I’ve lost my flashdrive! And if an honest person found it I can use this script to send them a message and contact info!

Download HD Download MP4 Download WMV

I recently lost my 16 gig flash drive during my travels and have yet to find it. For all I know some random person picked it up and decided, ‘Sweet! Free flashdrive!’. Now, although this is a bummer for me, I now have a new drive and need some sort of security feature and way to claim it as my own. Luckily, the good people of ‘Daily Cup of Tech’ came up with a solution.

First they thought of just sticking a text file on the drive that says ‘Help.txt’ or ‘ImLost.txt’ but whose to say that the founder will read that? Using an AutoIT script, the creator made an auto run file that the user can click on. The Icon displays ‘Help! I’m Lost!’ and when it’s clicked on, it displays a message of your choice- whether that is your address or a reward for returning the drive, etc. If you right click on the drive in My Computer, the same thing shows up.

Because of the high interest in this code, there is now a downloadable .zip file with all you need to get started. Simply download the zip file, extract the files to the root of your flashdrive, and change the readme.txt to say whatever you want. Now, when you plug in your drive, it’ll be named ‘Help! I’m Lost!’ and have several files that can pop up and state the same thing. No matter how curious the person who found the drive is, they’ll want to know what the .txt has to say.

But what if you lost your USB drive and there was sensitive data on it? I have a tip on securing your drive as well.

Now the problem I find with my flash drives that I have on hand is none of them have any sort of security features. Sure, I could shell out lots of cash for an encrypted super drive, but why do that when I could encrypt mine for free? Enter TrueCrypt. If you haven’t played with truecrypt before, I explained how to encrypt your entire harddrive on an episode of Hak5. Those same steps can be used to encrypt a partition or a volume, even a flash drive. Encrypting your documents and important data inside a drive won’t keep people from stealing it or yourself from losing it, but at least then your data can’t be accessed without the proper password.

Ok, so I want to hear your feedback. How do you protect your flashdrive? Let me know what you think or what program you use by emailing me — tips@hak5.org or send me a note in the comments below.

And be sure to check out our sister show, Hak5 for more great stuff just like this.

This week Darren is joined by Rob Ruller, aka Mubix for a little fun with Man-in-the-middle javascript keylogger using the Middler, and pwning with the Social Engineering Toolkit. Plus using Spotify in the US without a proxy, Mac Address spoofing in Linux or Windows, Virtual Appliances for VirtualBox, and much more! Take an hour lunch and prepare to feed your technolust!

Download HD Download MP4 Download XviD Download WMV

Cross Platform Encryption

Mahmoud, as well as many others, wrote in to ask about the cross-platform compatability of the encryption set setup on Hak5 episode 620 using cryptsetup.

The short answer is, no, it’s just for Linux. If you’re looking for something both open source and cross platform look no further than Truecrypt

Spotify in the United States without a proxy

Following up on last week’s question about IP spoofing so users in the US can try out Spotify, we’ve got just the trick without a proxy. Ok, well sorta. If you happen to have a beta invite and a friend, perhapse on IRC, in an allowed country it’s just a matter of having them sign up for you. The only limitation is that you’ll need to have your account signed into from your “home country” every 14 days. On the other hand if you decide to spring for the €9,99/mo premium account you, supposedly, don’t have such limitations. Thanks to Jouni in Finland for hooking me up. I’ll be sad when its game over in two weeks. Or will it?

Virtual Appliances for VirtualBox

If you’re a fan of VirtualBox then you’ll love VirtualBoxImages.com. They’ve got pre-packaged VirtualBox VDI’s ready for your enjoyment.

Javascript Keylogger via Man-in-the-Middle Attack

When it comes to man-in-the-middle attacks just about anything is possible. In this segment Darren explores InGuardians tool the Middler. Using a plugin architecture for manipulating (among others) http traffic, we attempt to get the infamous javascript onKeyPress keylogger going. Without much success in that department Darren goes on to demonstrate iframe injection and ponders ways to make the borked plugin behave.

Social Engineering Toolkit

Hacking isn’t just about remote code execution. Well, I mean, that’s fun and all but rather than exploiting the server, how about exploiting the Human OS. In this segment Mubix demonstrates David Kennedy (aka Rel1k)’s tool, The Social Engineering Toolkit. Despite some challenges with clients that werent setup with Java, Mubix successfully demonstrates meterpreter in conjunction with a cloned site.

Mac Address Spoofing

@Bluesmanchukk writes in to ask about Mac Address Spoofing. Darren and Rob discuss their favorite tools for the job: ifconfig (Linux), GNU MAC Changer (Linux), MadMACs (Windows), Mac Randomizer (Linux).

Multi-Player Notepad

Stoned33 wrote in to ask for our picks for simple online collaboration. Aside from the obvious Google Wave, Rob recommends the recently Google-Acquired yet still operating Etherpad. This real-time document editor is like multi-player notepad on crack. Give it a shot.

On this episode of Hak5 Darren joins Jenn Cutter in Toronto to talk IP Spoofing, Tethering Terms of Service, World of Goo mods, Linux Drive Encryption, 13″ Ultralight notebooks and more.

Download HD Download MP4 Download XviD Download WMV

Tethering TOS and IP Spoofing

Brice writes “Thanks for showing how to tether Droid with Ubuntu. I use them both quite often.
I was wondering if tethering the Droid is against the TOS/Verizon contract.”

Well Brice, technically it may be a violation of your carriers terms of service. I know at least with Verizon’s Wireless business accounts there is an additional fee, around $30/mo I believe, for tethering with a smartphone like a blackberry.

I can also say from personal experience having tethered since 2001 on both Sprint and Verizon, that as long as you stay under the 5-gig cap you should be ok. Programs like June Fabrics PDAnet allow one to tether on most platforms and, from what I hear from my telco buddies, the carrier can’t tell the difference between the traffic originating from the phone or your laptop. I haven’t heard any horror stories of penalties for using such application however I’d be curious to hear from our audience if such a thing has happened in the past.

Kuroha write “I want to use Spotify, the new music service, but I keep getting this error:
Unfortunately, due to licensing restrictions we are not yet available in your country. We understand that you are currently in United States. How do I spoof my IP so it looks like I’m in Finland?”

Kuroha, there is a misconception about IP Spoofing that’s simply summed up by saying this. The source address of your computer is part of the IP packet header. There are plenty of programs out there that will let you spoof this source port, including our favorite tool nmap. However, like a return address on postage, unless you’re in a position to listen to the replies to your spoofed packets (such as on a local network) you aren’t going to get anything useful back from the server.

What you’re more likely referrencing isn’t IP Spoofing as much as it is simply bouncing your traffic off a server in another country — typically done to anonymize Internet traffic or for secure tunneling on untrusted networks. The SSH tunneling with dynamic SOCKS proxies we’ve been talking about recently will do the trick. It’s just a matter of finding a cheap shell, VPS or other server that allows tunneling in the country of your choosing.

Don’t forget this month’s LAN Party is Left 4 Dead 2. We’ll be playing at game.hak5.org Saturday and Sunday, January 2nd and 3rd. Hope to see you there!

World of Goo Mods

Recently I’ve been playing a lot of World of Goo. It’s an amazingly simple and fun game. I’ve been playing on the Wii but soon after arriving in Toronto Jenn Cutter picked up the title for her tablet and has been dabbling with the mods.

If you’re interested in making your own levels, or downloading fan-created levels and other mods be sure to check out GooFans.com — they also have a great forum on modding.

This week’s trivia question is: “World of Goo developers shares the same open source physics engine as what 2007 first-person shooter?” Answer at hak5.org/trivia and be entered to win Pronobozo‘s album Zero=One=Everything.

Easy Linux drive encryption with Cryptsetup

When it comes to Linux, I love super user friendly and powerful utilities. This is one such tool. Since the 2.6.4 kernel drive encryption has been built in, and this tool cryptsetup makes setting it up a breeze. Follow along in this tutorial as I keep my secret thumb drive free from prying eyes.

I’ve gotta give props to Peter Savage for sending this my way. Check out his SciFi fantasy novel Emblem Divide — it’s wicked good.

Wallpaper Contest: Best 2010 “New Years” Hak5 Wallpaper! Get creative and submit your wallpaper to Hak5.org/forums under the Community Images board.

Ultralight Notebooks

Chris writes: “I was wandering if you could suggest a laptop that is lightweight, long battery life, 13.3 inch screen, with Win 7. Budget of $1000″

Chris, I recently did just this research. I was looking for a notebook to edit the show on the go — which isn’t easy considering the heaft and hunger of those AVCHD video files. If you’ve been watching the show for a while you also know I’m the netbook boy. First with the 7″ eeePC, then the 9″ Aspire One, and more recently the 10″ Nokia Booklet 3g. The next step up to get a “real CPU” is 13.3″ — a sweet spot of performance and portability.

What I found was that ultra-light, ultra-long battery life is in. These sweet new Consumer-Ultra-Low-Voltage (culv) chips from Intel and AMD are sexy. I thought I would need a 35 watt Core i7, or at least a 25 watt 2.2GHz or faster Core2Duo to edit on the go — but I lucked out with the 10 watt 1.3ghz SU7300 Core2Duo chip from Intel.

The video editing performance of the ASUS UL-series notebook I ended up with is aided by hardware accellerated video processing in the GMA 4500 M HD. AVC, VC1 and h.264 decoding are offloaded to the graphics chip. In Windows 7 Home Premium I’m able to playback 17mbps AVCHD in WMP using only 20% CPU. Not bad at all.

So if you’re willing to live without an optical drive an ultralight notebook may be the best choice for you. The performance seems enough and the battery life is steller. I’ve seen prices in the $650 – 900 range so take a look at the ASUS UL, Acer Timeline, Dell Inspiron Z, Samsing X and Lenovo U series notebooks. Just be sure to get a Core 2 Duo — I’m not reading great things about the Core 2 Solo part. SU7xxx and SU9xxx seem to be where it’s at. For now. We’ll likely see a lot more of these slim buggers at CES.

I want to give a special thanks to our crew for being so supportive while I was in hospital. Shannon did a wonderful job of taking care of the hakshop and mailing out all the orders while I was away. Thanks Revision3 for understanding about the late episode, Sentara for their open wifi and hot nurses, and a big thanks to our loyal fans. All of well wishes on twitter, facebook and youtube, the forums and IRC brightened my day every day. And DigiPirate, thanks for the awesome USB Dalek Webcam. Exterminate!! Exterminate!!

Rob Fuler, aka Mubix, of Room362.com joins us to expand on last week’s discussion about the Cold Boot attacks. We cover retrieving memory from live systems, analysis with tools like volatility, and file recovery with foremost. Mubix calls it forensics for the gray hat.

Download HD Download MP4 Download XviD Download WMV

Rob Fuller, aka Mubix of Room362.com joins us to expand on last weeks discussion about the cold boot attack.

This time we’re imaging memory from live systems. Windows boxes specifically. I point out my favorite open source app win32dd, which allows retrieval of physical memory in a couple of methods. Mubix is a fan of ManTech’s MDD. Both of these tools are capable of capturing memory on Windows 2003 SP1 (Vista+) and later machines. More tools can be found at the Forensics Wiki.

Once we’ve captured our memory it’s time to run it through a few tools to extract the good bits. Last week we touched on AESKeyFinder and RSAKeyFinder as well as Strings. This week we’re using the epic memory artifact extraction utility Volatility.

This gem allows us to see deep into what a Windows box was doing at time of memory capture, including running processes, open network connections, DLLs loaded for each process, registry handles, and more. The tool can even extract executables from memory. It’s a nifty little cross platform tool that’s worth a spin. If you’re looking to get your feet wet you might want to try it against some example data, courtesy of the NIST.

Best of all, Volatility if a framework that supports third party scripts. One such target=”_blank”>plugin makes it pretty simple to extract the Windows SAM from a memory sample.

We also cover using foremsot, an excellent tool for recovering data from memory based on headers, footers and data structures. I can say from experience that using the

-t ALL

option on a dump of Mubix’s memory that A TON of files are recovered, all nice and neat in their own folders based on extension. Thanks for the mem dump Mubix . If you don’t have a capture of Mubix’s memory you can find samples to play with Foremost at the Digital Forensics Tool Testing Images site.

We’ll be back in studio next week with Matt. Of course be sure to send your feedback to feedback@hak5.org, post in the forums or respond in the comments.

And don’t forget about our first ever official Hak5 Meetup at Busch Gardens Williamsburg on August 15th. Find all the details at hak5meetup.squarespace.com or RSVP on Facebook.

When it comes to recovering encryption keys from memory nobody has a more intriguing method than Princeton University researchers. We explore a method known as the “Cold Boot Attack”. Plus, a clever DirectX injecting UI widget for your PC games that means the end of ALT+Tab.

Download HD Download MP4 Download XviD Download WMV

When it comes to recovering encryption keys from memory nobody has a more intriguing method than Princeton University researchers who pioneered what is known as the Cold Boot Attack.

Their paper, Lest We Remember: Cold Boot Attacks on Encryption Keys debunks the popular assumption that RAM modules lose their contents when power is lost. As it turns out the degredation of memory can be a matter of seconds to minutes at room temperature. Furthermore this degredation can be slowed by freezing the memory module.

The researchers go on to outline several methods for copying memory from a reset computer or extracted RAM module. Princeton University’s Center for Information Technology Policy site maintains the paper, videos, and source code from the research.

The USB / PXE Imaging tool in combination with the AES Key Finding tool are a powerful combination. In this week’s show we discuss and demo these tools in action.

We also touch on the McGrew Security RAM Dumper and Foremost.

After laying the ground work for this attack I’ll be back in studio next week with more in depth demos and answers to your questions. Please send your feedback and questions along to feedback@hak5.org.

–Darren Kitchen

PlayXPert is a unique in-game overlay for PC and MMO games, incorporating the popular use of social media and the web with the importance of impressive FPS and un-distubed gameplay. PlayXPert lets you play your game without ever having to Alt-Tab out of the game by downloading the small widgets and customizing your opacity, widget settings, and key bindings. You can see it for yourself at their site: PlayXPert.

–Shannon Morse

Also don’t forget about our first ever official Hak5 Meetup at Busch Gardens Williamsburg on August 15th. Find all the details at hak5meetup.squarespace.com or RSVP on Facebook.

What’s your best defense against a boot CD that breaks Windows passwords in two keystrokes? Encrypting your entire hard disk. Shannon’s got the details on truecrypt drive encryption while Darren brings up plausible deniability with hidden volumes.

Download HD Download MP4 Download XviD Download WMV

Encrypting your entire hard drive

Truecrypt is an open-source, free program for everyone.
Download the latest version of Truecrypt.

Open Truecrypt and choose ‘Create Volume’. Choose ‘Encrypt entire hard drive’. Then, you will choose whether you single-boot or multi-boot your machine.

On the encryption options, I just choose AES because it is the default setting, and it’s a very strong encryption.

Next you will choose a password. This option is neat because it actually gives you a small notice saying that a password with less than 20 characters is easier to break than one with more than 20.

On the next page, you must randomize your data. You must move your mouse around in the box of algorithms to create a very randomized clump of data. The more randomized, the better encrypted.

Truecrypt will make your create a rescue disk. This is easy if you have a cd burner already installed in your tower. If not (if you have a netbook), you must create the rescuedisk.iso and burn it onto a flashdrive or something of the like. You are basically making Truecrypt think you have a cd burner and are burning the cd, when instead, you are just sticking the iso on a USB flashdrive.

For my netbook, I used WinCD Emu. WinCD Emu emulates the burning of a cd, so Truecrypt thinks you’ve finished this task.

Truecrypt will ask you to wipe your drive, and I just choose none since I don’t really need to. Next you must go through a pretest. Your computer will restart and a Truecrype login screen will appear before the windows login (this is why Konboot wouldn’t work!). If everything goes well and the pretest completes with no problems, you can begin encrypting. Encryption takes a LONG time, so be patient! Once it’s done, it’ll prompt you, and you’re finished!

For a more in depth step by step, go here.

And as always, you can email me at snubs@hak5.org!

Plausible Deniability with Hidden Truecrypt Volumes

Plausible Deniability basically means being able to deny awareness of something. For a more rich explination check out Wikipedia’s article on the subject, it’s quite interesting.

In regards to Truecrypt, our subject of the week, Plausible Deniability referrs to the ability to hide encrypted volumes within encrypted volumes. Since it cannot be proven that a hidden volume exists within a truecrypt volume.

Hidden volumes can contain just about any data, including entire operating systems. It is important to note that the sectors of a hidden volume do not change over time. If an adversary had access to the outer volume contents over a period of time the existance of a hidden volume could be proven if files were never read or written to or from these sectors.

Questions? Comments? Write me directly, Darren@Hak5.org or send feedback to the entire Hak5 crew.

In this “breakin’ in the new place” edition of Hak5 we take a look at some spiffy open-source goodies for your data and network. Paul checks out DD-WRT, a free & open firmware replacement for the oh so hackable Linksys WRT54G. Mubix teaches us why we should all be using TrueCrypt for our sensitive data. Darren gets packets flowing with Smoothwall Express, a firewall distribution of Linux. And Paul demos a sweet burning app for OS X.Plus all the deets on this month’s LAN party, Poll, Trivia, upcoming events, and plenty of Technolust with Wess, Alli & Nikki.

Sponsors

Get awesome web hosting from the pros at Dreamhost and receive $25 off your order when you enter coupon code HAK5! Plans start at $7.95/mo including 500 GB storage, 5 TB bandwidth, and one-click installs of popular software like WordPress, phpBB, and MediaWiki.

Keep your personal information away from spammers, hackers and your crazy ex-evilserver. Private Domain Registration from GoDaddy.com protects your privacy by keeping your address, phone number and more out of the public database. Get an additional 10% on your order when you enter coupon code HAK.