TAGS
This week Darren is joined in San Francisco by his wonderful co-host Shannon! I know, right? We’re talking about open source software that will save the day if your laptop is ever stolen, following up on your password tips, and finishing up the homebrew router build with Untangle!
Your Password Tips
Shannon and Darren share your password generation tips and tricks:
Ankaku writes: Here is the modified version of my gmail password. ub012531oa932010ot980245xs601359gc201845ac296987. 48 chars. I’ve been using this format since a school I went to used it. It’s actually pretty easy to remember, and anything can be used ex. initials section of ip address, phone number etc.
Teemu writes: another simple tool to create secure passwords fast is the apg (Automated Password Generator), compileable on most Unix-ish systems I suppose.
For instance:
#!/bin/sh /sw/bin/apg -a 1 -m 64 -c cl_seed
Would spew out 6 passwords with 64 random characters. Project home page:
Nathan writes: The technique I find most useful in creating my passwords, aside from the ones you guys mentioned in the last episode, is to follow a spatial pattern on the keyboard itself. (i.e. qwerty, asdf, qweasdzxc; *I know those are terrible passwords, but example of spatial pattern) If you mix this technique with a passphrase that has been 1337speaked, you have a fairly long and seemingly random password string. However, spatial patterns offer the distinct advantage of usually being fairly easy to type quickly, making the physical breach of your password security a bit more of a challenge.
Eugene writes: — It’s based on a jQuery JavaScript library that estimates how long it would take an average computer to brute force a password. It even checks it against a list of 500 commonly used passwords (like pass, password, etc), and points out if you’re using a common password. It’s pretty nifty, and interesting how much extra time it would take to brute force by just adding an extra character to the end might make.
Extofer writes:I use a similar schema as Shannon regarding changing the password a bit depending on the site. But I also use a phrase, much like Darren mentioned too… I top it off by replacing certain letters with numbers. and of course, special characters. For instance…
say I take a phrase like: code monkey
replace o = 0 and e = 3 like
c00d3m0nkey
that alone could be hard to hack… it’s 11 alpha numeric characters. Now I tack in special characters and unique identifiers for each site like for Facebook, i will tack uppercase FB, gmail, maybe GM or GE, Hotmail, HM, etc…. you can also distinguish by color of the site or the initials of their mascot, etc.
c00d3m0nkeyFB
finally, tack in at least 2 special chatacter, you can put them perhaps one at the beginning, and one at the end, or on in the middle and one at the end…. which ever.
c00d3*m0nkeyFB+ c00d3+m0nkeyFB>
Jaryth writes: One of the passwords I’ve always been tempted to use, but never really ended up using… ‘
But you say “thats a URL not a password?” but you see… its both ;). Every single password checker I’ve run it though says its secure, its easy to remember, and even if someone DID have a key-logger on a machine, they’d think you where just typing in a URL.
So… if you wana mess with people, set your password to the URL of the site. Even if someone manages to crack it, they will ASUME that the user is stupid and typed their password into the wrong box :D.
pcdoctor writes:For years I have used RoboForm 5.7.6 which was the last free one to support 30 passwords per group and unlimited groups. It will not create new passcards in ie7 or 8. It will work in those browsers if the passcard is created in IE6 ahead of time…
So, anywho, I had to find a replacement and this is my story…
I tried KeePass, but got a virus popup when I loaded the browser plugin, so that was the end of that.
I like lastpass.com, but no matter how well written and secure it is, the fact that it runs code in the browser and gets the data and updates from the web is a big red flag to me.
So, I wanted to use Password Safe which was originally designed by Bruce Schneier, but it was clunky and a big step down in functionality from roboform (but it was safe)
So, I Hak ed it. Well, kinda. Here’s how to make it work great:
Download it at
or follow the links from here
Install it and click the add new icon, enter the url, usrename, password Then click the additional tab and uncheck use default and change that to Run Command put this in the Run Command box “${appdir}passsafe.exe” $url $u $p then I used to compile a script I called passsafe.exe that I put in Password Safes install folder
The script is as follows
Run, "iexplore.exe" %1% KeyWait, LButton, D KeyWait, LButton, U Sleep, 100 SendInput, %2%{TAB}%3%{ENTER}
now when I double click something in the safe, it feeds $url $u $p to my program which uses iexplore (or any browser you want) to go to the url then it waits for you to click in the username box (and highlight an existing username if need be) and then it types username, TAB, password, ENTER
you can write custom scripts for websites that need other combinations (like newegg).
I even wrote a script that runs from my hosts quick launch to fill in my Password Safe password in my virtual machine.
and that’s my story and I’m sticking to it 🙂�
Lyle writes: One great technique for long passwords is to pick a book from your bookshelf. Then go to a predetermined page [42, 69, 100]. Something you will remember. The first line of text on the page is your password. Need to change your password? Change the page number or change the book.
Patrick writes: Darren and Snubs were talking about passwords. I haven’t upgraded to the 2.x series yet, but for websites I use It is just a little Javascript you save as a bookmark (or bookmarklet), it asks you for a “Master Password”, and it takes that, combines it with the domain name, and through some hash comes up with a totally random password. It’s pretty portable in that as long as you can add a bookmark to the browser you’re using, you can use SuperGenPass. There is an online “mobile” version, but I’ve never used it — don’t want my “Master Password” sent over the internet.
Adam writes: My suggestion for passwords is to use an application to centrally store the password in a secure database (of course then using a complex password for that database). This way, every password for every site can be unique crazy complex so I don’t have to worry that if one site is hacked they will get access to the rest of my stuff. The program I use is Password Safe: It is free, open source, and (originally) written by a very reputable source, Bruce Schneier. Once the password is entered, the app offers some neat features, including: Easy copy/paste of usernames and passwords. The ability to paste in fields that don’t support the clipboard (like KVMs) using (I think) a virtual HID device. Built in password generator. All the data is stored in a single encrypted file, making it easy to copy to a second computer.
—
Domain.com
I like ’s Deluxe web hosting plan that’s only $8.75/mo. One click install of all the popular open source programs like WordPress, Joomla, and Drupal, and more! Unlimited traffic
Free website builder with unlimited pages, Easy and affordable to get your sites online with .
offers blistering fast DNS and hosting infrastructure, the lowest prices on the web AND the highest quality. Thanks to Hak5 fans, Domain.com is one of the fastest growing domain and hosting companies in the world. Got a great idea? It all starts with a great domain. ! Don’t forget to use coupon code HAK5 at checkout to get 15% off your order.
—
Snubs Report: Stolen Laptop Recovery
Say you’re hanging out in the city one day and you leave your computer at the table while you go grab your coffee. There is always the small chance that, if you leave your laptop unattended, someone could up and swipe it. Usually when this happens you can go to local authorities and hopefully they’ll find the thief. But to make matters a lot better for you, you can use a program like , which will track all sorts of valuable information and even take a picture of the thief, hopefully helping you and authorities find your computer.
There are tons of features in Prey:
First, download Prey onto the computer that you wish to track. Click on download and go thru the installation wizard. The download takes barely any time at all and at the end, if you havent configured the tool, it will prompt you to do so.
First thing I need to choose is setting up my reporting method. You have two options- you can either use a control panel interface, or a standalone interface. The difference is, the control panel can be accessed thru the prey website, and is quick and powerful- everything get sent directly to you as the reports come in. The standalone version will send you updates in your email, but to activate Prey to start reporting you need to activate and delete a URL and setup your mail server settings by hand. Choose the control panel version. You need to create a new user account so type in your name, email address, and password. Change the name and device type. Click Create.
You’ll need to activate your email address, so log into your email, click the link and log in then add devices. Go back to the install and click OK and it tells you congrats now your devices are being tracked! Now add a device by clicking the orange button. Fill in the name and it generates all your information about the device. Click create and it’s created. It gives you a device key and you can click on the name to configure all your settings. All of these choices are pretty self explanatory and if you don’t know what you’re choosing, hover over the exclamation point and it’ll explain the setting for you.
Now, if your computer gets stolen, log into prey project.com and change the status to missing. Now, updates will be recorded on your prey project page for you to view every 20 minutes (or however many minutes you choose). I <3 it do you? Email me at .
— GoToAssist Express Anyone expecting a long wait for your technical expertise is in for a BIG surprise. With Go To Assist Express brought to you by Citrix, you can provide immediate support by easily viewing and controlling your customers’ computers online! Provide instant remote one-to-one support to clients located ANYWHERE in the world. Handle more requests in less time. Assist up to 8 customers at once. Support both Mac and PC users! Try GoToAssist Express FREE for 30 days! For this special offer, you must visit for a FREE trial.
—
Homebrew Router Part 2
You’ll remember from that we built a homebrew router based on a mini-itx motherboard running an Intel Atom. This week we’re replacing Smoothwall with , a free, full featured open source router.
We also cover the basics of QoS in the context of a home network. Getting in fights with your roommates about bandwidth hogging or online game performance? Take a look at Untangle’s easy to manage built in features. Not to mention the app store. Yes, of course it has an app store.
I’m looking for your feedback on these home LAN and IT segments to be sure to hit me up at
—
Netflix Netflix delivers movies directly to your home saving you time, money and hassle. As a Netflix unlimited member you get DVDs by mail in about 1 business day. Plus, you can instantly watch thousands of TV episodes and movies streamed directly to your PC, Mac or right to your TV via a Netflix ready device like the Xbox 360, PS3, and Nintendo Wii console. Watch as many movies as you want! Shipping is FREE and there are never any late fees or no due dates. Keep the movies as long as you like. DVDs by mail – Plus, instantly right to your TV. Get unlimited movies 2 ways for only $8.99 a month. As a new member and a Hak5 viewer, you can get a FREE Trial membership. Go to and sign up NOW! . . Be sure to use this URL so that they know we sent you!
—
If you want to know the latest on Hak5 be sure to follow us on or .
Also, now is also a great time to grab some swag from the – including the new airport friendly with free world-wide shipping.
And finally if you’d like to suggest a topic for a future show feel free to hit up
.
