This time on the show, we’re cracking the code: EXIF Data tools, Windows login hash cracking, Extracting passwords from Firefox and other browsers, what’s in that P-CAP file and special report form Maker Faire 2011. All that and more, this time on Hak5.

Download HD Download MP4 Download WMV

FirePassword

You know how you can store and save all you login credentials in Firefox, Chrome, as well as other browsers? Well, maybe that’s not such a great idea. There are several portable (yes, portable!) tools that can instantly recover login credentials stored by Firefox, Chrome and others. Broswers store your username and password for every website you visit as long as you give them consent in the settings. The credentials are saved by Firefox, Chrome and others in a sign-on database that is securely encrypted. Today I’m focusing on Firefox.

FirePassword, the tool in question today, can instantly decrypt and recover the data even if there’s a master password protecting it.
Not only this, but FirePassword can even recover sign-on passwords for other profiles (on the same system) and info from other OS’s like Linux and Mac. This can obviously be used for malicious intent, or can be used for the greater good of forensic investigators who need to transmit data from the target PC to another machine without disrupting the original target machine.

FirePassword portable works from XP-7, and loads DLLs from the firefox executable location automatically. DLLs aren’t packaged with the tool, and the newest version presents an easy to use color based display so you can clearly view password details.

Lets get started on cracking my Firefox passwords!

To install, follow the on screen instructions from securityxploded.com. They have nice detailed instructions on how to use the program so you shouldn’t have a problem.

Once installed, open your command prompt and change directory to your FirePassword.exe folder, probably in your program files.
Mine is c:\ Program Files (x86)\SecurityXploded\FirePassword\. Once there, type in FirePassword.exe and hit enter. You should see a screen kind of like the one on my monitor.

It will list every website, username, and password you have saved into FireFox.
It’ll also show you any OLD passwords that you never deleted out of the FireFox settings.

If you have a master password set on FireFox, you will need that password to be able to see your other passwords. For example, I will go into the FireFox options, choose Master Password and set it.

Over in my CMD, I’ll type FirePassword.exe -m kerby and click enter. Now it’ll give me my other passwords. If you do this wrong, you’ll get this error code.

You can also copy the Firefox profile files from different operating system such as Linux or Mac to the Windows system locally and then specify that path with FirePassword to recover data from the offline profiles.

It’s pretty surprising how easy this really is for anyone to discover. To protect yourself, do what I do and DON’T save your passwords in FireFox! Make your machine log off every time you close it or leave it idle for more than a minute. Anything, but really, just don’t save your passwords.

It’s also worth mentioning the WebBrowserPassView tool from NirSoft. It’s a password recovery tool for Internet Explorer, Firefox, Chrome and Opera.

Now, if you’ve got another tool for me to check out, email feedback@hak5.org

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

This time on the show, NetBIOS Name Service spoofing in Metasplot with our friend Mubix, Playing Doom on a Dingoo Digital with the Dingux Linux distro and an alternative disc space reporter.
All that and more, this time on Hak5.

Download HD Download MP4 Download WMV

Hacker Headlines

I was going to report on how Android devices prior to version 2.3.4 were vulnerable to a sidejacking attack due to the fact that they authenticated via HTTP instead of HTTPS. Similar to a cookie, the AuthToken of the Calendar and Contacts syncing service is good for up to two weeks and is device agnostic. But just a day after security researchers broke the story Google plugged the hole. A Google spokeman said in a statement “This fix requires no action from users and will roll out globally over the next few days.” Poor unencrypted HTTP — the protocol isn’t getting as much love since Firesheep…

There’s been a bit of trouble brewing in the Android marketplace. 11 apps that were in the Android marketplace were embedded with some malicious code that triggered a text message to be sent to three premium-rate numbers in China. Those text messages sign up the mobile user for a paid subscription service without their knowledge or approval. Google has since taken down those apps but there could be more. Malware like this has been growing on the Android platform, 400% since last summer, and this is just another hiccup in the security of Android Apps.

Poor Sony, they’ve consistently topped out hacker headlines and while I’m happy to report that they’ve reopened the PlayStation Network it hasn’t been without setbacks. Just two days after the service reopened attackers went after the password reset function, which supposedly only required email and date of birth. While far from a full blown remote exploit the bug has caused Sony to disable the function on PlayStation.com and Qriocity.com. In the meantime you can still sign into the PSN via your PSP or PlayStation 3 devices.

In awesome sauce news, a twitter vigilante found a guy’s stolen laptop using a program we had discussed many episodes back called Prey. Sean Power’s laptop was stolen and after just a few days, he was able to score a webcam photo of the thief using the free tool. Cops wouldn’t help him, so he went to Twitter. A follower of Sean’s, and also a stranger, went to the bar where the laptop was last seen and confronted the thief. He got the laptop back and now all is good. Hooray for social networking and free programs!

This video just started making its round and I’m going to take the liberty of directly quoting Teravolt.org:

Electrolytic capacitors are constructed using an electrolyte-soaked piece of paper between two strips of aluminum foil. One piece of foil is oxidized and this ultra-thin coating of aluminum oxide becomes the capacitor’s dielectric. Because this layer is so thin and has a high dielectric constant a large amount of capacitance can be squeezed inside of a small space, even more so when the foil is rolled up tightly.

Electrolytics have one flaw though; they are polarized. When a reverse voltage greater than 1.5V hits the capacitor the aluminum oxide starts to reduce and its insulating properties are lost. This destroys the capacitive effect of the device and essentially the capacitor short circuits which allows a lot of current to flow. A lot of heat is generated, heat which boils the electrolyte and causes pressure to build inside the capacitor.

Then it goes boom!

Kerby’s Internet Protocol Star Trek Captain of the Week
Picard, duh

HakTip: JDiskReport

As an alternative to WinDerStat which I explained a few weeks ago, you can try out JDiskReport. This freeware tool enables you to understand what files on your drive take up what amount of space. This tool can help you figure out what files or folders are just sitting on your hard drive taking up space. JDiskReport features a Size Perspective pie chart for easy viewing, a size distribution tool, modified size distribution view, file extension type size distrubution, and a top 100 list of your largest files.

To use, go to jgoodies.com and download the tool. Java must be installed for this to work and it will run on Windows or Mac. Open JDiskReport and choose ‘Scan A File Tree’. This will scan all the files inside a chosen drive. After a few moments, JDiskReport will display an easy to navigate pie chart, showing you which files take up so much room on your computer. You can right click to open explorer and browse to those files to edit or delete them. You can also choose things such as excluding a directory for the scan under the preferences menu on the filter tab.

For more info on JDiskReport check out jgoodies.com, and tell me what you think!

Got an idea for a tip? Share them with us at tips@hak5.org. And now for our sponsor.

NetBIOS Name Service spoofing in Metasploit
Segment Descirption (HTML):

This week our friend Mubix returns to demonstrate an awesome Metaspoit module for spoofing NetBIOS Name Service.

Trivia!

Last weeks trivia: This popular project was a light installation in Berlin that transformed a building front into a giant low-resolution monochrome computer screen. What’s the projects name?

The Answer was: Project Blinkenlights

This week’s question is: Including icons for snow men, octopuses and alien faces, this specification is the Japanese term for emoticons.
Answer at hak5.org/trivia to win some sweet swag. And now a word from our sponsor.

Doom on the Dingo

Last week I showed you how to install Dingux, a version of Linux, onto your Dingoo Digital. Today, I’m digging a bit deeper into the world of the Dingoo by setting up a game and an emulator. Lets get started!

First, check out nongnu.org/freedom and download the Complete Iwad from the download page. Extract the file to your PC. Copy the doom2.wad file to your mini SD card that has Dingux on it. You’ll need to copy it to the local\games\prboom\ folder and make sure it is called Doom2.wad. Once copied, you can plug the SD card into your Dingoo Digital. Make sure it’s turned off any time you remove or put the SD card in the slot because it’ll freeze if you take it out while cut on.

If you don’t want the freedoom version of Doom, you can also try original Doom. To do so, go to doomarchive.com and download the Doom1.wad. Extract this zip file anywhere on your PC. Now, copy the doom1.wad to the local\games\prboom\ folder. Rename doom2.wad from the freedoom.com website. If you decide not to rename doom2.wad, when you boot up Doom on Dingux, it’ll default to the freedoom doom2.wad instead of doom1.wad.

Now that you have your two versions of doom installed and have chosen which one you want to boot, put the SD card into your Dingoo Digital and hold down select while pressing up on the power button. When Dingux boots, choose Doom. This will be the topmost game under the games icon.

Ok, now after defeating one of the best games of all time, shut off your Dingoo and take the SD card out to install an emulator.

I’ve chosen Super Mario World… because it’s awesomely epic.

Get a super mario world ROM from anywhere online. It should be called SuperMarioWorld.smc. Copy this file to the local\emulators\snes\9x folder. Now, plug the SD card back in the Dingoo Digital and boot up Dingux again, this time choose the Emulators Icon, scroll down to SNES, and choose Super Mario World. Tada! You now have Awesome games at your fingertips to play on your next subway ride.

For questions or comments, email me at feedback@hak5.org.

Emails

Conner writes:

Hey Hak5,
I know you get a lot of emails so i will keep this to the point. I am new to the computer / technology world and find it hard to follow parts of your show. I’m not asking you to change the script, but I’m simply asking where are the best resources or really the best way to break into this and get caught up. I have an interest in technology and I know that it might take some work but really any general direction would be much appreciated.
Thank you in advance.

Darren recommends picking up a programming language. He isn’t going to get into a religious debate about which is best but learning any moden language will give you a fundamental understanding of how programs operate. There is a fantastic forum thread at forums.hak5.org called Hacking: Where to begin which is a great resource for those new to hacking.

Aaron writes:

Dear Hak5
What is the best, free, open source, virtualization system for Linux?
Love Hak5!
Thanks

Darren’s current squeeze for servers is Proxmox VE, which is a wonderful open source implementation of OpenVZ and KVM — two of the most popular virtualization technologies on Linux. He also still loves VirtualBox for desktop virtualization.

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

This time on an exciting brand-new-studio edition of Hak5 we’re getting hands on with the latest version of BackTrack-Linux, configuring virtual machines and wireless. Shannon’s flashing the firmware on a Dingoo Digital A320 and installing a custom distro of Linux and so much more.

Download HD Download MP4 Download WMV

Hacker Headlines

Oh Skype… They have another security problem. Skype on Mac OS X has a bit of a flaw. You can send a Skype message to another user and potentially get remote access to that other computer. Gordon Maddern, a security researcher, found the flaw and told Skype about it more than a month ago, but there was no fix until after the news started spreading that there was an issue. Skype has released a small term patch, but no full fix has been released, nor has users been notified to update.

Just days before Google I/O begins, French security firm Vupen demonstrates a zero-day vulnerability in Google Chrome allowing remote execution. The exploit, which hasn’t been released to the public, bypasses Chrome’s praised Sandbox as well as Address Space Layout Randomization and Data Execution Prevention. Google, busy introducing the Chromebook, has not verified VUPEN’s claims and says that if necessary an update will be pushed to users automatically.

The death of Osama Bin Laden has spurred several scams throughout the interwebz. Malware has shown up on certain websites, a Facebook scam popped up, and even the blog of the guy who accidentially live twittered the event has been compromised. Scammers are smart and they know what you’re looking for. People want to see the ‘Osama death video’, which doesn’t exist. So for anyone out there who was considering clicking that video on Facebook and sharing it with your friends, DON’T, and while you’re at it, delete it from your profile if someone else posted it.

Symantic security researchers are reporting that a flaw in the way application authentication works on Facebook, nearly 100,000 apps may have complete access to your account. Facebook now uses OAUTH 2.0 for authentication, however older authentication schemes are still in use. The firm advises users to change their passwords immediately — which essentually thwarts the access token bug.

Hot off the heals of Ubuntu’s 11.04 “Natty Narwhal” release — which has been getting mixed reviews due to the new Unity window manager, Backtrack Linux releases the much awaited version 5. In addition to native 64-bit and ARM processor support the security distribution now comes in both KDE and Gnome flavors. Are you excited? Have you checked it out? It’s available via torrents, has a stealth mode, comes with Metasploit, and sounds just plain awesome!

Kerby’s oldschool app of the week
Oregon Trail

Hacking the Dingoo Digital A320

This week I’m introducing this fun little device called the Dingoo Digital.

The Dingoo Digital A320 is a gaming handheld for open game development. It has modest hardware specs: 400MHz CPU, 32MB of RAM, 4GB internal storage, a miniSD reader, a 2.8″” LCD screen with a 320×240 resolution, and your normal jacks. The cool part is the software. You can playback several video and audio file types, there is a built in FM tuner for radio, you can record voice, and the SDK is available for free. My favorite part is it’s customization features and ability to play ROMs. Because who doesn’t like video games?

The device comes preinstalled with several arcade games like Centipede, Mine Sweeper, and has built in Emulators for your convenience as well. But if you want more with your new toy, what is better than installing Linux on it?

Enter Dingux, the Linux Distro for the Dingoo. You can get Dingux on the dingoo-scene website as well as really easy steps to follow if you want to check it out.

First off, you’ll need to download a couple of files. Booboo’s dual boot installer zip file for Windows, and the local-10 or local zip file. Charge your Dingoo so it doesn’t die during the reflashing process. We don’t want a bricked Dingoo!

Once your files are downloaded, unzip the Dual Boot file into a new folder wherever you want on your PC.

Turn on the Dingoo and go to the ‘System Setup’ menu, ‘About’, and press A. Press up-right-down-up-right-down and an easter egg diagnostics screen pops up. On the screen it should say ILI9331 or ILI9325 at the end of one of the lines. Mine says 9331. This is an LCD model and pertains to the flashing procedure.

Now, reset the Dingoo by holding B and pressing in the power button. The screen will stay dark so don’t panic!

Plug the Dingoo Digital into your PC. Choose cancel if any ‘new hardware found’ screens pop up. When your PC asks for a driver location choose your newly created Dual Boot folder. The driver should successfully install and you’re ready to flash your Dingoo!

Unplug the Dingoo, press the reset button, and let it boot into the normal firmware. You won’t need to hit the on button during this reset.

Hold the B button down and press POWER AGAIN. Plug the Dingoo back into your PC.

Open cmd, and go to the Dual Boot File directory. cd shannon\downloads\Dingoo Dual Boot and execute the usbtool-win file. We’re going to upload a file to a specified address, so we’ll type usbtool-win 1 hwinit.bin 0×80000000. This should start the flashing. Then type usbtool-win 1 zImage_dual_boot_installer_ILI9331 0×80600000 and press enter. A screen will appear on the Dingoo saying Dual Boot Flasher and press start to coninue.

Follow the on screen instructions. If done correctly, it’ll say Success at the end. You should see a Dingux startup screen when your Dingoo restarts. There is another step to getting Dingux to startup, so right now it’ll just boot to the original firmware.

Reset your Dingoo and plug it into the PC. Your PC should find it in a few seconds.

Next, plug in your mini SD card and format it to FAT32. Unzip everything from the second file you downloaded, local-10.zip, to the root of your mini SD card.

After unzipped, go to the mini SD card and rename your LCD screen file to zImage. So, mine is ‘zImage-20090707-ILI9331′, and I’ll change the name to ‘zImage’. Delete the other LCD image file if you want to.

Then, you’re done! Unplug and reset the Dingoo while holding down the Select key. It should boot into Dingux and launch the Dmenu. You should see a new menu on your screen.

Now that you have Dingux installed, go online and find some handy ROMs!

There is a ton of stuff you can do with this gaming device. The growing online community has tons of homebrew video games to try out, theme packs, and ROM’s available. I’ve linked a bunch of the websites in our shownotes. I’m thinking next week I’m going to try to stick Doom on here, because, why not? It’s DOOM!

Email me at feedback@hak5.org with questions and comments.

HakTip: BackTrack 5 first-boot

Darren is excited to be playing with the new BackTrack 5 linux. BackTrack is a fantastic distribution for security auditing. Version 5 is available in 32 and 64 bit flavors as well as ARM processor support and now comes in either Gnome or KDE.

Darren demonstrates how to setup either a USB drive to boot directly off, or a Virtualbox VM. Darren goes on to show off ethernet configuration and setting up a wireless adapter over USB.

Emails

Nick writes in:

http://hackertyper.net/
set type speed to 1 for a more realistic look.

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up feedback@hak5.org.

In the Haktip Darren goes over a couple ways to identify web servers from the command line.

Wayno from pkill-9 sent this by. Two quick and dirty ways to ID a web server.

First way

curl -I www.hak5.org

Should result in

HTTP/1.1 200 OK
Date: Tue, 05 Apr 2011 01:00:09 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/
2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.9
Last-Modified: Tue, 05 Apr 2011 00:04:06 GMT
Accept-Ranges: bytes
Content-Length: 66982
X-Pingback: http://www.Hak5.org/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Vary: Accept-Encoding,Cookie
Content-Type: text/html; charset=UTF-8

The second, geekier way is to do it with telnet.

telnet www.hak5.org 80
HEAD / HTTP/1.0

Want to share your tips with us? tips@hak5.org

In this Haktip Darren shows how to detecting ARP Cache Poison Attacks in Windows and Linux using XARP

The basics of the Man in the middle attack are this:

Monkey-in-the-middle tells router he’s you.
Monkey-in-the-middle tells you he’s the router.
Monkey-in-the-middle likes mountain dew.
This is achieved using ARP packets, which are how nodes identify themselves on IP networks.

Enter XARP – an advanced ARP Spoof detection suite.

In this haktip Shannon shows us the setup and use of the cookie steeling tool Firesheep to hijack Darren’s twitter session.

Websites always make you login with a username and password, but when you’re on their page all cozy and logged in, you’re browsing insecurely on a regular old HTTP site. HTTP session hacking (called sidejacking) happens when an attacker gets the users cookie which you were transmitted when you first logged in, and they can use it to do anything you would normally do. The only way to really protect yourself from this is through SSL or HTTPS like what you see on your banking websites.

Firesheep, by Eric Butler, demonstrates how vunerable your login is. It’s a man in the middle attack firefox extension that anyone has the ability to use.

To use Firesheep, first make sure to download winpcap. Then download the browser extension and open it using firefox by dragging it into your list of extensions and add-ons. You may need to restart Firefox. Go to View–>Sidebar–>Firesheep and enable it. Now, simply click start capturing and you’ll be able to see the username and photo of anyone on your network that logs into one of the specific sites that Firesheep uses. Click on the name or photo of anyone on the list, and you are now logged in as them, with the ability to do whatever you want as them on that site. Scary huh? Luckily Twitter and Facebook have caught on to this and have enabled the ability to use HTTPS secure logins on their sites. So if you haven’t updated your settings, do it now!

This time on the show, Cookies beware! It’s Session Hijacking time. Darren reports from Automate 2011 with a 28 foot multi-touch bar. Plus, websites made easy with Kompozer, a Backtrack vs Blackbuntu review and a whole lot more.

Download HD Download MP4 Download WMV

Hacker Headlines

SSL provider Comodo was hacked allowing attackers to obtain secure certificates for Google, Yahoo, Skype and others. comodo is claiming that the sophisticated attack against its European partner must have been “state-driven.” Comodo’s own incident reportpoints out IP addresses from Iran responsible for the attack. While simply obtaining these certificates, which have since been disabled, wouldn’t make those sites vulnerable — it would allow passwords and emails to be snooped using man-in-the-middle attacks to impersonate the legitimate sites. That would be pretty trivial to do if, say, you were Iran, which controls the nations telecommunications infrastructure.

The RSA’s SecurID systems has been hacked! The SecurID is a tool that authenticates by having you key in a password but also a series of random numbers. A few days ago the tool sent out an email to it’s users saying it was a victim of a hack that extracted certain data from the RSA’s system. Data that was directly related to their SecurID two-factor authentication tools. The RSA says it isn’t that bad, but make sure you beef up security at your company, i.e. make stronger passwords. Like that’s really going to get people to change their passwords.

Say you wanted to write your own Stuxnet like worm to attack SCADA systems? Well your job just got a lot easier. Security researcher Luigi Auriemma released proof of concept code for 34 vulnerabilities affecting SCADA systems from Siemens, Iconics, 7-Technologies and DATAC. The code, released on the bugtraq mailing list, doesn’t affect the backend systems, merely the operator platforms, however they would allow attackers to potentially crash systems, retrieve sensitive data or dig deeper into the network.

Check out those sweet Nintendo 3DS’s at your local retailer! Demo units have been available to play in stores, but they won’t let you check out the menu or the specs underneath the games that autoplay on the devices. Luckily, there is now a nice little hack to let you get into the main menu and see what lies beneath inside these awesome new toys. Check the link and give it a try.

Is your government or ISP messing with your data? In the wake of the Internet blackouts of Egypt and Libya, Google is announcing awards of at least a million dollars to Georgia Tech researchers working on tools for web users, as well as smartphones and tablets, which detect whether ISPs are adhering to service level agreements and if data is meing tampered with.

–

HakTip: Session hijacking with Firesheep

This week’s Hak Tip comes to us from Gary. Websites always make you login with a username and password, but when you’re on their page all cozy and logged in, you’re browsing insecurely on a regular old HTTP site. HTTP session hacking (called sidejacking) happens when an attacker gets the users cookie which you were transmitted when you first logged in, and they can use it to do anything you would normally do. The only way to really protect yourself from this is through SSL or HTTPS like what you see on your banking websites.

Firesheep, by Eric Butler, demonstrates how vunerable your login is. It’s a man in the middle attack firefox extension that anyone has the ability to use.

To use Firesheep, first make sure to download winpcap. Then download the browser extension and open it using firefox by dragging it into your list of extensions and add-ons. You may need to restart Firefox. Go to View–>Sidebar–>Firesheep and enable it. Now, simply click start capturing and you’ll be able to see the username and photo of anyone on your network that logs into one of the specific sites that Firesheep uses. Click on the name or photo of anyone on the list, and you are now logged in as them, with the ability to do whatever you want as them on that site. Scary huh? Luckily Twitter and Facebook have caught on to this and have enabled the ability to use HTTPS secure logins on their sites. So if you haven’t updated your settings, do it now!

Got a tip you want to share? Email them to tips@hak5.org and we’ll show them off!

–

The 28 foot multi-touch bar!

Darren reports from the Automate 2011 conference in Chicago checking out the mtBar from Crunchy Logistics and Imaging Source. This 28 foot rear diffused illumination multi-touch bar surface sports unlimited tracking of fingers and objects at 120 FPS. Darren gets the juicy details from Niel Dufva, Aaron Bitler and Brandon Hill from Crunchy Logistics, as well as John Berryman from Imaging Source.

–

Trivia!

Last week’s question was: In Season 5 of X Files, Esther Nairn is the creator of what ‘narly’ entertainment software? The answer is: Autonomous Bots in Ninjitsu Princess. This weeks question is: In what episode of the X Files can the Lone Gunmen be seen attending DefCon in Vegas? Answer at hak5.org/trivia for your chance to grab up some swag!

–

Snubs Report: Kompozer

Shannon checks out the easy web authoring tool Kompozer. Here are some of her favorite features:

• Web authoring tool
• No HTML or coding needed
• FTP Site Manager- browseable side bar and tree view (kind of like Explorer’s folder pane)
• Color Picker- Easy to use color swap, just click with your mouse.
• Tabs- Can edit several docs at once
• CSS Editor- Easy to create stylesheets
• Styler- Toolbar lets you change style instantly
• Customize toolbars
• Forms- XUL-based UI to edit forms
• Cleaner- get rid of annoying
  ‘s- make valid documents
• XFN- Can add XHTML info saying you know and trust an external link
• Visible Marks- can view carriage returns and block borders.
• Table/ Cell resizing rulers- Adjust rows and columns easily
• Automated Spellchecker

–

Road Test: Corsair Force SSD

In the words of Mr Horse: “No sir, I don’t like it”

While the Corsair Force SSD has great performance numbers, a few major annoyances are harshing on my technolust.

No SSD should BSOD Windows on S3 resume. Nor should it report “No bootable device” upon cold boot.

Sorry Corsair, I gave it a fair chance for just about a month and even with the latest firmware this thing’s a dud.

–

Emails: Computer models and Blackbuntu vs Backtrack

Victor writes: I was wondering whats the computer that you usually have in the show cause it looks really good i think i might want to get one but i don’t know the model or manufacturer.

Darren and Shannon have both recently upgraded to the 11.6″ Acer Aspire TimelineX 1830T. Darren has the Intel Core i7 version while Shannon has opted for the i3.

Prior to these Shannon was using the 9″ Acer Aspire One and the 10″ Nokia Booklet 3G while Darren has had the 7″ ASUS eee PC 701, 9″ Acer Aspire One and 15″ ASUS N53J.

Juan writes: I was watching episode 903 and at the end you mention Blackbuntu. I have use Backtrack before but have never herd of Blackbuntu I start it to poking around the internet and found not only Blackbuntu but GnackTrack too both are sort of the same idea both are base on ubuntu both use gnome and both have the standard Backtrack program suit so I was think all tree of them make for a good head to head battle or just for a review

Darren has been playing with Blackbuntu for about a week now. Prior to that he’s been using BackTrack since 3.0, but never as a primary OS. Here are some of his initial observations:

• Blackbuntu is based on ubuntu 10.10 using Gnome as the window manager and contains a similar feature set to BackTrack.
• BackTrack is more established, while Blackbuntu is on version 0.2 it’s counterpart BackTrack is nearing beta of version 5.
• BackTrack is the basis for the Offensive Security courses and certifications, which teach all sorts of pentesting and wireless attacks in both live-in-person and online learning scenarios
• In comparison to BackTrack, Blackbuntu doesn’t have much of a community. You’re more likely to find tutorials and help for BackTrack
• That said, most of what you’d do with BackTrack will run very similarly on Blackbuntu.
• The biggest strong point Blackbuntu has in my book is the fact that it’s a highly customized version of Ubuntu with Gnome, which I’m already familiar with, and to me is better suited as a primary Linux OS.
• Then again I’ve run into stability issues with Blackbuntu that have me, for the time being, switching back to Backtrack 4r2
• I’ll reassess these in the near future when BackTrack 5 debuts, which will be both 32 and 64 bit compatible, running on Ubuntu 10.04 with official support for KDE, Gnome and Fluxbox

–

Keep up with the latest on Hak5 by following us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic for ask a question feel free to hit up feedback@hak5.org.

This time on the show Darren talks to Georgia Weidman, Director of Cyber Warfare at Reverse Space about her smartphone botnet project. Shannon learns about the latest in Katana and Joe Klein joins us once again to debunk IPv4 exhaustion myths and the next step for IPv6 adoption.

Download HD Download MP4 Download WMV

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up feedback@hak5.org.

This time on Hak5 we’re asking the question, can a three node Virtualization Cluster be built for under $1000? With the help of Proxmox, an open source virtualization environment, some cardboard boxes and a knife — we find out!

Download HD Download MP4 Download WMV

Hacker Challenge Recap
Darren reviews the recent Hacker Challenge and details improvements to this ongoing project.

Clustering with Proxmox
Darren demonstrates building virtualization clusters with proxmox. He also learns a very important lesson about the “any key” and pimps his cardboard case mod.

Virtio drivers and paravirtualization explained
Darren demos a live Proxmox cluster while building a Windows machine using the Virtio drivers.