Wednesday, February 27, 2008

UNIX tips: Learn 10 good UNIX usage habits

Good tips to learn, whether you're new or familiar with *nix systems. =)

Monday, February 25, 2008

The Raw Feed: New Hacker Tool Hijacks Google to Find Passwords

From the Raw Feed

I'm going to check out this tool's innards man. Goolag Scan was made by the same guys (Cult of the Dead Cow) who made Back Orifice sometime back.

[Update] The scanner makes use of Johnny Long's Google Hacking Database to create search queries in Google using google dorks. Very nice tool, sort of like CAL9000 using RSnake's XSS cheat sheet XML file.

Sunday, February 24, 2008

I don't think I'll trust SG's credit card handling for now


Random picture taken from Suntec city exhibition hall. Noted interesting by someone near me ;-) Maybe got prize for the one who guesses what exactly is "interesting" :-D

On a more serious note, the way things are currently done in Singapore only facilitates credit card fraud and raise alarm bells in security-paranoid people like myself, at least until someone gets burned really badly and the media hypes it up, then everyone will take note.

Take for example the restaurants we have here. When we foot the bill by credit or debit card, in many restaurants the helpful waiters/waitresses bring your card in a holder to the cashier where they do the transaction, bring the receipt back to you for signing before returning you the card. And in the process the card goes out of sight for a while, a very juicy opportunity for the numbers (from the front and the back 3 "security" numbers) to be recorded and to be used to buy _____ from ebay by some fellow.

Well, the tour agency we went to today took things one step further, writing the ENTIRE credit card number on the receipt when they make a transaction (and it is also done out of sight). The reason they gave was that the number was "for records purposes" (and to appease us they helpfully cancelled out the number with a line and countersigned it :-D As if that would help...). Thinking about it, this process only made it far easier for anybody to steal others' (the customers' in this case) card numbers for misuse (just remember the 3 digits on the back of the card).

I'm not writing this to target the poor fellows who suddenly had to deal with such a weird complaint/request about writing the number on the receipt (which even the banks themselves don't do!). But what I'm saying here is that companies should have better methods of handling customers' information, including NOT storing things that they shouldn't.

Even credit card issuers do have points of failure in this. I hope that they'll stop trying to persuade me to get even more cards from them when it is explicitly stated in the MoneySense guide not to get more cards than necessary. :-D The irony being that this guide is distributed with every card given out!

I like to have the convenience and options of the credit system. But looking at how credit cards are handled currently in Singapore, I think I'll stick to using my NETS card or cash for offline purchases. I don't want to appear in tabloids as a victim of credit card fraud :-D

Saturday, February 23, 2008

It seems that making simple(r than the usual) wedding plans do come with their own set of problems as well.

With the constraints that we face currently, we definitely will not be able to invite everyone that we'd wish to invite, and the range of responses I got from friends spanned the gamut: from the indifferent response to the I'm-kinda-ok-with-that response to the not-pleased-with-that-at-all kind of response.

In Singapore, it seems that all around assumes that there'll be some kind of arrangement at least to accomodate everyone around for at least the ceremony &/or dinner.

It does suck to break the news to those who'd really wish to be there on that day itself. But whether in the end an arrangement is fulfilled to celebrate with you in an alternative arrangement or not, rest assured: to the only few friends (outside of church) that I've come to know and keep in contact over the years, you're just as important to me as the church family, family and relatives that I know too, even though we don't meet regularly or relate to one another in the same way all the time.

Friday, February 22, 2008

Breaking Hard Drive Encryption

Princeton University has come up with (successful) research results on hard drive encryption breaking.

Shockingly simple, it relies on the fact that memory (DRAM) doesn't lose its contents immediately after powering down, thus the en(/de)cryption keys can be retrieved for use by an attacker. Which means that all the data in the supposedly safe hard drive can be read once that happens.

The only way to be safe (currently) is for your laptop to be shut down or in (true) hibernate mode when the thief gets access to/steals your laptop. More elaborations in the last few minutes of the video.

Links from the main page:
Their FAQ.
The experiment details (/how to test for this).
Related videos and images.

Wednesday, February 20, 2008

Top-10 Application-Design Mistakes

For those who're involved in (web-related) design in any way, some really good tips here.

Sunday, February 17, 2008

No Tech Hacking book released

Johnny Long's No Tech Hacking book has been released!

It's interesting to see how "hackers" can make use of everyday situations and objects to perform an attack on a "system", without the high tech gadgetry. If James Bond reads this, maybe Q will be out of a job =D yeah right.

In any case, will try to buy/borrow/beg for one when it becomes available.

A sample chapter can be found here.

Tuesday, February 12, 2008

Met up with a couple of my cousins for dinner today, and dropped by my aunt's place for a while on the way back home...

It feels weird, including a mixture of relief and gladness, to finally have a normal conversation with them. After these 10 over years of separation due to circumstances..

My aunt has grown pretty thin as compared to back then. Maybe it's due to the recent events in their life also.

Wednesday, February 06, 2008

New project?

Will be trying to do up a simple mailing list program for use, and also for practise. Maybe I'll post up the process and the documents generated in the process, if anyone is interested in looking at how (badly) I do it this time ;P

Sunday, February 03, 2008

No one in the church is perfect on this side of Christ's return...

(If anyone says that this is true, let me tell you a secret..... He/she's lying)

...But it does consist of family members accepted and adopted by God because of what Jesus Christ did some time ago.

It is of great concern and worry to see what has been happening, especially if I myself could have contributed in doing something wrong.. but I really hope that things will be thrashed out and reconciled within the affected group of people soon..

It would be really sad to see people falling away because of unreconciled problems, either from misunderstandings &/or wrongdoings. We're all of the status work in progress aren't we?

Friday, February 01, 2008

Creating a tar.gz MyDSL extension

This HOWTO is meant to be a correction for the steps found in the DSL wiki to create a MyDSL extension for 4.2.4.

I'll be focusing on the steps to package the extension itself, assuming that the application has already been tested to work from within the /opt folder.

The program for the instructions will be called my_program ;)

Step 1:
Create working folder to hold all the needed files for the extension. Note that all commands following this step will be run from the /home/dsl/work folder, and not from the / folder.
sudo su
mkdir -p /home/dsl/work/opt
cd /home/dsl/work/


Optional:
If we want an icon on the desktop for the extension.
mkdir -p ./home/dsl/.xtdesktop

Copy in the icons to ./home/dsl/.xtdesktop!
cp [location_of_icon] ./home/dsl/.xtdesktop

Create the .lnk file neeeded.
touch ./home/dsl/.xtdesktop/my_program.lnk
nano ./home/dsl/.xtdesktop/my_program.lnk

A sample of the .lnk file:
table Icon
Type: Program
Caption: ImageMagick
Command: /opt/imagemagick/bin/display
Icon: /home/dsl/.xtdesktop/imagemagick.xpm
X: 420 (X position)
Y: 384 (Y position)
end


Optional:
If we want a menu entry in the DSL menu for the extension (most probably, unless the application is mainly run from console with parameters)
mkdir -p tmp/mydsl.menu
touch tmp/mydsl.menu/my_program

Edit the menu entry file.
nano tmp/mydsl.menu/my_program

The format for the contents of the file is as follows:
[exec] (display name) {command}

An example:
[exec] (Launch my_program) {sh /opt/my_program/launch.sh}

Just add more lines to the file using the same format for additional menu entries.

Step 2:
Copy the program files.
cp -Pr /opt/my_program ./opt/

# only if there are other files needed in /home/dsl
cp -Pr /home/dsl/whatever ./home/dsl/


Step 3:
Change ownerships.
chown -R 0.0 ./opt/
chown -R 0.0 ./tmp/
chown -R 1001.50 ./home/dsl/
chown 1001.50 ./tmp/mydsl.menu/my_program


Step 4:
Create file list.
find . > files.txt


Step 5:
Edit the file list, remove all entries that're directories &/or dot paths (refer to wiki)
nano files.txt


Step 6:
Create the archive.
tar cvf my_program.tar --no-recursion \
--numeric-owner -T files.txt

gzip -9 my_program.tar


Optional:
If this is an extension for the official DSL repository, be sure to create an info file (check some of the others for reference) and md5sum:
md5sum my_program.tar.gz > my_program.tar.gz.md5.txt


Troubleshooting:
- If the extension might not work at first, try checking the shell scripts for dot (/relative) paths and changing them to absolute paths.





PS: Do drop me a comment if you found this useful, or if you have any comments/suggestions to leave behind!

Making a new DSL cloop file

This HOWTO is meant to be a correction for the steps found in the DSL wiki to create a new cloop file for 4.2.4. I'll leave the why for your reading from that page itself. ;)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some things to note before we start:

DSL usually represents the path and file of the KNOPPIX image as
/cdrom/knoppix/knoppix
when in MSDOS/Windows it's represented as
[drive]:\KNOPPIX\KNOPPIX

You should always type the image filenames in DSL as all caps even though it shows up otherwise, in case of any incompatibilities with syslinux/isolinux. ;)

I use /tmp as the base working folder. Feel free to use any other folder that has enough space.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step 1:
Locate where the KNOPPIX image is stored and setup a loop device to access the image.
sudo su
losetup /dev/cloop1 /cdrom/KNOPPIX/KNOPPIX


Step 2:
Mount the cloop.
mkdir -p /mnt/loop
mount /dev/cloop1 /mnt/loop


Step 3:
Copy everything to the temporary storage.
cp -a /mnt/loop /tmp
SAND_BOX=/tmp/loop
cd $SAND_BOX


Step 4:
Do what you want with the temporary storage ;)

Step 5:
Create a new compressed image.
mkisofs -hide-rr-moved -allow-leading-dots \
-R -l -V "KNOPPIX ISO9660" \
-v -allow-multidot $SAND_BOX | \
create_compressed_fs - \
65536 > [location_for_new_image_file]/KNOPPIX2


Step 6:
Unmount and detach.
cd $HOME
umount /mnt/loop
losetup -d /dev/cloop1


Optional:
If you're storing the new image file on a USB thumb drive, remember to make sure that the file is properly written to it before unplugging it. The way I do it is to unmount the volume, wait for the command to complete, then unplug.
umount [mount_point_for_USB_thumbdrive]


Testing:
We can test the new image file using this cheat code at startup (for syslinux/isolinus) :
dsl knoppix_file=KNOPPIX2



PS: Do drop me a comment if you found this useful, or if you have any comments/suggestions to leave behind!

DSL articles

Will be writing a couple of short HOWTOs for Damn Small Linux (DSL). Both to record down the steps, and also to correct the steps as shown in the original DSL wiki.

[update]
Making a new DSL cloop file (adapted and modified from here)
Creating a tar.gz MyDSL extension (adapted and modified from here)