We started producing shows as Today with a Techie on 2005-09-19, 18 years, 2 months, 11 days ago. Our shows are produced by listeners like you and can be on any topics that "are of interest to hackers". If you listen to HPR then please consider contributing one show a year. If you record your show now it could be released in 6 days.

We are running very low on shows at the moment. Have a look at the hosts page and if you don't see "2023-??-??" next to your name, or if your name is not listed, you might consider sending us in something.

Holiday Challenges Series - Ep 2 - TryHackMe Advent of Cyber Challenge

Since some of the information you are about to hear is time specific, I want to let you know that I am recording this near the end of November in 2023.

If you missed the first episode, which introduces this series, you can go back and listen to HPR3996

I have been using TryHackMe for several years, and I recommend it to all of my students. It is a great environment where people can get hands on experience with technology that relates to cyber security, all from the comfort of their browser and free year-round.

The TryHackMe Advent of Cyber challenge is a free gamified environment which focuses on penetration testing, security operations/engineering, forensics/incident response, malware analysis, machine learning, and more!

This year's challenge opens on December 1, 2023 (Which is the reason why I am posting twice this week). Typically, the Advent of Cyber challenge includes daily beginner-friendly exercises for people new to cybersecurity. These can consist of walkthroughs, video tutorials, and challenges. There are also prizes available based on random drawings and on participant success.

Infosec personalities like John Hammond, Gerald Auger, InsiderPHD, and InfoSec Pat are featured in this year's challenge.

You can play with last year's Advent of Cyber challenge by visiting https://tryhackme.com/room/adventofcyber4. It outlines the overall story and shows all of the tasks last year's participants experienced, including both offensive and defensive topics like: log analysis, OSINT, scanning, brute force attacks, email analysis, CyberChef, blockchain smart contracts, malware analysis, memory forensics, packet analysis, web application hacking, and more!

Everything can be done with a free account from within a browser.

If you want to learn more about cybersecurity, transition your career into infosec, or just have fun playing with cyber challenges, you can give it a try by visiting tryhackme.com or https://tryhackme.com/r/christmas

Please note: I am not affiliated with TryHackMe in any way, other than having been a paying member for many years. Students and others who have participated in previous year's Advent of Cyber challenges have told me how much they enjoyed it and learned from it. Even though I have been an infosec practitioner for more years than I would like to admit, I also have enjoyed taking part in this challenge.

If this is not for you, I will be sharing another option for a holiday challenge in my next episode.

To improve the speed of my workflow, I wrote a bash script that uses the open source programs programs gphoto2, tesseract, grep and ImageMagick to digitize my mom's 338 page book. Here is the link to the script: https://github.com/deltaray/ocr-script

The Oh No! news.

Oh No! News is Good News.

• TAGS: Oh No, News, Threat analysis, InfoSec, Google Dynamic Search Ads

Threat analysis; your attack surface.

• Source: Former NHS secretary found guilty of illegally accessing medical records
  

  • A former NHS employee has been found guilty and fined for illegally accessing the medical records of over 150 people.
    
  • Loretta Alborghetti, from Redditch, worked as a medical secretary within the Ophthalmology department at Worcestershire Acute Hospitals NHS Trust when she illegally accessed the records.
    

• Supporting Source: Open Street Map link to Redditch Worcestershire.
  

• Source: NetSupport RAT Infections on the Rise. Targeting Government and Business Sectors
  

  • While NetSupport Manager started off as a legitimate remote administration tool for technical assistance and support, malicious actors have misappropriated the tool to their own advantage, using it as a beachhead for subsequent attacks.
    

• Source: Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware
  

  • The threat actors are believed to leverage Google's Dynamic Search Ads (DSAs), which automatically generates ads based on a site's content to serve the malicious ads that take the victims to the infected site.
    

• Source: Trojanized PyCharm Software Version Delivered via Google Search Ads.
  

  • Victims who clicked on the ad were taken to a hacked web page with a link to download the application, which turned out to install over a dozen different pieces of malware instead.
    

InfoSec; the language of security.

• Source: Why Defenders Should Embrace a Hacker Mindset
  

• Additional Information.
  • What is a "Data Breach"? A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so.
    
  • What is "Malware"? Malware (a portmanteau for malicious software) is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy.
    
  • What is a "Payload"? In the context of a computer virus or worm, the payload is the portion of the malware which performs malicious action; deleting data, sending spam or encrypting data. In addition to the payload, such malware also typically has overhead code aimed at simply spreading itself, or avoiding detection.
    
  • What is "Phishing"? Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim.
    
  • Social engineering (security) In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
    
  • What is "Information Security" (InfoSec)? Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management.
    • Information Security Attributes: Confidentiality, Integrity and Availability (C.I.A.). Information Systems are composed in three main portions, hardware, software and communications with the purpose to help identify and apply information security industry standards, as mechanisms of protection and prevention, at three levels or layers: physical, personal and organizational. Essentially, procedures or policies are implemented to tell administrators, users and operators how to use products to ensure information security within the organizations.
      
  • What is "Risk management"? Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.
    
  • What is a "Vulnerability" (computing)? Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware.
    
  • What is an "Attack Surface"? The attack surface of a software environment is the sum of the different points (for "attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment. Keeping the attack surface as small as possible is a basic security measure.
    
  • What is an "Attack Vector"? In computer security, an attack vector is a specific path, method, or scenario that can be exploited to break into an IT system, thus compromising its security. The term was derived from the corresponding notion of vector in biology. An attack vector may be exploited manually, automatically, or through a combination of manual and automatic activity.
    
  • What is "Standardization"? Standardization is the process of implementing and developing technical standards based on the consensus of different parties that include firms, users, interest groups, standards organizations and governments. Standardization can help maximize compatibility, interoperability, safety, repeatability, or quality. It can also facilitate a normalization of formerly custom processes.
    • List of computer standards.
      
    • List of technical standard organizations.
      
  • What is a "Replay attack"? A replay attack is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. Another way of describing such an attack is: "an attack on a security protocol using a replay of messages from a different context into the intended (or original and expected) context, thereby fooling the honest participant(s) into thinking they have successfully completed the protocol run."
    
  • What is a "Man-in-the-middle attack"? In cryptography and computer security, a man-in-the-middle, ..., attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.
    
  • What is "Transport Layer Security" (TLS)? Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.
    
  • What is a "Handshake" (computing)?. In computing, a handshake is a signal between two devices or programs, used to, e.g., authenticate, coordinate. An example is the handshaking between a hypervisor and an application in a guest virtual machine.
    
  • What is Security theater? The practice of taking security measures that are considered to provide the feeling of improved security while doing little or nothing to achieve it.
    

• License: Creative Commons Attribution-ShareAlike 4.0 International
  
  This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Holiday Challenges Series - Ep 1 - Advent of Code

Since some of the information you are about to hear is time specific, I want to let you know that I am recording this near the end of November in 2023.

Whichever holidays you celebrate this time of year, life generally gets busy and stressful.

It could be shopping
or cooking
or cleaning
or school activities
or buying, assembling, wrapping, and delivering gifts
or planning time with family
or dealing with visiting family
or scheduling time off from work
or managing extra work while others have scheduled time off
or a whole plethora of other things.
This time of year can be stressful.

A few years ago, I discovered a fun activity, which challenged my mind and helped me focus and detach from the stress for a little while each day, through the month of December. It helped me manage the stress in an enjoyable way.

Since then, I have found and tried several other similar activities, so I wanted to share a little about them with you for the next few episodes so you can see what might work for you.

The first I would like to share is called the Advent of Code Challenge (https://adventofcode.com/). In HPR episodes 2973 (https://hackerpublicradio.org/eps/hpr2973/index.html) and 3744 (https://hackerpublicradio.org/eps/hpr3744/index.html), Daniel Perrson shared some great details about this challenge. I encourage you to go review his episodes.

But the TLDR (Or maybe the TLDL -- Too Long Didn't Listen?) for Advent of Code is that it is a 25 day challenge which begins on December 1. Once you register at adventofcode.com, Each day, you will be presented with a problem to solve and some sample data to use for verification that your program works. You can choose to use any programming language or application you desire produce the answer. Last year, I used this to brush up on my Python skills. Others use Visual Basic, C (and all its variants), Rust, Go, etc. I have seen people use Cobol, Fortran, and Pascal, or even Microsoft Excel. It is really up to you. You are then presented a dataset which is unique to your login, and against which you run your code. When complete, you submit the answer came up with on the adventofcode.com web site and they will tell you if you are correct or not.

If you are competitive (And REALLY GOOD) there is a Global Leaderboard. If you want to compete with a group of friends, you can build your own leaderboard and invite others to take part with you.

There are tons of resources online, from youtube channels to reddit (https://www.reddit.com/r/adventofcode/), to Discord (https://discord.gg/tXJh262)

So, if you are looking for a way to challenge your mind and detach from holiday stress, Advent of Code may be something you might try.

If this is not your cup of tea, I will be sharing several other options for holiday challenges in future episodes.

aNONradio: https://anonradio.net
TildeRadio: https://tilderadio.org

Volumio: https://volumio.com/
moOde Audio: https://moodeaudio.org/

I talk about LastPass.

• intro
  • bought a couple of z80 old style computers
  • found this searching youtube
  • cosmac elf-rca 1802
  • https://www.sunrise-ev.com/
• lee hart
  • electrical engineer
  • was there at the beginning of the computer revolution
  • life long love of electric vehicles
• the kit
  • piece of art
  • z80 membership, minimum computer
  • front panel gives self contained system
  • boards, all parts and altoid tin
  • great documentation, schematics, assembly guide and getting started
• the assembly
  • great instructions
  • easy to solder
  • a few tricks to get the boards to fit in the tin
  • i made a dedicated serial cable by modifying ftdi cable
  • i made a battery pack
• usage
  • front panel takes a bit of practice to use (locations of keys)
  • found a z80 assembly language tutorial, hand assembly
  • portable z80 machine to learn
• take away
  • excellent kit
  • if your looking for a gift, many to choose from
  • excellent quality

01 membership card

Click the thumbnail to see the full-sized image

02 membership card back

Click the thumbnail to see the full-sized image

03 front panel card

Click the thumbnail to see the full-sized image

04 front card back

Click the thumbnail to see the full-sized image

05 assembled

Click the thumbnail to see the full-sized image

06 in the can

Click the thumbnail to see the full-sized image

07 things added

Click the thumbnail to see the full-sized image

08 fits inside

Click the thumbnail to see the full-sized image

09 compleat

Click the thumbnail to see the full-sized image

10 docs

Click the thumbnail to see the full-sized image

LEKATO 2 Pack Wireless Microphone with Charging Case

https://www.amazon.com/gp/product/B0C4SNT6QK

• USB C
• Two microphones in a charging case
• Charge phone and use the receiver simultaneously

Claims

• 75 ft. transmission range
• Wireless Mic can work continuously for 5 hours, and the charging box can quickly charge the device 4 times. The total usage time reaches 25 hours

Axet Audio recorder on F-Droid

https://f-droid.org/packages/com.github.axet.audiorecorder

• Works to record stereo with this mic set

XGP-save-extractor

Python script to extract/backup savefiles out of Xbox Game Pass for PC games.

When run, the script produces a ZIP file for each supported game save found in the system.

In most cases the files in the ZIP can be copied to the save directory of the Steam/Epic version of the game. To find out the save file location, check PCGamingWiki.

https://github.com/Z1ni/XGP-save-extractor/releases

This continues our look at how to play Alpha Centauri, and we look at game concepts that set this game apart from others. This episode is all about Social Engineering choices.

Links:

• https://www.palain.com/gaming/sid-meiers-alpha-centauri/playing-alpha-centauri-2/

hpr3989 :: LastPass Security Update 1 November 2023 hosted by Ahuka

Released: 2023-11-16. Duration: 00:09:13. Flag: Clean. Series: Privacy and Security.
Tags: LastPass, password vault.

LastPass was hacked, what should you do?

Listen in ogg, spx, or mp3 format.

hpr3988 :: Beeper.com hosted by operat0r

Released: 2023-11-15. Duration: 00:12:30. Flag: Clean. Series: general.
Tags: chat, messaging, mobile.

operat0r talks about Beeper dot com a multi chat client

Listen in ogg, spx, or mp3 format.

hpr3987 :: The Grim Dawn hosted by Some Guy On The Internet

Released: 2023-11-14. Duration: 00:39:51. Flag: Clean. Series: general.
Tags: Grim Dawn, ARPG, Diablo 4, Video Games.

Sgoti rambles about a video game called Grim Dawn.

Listen in ogg, spx, or mp3 format.

hpr3986 :: Optical media is not dead hosted by Archer72

Released: 2023-11-13. Duration: 00:07:15. Flag: Clean. Series: general.
Tags: Command line, Create ISO, Burn ISO, Optical media, DVD, CD, Blu-ray.

Archer72 shows command line options for creating and writing iso files

Listen in ogg, spx, or mp3 format.

hpr3985 :: Bash snippet - be careful when feeding data to loops hosted by Dave Morriss

Released: 2023-11-10. Duration: 00:27:24. Flag: Clean. Series: Bash Scripting.
Tags: Bash, loop, process, shell.

A loop in a pipeline runs in a subshell

Listen in ogg, spx, or mp3 format.

hpr3984 :: Whoppers. How Archer72 and I made moonshine. Volume one. hosted by Some Guy On The Internet

Released: 2023-11-09. Duration: 00:28:50. Flag: Clean. Series: general.
Tags: Whoppers, Moonshine, Archer72.

Sgoti assists Archer72 with his crazy plan to make moonshine.

Listen in ogg, spx, or mp3 format.

hpr3983 :: ChatGPT Output is not compatible with CC-BY-SA hosted by Ken Fallon

Released: 2023-11-08. Duration: 00:08:56. Flag: Clean. Series: general.
Tags: CreativeCommons, CC-BY-SA, ChatGPT, HPR, CC.

Ken is not a lawyer but is fairly sure that ChatGPT is not compatible with Creative Commons

Listen in ogg, spx, or mp3 format.

hpr3982 :: Conversation with ChatGPT hosted by Archer72

Released: 2023-11-07. Duration: 00:03:38. Flag: Clean. Series: general.
Tags: ChatGPT, EU, GDPR, cookies.

Conversation with ChatGPT about EU Cookie banners

Listen in ogg, spx, or mp3 format.

hpr3981 :: HPR Community News for October 2023 hosted by HPR Volunteers

Released: 2023-11-06. Duration: 00:51:25. Flag: Clean. Series: HPR Community News.
Tags: Community News.

HPR Volunteers talk about shows released and comments posted in October 2023

Listen in ogg, spx, or mp3 format.

hpr3980 :: Huntsville to Vicksburg hosted by Ahuka

Released: 2023-11-03. Duration: 00:15:08. Flag: Clean. Series: Travel.
Tags: RV, travel, southeast US.

From NASA to the Civil War.

Listen in ogg, spx, or mp3 format.

hpr3979 :: FireStick and ad blocking hosted by operat0r

Released: 2023-11-02. Duration: 00:25:01. Flag: Clean. Series: general.
Tags: streaming, tv, ad blocking, youtube.

operat0r talks about recent apps for firestick and blocking ads

Listen in ogg, spx, or mp3 format.

hpr3978 :: Driving in Virginia. hosted by Some Guy On The Internet

Released: 2023-11-01. Duration: 00:30:13. Flag: Clean. Series: general.
Tags: Virginia, Driving, CDL, Fraud.

Sgoti talks about driving in the state of Virginia.

Listen in ogg, spx, or mp3 format.

hpr3977 :: Creative Commons Search Engine hosted by Ahuka

Released: 2023-10-31. Duration: 00:04:37. Flag: Clean. Series: general.
Tags: Creative Commons, public domain, licensed content.

There is a new search engine for Creative Commons content

Listen in ogg, spx, or mp3 format.

hpr3976 :: The Evolution of Windows' Snipping Tool hosted by Keith Murray

Released: 2023-10-30. Duration: 00:05:48. Flag: Clean. Series: general.
Tags: software, screenshot, screen capture, technology, utilities, windows.

KD gives some history of the evolution of screenshot capabilities on Windows.

Listen in ogg, spx, or mp3 format.

hpr3975 :: Mesa Verde 20230618 hosted by Ahuka

Released: 2023-10-27. Duration: 00:10:49. Flag: Clean. Series: Travel.
Tags: Travel, Native Americans, Colorado.

Our story of a day tour in Mesa Verde, Colorado

Listen in ogg, spx, or mp3 format.

hpr3974 :: About USBimager - part 2/2 hosted by Reto

Released: 2023-10-26. Duration: 00:15:38. Flag: Clean. Series: general.
Tags: flash, writing, software, usb.

Why you should be using USBimager too, an introduction.

Listen in ogg, spx, or mp3 format.

hpr3973 :: Creating an equalizer preset for your episodes of HPR hosted by dnt

Released: 2023-10-25. Duration: 00:15:38. Flag: Clean. Series: Podcasting HowTo.
Tags: audacity, equalizer, compressor.

A method of creating repeatable processing for your podcasts

Listen in ogg, spx, or mp3 format.

hpr3972 :: Thunderbird inbox filtering: keeping a clean/orderly inbox. hosted by Some Guy On The Internet

Released: 2023-10-24. Duration: 00:11:02. Flag: Clean. Series: general.
Tags: Thunderbird, email filters, inbox filters.

Sgoti talks about filtering your inbox.

Listen in ogg, spx, or mp3 format.

hpr3971 :: RERERE: How to make friends. hosted by Some Guy On The Internet

Released: 2023-10-23. Duration: 00:36:04. Flag: Clean. Series: general.
Tags: making friends, Mugsup, group chat.

Sgoti and Mugs chat with friends about how to make friends on the internet.

Listen in ogg, spx, or mp3 format.

hpr3970 :: Playing Alpha Centauri, Part 1 hosted by Ahuka

Released: 2023-10-20. Duration: 00:17:01. Flag: Clean. Series: general.
Tags: Computer games, strategy games, Alpha Centauri.

Part 1 of tips on playing Alpha Centauri

Listen in ogg, spx, or mp3 format.

hpr3969 :: Game Sales hosted by Ahuka

Released: 2023-10-19. Duration: 00:14:25. Flag: Clean. Series: Computer Strategy Games.
Tags: RESERVE SHOW, Computer Games, Bargains, Sales.

I have recently found some bargains and wanted the share that with the community.

Listen in ogg, spx, or mp3 format.

hpr3968 :: About USBimager - part 1/2 hosted by Reto

Released: 2023-10-18. Duration: 00:11:21. Flag: Clean. Series: general.
Tags: RESERVE SHOW, flash, writing, software, usb.

Why you should be using USBimager too, an introduction.

Listen in ogg, spx, or mp3 format.

hpr3967 :: Unsolicited thoughts on running open source software projects hosted by dnt

Released: 2023-10-17. Duration: 00:07:31. Flag: Clean. Series: general.
Tags: RESERVE SHOW, software governance.

A man talks to himself during his drive home from work.

Listen in ogg, spx, or mp3 format.

hpr3966 :: Vim Hints: 006 hosted by Some Guy On The Internet

Released: 2023-10-16. Duration: 00:25:03. Flag: Clean. Series: Vim Hints.
Tags: RESERVE SHOW, Vim, :mksessions, :source, .vimrc, vim hints.

Various contributors lead us on a journey of discovery of the Vim (and vi) editors.

Listen in ogg, spx, or mp3 format.

hpr3965 :: I've taken the Conqueror Virtual Challenge hosted by Daniel Persson

Released: 2023-10-13. Duration: 00:04:45. Flag: Clean. Series: general.
Tags: challenge, walk.

Daniel Persson talks about a service where you challenge yourself for better health

Listen in ogg, spx, or mp3 format.

hpr3964 :: Hacker Public Radio at OLF hosted by Thaj Sara

Released: 2023-10-12. Duration: 00:51:18. Flag: Clean. Series: general.
Tags: OLF, Linux Fest, Conference.

Friends from Hacker Public Radio meetup to record an episode from the conference.

Listen in ogg, spx, or mp3 format.

hpr3963 :: Storytelling Games hosted by dnt

Released: 2023-10-11. Duration: 00:19:18. Flag: Clean. Series: Tabletop Gaming.
Tags: storytelling.

Three storytelling-based games, and some thoughts on role-playing games

Listen in ogg, spx, or mp3 format.

hpr3962 :: It's your data hosted by Ken Fallon

Released: 2023-10-10. Duration: 00:07:22. Flag: Clean. Series: Bash Scripting.
Tags: response, bash, rss, xml, xmlstarlet.

Ken shows a safer way to get episodes from HPR

Listen in ogg, spx, or mp3 format.

hpr3961 :: RERE: How to make friends. hosted by Some Guy On The Internet

Released: 2023-10-09. Duration: 00:41:35. Flag: Clean. Series: general.
Tags: Make friends, Mugsup, Klaatu.

Sgoti and Mugs Up chat about, "How to make friends womans edition".

Listen in ogg, spx, or mp3 format.

hpr3960 :: On The Road At Last hosted by Ahuka

Released: 2023-10-06. Duration: 00:17:22. Flag: Clean. Series: Travel.
Tags: RV, travel, southeast US, maintenance.

Preparations are done, and we start out on the road.

Listen in ogg, spx, or mp3 format.