This week Shannon has a great Snubs Report on setting up a Virtual Private Network using your Google account, and Darren shares some lessons learned in Linux wireless chipset compatibility and motherboard selection in a segment that can only be dubbed “How I walked in for a USB dongle and left with an i7 rig”

Download HD Download MP4 Download XviD Download WMV

Linux wireless chipset compatibility, or, how I ended up with an i7

Darren shares some lessons learned in Linux wireless chipset compatibility, motherboard selection and why following up on forum threads is important.

Next week we’ll continue with water cooling and home built wireless access points

Domain.com

I like Domain.com’s Deluxe web hosting plan that’s only $8.75/mo. One click install of all the popular open source programs like WordPress, Joomla, and Drupal, and more! Unlimited traffic

Free website builder with unlimited pages, Easy and affordable to get your sites online with Domain.com. Domain.com offers blistering fast DNS and hosting infrastructure, the lowest prices on the web AND the highest quality. Thanks to Hak5 fans, Domain.com is one of the fastest growing domain and hosting companies in the world. Got a great idea? It all starts with a great domain. Domain.com! Don’t forget to use coupon code HAK5 at checkout to get 15% off your order.

Setting up a simple Virtual Private Network using Google

Gbridge is a free software-only solution available for all versions of Windows and uses your Google Account for authentication. It is an extension of Google’s gtalk service and lets you remotely control PCs, sync folders, share files, and chat securely and easily. You can share your desktop with your designated friend from anywhere in the world and automatically traverses firewalls and NATting routers without the need for configuration! Gbridge allows you to securely share and access files and let friends view photos instantly remotely with no download needed. Transfer and sync large files and folders to and from anywhere with no size restrictions, then use AutoSync to auto-schedule, auto-resume, and do incremental transfers as well as set up and auto-backup of your important folder to a local or remote PC.

I connected to a box on our Hak5 Cloud Lab with GoToAssist Express to show you how to easily connect Gbridge and start sharing files.

Click on the download link to go to the download page on Gbridge.com.
Start the download and click yes a couple of times.
A popup will say it needs to install the VPN driver so click ok, then wait for the install to finish. Click allow if Windows tells you any warnings about downloading and installing.
Click finished once it’s done installing.
Start Gbridge and it’ll ask you for your gmail info.

You can also create a new gmail account or google apps account if you dont want to use your regular one.
The first thing I see is my friends list. It automatically includes my chat friends, none of which are online right now.

If you have OpenDNS or some other DNS resolving service, it may keep Gbridge from functioning properly, so you will either need to configure your service with a VPN exception rule for gbridge.net or just raise the Gbridge virtual adapters binding order. (which can be changed back anytime you want.)
Now at the top, you can log off, Invite friends by typing their email or add friends from your list of contacts. You can also create new shares:
To do so, click on the volume you wish to share, then add any friends you want to share this folder with. I’m going to add Darren, then password the volume.
Darren is currently on my list of friends but not included in my list of friends that I share with, so I’m going to allow him, and there we go! My SecureShare is now created.
I can go into the SecureShares tab to make changes to my shared folders, and on my friends list, I can make changes to friends or chat with them.
To backup your folder onto the main machine or another machine, click the Add EasyBackup icon, choose the SecureShare, choose which machine to put the backup on, and let the backup begin.
To use desktop share, click on the icon, choose Configure, and change settings.
All in all, Gbridge is lightweight, easy, and free. All good in my book!

It won’t replace a proper PPTP or IPsec VPN but it will be up and running in minutes giving you the majority of what you need.
Email me what you think at feedback@hak5.org
Thanks to Go To Assist Express for this weeks Snubs Report.

GoToAssist Express
If you’re in technical support… I want to tell you about an easy way to save time… money – AND make you look like a HERO to clients and colleagues.
GoToAssist Express – bought to you by our friends at Citrix is an EASY and SECURE remote support solution! With GoToAssist Express, you can SEE and SOLVE the problem WITHOUT being there in person! GoToAssist Express is specifically designed for small businesses and professionals to support clients and the best part is that with GoToAssist you don’t have to pre-install software to on your customers’ machines so you can instantly start supporting them online. Try Go To Assist Express FREE for 30 days! For this special offer, you must visit gotoassist.com/Hak5. That’s gotoassist.com/Hak5 for a FREE trial.

Trivia

This 90′s era IDE and interpreter came with four pre-written
example programs, including
“Nibbles” and “Gorillas”

Be sure to submit your answer at Hak5.org/Trivia for your chance to win some awesome Hak5 swag.

United States Air Force
A Special thanks to the sponsor of today’s episode, The United States Air Force

If you want to know the latest on Hak5 be sure to follow us on Twitter or Facebook.

Also, now is also a great time to grab some swag from the HakShop – including the new airport friendly WiFi Pineapple with free world-wide shipping.

And finally if you’d like to suggest a topic for a future show feel free to hit up feedback@hak5.org

This week Darren heads to the Department of Spontaneous Combustion to meet with PC guru Colleen Kelly and get learned up on the arts of water cooling. Then we’re joined by Mubix (aka Rob Fuller) for a discussion on EXIF data, geo location, and twitpic privacy. Plus, Shannon has the hookup on 25 gigs of free cloud storage!

Download HD Download MP4 Download XviD Download WMV

Water Cooling

Colleen Kelley (aka digitalkitty) joins us to talk about water cooling pros and cons, costs, noise, and her approach to the arts of making hot stuff chill out.

—

Domain.com

I like Domain.com’s Deluxe web hosting plan that’s only $8.75/mo. One click install of all the popular open source programs like WordPress, Joomla, and Drupal, and more! Unlimited traffic

Free website builder with unlimited pages, Easy and affordable to get your sites online with Domain.com. Domain.com offers blistering fast DNS and hosting infrastructure, the lowest prices on the web AND the highest quality. Thanks to Hak5 fans, Domain.com is one of the fastest growing domain and hosting companies in the world. Got a great idea? It all starts with a great domain. Domain.com! Don’t forget to use coupon code HAK5 at checkout to get 15% off your order.

—

Round Table: Goe Location Privacy

Darren and Shannon are joined by Rob Fuller (aka Mubix) to discuss concerns in iPhone photo privacy, EXIF data mining and geo-location XSS attacks via GoToMeeting.

—

GoToMeeting

You’ve probably heard about GoToMeeting, the easiest and most convenient way to host online meetings from your PC and Mac. I have exciting news – now you can even take it to go on the iPad tablet! GoToMeeting – brought to you by Citrix – has a FREE app built specifically for the iPad which makes online meetings more accessible than ever! With GoToMeeting on your iPad you can attend online meetings on the go – at a café, in a hotel, wherever you are … Just download the GoToMeeting app and join sessions on your iPad tablet in seconds! See the host’s computer screen on your iPad screen…Connect to audio through your iPad or over the phone…Try Go To Meeting FREE for 30 days! For this special offer, you must visit GoToMeeting.com, click the try it free button and use promo code HAK for a free trial!

—

Snubs Report: 25 Gigs of Free Cloud Storage

I’m big about backups, specially online storage. I’m sure you remember my Wuala Snubs Report from a few weeks ago, right? And Hak5 uses Dropbox for sharing our videos with each of the crew.

So I decided to check out the Windows version called Windows Live Skydrive.

Features included are:

• 25 GB online storage
• Must sign up or already have a Windows Live account.
• Password protected with ability to choose who sees what-Protected, Shared, and Public folders.
  Up to 30 folders.
• accessible from any web enabled device or computer, any OS.
• Drag and drop to upload to Skydrive.

Folders have unique web addresses, so you can save the link as a favorite or copy-and-paste it into e-mail or other documents for direct access. The nice thing is, if you already have a MSN login or a hotmail login, you can access Skydrive by using just that. There is no download needed and this is purely web-based.
Go to Skydrive.live.com and login with your Windows Live login. You can automatically access your folders and files.
Each folder has a permission level- Either you only, some friends, all friends, your friends and their contacts, or everyone (public).

If you want to share with your friends, they have to have a Windows live account. This is the part that is lame- you can’t share with your facebook friends, etc. They have to have Windows Live.
To add a file, go into a folder and choose ‘Add File’. From there you can drag and drop your files into Skydrive, they upload automatically, and then can be seen by whoever you have chosen.
When you click on a file, you can view the information about it- like the camera that took the photo, date and time, and it also creates a direct link to the photo for easy linking and emailing.
I don’t like Windows Live Skydrive as much as some others that I have tried specifically because you can only use it for Windows/Hotmail users and people in your Windows Live contact list.

This makes it a bad choice, in my opinion, for businesses or friends around the world… But perhaps it’s perfect for family members like Nana and Papa.
Let me know what you think by emailing me at feedback@hak5.org.

—

Netflix

Netflix delivers movies directly to your home saving you time, money and hassle. As a Netflix unlimited member you get DVDs by mail in about 1 business day. Plus, you can instantly watch thousands of TV episodes and movies streamed directly to your PC, Mac or right to your TV via a Netflix ready device like the Xbox 360, PS3, and Nintendo Wii console. Watch as many movies as you want! Shipping is FREE and there are never any late fees or no due dates. Keep the movies as long as you like. DVDs by mail – Plus, instantly right to your TV. Get unlimited movies 2 ways for only $8.99 a month. As a new member and a Hak5 viewer, you can get a FREE Trial membership. Go to www.netflix.com/Hak5 and sign up NOW! . . Be sure to use this URL so that they know we sent you!

—

If you want to know the latest on Hak5 be sure to follow us on Twitter or Facebook.

Also, now is also a great time to grab some swag from the HakShop – including the new airport friendly WiFi Pineapple with free world-wide shipping.

And finally if you’d like to suggest a topic for a future show feel free to hit up feedback@hak5.org

This week Darren is joined in San Francisco by his wonderful co-host Shannon! I know, right? We’re talking about open source software that will save the day if your laptop is ever stolen, following up on your password tips, and finishing up the homebrew router build with Untangle!

Download HD Download MP4 Download XviD Download WMV

Your Password Tips

Shannon and Darren share your password generation tips and tricks:

Ankaku writes: Here is the modified version of my gmail password.
ub012531oa932010ot980245xs601359gc201845ac296987. 48 chars. I’ve been using this format since a school I went to used it. It’s actually pretty easy to remember, and anything can be used ex. initials + section of ip address, phone number etc.

Teemu writes: another simple tool to create secure passwords fast is the apg (Automated Password Generator), compileable on most Unix-ish systems I suppose.

For instance:

#!/bin/sh
/sw/bin/apg -a 1 -m 64 -c cl_seed

Would spew out 6 passwords with 64 random characters.
Project home page: http://www.adel.nursat.kz/apg/

Nathan writes: The technique I find most useful in creating my passwords, aside from the ones you guys mentioned in the last episode, is to follow a spatial pattern on the keyboard itself. (i.e. qwerty, asdf, qweasdzxc; *I know those are terrible passwords, but example of spatial pattern) If you mix this technique with a passphrase that has been 1337speaked, you have a fairly long and seemingly random password string. However, spatial patterns offer the distinct advantage of usually being fairly easy to type quickly, making the physical breach of your password security a bit more of a challenge.

Eugene writes: http://howsecureismypassword.net/ — It’s based on a jQuery JavaScript library that estimates how long it would take an average computer to brute force a password. It even checks it against a list of 500 commonly used passwords (like pass, password, etc), and points out if you’re using a common password. It’s pretty nifty, and interesting how much extra time it would take to brute force by just adding an extra character to the end might make.

Extofer writes:I use a similar schema as Shannon regarding changing the password a bit depending on the site. But I also use a phrase, much like Darren mentioned too… I top it off by replacing certain letters with numbers. and of course, special characters. For instance…

say I take a phrase like: code monkey

replace o = 0 and e = 3 like

c00d3m0nkey

that alone could be hard to hack… it’s 11 alpha numeric characters. Now I tack in special characters and unique identifiers for each site like for Facebook, i will tack uppercase FB, gmail, maybe GM or GE, Hotmail, HM, etc…. you can also distinguish by color of the site or the initials of their mascot, etc.

c00d3m0nkeyFB

finally, tack in at least 2 special chatacter, you can put them perhaps one at the beginning, and one at the end, or on in the middle and one at the end…. which ever.

c00d3*m0nkeyFB+
c00d3+m0nkeyFB>

Jaryth writes: One of the passwords I’ve always been tempted to use, but never really ended up using… ‘http://www.google.com/?’

But you say “thats a URL not a password?” but you see… its both . Every single password checker I’ve run it though says its secure, its easy to remember, and even if someone DID have a key-logger on a machine, they’d think you where just typing in a URL.

So… if you wana mess with people, set your password to the URL of the site. Even if someone manages to crack it, they will ASUME that the user is stupid and typed their password into the wrong box .

pcdoctor writes:For years I have used RoboForm 5.7.6 which was the last free one to support 30 passwords per group and unlimited groups. It will not create
new passcards in ie7 or 8. It will work in those browsers if the passcard is created in IE6 ahead of time…

So, anywho, I had to find a replacement and this is my story…

I tried KeePass, but got a virus popup when I loaded the browser plugin,
so that was the end of that.

I like lastpass.com, but no matter how well written and secure it is,
the fact that it runs code in the browser and gets the data and updates
from the web is a big red flag to me.

So, I wanted to use Password Safe which was originally designed by Bruce
Schneier, but it was clunky and a big step down in functionality from
roboform (but it was safe)

So, I Hak ed it. Well, kinda. Here’s how to make it work great:

Download it at http://sourceforge.net/projects/passwordsafe/files/

or follow the links from here http://www.schneier.com/passsafe.html

Install it and click the add new icon, enter the url, usrename, password
Then click the additional tab and uncheck use default and change that to Run
Command put this in the Run Command box “${appdir}passsafe.exe” $url $u $p then I used http://www.autohotkey.com/ to compile a script I called passsafe.exe that I put in Password Safes install folder

The script is as follows

Run, "iexplore.exe" %1%
KeyWait, LButton, D
KeyWait, LButton, U
Sleep, 100
SendInput, %2%{TAB}%3%{ENTER}

now when I double click something in the safe, it feeds $url $u $p to my
program which uses iexplore (or any browser you want) to go to the url
then it waits for you to click in the username box (and highlight an
existing username if need be) and then it types username, TAB, password, ENTER

you can write custom scripts for websites that need other combinations
(like newegg).

I even wrote a script that runs from my hosts quick launch to fill in my
Password Safe password in my virtual machine.

and that’s my story and I’m sticking to it

Lyle writes: One great technique for long passwords is to pick a book from your bookshelf. Then go to a predetermined page [42, 69, 100]. Something you will remember. The first line of text on the page is your password. Need to change your password? Change the page number or change the book.

Patrick writes: Darren and Snubs were talking about passwords. I haven’t upgraded to the 2.x series yet, but for websites I use http://supergenpass.com It is just a little Javascript you save as a bookmark (or bookmarklet), it asks you for a “Master Password”, and it takes that, combines it with the domain name, and through some hash comes up with a totally random password. It’s pretty portable in that as long as you can add a bookmark to the browser you’re using, you can use SuperGenPass. There is an online “mobile” version, but I’ve never used it — don’t want my “Master Password” sent over the internet.

Adam writes: My suggestion for passwords is to use an application to centrally store the password in a secure database (of course then using a complex password for that database). This way, every password for every site can be unique + crazy complex so I don’t have to worry that if one site is hacked they will get access to the rest of my stuff. The program I use is Password Safe: http://passwordsafe.sourceforge.net/ It is free, open source, and (originally) written by a very reputable source, Bruce Schneier. Once the password is entered, the app offers some neat features, including: Easy copy/paste of usernames and passwords. The ability to paste in fields that don’t support the clipboard (like KVMs) using (I think) a virtual HID device. Built in password generator. All the data is stored in a single encrypted file, making it easy to copy to a second computer.

—

Domain.com

I like Domain.com’s Deluxe web hosting plan that’s only $8.75/mo. One click install of all the popular open source programs like WordPress, Joomla, and Drupal, and more! Unlimited traffic

Free website builder with unlimited pages, Easy and affordable to get your sites online with Domain.com.

Domain.com offers blistering fast DNS and hosting infrastructure, the lowest prices on the web AND the highest quality. Thanks to Hak5 fans, Domain.com is one of the fastest growing domain and hosting companies in the world. Got a great idea? It all starts with a great domain. Domain.com! Don’t forget to use coupon code HAK5 at checkout to get 15% off your order.

—

Snubs Report: Stolen Laptop Recovery

Say you’re hanging out in the city one day and you leave your computer at the table while you go grab your coffee. There is always the small chance that, if you leave your laptop unattended, someone could up and swipe it. Usually when this happens you can go to local authorities and hopefully they’ll find the thief. But to make matters a lot better for you, you can use a program like Prey, which will track all sorts of valuable information and even take a picture of the thief, hopefully helping you and authorities find your computer.

There are tons of features in Prey:

• Uses Wifi hotspots or GPS embedded in the device to accurately pinpoint where the laptop is.
• If Wifi isn’t in use, Prey will try to auto connect to an open hotspot to send you info.
• Prey is written in Bash and very lightweight. It’s also Portable!
• You can edit Prey as you like, adding or removing specific tasks, because each task uses a different module.
• Prey will list running programs and any files that were modified, as well as take a picture of the person if you have an integrated webcam.
• Messages can be sent to the device to be read on the screen, and even heard by anyone nearby.
• Last but not least, Prey is open source and FREE for up to three devices, and will run on any laptop.

First, download Prey onto the computer that you wish to track. Click on download and go thru the installation wizard. The download takes barely any time at all and at the end, if you havent configured the tool, it will prompt you to do so.

First thing I need to choose is setting up my reporting method. You have two options- you can either use a control panel interface, or a standalone interface. The difference is, the control panel can be accessed thru the prey website, and is quick and powerful- everything get sent directly to you as the reports come in. The standalone version will send you updates in your email, but to activate Prey to start reporting you need to activate and delete a URL and setup your mail server settings by hand.
Choose the control panel version. You need to create a new user account so type in your name, email address, and password. Change the name and device type. Click Create.

You’ll need to activate your email address, so log into your email, click the link and log in then add devices. Go back to the install and click OK and it tells you congrats now your devices are being tracked!
Now add a device by clicking the orange button. Fill in the name and it generates all your information about the device. Click create and it’s created. It gives you a device key and you can click on the name to configure all your settings. All of these choices are pretty self explanatory and if you don’t know what you’re choosing, hover over the exclamation point and it’ll explain the setting for you.

Now, if your computer gets stolen, log into prey project.com and change the status to missing. Now, updates will be recorded on your prey project page for you to view every 20 minutes (or however many minutes you choose).
I <3 it do you? Email me at feedback@hak5.org.

—
GoToAssist Express
Anyone expecting a long wait for your technical expertise is in for a BIG surprise. With Go To Assist Express brought to you by Citrix, you can provide immediate support by easily viewing and controlling your customers’ computers online! Provide instant remote one-to-one support to clients located ANYWHERE in the world. Handle more requests in less time. Assist up to 8 customers at once. Support both Mac and PC users! Try GoToAssist Express FREE for 30 days! For this special offer, you must visit GoToAssist.com/Hak5 for a FREE trial.

—

Homebrew Router Part 2

You’ll remember from episode 718 that we built a homebrew router based on a mini-itx motherboard running an Intel Atom. This week we’re replacing Smoothwall with Untangle, a free, full featured open source router.

We also cover the basics of QoS in the context of a home network. Getting in fights with your roommates about bandwidth hogging or online game performance? Take a look at Untangle’s easy to manage built in features. Not to mention the app store. Yes, of course it has an app store.

I’m looking for your feedback on these home LAN and IT segments to be sure to hit me up at feedback@hak5.org

—

Netflix
Netflix delivers movies directly to your home saving you time, money and hassle. As a Netflix unlimited member you get DVDs by mail in about 1 business day. Plus, you can instantly watch thousands of TV episodes and movies streamed directly to your PC, Mac or right to your TV via a Netflix ready device like the Xbox 360, PS3, and Nintendo Wii console. Watch as many movies as you want! Shipping is FREE and there are never any late fees or no due dates. Keep the movies as long as you like. DVDs by mail – Plus, instantly right to your TV.
Get unlimited movies 2 ways for only $8.99 a month. As a new member and a Hak5 viewer, you can get a FREE Trial membership. Go to www.netflix.com/Hak5 and sign up NOW! . . Be sure to use this URL so that they know we sent you!

—

If you want to know the latest on Hak5 be sure to follow us on Twitter or Facebook.

Also, now is also a great time to grab some swag from the HakShop – including the new airport friendly WiFi Pineapple with free world-wide shipping.

And finally if you’d like to suggest a topic for a future show feel free to hit up feedback@hak5.org

]]> http://www.hak5.org/episodes/episode-720/feed 21 http://www.hak5.org/backstage/episode_delay http://www.hak5.org/backstage/episode_delay#comments Wed, 30 Jun 2010 21:22:42 +0000 Jason http://www.hak5.org/?p=2189



Sorry for the short delay in the todays episode, but 720 is encoding now and will be posted soon.

]]> http://www.hak5.org/backstage/episode_delay/feed 8