HiR's Best of 2009

Well, it's almost the end of 2009, so it's time once again for the best of HiR!

Top content
#1: Still reigning the top of the chart for the second year in a row: the DIY Lock Picks Series.

Using commonly available tools and materials such as a few pairs of pliers, a dremel or bench grinder, hack-saw blades, old windshield wipers, and even street-sweeper bristles, we went through and showed you how to make your own set of reliable lock picks and tension wrenches. Most of the hits seemed to come from Google Image Search, where people were looking for lock pick templates.

In the #2 spot this year: The Evil WiFi Series of articles.

The greedy access point stuff has been around for a while, and it's known as "karma" in the infosec industry. Digininja brought easy karma to the La Fonera with Jasager. Browser exploits are nothing new but Metasploit is boss. Hamster and Ferret were a bit of a game changer, introduced last year by Errata Security. They made it easy to import cookies from network traffic.

I'm pretty sure I'm the first one to have tied them all together into a portable system so evil and sinister that it even schooled some of the most paranoid and wary hackers at DefCon 17. I gathered more than 1,000 live session cookies from hundreds of different machines over the course of the weekend.

This was probably my favorite project of 2009. It's too bad that DefCon is the only real time I've used it on live targets. I just don't have it in me to take over a coffee shop or an office park with this rig. It'd be too easy, and morally wrong. Makes me wish I was a pentester again. I'd wreak havoc with it.

Many other outlets picked up the story. Among them: Dark Reading, Hak 5, Daily Radar and Remote-Exploit. From there, it started hitting the social bookmarking sites as well.

I don't know why, but they seem to spike on occasion from StumbleUpon. For instance, this last week, I got about 2,000 hits on the series in two days and then its hits went back down to normal again. Strange. And it's not the first "viral" spike like this in 2009. That's how the series made its way to #3.

Perhaps more people are using OpenBSD to host web-apps than I'd thought?

#4: Testing an ATX power supply - Again. It was on the 2008 list as well.

I wasn't even spot-on accurate in my article, but plenty of the information there is useful enough to get you started.

Some of our more knowledgeable readers picked up the slack and left some more really good advice in the comments of this post.

It seems to have gotten its share of traffic because ATX power supplies go out frequently, and the first place that do-it-yourselfers turn to is Google. This article is read many times per week.

#5: Open Letter from Geeks to IT Recruiters and Hiring Managers

There were tons of mixed reactions to this. Almost all non-managerial geeks cheered me on. Several hiring managers raised their glass and linked to the post. Others scoffed and told me to get a life, since there's no way I'll ever understand what it's like until I am in charge of hiring people. Some even went as far as to say I wouldn't make it as a hiring manager. What bleeds leads, and this controversial diatribe picked up some serious hits when I first put it out.

Down to #6 from our #2 spot in 2008: Tethering.

Even if it is against the terms-of-service agreement, tethering rocks and people everywhere know it! It's a fundamental way to bypass the web filter at the office, school or library, and it's a way to stay off of hostile networks at conventions like DefCon, although it by no means grants you a shield of immunity at such events. It's also great for instilling envy into my fellow transit riders when I-35 turns into a parking lot. I should probably dig out my notes from the September '09 2600 meeting, where I discussed tethering in a bit more detail.

Up two spots from last year to #7: Jornada WiFi Scanning

It's smaller than any NetBook, but more powerful than some of the ultra-tiny gadgets like the ZipIt. It's a great balance of form and function, and despite the fact that these relics have been out of production for nearly a decade, people are still searching for ways to make good use of them. This is another useful series that didn't really go viral, but people keep finding it via search.

#8: CHDK

CHDK is practically essential for anyone who owns a Canon camera. It unlocks potential that's great for HDR photography or just getting the most out of your relatively inexpensive camera.

Everyone loves a good holy war. Among geeks, few get as heated as the ones over which software is better. I tried to take a balanced approach to this one, as I'm generally an operating system agnostic. I come off as a BSD zealot sometimes, because I'd like more people give the underdog a chance once in a while.

Of the underdogs, I feel OpenBSD's probably one of the most useful, particularly for those interested in security.

DefCon is usually kind of a big deal among hackers. It's a good show every year, and this was my second year in a row. Some of the HiR crew made it to DC6, 7, 8 and 9, but we took a break. Here's hoping I can make it again next year. With Blizzcon happening the same weekend as DefCon 18 (my wife's kind of a WoW nerd) it should be interesting.

Top Referrers:
Of course, we have to thank others who found our content useful enough to link to us. The top 10 NON-Search referrers in 2009, listed in order of most referrals were:

#3: Hak5
#10: Some guy whose spanish readers really loved our whiteboard hack (wtf?)

Top HiR search terms of 2009:
This is what people searched for that landed them here one way or another. Most of these are no surprise. #9 boggles me but I know what article it refers to, I just don't know why it got searched for so often.

#1: epoch fail
#2: bsd vs. linux
#3: make your own lock picks
#4: lock pick templates
#5: jasager ferret
#6: hir
#7: information report
#8: jasager
#9: comment: a revocation certificate should follow
#10: luggage zipper pulls

It's also worth mentioning that our RSS feed is on fire lately, and those don't even count as website hits.

blog comments powered by Disqus