This time on the show, we talk to Rel1k, AKA Dave Kennedy, founder of Derbycon and the Social Engineering Toolkit. Mubix is back in the house with all things Metasploit. And Jon from the LVL1 hackerspace shares with us a very special animatronic pony. That breathes fire. Yeah. All that and more this time on Hak5!

Download HD Download MP4

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

No matter what your project is Domain.com has what you need to register, host and promote your next big idea…even if it’s ffffggggggggggggggghjk.com. Domain.com is owning the competition with cheap domain names and hassle-free service. Their easy checkout process and domain discovery system makes it easy to select the domain that’s right for you and setup your website without hassle. Domain.com will even transfer your domain from another registrar and hook you up with another year of service for under $6.50 when you use coupon code HAK5 at checkout. That’s right, our code HAK5 will score you 15% off. Don’t forget, when you think domain names, think Domain.com

There are two things IT professionals and their clients have in common – They want the job done right and they want it done fast! That’s why I highly recommend GoToAssist Express, by Citrix to anyone in IT. It’s the fastest, most reliable support tool. GoToAssist Express puts clients at ease with its simple, secure remote support… And it puts you in a position to do what YOU do best – Access, diagnose and resolve the problem! With the fastest support experience and ability to service multiple clients at once you’ll be increasing revenue while actually improving your customer service reputation! Take care of clients while they’re away with the unattended support feature and get unlimited use for one flat fee. When it comes to remote support tools, I think GoToAssist Express is the best – so fast and reliable! Don’t wait – start using GoToAssist Express today! Hak5 viewers can try it FREE for 30 Days Visit GoToAssist.com/hak5

For only $19.99 per month get the 4G Mobile HotSpot and connect up to 5 devices (iPad® , iPod touch ® , cameras, laptops, portable gaming devices and more) to America’s Largest 4G Network, ™ overage free. T-Mobile.

This time on the show, we’re cracking the code: EXIF Data tools, Windows login hash cracking, Extracting passwords from Firefox and other browsers, what’s in that P-CAP file and special report form Maker Faire 2011. All that and more, this time on Hak5.

Download HD Download MP4 Download WMV

FirePassword

You know how you can store and save all you login credentials in Firefox, Chrome, as well as other browsers? Well, maybe that’s not such a great idea. There are several portable (yes, portable!) tools that can instantly recover login credentials stored by Firefox, Chrome and others. Broswers store your username and password for every website you visit as long as you give them consent in the settings. The credentials are saved by Firefox, Chrome and others in a sign-on database that is securely encrypted. Today I’m focusing on Firefox.

FirePassword, the tool in question today, can instantly decrypt and recover the data even if there’s a master password protecting it.
Not only this, but FirePassword can even recover sign-on passwords for other profiles (on the same system) and info from other OS’s like Linux and Mac. This can obviously be used for malicious intent, or can be used for the greater good of forensic investigators who need to transmit data from the target PC to another machine without disrupting the original target machine.

FirePassword portable works from XP-7, and loads DLLs from the firefox executable location automatically. DLLs aren’t packaged with the tool, and the newest version presents an easy to use color based display so you can clearly view password details.

Lets get started on cracking my Firefox passwords!

To install, follow the on screen instructions from securityxploded.com. They have nice detailed instructions on how to use the program so you shouldn’t have a problem.

Once installed, open your command prompt and change directory to your FirePassword.exe folder, probably in your program files.
Mine is c:\ Program Files (x86)\SecurityXploded\FirePassword\. Once there, type in FirePassword.exe and hit enter. You should see a screen kind of like the one on my monitor.

It will list every website, username, and password you have saved into FireFox.
It’ll also show you any OLD passwords that you never deleted out of the FireFox settings.

If you have a master password set on FireFox, you will need that password to be able to see your other passwords. For example, I will go into the FireFox options, choose Master Password and set it.

Over in my CMD, I’ll type FirePassword.exe -m kerby and click enter. Now it’ll give me my other passwords. If you do this wrong, you’ll get this error code.

You can also copy the Firefox profile files from different operating system such as Linux or Mac to the Windows system locally and then specify that path with FirePassword to recover data from the offline profiles.

It’s pretty surprising how easy this really is for anyone to discover. To protect yourself, do what I do and DON’T save your passwords in FireFox! Make your machine log off every time you close it or leave it idle for more than a minute. Anything, but really, just don’t save your passwords.

It’s also worth mentioning the WebBrowserPassView tool from NirSoft. It’s a password recovery tool for Internet Explorer, Firefox, Chrome and Opera.

Now, if you’ve got another tool for me to check out, email feedback@hak5.org

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

This time on the show, NetBIOS Name Service spoofing in Metasplot with our friend Mubix, Playing Doom on a Dingoo Digital with the Dingux Linux distro and an alternative disc space reporter.
All that and more, this time on Hak5.

Download HD Download MP4 Download WMV

Hacker Headlines

I was going to report on how Android devices prior to version 2.3.4 were vulnerable to a sidejacking attack due to the fact that they authenticated via HTTP instead of HTTPS. Similar to a cookie, the AuthToken of the Calendar and Contacts syncing service is good for up to two weeks and is device agnostic. But just a day after security researchers broke the story Google plugged the hole. A Google spokeman said in a statement “This fix requires no action from users and will roll out globally over the next few days.” Poor unencrypted HTTP — the protocol isn’t getting as much love since Firesheep…

There’s been a bit of trouble brewing in the Android marketplace. 11 apps that were in the Android marketplace were embedded with some malicious code that triggered a text message to be sent to three premium-rate numbers in China. Those text messages sign up the mobile user for a paid subscription service without their knowledge or approval. Google has since taken down those apps but there could be more. Malware like this has been growing on the Android platform, 400% since last summer, and this is just another hiccup in the security of Android Apps.

Poor Sony, they’ve consistently topped out hacker headlines and while I’m happy to report that they’ve reopened the PlayStation Network it hasn’t been without setbacks. Just two days after the service reopened attackers went after the password reset function, which supposedly only required email and date of birth. While far from a full blown remote exploit the bug has caused Sony to disable the function on PlayStation.com and Qriocity.com. In the meantime you can still sign into the PSN via your PSP or PlayStation 3 devices.

In awesome sauce news, a twitter vigilante found a guy’s stolen laptop using a program we had discussed many episodes back called Prey. Sean Power’s laptop was stolen and after just a few days, he was able to score a webcam photo of the thief using the free tool. Cops wouldn’t help him, so he went to Twitter. A follower of Sean’s, and also a stranger, went to the bar where the laptop was last seen and confronted the thief. He got the laptop back and now all is good. Hooray for social networking and free programs!

This video just started making its round and I’m going to take the liberty of directly quoting Teravolt.org:

Electrolytic capacitors are constructed using an electrolyte-soaked piece of paper between two strips of aluminum foil. One piece of foil is oxidized and this ultra-thin coating of aluminum oxide becomes the capacitor’s dielectric. Because this layer is so thin and has a high dielectric constant a large amount of capacitance can be squeezed inside of a small space, even more so when the foil is rolled up tightly.

Electrolytics have one flaw though; they are polarized. When a reverse voltage greater than 1.5V hits the capacitor the aluminum oxide starts to reduce and its insulating properties are lost. This destroys the capacitive effect of the device and essentially the capacitor short circuits which allows a lot of current to flow. A lot of heat is generated, heat which boils the electrolyte and causes pressure to build inside the capacitor.

Then it goes boom!

Kerby’s Internet Protocol Star Trek Captain of the Week
Picard, duh

HakTip: JDiskReport

As an alternative to WinDerStat which I explained a few weeks ago, you can try out JDiskReport. This freeware tool enables you to understand what files on your drive take up what amount of space. This tool can help you figure out what files or folders are just sitting on your hard drive taking up space. JDiskReport features a Size Perspective pie chart for easy viewing, a size distribution tool, modified size distribution view, file extension type size distrubution, and a top 100 list of your largest files.

To use, go to jgoodies.com and download the tool. Java must be installed for this to work and it will run on Windows or Mac. Open JDiskReport and choose ‘Scan A File Tree’. This will scan all the files inside a chosen drive. After a few moments, JDiskReport will display an easy to navigate pie chart, showing you which files take up so much room on your computer. You can right click to open explorer and browse to those files to edit or delete them. You can also choose things such as excluding a directory for the scan under the preferences menu on the filter tab.

For more info on JDiskReport check out jgoodies.com, and tell me what you think!

Got an idea for a tip? Share them with us at tips@hak5.org. And now for our sponsor.

NetBIOS Name Service spoofing in Metasploit
Segment Descirption (HTML):

This week our friend Mubix returns to demonstrate an awesome Metaspoit module for spoofing NetBIOS Name Service.

Trivia!

Last weeks trivia: This popular project was a light installation in Berlin that transformed a building front into a giant low-resolution monochrome computer screen. What’s the projects name?

The Answer was: Project Blinkenlights

This week’s question is: Including icons for snow men, octopuses and alien faces, this specification is the Japanese term for emoticons.
Answer at hak5.org/trivia to win some sweet swag. And now a word from our sponsor.

Doom on the Dingo

Last week I showed you how to install Dingux, a version of Linux, onto your Dingoo Digital. Today, I’m digging a bit deeper into the world of the Dingoo by setting up a game and an emulator. Lets get started!

First, check out nongnu.org/freedom and download the Complete Iwad from the download page. Extract the file to your PC. Copy the doom2.wad file to your mini SD card that has Dingux on it. You’ll need to copy it to the local\games\prboom\ folder and make sure it is called Doom2.wad. Once copied, you can plug the SD card into your Dingoo Digital. Make sure it’s turned off any time you remove or put the SD card in the slot because it’ll freeze if you take it out while cut on.

If you don’t want the freedoom version of Doom, you can also try original Doom. To do so, go to doomarchive.com and download the Doom1.wad. Extract this zip file anywhere on your PC. Now, copy the doom1.wad to the local\games\prboom\ folder. Rename doom2.wad from the freedoom.com website. If you decide not to rename doom2.wad, when you boot up Doom on Dingux, it’ll default to the freedoom doom2.wad instead of doom1.wad.

Now that you have your two versions of doom installed and have chosen which one you want to boot, put the SD card into your Dingoo Digital and hold down select while pressing up on the power button. When Dingux boots, choose Doom. This will be the topmost game under the games icon.

Ok, now after defeating one of the best games of all time, shut off your Dingoo and take the SD card out to install an emulator.

I’ve chosen Super Mario World… because it’s awesomely epic.

Get a super mario world ROM from anywhere online. It should be called SuperMarioWorld.smc. Copy this file to the local\emulators\snes\9x folder. Now, plug the SD card back in the Dingoo Digital and boot up Dingux again, this time choose the Emulators Icon, scroll down to SNES, and choose Super Mario World. Tada! You now have Awesome games at your fingertips to play on your next subway ride.

For questions or comments, email me at feedback@hak5.org.

Emails

Conner writes:

Hey Hak5,
I know you get a lot of emails so i will keep this to the point. I am new to the computer / technology world and find it hard to follow parts of your show. I’m not asking you to change the script, but I’m simply asking where are the best resources or really the best way to break into this and get caught up. I have an interest in technology and I know that it might take some work but really any general direction would be much appreciated.
Thank you in advance.

Darren recommends picking up a programming language. He isn’t going to get into a religious debate about which is best but learning any moden language will give you a fundamental understanding of how programs operate. There is a fantastic forum thread at forums.hak5.org called Hacking: Where to begin which is a great resource for those new to hacking.

Aaron writes:

Dear Hak5
What is the best, free, open source, virtualization system for Linux?
Love Hak5!
Thanks

Darren’s current squeeze for servers is Proxmox VE, which is a wonderful open source implementation of OpenVZ and KVM — two of the most popular virtualization technologies on Linux. He also still loves VirtualBox for desktop virtualization.

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

This time Hak5, Mubix joins us for more mischevious Metasploit fun. We’re stealing Windows logins with a crafty keylogger. Shannon’s hacking from a cave with the Katana USB security suite. Plus, automating file renaming in Windows, Firefox security extensions and so much more.

Download HD Download MP4 Download WMV

Hacker Headlines

Our favorite framework just got a major update. Metasploit 3.7.0 has been released and with it comes a major backend overhaul. You should notice a significant performance increase in handling multiple sessions as well as a nice little update to the SMB stack that’ll all you to perform pass-the-hash attacks against Windows Server 2008. Find out more about this and the 35-some new remote exploits at Rapid7.

Square has opted for encryption on their mobile credit card readers! Square, a successful company that enables just about anyone to be able to take payments through their iPhone, went through a bit of a tiff with Verifone, who recently said Square was basically sending out card skimmers to whoever wanted them. It sounds like Square deemed it necessary to update their hardware, and decided to make a new line of the Square credit card readers. It sounds like Square is becoming a real competitor to Verifone, and a legit one at that.

iOS 4.3.3 has arrived bringing changes to the way the controversial crowd sourced database cache, or “consolidated.db” file works. The update reduces size of the cache, no longer backs up the cache to iTunes, and deletes it when ios location services are turned off. Apple acknowledges that iPhones had been storing as much as a years worth of data even if location services were off, which they claimed as a bug. The database is still unencrypted.

This is some nice news to hear! Jeff Moss, the founder of the infamous hacker conference, Defcon in Las Vegas, has been named as ICANN (Internet Corporation for Assigned Names and Numbers)’s chief security officer. Rod Beckstrom, ICANN’s president and chief executive officer, said “I can think of no one with a greater understanding of the security threats facing Internet users and how best to defend against them than Jeff Moss. He has the in-depth insider’s knowledge that can only come from fighting in the trenches of the ongoing war against cyber-threats.”

With the PlayStation Network is still down following a massive data breach, Sony has claimed before the U.S. House Committee on Energy and Commerce that a file named ‘Anonymous’ was found during the investigation. The file contained the words “we are legion”, Kazuo Hirai, chairman of the board of directors of Sony Computer Entertainment America explained. Anonymous, who had previously conducted a large-scale distributed denial of service attack on Sony during the GeoHot case, has denied involvement.

Kerby’s JPop Group of the week

SCANDAL – Haruka

HakTip: Bulk file renaming

We got an email from Chris G, aka Macrohard in the Hak5 forums, who said:

This was the free bulk naming software I was going to try out. I have a vendor that likes to send me a large assortment of files with a lousy .extension name, and I need to work on getting them to process for a document retention system.

Bulk Rename Utility is available at bulkrenameutility.co.uk and it lets you rename several files with a click of your mouse. This free software comes in 32 or 64 bit for Windows.

After downloading and installing, choose a folder or a group of files that you want to change.

After highlighting your files, choose what you want to change. I chose to change the file name (Box 2), and change the case (Box 4) to upper case. Then, I added numbering to the end of each photo (Box 10). All of your changes can be seen under New Name in the file box at the top. Once finished, click Rename. You will get a warning telling you the files are about to be changed. Click ok after double checking and tada! All of your selected files have been fixed in seconds.

If you chose to do this during the install, you can also have a Windows Explorer Extension included when you right click a series of files.

This saves me TONS of time renaming all those photos from CES. Got a tip? We’ll share it! Tips@hak5.org.

Keylogging Windows logins with Mubix

We have the pleasure of being joined by Mubix, aka Rob Fuller, to demonstrate a crafty Metasploit script for keylogging Winlogon.exe.

Trivia!

Last weeks trivia: The UK version of this device represents 10 Pence with a 1000 Hz tone. What is the device? The Answer was: Red Box

This week’s question is: Serving the Pacific Northwest, Midwest and Rocky Mountains, this Regional Bell Operating Center has merged with neither Verizon or AT&T.

Answer at hak5.org/trivia to win some sweet swag.

The Katana USB Security Suite

Last week I demo’d the easy way to install Konboot and way back in Season 8 I had showed you Katana. Katana is a portable multi-boot security suite with all sorts of penetration testing and security applications built into one single flash drive. It has been updated a ton since way back when, so I wanted to do a quick follow up on this lovely piece of awesomesauce version 2.0.

First close down your anti virus software. It’ll freak out when you download Katana due to the tools available through the program. Download the torrent of Katana at hackfromacave.com. It’s a hefty 4 gigs big so have tons of room and an 8 gig flash drive for the install.

Extract the .rar to the root of your USB stick. Open the root of your flash drive, open the boot folder, and right click the ./bootinst.bat batch file and choose “”run as an Administrator”".

Now you have two things you can do. First, check out the Katana Toolkit on your windows machine. This application can run various tools such as KeePass and Unstopable Copier.

Second, you can boot up the Katana boot disc. Unplug your drive, and power down your computer. Plug the flash drive back in and boot from it.

If it works, and it should, you’ll see the screen I see here. Use your arrow keys to navigate up and down through the various tools. For my example, I’m going to boot into Ophcrack, a good tool for your forgetful sibling when they lost their Window’s password. It has built in rainbow tables and can figure out the password in a few seconds. So mine was ‘game’, which you just lost. Ophcrack was able to figure out my simple password with no problem, letting me back into my computer. You’ll notice in Katana you still will have the problem with 64 bit machines running Kon-Boot. If this is the case, first open the boot directory in the root of the Katana drive, then copy the files ‘vesamenu.c32′ and ‘chain.c32′ from this directory into the syslinux/kon-boot directory.

You’ll have to go through a process of choosing Kon-Boot, then boot 2nd HDD, then going back to the Katana main menu. Go back into Kon-Boot and select the next boot from HDD choice. This will enable Kon-Boot to finally work hopefully, but I was having issues with it not working correctly.

This is the general idea of how to get Kon-Boot to work as well on Iron Geek’s blog that I mentioned last week, so maybe you’ll have better luck on your machine!

I got an email from the creator, Ronin, giving me some recent tips and tricks with Katana such as:

• Using the Katana Tool Kit from a locked down Windows system
• Write blocking the Katana drive for cheap using an SD Card
• Using a live CD to avoid needing to access Password blocked BIOSs to modify the Boot Order for USB to Boot.

Katana is a very handy tool for anyone interested in learning more about security and penetration testing. It’s also a great application to have in case you ever need any of the tools available in the ToolKit. Several tools have been added since the initial release of Katana, so I definitely suggest you check out version 2.0. Check out more from Ronin at hackfromacave.com and Email me at feedback@hak5.org with your favorite security tools or bootkits.

Emails

Ben writes:

Hey Hak5 guys! Regularly at work I use Firebug and HTTPFox FireFox add-ons; do you guys recommend any other “”must-have”" security testing Firefox addons? Loving the show; keep up the great work!

Darren recommends NoScript, as well as BadPass, LastPass, Keepass, FoxyProxy and FoxTor

JasonT writes:

Hi Darren and Shannon, Kerby, the lovable cat and mascot and backbone of Hak5 is a bit of a mystery to the Hak5 viewers ( at least I think ), If you could spare a couple of Hak5 minutes, could we get Kerby’s story, Whom is Kerby’s master, his likes/dislikes etc.

Thanks. Kerby is short for Kerberos — the authentication protocol. If you go back to season 1 you’ll see a bunch of cute Kerby moments. Thanks for writing in.

Francisco writes:

Hi Hak5, I’ve been meaning to ask this question before but it goes, what kind of upload speeds do you guys get in the Hak5 Studio? And to achieve them, what kind of hardware (eg, modem, load balancer) do you have? I run several virtual servers in my house and the maximum upload speed I can get is around 100 to 150KBps. What I can do to increase the upload speeds? Thank you in advance.

In the *current* studio we’re getting about 6-7 Mbps up. 20-25 down. A lot of that is attributed to the bangin’ router we have. Darren’s a big fan of both Smoothwall and Untangle. Paul likes M0n0wall and pfsense.

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple andhoodie. Finally if you’d like to suggest a topic for ask a question feel free to hit up feedback@hak5.org.

Raphael Mudge of FastAndEasyHacking.com joins Rob Fuller, aka Mubix, to talk about his project Armitage; a cross-platform GUI front-end for Rapid7′s Metasploit. Mudge demonstrate setting up the software, scanning for targets, attacking hosts with client side attacks or remote exploits, and finally pivoting throughout the network using pass-the-hash techniques. Time to grab some paper, pencil and an unsuspecting virtual machine!

Download HD Download MP4 Download WMV

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up feedback@hak5.org.

This time on the show, Mubix joins us to add persistance to our penetration testing with a little Metasploit, Microsoft, and IP version 6

Download HD Download MP4 Download XviD Download WMV

As Mubix, aka Rob Fuller explains: Bind shells went to the wayside with the dawn of firewalls and NAT, but IPv6 was nice enough to bring them back. With the help of some built in tools from good old Redmond and our trusty Meterpreter, we can now connect to our shell any time we please. Based on his Revenge of the Bind Shell presentation we dive into the tools and techniques required to traverse firewalls and maintain persistence.

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic for ask a question feel free to hit up feedback@hak5.org.

This demonstration Mubix joins us to add persistance to our penetration testing with a little Metasploit, Microsoft, and IP version 6.

Bind shells went to the wayside with the dawn of firewalls and NAT, but IPv6 was nice enough to bring them back. With the help of some built in tools from good old Redmond and our trusty Meterpreter, we can now connect to our shell any time we please. Based on his Revenge of the Bind Shell presentation we dive into the tools and techniques required to traverse firewalls and maintain persistence.

This week Darren heads to the Department of Spontaneous Combustion to meet with PC guru Colleen Kelly and get learned up on the arts of water cooling. Then we’re joined by Mubix (aka Rob Fuller) for a discussion on EXIF data, geo location, and twitpic privacy. Plus, Shannon has the hookup on 25 gigs of free cloud storage!

Download HD Download MP4 Download XviD Download WMV

Water Cooling

Colleen Kelley (aka digitalkitty) joins us to talk about water cooling pros and cons, costs, noise, and her approach to the arts of making hot stuff chill out.

—

Domain.com

I like Domain.com’s Deluxe web hosting plan that’s only $8.75/mo. One click install of all the popular open source programs like WordPress, Joomla, and Drupal, and more! Unlimited traffic

Free website builder with unlimited pages, Easy and affordable to get your sites online with Domain.com. Domain.com offers blistering fast DNS and hosting infrastructure, the lowest prices on the web AND the highest quality. Thanks to Hak5 fans, Domain.com is one of the fastest growing domain and hosting companies in the world. Got a great idea? It all starts with a great domain. Domain.com! Don’t forget to use coupon code HAK5 at checkout to get 15% off your order.

—

Round Table: Goe Location Privacy

Darren and Shannon are joined by Rob Fuller (aka Mubix) to discuss concerns in iPhone photo privacy, EXIF data mining and geo-location XSS attacks via GoToMeeting.

—

GoToMeeting

You’ve probably heard about GoToMeeting, the easiest and most convenient way to host online meetings from your PC and Mac. I have exciting news – now you can even take it to go on the iPad tablet! GoToMeeting – brought to you by Citrix – has a FREE app built specifically for the iPad which makes online meetings more accessible than ever! With GoToMeeting on your iPad you can attend online meetings on the go – at a café, in a hotel, wherever you are … Just download the GoToMeeting app and join sessions on your iPad tablet in seconds! See the host’s computer screen on your iPad screen…Connect to audio through your iPad or over the phone…Try Go To Meeting FREE for 30 days! For this special offer, you must visit GoToMeeting.com, click the try it free button and use promo code HAK for a free trial!

—

Snubs Report: 25 Gigs of Free Cloud Storage

I’m big about backups, specially online storage. I’m sure you remember my Wuala Snubs Report from a few weeks ago, right? And Hak5 uses Dropbox for sharing our videos with each of the crew.

So I decided to check out the Windows version called Windows Live Skydrive.

Features included are:

• 25 GB online storage
• Must sign up or already have a Windows Live account.
• Password protected with ability to choose who sees what-Protected, Shared, and Public folders.
  Up to 30 folders.
• accessible from any web enabled device or computer, any OS.
• Drag and drop to upload to Skydrive.

Folders have unique web addresses, so you can save the link as a favorite or copy-and-paste it into e-mail or other documents for direct access. The nice thing is, if you already have a MSN login or a hotmail login, you can access Skydrive by using just that. There is no download needed and this is purely web-based.
Go to Skydrive.live.com and login with your Windows Live login. You can automatically access your folders and files.
Each folder has a permission level- Either you only, some friends, all friends, your friends and their contacts, or everyone (public).

If you want to share with your friends, they have to have a Windows live account. This is the part that is lame- you can’t share with your facebook friends, etc. They have to have Windows Live.
To add a file, go into a folder and choose ‘Add File’. From there you can drag and drop your files into Skydrive, they upload automatically, and then can be seen by whoever you have chosen.
When you click on a file, you can view the information about it- like the camera that took the photo, date and time, and it also creates a direct link to the photo for easy linking and emailing.
I don’t like Windows Live Skydrive as much as some others that I have tried specifically because you can only use it for Windows/Hotmail users and people in your Windows Live contact list.

This makes it a bad choice, in my opinion, for businesses or friends around the world… But perhaps it’s perfect for family members like Nana and Papa.
Let me know what you think by emailing me at feedback@hak5.org.

—

Netflix

Netflix delivers movies directly to your home saving you time, money and hassle. As a Netflix unlimited member you get DVDs by mail in about 1 business day. Plus, you can instantly watch thousands of TV episodes and movies streamed directly to your PC, Mac or right to your TV via a Netflix ready device like the Xbox 360, PS3, and Nintendo Wii console. Watch as many movies as you want! Shipping is FREE and there are never any late fees or no due dates. Keep the movies as long as you like. DVDs by mail – Plus, instantly right to your TV. Get unlimited movies 2 ways for only $8.99 a month. As a new member and a Hak5 viewer, you can get a FREE Trial membership. Go to www.netflix.com/Hak5 and sign up NOW! . . Be sure to use this URL so that they know we sent you!

—

If you want to know the latest on Hak5 be sure to follow us on Twitter or Facebook.

Also, now is also a great time to grab some swag from the HakShop – including the new airport friendly WiFi Pineapple with free world-wide shipping.

And finally if you’d like to suggest a topic for a future show feel free to hit up feedback@hak5.org

The Hack Across America series continues in week 3 with a phenomenal episode featuring an exclusive interview with Pronobozo. Then mubix joins us for Metasploit 101 part 2, pwning a domain controller via SQL injection an token passing on a fully patched enterprise network. Plus Shannon has a tool that will save tons of time on your next PC build in this week’s Snubs Report. Get comfortable, you won’t wanna miss this.

Download HD Download MP4 Download XviD Download WMV

Exclusive Pronobozo Interview

We’re excited to be the first to publish a video interview with the infamous Pronobozo

Trivia

Originally running on the PDP-11 and incorporating elements from BSD, this closed source version of Unix was licensed to manufacturers by Microsoft, *yes, Microsoft* in 1980.

Enter for your chance to win a super sweet new Hak5 sticker pack set by submitting your answer at hak5.org/trivia

Domain.com
Domain.com offers easy and affordable web hosting plans with a free website builder and unlimited pages. Get a hosting account for only $5.75/month or opt for the Deluxe web hosting plan for $8.75/month that features unlimited traffic. Also get one click installation of all the popular open source programs like WordPress, Joomla, Drupal, and more! Thanks to Hak5 fans, Domain.com is one of the fastest growing domain and hosting companies in the world. Remember, don’t forget to use coupon code HAK5 at checkout to get 15% off your order. Got a great idea? It all starts with a great domain. Domain.com

Metasploit 101 part 2

This week Rob Fuller, aka Mubix brings us a follow-up to his Metasploit 101 series where he guides you through the process of pwning the domain administrator on a fully patched enterprise network.