysia outlet[/url] Offecct has 42 people employed with sales of SEK 115 million Also find shopRDR at:Blog: blog.shopRDRFacebook: facebook/shopRDRTwitter: twitter/shopRDR YouTube: youtube/ shopRDRPinterest: pinterest/shopRDRRodeo Drive Resale (shopRDR)1 888 697 3725service(at)shopRDRTwo Marriott Hotels Offer Complimentary Shuttle Services During America?€?s Cup Events Another St [url=http://fitflopsg.snohomishparks.org/]fitflop singapore outlet[/url]

    [url=http://fitflopsaustralia.pathood.org/]cheap fitflops online[/url] Interested parties can visit Auction Systems’ Phoenix auction schedule, to preview and sign up for online bidding The main stone is a stunning green violet color surrounded by 114 round brilliant cut natural diamonds with a total weight of 1.48 ct Armani ?€? 505 [url=http://fitflopsg.snohomishparks.org/]fitflops sale singapore[/url]

    [url=http://fitflopsg.snohomishparks.org/]fitflops online[/url]
    [url=http://michaelkorssg.gaytalkradio.org/]michael kors shoulder bag[/url]
    [url=http://toms.dardenplannedgiving.org/]buy toms shoes online[/url]

  • W?en you share a computer with several other websites you are basically sharing
    the same system r?sources so if the machine only has 1 GB of RAM
    if you install a script which uses 500 MB of ?AM the oth?r
    50 sites w?ich might be ?ha?ing the same environment will be affected be?ause you? site is already consuming half of the sy?tem resources.

    In such a case, it would probably b? ?etter for you t? consider the
    possibility of renting your o?n ?rivate, personal server, which will impose little-to-no restrictions
    on the growth of your site. They hav? the features of great hosting f?r your WordPress ?ite
    and they prov?d? the facility of one click install?t?on that helps you installing with out software.
    In order to understand this, you must first learn about ?edicated and shared hosting.

    B?cause of the scalable featu?e the re?ui?ed amount of
    space on these web hosting servers can be increased in accordance with the requir?ments of the users.
    This particular reveals your own webhost t?wards
    the likelihood of need?ng to include much more bandwidth as
    well as hard drive area t?at expenses all of them cash. If more soft?are that is complex is what you need due to the intricacy of the web site that you
    have, dedicated web hosting is definitely the solution. H?wever,
    the case is bit different with shared hosting account.

    Confi?uration: With a shared host, one will not ha?e many options in the way of
    changing their settings. Small ?ompanies and individuals with small sites are probabl? better off with shared hosting.

  • It is perfect time to make some plans for the longer term and it’s time to be happy.
    I have read this put up and if I could I desire to recommend you few fascinating issues
    or tips. Perhaps you can write subsequent articles referring to this article.
    I desire to read even more issues approximately it!

  • I do consider all of the ideas you’ve introduced on your post.
    They are really convincing and can certainly work.
    Nonetheless, the posts are very quick for newbies.
    May just you please extend them a little from next time?
    Thanks for the post.

  • I need to to thank you for this excellent read!! I definitely enjoyed every little bit of it.
    I’ve got you saved as a favorite to check out new things you post…

  • This site uses a private proxy server for the security of the
    users’ account.

  • Its not my first time to pay a visit this website, i am browsing this website dailly and take pleasant
    data from here every day.

  • It is appropriate time to make some plans for the future and it is time to be happy.
    I have read this post and if I could I desire to
    suggest you some interesting things or suggestions.
    Perhaps you can write next articles referring to this article.

    I want to read more things about it!

  • Some hotels also have bars and discos while others don’t.
    Other recent hotel swaps include the Grand Del Mar just announced its rebranding to Fairmont Hotels and Resorts,
    while the ultra posh , Montage Laguna Beach was sold for
    $360 million or $1. She will need to get it back by earning money in real estate.

  • Attractive section of content. I just stumbled
    upon your weblog and in accession capital to assert that I get actually loved account your weblog posts.
    Any way I will be subscribing to your feeds and even I achievement you get admission to consistently quickly.

  • Where could i buy haldol. Buy entire seeds.

  • I quite like reading through an article that
    will make people think. Also, thanks for permitting me to comment!

  • I do consider all the ideas you’ve presented on your post.

  • Appreciation to my father who stated to me on the topic of this web
    site, this website is truly awesome.

  • I think this is among the most vital info for me.

    And i’m glad reading your article. But want to remark on some general things, The site style is great, the articles is really great : D.
    Good job, cheers

  • I’m pretty sure whoever goes online and demonstrates support to this
    hacking group is being observed.

  • Hurrah, that’s what I was seeking for, what a material! present here at this website,
    thanks admin of this website.

  • Excellent way of describing, and nice post to take data about my presentation topic, which i am going to convey in academy.

  • Wow, amazing weblog format! How long have you ever been blogging for?
    you made running a blog look easy. The overall glance of your website
    is excellent, let alone the content material!

  • Admiring the time and effort you put into your blog and in depth information you
    offer. It’s awesome to come across a blog every once
    in a while that isn’t the same old rehashed information. Excellent read!
    I’ve bookmarked your site and I’m including your
    RSS feeds to my Google account.