So every internet user in the world knows about google, hell I couldn't do my job without google and even go as far as to put a line item on my resume saying “proficient with google search to accomplish tasks”. Its the best home page as its simple, (unless your dave who uses yahoo). Its white like macintosh hardware so people think its cool. They have sharable calendars, documents, pictures, You Tube, etc etc etc etc etc.

But is google really all that the ibook users crack it up to be? I don't think so, I have long been afraid of google and the masses that flock to it like crows to a bigmac in the street.

lets start off with The Good, google is an amazing search engine, its clean and they have the best user interface of any search bar none. (considering the top 4 not the little fish rip off’s of google UI) google has a search bar that is handy and youtube is social marketing for the future. see any fanboy for further good, as this post isn't really about the good.

RSS reader, this is one of the tools that I think google has that is actually very handy, as my RSS isn't private information and I dont care what marketing information can be gathered from it its the best reader I have used, and its free! a cool trick I just found was to look at your stats, see here is the day of week I read blogs as well as the number of subscribers to feeds in google. Notice that Katie has 5 readers in google… cool.

The Bad gmail, seriously. why do people think its the wave of the future, I think because one reason, it was invite only at the start. exclusive club email only, awesome way to make people want it. but in the end, you have all your email up on a search engine. in subject view only. what if you want to sort or folder your email, oh you cant, you can search or tag. but the idea of the subject view has been around since outlook 97.

The ability to share information, we all know of google hacking, put this into your search… filetype:txt "enable password" but the information isnt stopping at what you have on your webserver any more, your employees synch your office applications with google to make the iPhone blah blah, and release your corporate information.

need I say More? (i just found this while looking for fun info)

I was looking at google documents, it appears that there is no easy way to search however I will research more and post up, however this is not cool. yes store your personal info on google, sounds like a great idea.

The Ugly google is comming out with new applications every day to take personal information from users, I wont even get started on the google browser, or cell phone. I will focus more on some fun things that caused me to write this blog post. might be FUD but all the same it has merit.

I dont know if you have seen googles new enhancements to picasa, just like myspace etc you can now tag people in pictures just to help out the search engines find you by text, but google didn't stop there. You can put the tag to the award winning google earth to locate where they are at. Nice. (more on that award winning app later) we also know from prior that you can search for only faces in image search by adding the &imgtyp=face to your URL

Sure thats a nice example but really, how good is it… here is a nice video on how you can play with it and whats so scarry about all this? well if you dont care to mess around with the account to test the facial software, check out the new line of Sony Cameras with “smile shutter” Im not sure if sony released v2 of this, a lot of reviews online are bad, however I just got back from best buy, where I played with a camera for about 30 min in the store it works perfect. I was scared that its so good in consumer 170$ camera.

So whats to worry? well lets just consider this math equation.

  +  = the largest database of oh shit.

and one last ugly I will leave on, if you didn't think I had a point with the rest…

thats great google, keep a large database with info that I would like to have in a search engine company.

 

 

Im sure we all know of slurping by now but I just came across this site for windows command ninja skills. with that I took the time to update my slurp tool with some hacks I just didnt think about using. As well as some uses for NET that I didnt know about.

I have attached a copy of one of the slurp scripts I run, your milage will vary but you should get a lots of Ideas from it if you know whats going down. (I also just fixed that my server wasnt serving up batch files)

File Attachment: slurp.bat (14 KB)

So I am working on a project that required me to get creative, I have about 10gb of DOS Games but they are in ZIP format, nice for storage but not easy to deal with on a emulator front end, who wants to unzip a thousand files. So I set to work to make this script that will run a zip file game for dosbox. I read somewhere that dosbox will mount a zip file but seems like it wont work in the sdl build I have for linux, so I built this...

File Attachment: ldDOSzip.sh (2 KB)

File Attachment: ldDOSzip.bat (2 KB)

I put up a DOS batch file, its a very basic convert from the shell, most parts work I think. I didnt actually test it. You will also need to download a unzip tool for the command line this is also expected to be ran in XP or greater as I dont know how far back some of the file and path variables go in msft land. comment back if you find any issue with the dosbox batch file for windows. I will fix it up.

I did fix up the fact that by default IIS wont server up a batch file.

sigh… is this the new bump key? I havent seen a hack get run into the ground by the media since the bumpkey… seriously are we just bored in the security news world?

Here is a fun thing I just ran into. Kiosk with usb port but a custom keyboard with no buttons to get into things (no start alt ctl del etc) and no explorer.exe shell so I cant "hack" this kiosk.. haha

why try the hard things to get into the device, BYOUSBK that is bring your own usb keyboard, I like the roll up ones plug it in and have some fun haha.

here is a fun little read on the use of ghost as a forensic capture tool.
http://www.forensickb.com/2008/03/ghost-as-forensic-tool.html

dont know how I got here, but its worth voting for me.
Vote for Kelly as Man of the year

someone I know blew up a couch with flash. ha.

So I have been getting into digital modes a lot more since HRD really has stepped up the cool factor. However I have a few issues with testing and playing. First I have no good antenna in my RF-Hell area to get out to any fellow nerds who have the time to play. Second I have no radio yet that is good for transmitting hours of testing.

I had a idea for the problem I have a stack of old FRS radios that I never use why not adapt the VOX of the Motorola FRS to the PC for use with HRD Digital Master 780

I set to work, first thing I learned was that the 2.5 mm jack that motrola uses is this weird "long jack" you can just hack up some cable for cell phone vox kits, I happen to have a texas instruments link cable from the old TI-85's I have sitting around. I have more then one so hack hack. I hacked up this particular cable because of two things 1. it had a nice ferrit coil so I eliminate (if any) RF into my sound card 2. you can hack away plastic and T.I. actually uses the long 2.5mm plug that motrola uses to make you buy their shit.

After some tinkering with the VOX I learned that you must short the MIC to get the radio to power up in VOX mode, however if you short it outright you get PTT mode. Simple fix throw in a resistor, I had a stack of 450kohm resistors sitting on my desk from a prior mess so used them. However I assume a 1k will work just fine.

Then just play simple hook up game, plug the radio speaker into the PC MICand radio MIC into PC speaker.

Simple little test shows it works, the volume is high but appears to not be clipping I havent scoped the audio yet to check but rather just went right to a test. hooked up two cables for two FRS radios. Turn on DM780 on two PC's and yup I have communication in CW. I havent tried any other modes yet but I would assume the only issue is the audio gain, DM780 will allow you to transmit at less then 0db gain right from the application, this is a setting to tinker with. Also volume on the radios I didnt fuss with (it was 2am with a working product I wanted to sleep)

Improvments might come from putting a cap in line or a POT to lower the input to the VOX on the radio, but I assume that I can fix all this in software with no need for additional hardware.

Next step is to heatshrink it all up and now I have a nice little demo kit for digital modes. I can also have some fun at any public space by transmitting oliva and watching people think its space creatures.

I have no idea if this is FCC legal, I couldnt find any data saying that you cant transmit digital modes on FRS bands. Seeing as its public domain frequency space I am also not very concerned with my transmissions since people also transmit music and swear there.

I used two Motrola T5420 FRS radios in this test. I also used 500k resistor

Update: I got some feedback in the legality of this - long boring legal document summerised: The most onerous restriction seems to be that the data transmission can't exceed one second, and there can't be more than one in a thirty-second period.

So if your super worried plug it into something else ... hell thinking about it you could just plug it right into another computer ...duh. But where is the fun in that? Legally you also cant swear on the FRS radios or CB radio so keep that in mind.

ShoreTel Phone system 8.0 recently put L16/256 "Linear Broadband 256kbps" as the default #1 codec to use phone to phone, However the newest copy of Cain will not identify this as a call - I assume its because of the bandwidth used. Now you can change the server to not use this bandwidth and keep on the 128k but for my current classroom material and pentesting this isn't a plausible case. I would like cain to auto-magically detect and dump the 256k stream. Name/ Clock/ Bandwidth/ Description L16 256/ 16000/ 256 Kbps/ Linear 16-bit Audio 256 Kbps update: here is the handshake data with info t=0 0 m=audio 5004 RTP/AVP 110 a=rtpmap:110 LRWB/16000 a=sendrecv a=ptime:20 update2: cain now supports this codec, wireshark get this on the dev I cant find anywhere to request this. I also put the notes into NetworkObserver