Wednesday, November 27, 2013

Hackit+ - Ethical Hacking training course

I'm excited to write about a little project I've been working on.  I've helped a team of very special and talented folks with creating Premier Course ware for Ethical Hacking.  It is a paid program for instructing on hacking from the very introductory levels.  If you've never worked on security before, or if you are thinking of trying to, but all the material you find out there is way too advanced, then try Hackit+.

With lessons that start with explanations of virtual machines and Linux all the way up to advanced exploitation techniques, this course will bring you from 0-60 in just 15 lessons.  The product has just launched, but the community plans are strong and engaging.  With user driven forums for members only along with access to download and try to hack example virtual machines.  Launching new ones all the time to test your lessons learned.  These virtual machines comprise "Hackville" which is what they call the collection of virtual machines which represent citizens and businesses inside a simulated town.  With resources and persons simulated with virtual machines, these test your learned material and challenge you to creative problem solving.

This courseware is not your traditional fare.  It is engaging and pushes the student to try and experiment and learn by doing.  This course is not for a passive student base.  But for people who are curious about the field of Penetration Testing, Security or just wanting to learn from the bottom up, this course is engaging and has the promise of a strong community structure to keep you engaged for months to come after your complete the course.

There is a certification exercise at the conclusion if you are so inclined, this process will earn you a certificate of completion that will be backed by the Hackit+ team.  This certification is included with the courseware at no extra charge.  Visit the website for the details and dive in if you too would like to learn how hacking works, even if you don't have any previous experience.

I do apologize, I normally don't endorse products on this blog, but as it is very much in line with my philosophy on these things and the Tin Foil Hat Show podcast, I thought it an interesting piece for anyone who normally follow what I'm writing about.

Happy Hacking.  And remember: If it hacks you, you should HACK IT BACK!
--
CafeNinja
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Sunday, October 20, 2013

Opensource pragmatism


I just wanted to revisit the discussion of software as dogma.  I think it is very important that the open source community get the preference when the software is equal to or better than the closed source version.  But when the closed source version is well ahead of any open source competition, there is a requirement as a professional that I am as effective and efficient as possible.

Yes, this is a declaration that I use closed source software.  Absolutely NEVER when I can avoid it, but always when it is a difference between doing my work/play well.  If I have to get something done and it means I have a binary blob in my Linux installation, then so be it.  Most of us make these compromises often with flash or java as a start, many more even with binary blobs for video drivers, skype and more.  So while I am an open source advocate and recommend transitions to linux and migration from corporate systems for infrastructure to open source servers and software.  But only where they are equal or greater than the closed source solution.

I don't want this to sound like I don't have respect for young software projects who are struggling to reverse engineer and create the replacement software.  I do have a vast respect for the persons who, scratching their own itch are looking to produce the open source alternative, and I've contributed to a couple of those projects in the past doing documentation and testing (I can't program).  I know how daunting and huge such an activity is.

I just wanted to write this post since I've heard, more than a few times, in the last months very derogatory statements against members of the community who participate and contribute just because they have a windows computer for playing video games.  And I have a strong sensation that most of the people to are very critical of that, probably have already binary blogs on thier own systems and that makes them hypocrites, even if the insults are being cast at the wider OS level of consumption, my argument is that a little closed source is just as bad as a lot.  So, unless you are running GNU Hurd linux on your system, then you probably need to silence any condescending remarks to any of the open source community who do use a Mac or Windows for specific tasks that fall outside the area of expertise and excellence by the closed source community.

--
CafeNinja
 Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Sunday, July 21, 2013

Debian vs. Ubuntu

Hello guys and gals,
It's been a while, and I want to assure everyone that I'm still out there and doing geeky things, but between recent family health issues and work being a bit in a mix-up after a merger, I've been otherwise engaged.

But here to talk about the latest of the grand activities and give a quick background on why I came to ask myself the question "Debian vs. Ubuntu".  To start off I'd like to confess that I've been a strong Ubuntu user and promoter over the last six years.  While I think it is still a solid distro for new or novice users, I was running into issues with library compatibility, intolerance for proper release cycles and some of the choices that Canonical are making in regards to the technology choices they are making.  While I would _never_ begrudge them the option to make those choices, I just want to say that I don't 100% agree.  I say this not to start a flame war, but to declare that I recognize their freedom to make those choices and my freedom to choose another distro.

So my distro hunt was on.  I've been very impressed with the performance of Arch on a few machines I've owned, but I've also found it very easy for me to not pay close attention to things and find myself with a broken system and not sure how to recover.  I looked for about 20 min at several RPM based distro's out there which have enjoyed recent popularity, namely Mageia.  While the system was fine and there was no remnants of the old "RPM Dependency Hell" it was just a little out of sorts for me now that I've got nearly 8 working years on Ubuntu and Debian based systems.

So I went back and looked at the key features I would enjoy.  A rolling distro for the first time on my production machine would bring me some satisfaction, based on the Debian package system puts me in my comfort zone and keeping more with community standard desktop environments and graphic server standards and I felt that those points leaned me back to a core, base Debian install.  With Debian 7.0 on a very recent release I thought to give it a go.

I had very good success with Debian 7 on one of my slightly older machines.  Then, as a minor derivative for my net-book I installed CrunchBang #! using the Openbox window manager vs. Gnome3. I was quite pleased and comfortable in both.

As a result, I'm backing up my production machine right now in order to install Debian 7 in a dual boot with the windows 7 needed for some work applications (not my choice).  I've been pleased with the system, the installer is a little lacking, but not difficult to follow.  I've been able to re-install even closed source software which was advertised for Ubuntu (Debian based right?) without issue and feel that I'm in a real happy place with not having to worry about a "upgrade" breaking things like the wireless security protocols to connect to the corporate wifi.  I learned long ago with Ubuntu that it was almost always a safer bet to format and reinstall the system when a new release came out, to avoid older libraries and program settings conflicting with new ones.  The recent update to 13.04 was no exception and while I thought I was going to save some time by doing the in-line update, there were a very few things which were not content with that choice.  Those broken things are what started my research.

So while I do have a fond place in my heart for Arch, I don't feel comfortable enough there to lean on it for production as I have a very high AUR dependency (personal issue, I'm in a 12 step program).  And I have no courage for slackware or gentoo.  I think that Debian will offer me the ease of use, with a solid system on a rolling-distro.

--
CafeNinja
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Wednesday, March 13, 2013

I'm not sure if this embed code works correctly, but if not, clicking the monument on the right hand side then makes available a link directly to the archive.


A backup of the aired TFH shows has been made and are available at http://archive.org/details/TinFoilHatShow_501

While I have officially podfaded (yes, this is my formal announcement) I do plan to return once real life isn't quite as time consuming with family medical stuff.  I wanted to make a backup of the Tin Foil Hat Shows made to date in a place where I knew they wouldn't disappear.  The files maintain their jpg stenography embed and the password remains the same as posted in the blog post for episode number 1.

Thanks to you all for your support during my run, I do hope to initiate again, and will post here on my blog again once TFH is relaunched with all the details at that time.

I hope to be making blog posts which aren't as time consuming (relatively speaking) and once back to a routine that supports it I will be looking to produce TFH again.

--
CafeNinja
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Sunday, August 5, 2012

Tin Foil Hat Show - Episode 022


Episode 22. Moving quickly, but plenty to chat about.  My casts are less rant prone these days as health and family have made it difficult to keep my regular appointments with the microphone.  I hope with the return of school in a month or so that some normalcy will return and I can find one day in which I can do this without conflict.  Sorry for being behind, I'm trying to do better.  Don't take me out of your feeds.  If I ever retire, I will have the decency to drop a good bye show.



New wireless headphones have cleaned up some of my audio.  Less difficult to get a recording that doesn't need a lot of post production work just to sound decent.  This show has quite a few stories in there that I fly over, please do get the shownotes and read the full articles on any story that interests you.  If you are unable to get the shownotes out, please write me at tinfoilhatshow@gmail.com and I'll send you direct url's if you need them.


In this episode I review the Dan Carlin podcasts "Common Sense" and "Hardcore History". Dan has a great mind and presents history in a light and with enthusiasm that few can deliver, the fact that he does so in audio only is enough to make me wish to be a student again, if I could name him my history and political science teacher.

The new episode should be in your favorite podcatcher for download already. If you haven't added me to your podcatcher software, please add the RSS feed on the right.

The podcast is also available to play directly online at the Fuzion Podcast Network.

For the instructions to get the show notes please see the instructions as posted in the post from the first episode. These instructions haven't changed.

Feedback as always is welcome, tinfoilhatshow@gmail.com or you can contact me by any of the other methods listed here on this blog. Please remember that the show is very new and still settling in, but constructive criticisms are always appreciated.

Enjoy and please do send me feedback and corrections, it can only make the show better. A permanent link to the show's rss feed is listed on the right side of the blog.

--
CafeNinja
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Tuesday, June 5, 2012

Tin Foil Hat Show - Episode 021



Episode 21. I had to make up for a lot.  I know I have been way behind.  Lots of Europe news in this episode and not really as an intentional move, just kinda worked out that way.


I do still have some audio hookup problems that I'm currently working through with the use of some duct tape.  I should be getting that resolved in the next month or so as a friend has recommended a bluetooth headset from Logitech.


In this episode I review the Frank Skinner show from Absolute Radio.  Dry British witty humor, is calm and relaxing and takes me to a childhood of Monty Python and Faulty Towers re-runs without the pictures.  Have a listen, you might enjoy this slightly slower paced comedy as well.  

The new episode should be in your favorite podcatcher for download already. If you haven't added me to your podcatcher software, please add the RSS feed on the right.

The podcast is also available to play directly online at the Fuzion Podcast Network.

For the instructions to get the show notes please see the instructions as posted in the post from the first episode. These instructions haven't changed.

Feedback as always is welcome, tinfoilhatshow@gmail.com or you can contact me by any of the other methods listed here on this blog. Please remember that the show is very new and still settling in, but constructive criticisms are always appreciated.

Enjoy and please do send me feedback and corrections, it can only make the show better. A permanent link to the show's rss feed is listed on the right side of the blog.

--
CafeNinja
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Sunday, March 25, 2012

GPG Encryption - Attention in the details

I was working the other day, after setting up a new computer. When I noticed a strange item on the mailserver...the unencrypted copy of an encrypted message I had sent.

I realized later that it was the setting inside the mail client that had set "fcc_clear" option set. There was a simple option to deactivate it. Let me explain a bit the logic.

The reason you might wish to store a clear, plain text copy of your outgoing encrypted email, is that if the message is encrypted to a key that is _not_ yours, you won't be able to decrypt it later. So to be able to see, what you wrote in your last encrypted message to someone else, it saves a copy in the clear.

The problem then enters the room. When your message is actually being saved to a network server, it is just as subject to compromise by the forces of evil as the corporate monster. So, my point being, that you should be vigilant about the software you are using and suspicious of any new or unknown computer system.

I've personally gone to signing all of my emails with gpg both personal and professional as a point of guarantee of origin. Mobile is possible, but I'm working on the easiest/best way to manage that. I would HIGHLY recommend that everyone look to make it a part of their email life. If we get a critical mass of real people signing emails, we can start making that a receipt condition and watch the spam just stop.

--