You are here

Feed aggregator

Colin Charles: On device ecosystems

MyOSS Planet Feeds - Sun, 2014-03-02 07:07

I was just listening This week in google #236, and they were talking about device ecosystems. The topic of smartwatches came up obviously. The first Samsung Galaxy Gear was apparently not a good seller because it had a limited app ecosystem and it was tied to just a few devices (I only know one person who has said watch, and wears it regularly).

If Apple builds an iWatch, they will tie it into the iOS ecosystem. This is why Leo Laporte the host likes the Pebble – it works with all his devices.

How many people are Leo with an iPhone and an Android phone? And whatever else is compatible with the Pebble? End users (consumers) usually have one phone. There’s nothing wrong with the iWatch to be tied into the iOS ecosystem — its an awesome ecosystem. Soon you may get cars with iOS on it (just like you can get cars with Linux on it).

The iWatch if Apple makes one will probably be compatible all the way back to the iPhone 4S. It should cover most iOS/iPhone users. And just like the apps you buy in the app store when the iPad came along (first you had iPhone only apps, with double-size; then you had separate iPad apps that would cost more; nowadays many apps are “universal” to work on both and cost the same), I expect something similar will happen with the iWatch. 

That said, I like my analogue watches. I had no interest in the Pebble or the Samsung Galaxy Gear. I’d be interested to see what they do with version 2, which has Tizen (even less apps maybe?). When Apple releases an iWatch, you can be sure I’d probably buy it — I have seen things from all sides, and I like their ecosystem.

Related posts:

  1. Messenger apps revisited
  2. Apple opens up Podcasts, iTunes U in Malaysia
  3. A new phone, new for 9 months?

Categories: MyOSS Planet Feeds

Lee Chin Sheng: Interesting Rootkit: Uroburos

MyOSS Planet Feeds - Sun, 2014-03-02 04:33
My friend ebf0 has shared with me this interesting analysis report from GData Security Lab, you can find the report here -

https://public.gdatasoftware.com/Web/Content/INT/Blog/2014/02_2014/documents/GData_Uroburos_RedPaper_EN_v1.pdf

To understand why the name "Uroburos", we should refer to

http://en.wikipedia.org/wiki/Ouroboros

Doesn't matter it comes from which party, we all know Intel gathering is always there, by the time we know it it seems late by miles. Internet security community needs to work harder together to uncover them as soon as possible.

Cheers (;])
Categories: MyOSS Planet Feeds

Muhammad Shahriman (Yondie): OSINT Tricks: Combining Shodan + The Harvester

MyOSS Planet Feeds - Fri, 2014-02-28 05:31
The Harvester is  a good tools for data mining enumeration during RECON/Information Gathering period. On version 2.2a  the harvester support integration with SHODAN.


In order to use SHODAN services in the Harvester you need to supply the API key . So if you try to use it without supplying the SHODAN API Key.



There is not a proper documentation on how to supply the the Shodan API key but after reading the source code , you need to supply the key at discovery/shodansearch.py

After supplying , the results for information gathering/stalking becoming much more useful.



Categories: MyOSS Planet Feeds

Nicholas A. Suppiah (tboxmy): Managing PostgreSQL with pgsql and pgAdmin3

MyOSS Planet Feeds - Tue, 2014-02-25 10:03
The command line interface (CLI) tool that comes with Postgres server is known as pgsql. Alternatively, pgAdmin3 and phpPgAdmin can be installed.

The pgsql

Among some of the commands for pgsql can be shown as below;





pgAdmin3



Categories: MyOSS Planet Feeds

Nicholas A. Suppiah (tboxmy): Installing PostgreSQL on Centos 6

MyOSS Planet Feeds - Tue, 2014-02-25 09:46
PostgreSQL being an OSS licensed database is very different compared to MySQL. PostgreSQL (or Postges) maintains a repository for Linux systems like Centos to install the database. This repository is known as pgdg and is maintained at yum.postgresql.org or yum.pgrpms.org

Installation of the Postgres comes with psql, this is a CLI to manage Postgres.

Installation of PostgreSQL 9.3 on Centos 6.4 is as follows;

Step 1:
Open a CLI as root user and retrieve the pgdg repo RPM, then install it. This will allow the Centos to find for software from the pgdg.

wget http://yum.pgrpms.org/9.3/redhat/rhel-6-x86_64/pgdg-centos93-9.3-1.noarch.rpm

rpm -ivh pgdg-centos93-9.3-1.noarch.rpm

Step 2:
Install the client and server.

yum install postgresql93 postgresql93-server




Step 3:
Initialise database and tables, and start. This creates the default user postgres.

service postgresql-9.3 initdb
service postgresql-9.3 start
You can now login with the default user to the Postgres terminal as follows;
su postgressudo postgres
Step 4:As the postgres user, create an administrative user, then log out from the psql (use \q), then the shell (Control-d).
CREATE role dbmsuser LOGIN PASSWORD 'password' SUPERUSER;
Step 5:Edit Postgres configuration file;
vi /var/lib/pgsql/9.3/data/postgresql.conf
Uncomment the line and save.#listen_addresses = ‘localhost’ and change it to listen_addresses = ‘*’
vi /var/lib/pgsql/9.3/data/pg_hba.conf
Add a line at bottom of the file to allow non-local connections, e.g.host    all             dbmsuser        10.0.0.1/32            md5

Post installationchkconfig postgresql-9.3 on
Ref: How to Install PostgreSQL 9.2 on CentOS 6.3/RedHat EL6/Fedora
Categories: MyOSS Planet Feeds

Wei Chong: Value Semantics, Concepts Based Polymorphism and Composite Pattern

MyOSS Planet Feeds - Mon, 2014-02-24 13:28
Not long ago, I watched Sean Parent's Value Semantics and Concepts Based Polymorphism.
In the presentation, Sean showed a sample code that manipulates "document type".
Yesterday, while flipping over an old book on my book shelf, Pattern Hatching: Design Patterns Applied, by John Vlissides, I came across his example of using the Composite Pattern to illustrate a simplified file system structure with class Node, class File and class Directory.  There it uses the classical way of inheritance.I couldn't help but notice the similarity between the simplified file system recursive structure of the Composite Pattern with Sean's example of the document inside document.
So, I just play around with concepts based polymorphism a bit.Note that the code may not be optimize or anything, as it is a quick copy-and-modify.
Here is node.h:
#ifndef NODE_H #define NODE_H #include #include #include #include class node_t { struct concept_t { virtual ~concept_t() = default; virtual size_t total_size() const = 0; virtual void print(std::ostream& out) = 0; virtual concept_t* copy() = 0; }; struct file_model_t : concept_t { file_model_t(size_t x) : total_size_(x) {} size_t total_size() const { return total_size_; } void print(std::ostream& out) { out << total_size_; } concept_t* copy() { return new file_model_t(*this); } size_t total_size_; }; struct dir_model_t : concept_t { dir_model_t(std::initializer_list l) : children_(l) {} size_t total_size() const { size_t total_size = 0; for (const auto& c : children_) total_size += c.total_size(); return total_size; } virtual void print(std::ostream& out) { out << "("; auto i = children_.begin(); out << *i; ++i; while (i != children_.end()) { out << ","; out << *i; ++i; } out << ")"; } concept_t* copy() { return new dir_model_t(*this); } std::vector children_; }; std::unique_ptr p_; public: node_t(size_t value) : p_(new file_model_t(value)) { /*std::cout << "ctor file" << std::endl;*/ } node_t(std::initializer_list l) : p_(new dir_model_t(l)) { /*std::cout << "ctor dir" << std::endl;*/ } node_t(const node_t& x) : p_(x.p_->copy()) { /*std::cout << "copy" << std::endl;*/ } node_t& operator=(node_t x) { //std::cout << "assign" << std::endl; p_ = std::move(x.p_); return *this; } size_t total_size() const { return p_->total_size(); } friend std::ostream& operator<<(std::ostream& out, const node_t& n) { n.p_->print(out); return out; } }; using file_t = node_t; using directory_t = node_t; #endif //NODE_H And here is the client code:
#include #include #include "node.h" int main() { file_t f1 ( 10 ); std::cout << "f1: " << f1.total_size() << std::endl; file_t f2 ( 20 ); std::cout << "f2: " << f2.total_size() << std::endl; directory_t d1 { f1, f2 }; std::cout << "d1: " << d1.total_size() << std::endl; file_t f3 ( 30 ); std::cout << "f3: " << f3.total_size() << std::endl; directory_t d2 { f3, d1 }; std::cout << "d2: " << d2.total_size() << std::endl; std::cout << d2 << std::endl; } And this is the output:
f1: 10 f2: 20 d1: 30 f3: 30 d2: 60 (30,(10,20))
Note how the directory nests the subdirectory.
More importantly, the value semantics of the client code, polymorphism without reference or pointer, cool!

Admittedly, I'm quite new to this concepts-based polymorphism technique, and may also not be paying too much attention to other aspect of the C++ code in general. If you find any mistake, feedback and advice are appreciated.

Categories: MyOSS Planet Feeds

Lee Chin Sheng: The Practice Of Network Security Monitoring

MyOSS Planet Feeds - Mon, 2014-02-24 09:10
Year 2014 will most probably be a refreshing year to myself, everything is like new all over again and what should I do next is important.

NSM has been big part of my career and I'm back to the root, and I would like to discuss/share anything regarding this huge topic. The first thing I would most probably do is to grab the book that is written by my friend - Richard, The Practice Of NSM. Thank you for your effort to write this book, it is really tough to stay focused and finished a book especially for a busy person like you.

Second thing to do would be reviewing the new version of existing tools, and also new tools that kick in without me noticing - Netsniff-ng, Snort, Suricata, Bro-ids, Argus, NetworkMiner, SIFT and many more, you name it.

Third thing to do is sharing, to share what I have found and learned, in the world of IT security.
Categories: MyOSS Planet Feeds

Colin Charles: Time spent on PR

MyOSS Planet Feeds - Sat, 2014-02-22 16:00

How WhatsApp’s Arora Sealed Facebook Deal – Digits – WSJ: Time spent on PR is time not spent ‘making your users happy,’ Arora said. ‘The users you get from press and hype are not the best users.’

Related posts:

  1. Too many INBOXes
  2. Roaming data
  3. The quotable Satya Nadella

Categories: MyOSS Planet Feeds

Mohd Izhar Firdaus (KageSenshi): Reboot!!!!!!!!!!

MyOSS Planet Feeds - Thu, 2014-02-20 19:07
So I guess I have been missing from posting things on this blog for over a year now ... Bunch of stuff happened in the past years .. theres a likelihood that I might be back ^_^ .. 

- Izhar Firdaus -
Categories: MyOSS Planet Feeds

Nicholas A. Suppiah (tboxmy): Italian God Fathers May Run Open Source

MyOSS Planet Feeds - Thu, 2014-02-20 01:37
In the current economic challenges, many countries are looking at saving cost via ICT and Italy is not an exception. Umbria, a region in the centre of Italy that produces cheese, lentils, truffles and have a relatively large number of small industries. This 900,000 strong population region is home to an active GNU/Linux User Group Perugia.

In 2012, Umbria saw the start of a revolution to switch to LibreOffice, which is LGPL or open source software (OSS) licensed. LibreOffice provides office productivity tools that include a word processor (like MS Word), presentation (like MS Powerpoint), spreadsheet (like MS Excel) and more. Advantages of this software is that it is free to download and install for almost all computers as it supports MS Windows, Linux and Mac platforms. Most popular editable document formats can be open and edited and its interface is rather intuitive and easy to use. It comes with a portable version where users can install it on a USB drive and carry it around to run LibreOffice any where. A built in PDF converter allows any edited file to be frozen and to be distributed with read only access and consistent format.

Through LibreUmbria, schools were introduced to use LibreOffice as their primary document editing applications before it was expanded further further to other organisations. This also received the government's top innovation award for Italian Government Projects in 2012/2013. Will the rest of the Italian Government follow suit?

Read up news on the region of Umbria to switch over from MS Office to LibreOffice.

Jan 16, 2014 from ZDNet
Sep 26, 2013 from LibreOffice
Jun 5, 2013 from Document Foundation Blog


Categories: MyOSS Planet Feeds

Nicholas A. Suppiah (tboxmy): Passwordless root SSH Public Key Authentication on CentOS 6

MyOSS Planet Feeds - Wed, 2014-02-05 01:55
Need to remote login to linux servers?

Create a public key and store it in the remote server. By default it is recognised as authorized_keys but this is fully configurable. The ssh-keygen generated the public key with RSA that is by default called id_rsa.pub

A well written article to do this can be found at Passwordless root SSH Public Key Authentication on CentOS 6

An alternative sshpass command as mentioned in January 31, 2014 Linuxpromagazine seems to force users to make the password visible. Good that this is no available in a default Centos 6, as this will help to maintain good password practices. I.e. do not have password kept where anyone can read it.
Categories: MyOSS Planet Feeds

Colin Charles: The quotable Satya Nadella

MyOSS Planet Feeds - Tue, 2014-02-04 23:48

Microsoft has its third CEO in its entire history (started 1975), Satya Nadella. Some choice quotes & thoughts…

Via WSJ:

What drives me every morning and what keeps me up every night is one thing: this business is not about longevity, it’s about relevance.

Via his letter to his employees:

Our industry does not respect tradition — it only respects innovation.

Many who know me say I am also defined by my curiosity and thirst for learning. I buy more books than I can finish. I sign up for more online courses than I can complete. I fundamentally believe that if you are not learning new things, you stop doing great and useful things.

This starts with clarity of purpose and sense of mission that will lead us to imagine the impossible and deliver it. We need to prioritize innovation that is centered on our core value of empowering users and organizations to “do more.”

I truly believe that each of us must find meaning in our work. The best work happens when you know that it’s not just work, but something that will improve other people’s lives.

Not sure about this “one microsoft” idea (I hear too much of 1Malaysia), but the elements required to aspire to change the world stand strong: talent, resources, and perseverance.

Definitely an exciting time to see what Microsoft can bring to the table. Not to mention that opensource and cloud computing is pretty much everywhere these days…

Related posts:

  1. Information diets and media biases
  2. The goat comes to town
  3. The Art of Innovation – Guy Kawasaki

Categories: MyOSS Planet Feeds

Colin Charles: Bitcoin Exchanges can’t work in Malaysia

MyOSS Planet Feeds - Tue, 2014-02-04 10:30

News today: Genneva (gold trading company, launched by former Prime Minister Mahathir) Malaysia director charged with accepting deposits without a license.

So if you’re thinking of a Bitcoin exchange in Malaysia, think again. Bank Negara Malaysia obviously doesn’t think much of Bitcoin. How will you accept deposits without a license? 

Singapore on the other hand proves itself to be in the forefront of finance: treat Bitcoin like a product. Read the full IRAS statement. Singapore is about to get its first Bitcoin ATM soon.

For further reading, see the BAFIA 1989, in its entirety. Once again, laws that prevent innovation.

Related posts:

  1. Boom or inflation in Malaysia?
  2. Malaysia’s Evidence Act – #STOP114A
  3. Tax incentives for angel investors in Malaysia

Categories: MyOSS Planet Feeds

muhd. zamri: Mageia 4

MyOSS Planet Feeds - Tue, 2014-02-04 01:31
Mageia 4 has been released on Feb 3rd 2014. For Mageia 3 users, you will get a notification to upgrade. Just click on it and after answer a few questions, you're set to go. I just did that and at the time of this writing, I'm using Mageia 4. 
From my point of view, I didn't notice any major differences in terms of usability beside the usual change of wallpapers, screensavers and a little bit of widgets. I'm sure, overtime I will find more and more. The Welcome dialog (see below) is a very good approach for newcomers and newbies alike to Mageia world. 
For those who are in search of a distro, Mageia is worth to try.

Enjoy!
Categories: MyOSS Planet Feeds

Muhammad Shahriman (Yondie): Uploading files on an interactive windows shell. Part 2 ..

MyOSS Planet Feeds - Sun, 2014-02-02 07:01
Based on previous post. A reader ask me how the heck should i get a psexec uploaded on the system on the first place? Good question..

First technique introduced by our favorite vendor of all time. That's right folk microsoft...!!!


If you don`t believe me..


2nd technique. What happen if our firewall blocked SMB/WebDAV protocol.. Then we can upload it back manually using VB Script as describe by SK Chong in Phrack Issue 62 at 6.b



3rd. Technique. If we are on Windows 7/2008/8.1 . Hello One Line Powershell 


Endless imagination.
Categories: MyOSS Planet Feeds

Seymour Cakes: Book review: Groovy 2 Cookbook

MyOSS Planet Feeds - Sat, 2014-02-01 15:31


(Disclaimer: I got a copy of Groovy 2 Cookbook from Packt for review)

A good cookbook will help you learn something quickly, or guide you to solve a problem in simpler way. On both count this book has done a good job.

I find the 'Using Groovy Language features' chapter easy to follow and will be helpful for newbies to learn Groovy quickly. However I think they missed out focused topics on Collection.

The chapter on Meta-programming and DSL is particularly helpful. I have learned new tricks on applying DSL in my day to day work.

The chapter on concurrent programming is decent but I feel could be better with more simpler examples. This is the chapter where it reads like a overview of what gpars can do for you but if you don't have a good grasp of concurrent programming then examples can be confusing very quickly. I wouldn't recommend newcomers to learn gpars from this book and instead learn from the online doc directly.

Maybe it's the nature of Groovy where the language is already quite easy to read and understand -- this book can be seen as struggling to compete with the very concise and clear online documentation.

As somebody who has been programming with Groovy for many years, I would recommend a this book to Java programmer who would like to get a good grip of Groovy language quickly. Otherwise this book offer little to seasoned Groovy programmer.
Categories: MyOSS Planet Feeds

Colin Charles: Percona Live MySQL Conference & Expo Santa Clara 2014

MyOSS Planet Feeds - Sat, 2014-02-01 07:02

I’m looking forward to being at Percona Live Santa Clara 2014 later this year (April 1-4 2014). You should definitely register now. Early bird ends soon, and if you’re looking for a discount, here’s a 10% discount code - SeeMeSpeak

SkySQL will have a booth. I’m hoping the DotOrg Pavillions continue, so that MariaDB can have a booth too.

If you want to know about MariaDB 10, come to the complete tutorial given by Ivan Zoratti and me. MariaDB 10 clearly has differences and its worth noting them, and embracing the new features.

I will also speak about Automated MySQL Failover with MHA: Getting Started and Moving Past Its Quirks. There are changes to allow it to work with GTID, there’s a script floating around that has a resource agent for MHA, and there have been even more deployments to talk about. 

I’ll plan my calendar of talks soon, but in the meantime, don’t forget to register now, and there’s a 10% discount – SeeMeSpeak.

Related posts:

  1. MariaDB at Percona Live Santa Clara
  2. More MariaDB after Percona Live Santa Clara
  3. Upcoming talks in Santa Clara

Categories: MyOSS Planet Feeds

Colin Charles: Changes in MySQL 5.7

MyOSS Planet Feeds - Sat, 2014-02-01 06:45

I wish more discussion happened on the internals mailing list, but if you’re interested in finding out what’s upcoming/changing in MySQL 5.7, so far the best resources I’ve found are:

I like this “train” development model, but I wonder how it really syncs with the labs releases. Multi-source replication is still against 5.7.2?

Related posts:

  1. New MySQL 5.6 Features by Oli Sennhauser
  2. MySQL HA reloaded by Ivan Zoratti
  3. Some MySQL-related links

Categories: MyOSS Planet Feeds

Colin Charles: Tab sweep January 2014

MyOSS Planet Feeds - Sat, 2014-02-01 06:28

Related posts:

  1. Tab sweep
  2. Quick tab sweep
  3. Tab Sweep – March 2008

Categories: MyOSS Planet Feeds

Muhammad Shahriman (Yondie): Leveraging psexec locally to execute privileged command..

MyOSS Planet Feeds - Fri, 2014-01-31 09:31
Gong Xi Fa Choy to all of you. Not really a good start year for me, my daughter is sick. But I need to go to Jakarta next week to teach  a Digital Forensics/Anti-Forensic class. Okay anyway this is another trick to use sysinternal tools in a hackish way.

Case Study

  1. In a social engineering campaign attack, you managed to pivot your way into a machine with low privileged (guest) windows access machine.
  2. You have an admin privileged  username and password but RDP is impossible or runas doesn`t work.
  3. Ingress/Outgress Firewall kicked in.. so psexec remotely is impossible.
  4. For Fun!!!!!
Suppose a we backdoored a normal user with a bind shell at port 4444


As you can see add user is kinda impossible due to limited priviledge. Let's assume we know the password of user admin which is admin123 .    Can we use runas command?


It seems our runas command failed due to the fact that our bindshell backdoor is an interactive shell  that couldn`t compensate normal stdin..

All hope is loss? Nope we can use psexec to bypass this circumstances.  I would say "psexec is  like sudo"


Why do I like psexec? I believe internal tools is the "universal windows backdoor."



This idea pops up thanks to stackoverflow http://stackoverflow.com/questions/12456675/single-line-command-for-run-as-different-user-in-window-7-that-contain-password
Categories: MyOSS Planet Feeds
Subscribe to wahlau&#039;s online hut aggregator