Hackosis

Cool trick that involves some cotton, string, and lighter fluid. Not useful for much, but hey you gotta have fun sometimes!

Be careful!

[via wiresmash.com]

From Wikipedia:

The fork bomb is a form of denial of service attack against a computer system that implements the fork operation, or equivalent functionality whereby a running process can create another running process. It is considered a wabbit as fork bomb programs typically do not spread as worms or viruses. It relies on the assumption that the number of programs and processes which may be simultaneously executed on a computer has a limit.

Yes, the command “:(){ :|:& };:” looks like a bunch of rabid smileys, but in fact is a dangerous command that could leave your Linux system unusable until rebooted. The command essentially creates a DoS attack on the system by spawning a large number of processes and very quickly taking all available resources and process slots. This is especially important on multiuser systems like terminal servers, web servers, etc.

The jargon file also defines fork bomb.

Linux is not the only vulnerable OS, but lets focus on the bash command structure for now and I will fill you in on ways to prevent your system from being vulnerable from this command and catching users who attempt to start the fork bomb.

:(){
 :|:&
};:

Essentially the code says:

Bomb the bombs while I drop bombs with even more bombs.

But how do I prevent the fork bomb?

Linux has a handy pam_limits module that can limit the amount of resources any one group or user can take. The configuration is stored in the /etc/security/limits.conf file. This will restrict the user or group from spawning more processes than defined in the configuration.

NOTE: This requires that you have the pam_limits module installed.

Example configuration:

user          hard    nproc           300
@group        hard    nproc           300

Replace ‘user’ with usernames and replace ‘@group’ with group names. You might have to play around with the settings and see what works best for your environment and available resources.

OK, but someone is dropping the fork bomb and I can’t tell who it is!

You could simply look in their ~/.bash_history and see, but that isn’t to say they haven’t deleted it out of the file.

The Linux kernel patch grsecurity could be another solution. I don’t have much experience with the patch so I cannot go into great detail, but the grsecurity forum has a bit of information on the issue.

If you have not setup ways to protect your mutliuser system from the fork bomb, it just might leave you dropping the F bomb. We wouldn’t want to hear any system administrator saying that, would we?

Know any other ways to create the fork bomb? Leave a suggestion in the comments.

Tired of users not being able to play videos to the the lack of proper media software or codecs? Fret no more as open source MakeInstantPlayer solves this issue by packing any video file into a self contained executable.

No additional software is required to play back the video:

MakeInstantPlayer is a tool for converting video files into self-running executables.
This is very useful for distributing videos, as the user doesn’t need any additional software for playback.
As MakeInstantPlayer uses the MPlayer engine for playback, it supports almost any video format in existance.
Furthermore it uses NSIS to pack everthing to one single EXE file.

Congrats to MuldeR for this nifty software! Be sure to check out MuldeR’s other projects as well.

Download MakeInstantPlayer.

TIP: when playing the .exe movie be sure that there is enough space on the system drive because MPlayer will create a temporary folder and the movie will be played from there.

Kip Kay shows us how it’s done:

[via blogmond.com]

Not only can you blind cameras with infrared LEDs, lasers work as well.

Your first thought might be,”It’s really hard to shine a laser at a camera and do something at the same time!”. Not when you mix a tripod and a gun’s laser scope.

One major limitation of this method is the fact that most lasers only emit one color, therefore it is fairly easy to filter the color using optical and electronic methods unless multiple colors are used.

Another limitation may involve exactly how to locate cameras, as they can be hidden anywhere.

Michael Naimark can say a whole lot more about the camera zapping subject with laser beams than I can. Have a look at his excellent document on this interesting subject.

How to ZAP a Camera: Using Lasers to Temporarily Neutralize Camera Sensors – by Michael Naimark [via How To Do Stuff]

Kevin Mitnick tells a story about how he played workers at a Hollywood telephone company with his 1337 social engineering skills:

More videos and info at news.cnet.com.

Windows only: Twingly Screensaver is a cool new app/screensaver that lets you visualize blog posts in real time all over the globe.

From the site:

“Twingly screensaver is visualizing the global blog activity in real time. Forget RSS readers where you see only what you’re interested in. With Twingly screensaver you get a 24/7 stream of all (viewer discretion advised) blog activity, straight to your screen.

To use the screensaver you need a PC with Windows and a graphics card supporting OpenGL. Enable Asian language support in Windows, there’s lot of that stuff in the blogosphere.”

Preview:

Download Twingly Screensaver
 

Open source PHPIDS is a customizable intrusion detection system for your web applications. PHPIDS uses a set of filter rules to detect specific strings in URLs that indicate a possible hacking attempt.

PHPIDS can do everything from log the attacks to email you the IP address of the attacker. Be sure to check out the example.php inside of the docs folder for instructions on installation.

Download PHPIDS @ php-ids.org.

PHPIDS too complicated for you? Try the simple .htaccess intrusion detection system.

I have been reading Lifehacker for some time now. Honestly, the site has been a huge inspiration for this blog. In dedication to Lifehacker and the movement the site has created, I would like to list my favorite Lifehacker posts of all time. After all, it is a bit hard to sort through all the content on the site. ;)

1. Turn Your $60 Router into a User-Friendly Super-Router with Tomato – Adam makes an excellent article about transforming your router into a highly configurable super-router using Tomato. If you have a compatible router and not taking advantage of this hack, you are simply missing out.
2. Install OS X on Your Hackintosh PC, No Hacking Required – Adam comes through again with an easy how to guide on instaling OS X on your PC with the kalyway install disc. No command line required.
3. Trim Down Windows to the Bare Essentials – Adam outlines the process of using nLite to streamline a stripped down version of Windows XP to run on a virtual machine or slow hardware. Also recommended is Game XP and XPlite. I did this even on my work station – after all faster is always better.
4. Hack Attack: Burn almost any video file to a playable DVD – This is something I always get asked to do by non-geeks. Adam recommends using the open source DVD Flick to author your DIY DVDs.
5. Top 10 BitTorrent Tools and Tricks – Adam comes up with 11 tips and tricks for BitTorrenting. While some new some fresh, the ones I recommend are most important: capping your upload and using PG2.
6. How to Track Down Anyone Online – This time Gina steps in with some tips on tracking down peeps online. This is so useful for people that owe me money (and no you cannot barrow any). The resources include different websites and even a Firefox extension.
7. Top 10 Obscure Google Search Tricks – We all know that Google is the most ‘hackable’ search engine around. Gina outlines ten top notch tips to get you going.
8. Turn Your PC into a DVD Ripping Monster – Adam gets you started backing up your DVDs to your PC and even re-burning them. I do believe he missed a couple of tools such as RipIt4Me, but overall details an easy to follow procedure for the task.
9. Top 10 Harmless Geek Pranks – Nothing is more fun than playing pranks on your geek friends. Whether it be April Fool’s day or not, these are some of the best pranks. I think my favorites are the Upside-Down-Ternet and the Total Confusion Pack for Firefox.
10. Transform Your Classic Xbox into a Killer Media Center – This goes hand in hand with our Xbox: Make your own Action Replay Device and is an excellent way to get more use of your old Xbox using XBMC.

There you have the top ten best Lifehacker posts and hacks. Maybe you have seen all of them, maybe you haven’t. Hopefully you have seen something you haven’t before.

Disagree with any of my choices? Let us know in the comments.

Hackosis.com is now open source. This opens up a whole new world of opportunity to this blog and anyone that wants to be involved.

What does this mean?

1. You can modify and redistribute the content on Hackosis.com in any way you like. We don’t require that you give credit, but it is appreciated.
2. You can submit articles to Hackosis using the submission form. We will give you credit.
3. You can participate in modifying posts to improve the quality and content. I have outlined the details on the open source statement page.

Remember, there are no restrictions on what you can submit or modify! Just be sure to follow proper netiquette, cite sources, no stealing content, etc.

My plans in the future include this blog turning into somewhat of a wiki-blog hybrid that everyone can easily take part in. Please contact us if you are interested in helping speed the process.

How does this benefit me?

1. While we prefer that you submit original content, it is not required for inclusion. You could link to your blog or web site.
2. Take part in what will be an awesome community with help from many great minds from around the web (including myself ;P).
3. The potential to be featured on lifehacker.com, digg.com or other great sites.
4. This site receives around 5,000 visits a day, so your content will be seen.
5. This is just the beginning. Remember everything here is changeable. Let your voice be heard.

That’s that, and I now invite you to suggest edits on content (including this post or any pages) and submission of posts. Through a collaborative effort we can make great things happen.

Lets experiment with the process on this page. You don’t have to register to comment.

[changefrom]the original content you wish to change[/changefrom]
[changeto]the new content you wish to change the original content to[/changeto]

Let the games begin…