Planet Fakap

Where all fakapers unite!

RSS

KFC Bayan Baru Sunshine


Links for 2010-03-08 [del.icio.us]


How To Tweet From Ham Radio Using APRS And 73s.org




How this things work ?

When you send a message to "73s" using your APRS setup, the 73s computer will pickup the message that you sent and relay it out to Twitter. For more information, visit http://73s.org.



Ham Radio Using Linux





Ham radio and linux is my main passion right now. im writing this post to encourage all ham radio operators to consider using open source operating system for their everyday task such as controlling their rigs, logging, plotting, creating new electronic circuits, designing new antennas, encoding or decoding morse code, psk31, rtty, APRS tracking system and much more.

LinuxJournal magazine has already covered linux and ham radio on their past edition. Check out http://www.linuxjournal.com/ham. Thanks to David A. Lane, KG4GIY. One of Fedora members also wrote a guide to amateur radio on his website, http://jjmcd.fedorapeople.org/amateur-radio-guide/. Ubuntu got it's own wiki for amateur radio, https://wiki.ubuntu.com/AmateurRadio.




Quote of the day

"A Linux box is both a powerful communications platform and a really neat gadget! What ham could resist? - Jerry KF6VB"

New approach, old objective..


img source: wearecentralpa.com

My email used to be bombarded with spam or phising emails either for Paypal, Maybank or CIMB and sometimes Amazon as well. Usually these emails are in the same format (sometimes even same wordings), same email subject and lil bit different header images and of cause different sender address. But today (the email actually received yesterday but I only open my trusted Thunderbird today) the content is lil bit different, convincing enough and yeah even the sender address seems like from legitimate source for the unsuspecting users.

As usual my Thunderbird categorized this email as probable Scam Email (as for some of my unfortunate friends email as well haha). Anyway for the first time I just remove the Scam tag and let the image load (after checking the email content source of cause).

As you can see the link stated in this email SEEMS to point to actual maybank2u website. But wait.. do not click it yet. Just move your mouse over the link and you can see the exact place where this link will lead you..

Yup.. Instead of going to maybank2u website, the link actually will lead (or mislead in this case) you to http://foto.asmul.com/gallery2/modules/icons/iconpacks/KSIcons/M2ULogin.doaction=Login.htm ;) . So what if you really click on that link? For a start Firefox will not publish the site immediately but will give you an ample warning about that site instead.

And if you superbly ignorant or stubborn and choose to ignore the warning instead, you will be presented with this page

Ok even though the page bear resemblance with the actual maybank2u login page (refer image below) but IF you compare with these two, there are few glaring items that HOPEFULLY will make you aware that you are in a wrong/spoof/phising/tipu/kencing site.

The most obvious one is the address of the link. IF you are presented with maybank2u login page but the url shows address others BUT maybank2u’s, close your browser/tab and for precautionary move, run your antivirus or whatever anti spyware/bot/adware that you have in order to detect any possible unwanted malware (malicious software) downloaded unwittingly into your precious computer.

Like in this case, instead of having this address on the url field: https://www.maybank2u.com.my/mbb/m2u/common/M2ULogin.do?action=Login; you can see the address actually is http://foto.asmul.com/gallery2/modules/icons/iconpacks/KSIcons/M2ULogin.doaction=Login.htm with maybank2u login page.

Besides there’s a date on actual maybank2u’s login page, there are other differences that you should notice. Be my guest to download the images and play the “spot the different” between those images yourself as I’ve had enough of this game during my school years ;)

The real maybank2u's login page

Well what will happen if you login or inserting your credential at this page..

Unless your username is testing and the password is 12345678abcd, you have nothing to worry about. And even with this false information, the page will “process” and lead you to another page..

Yup.. the infamous “update your Profile” page. Again unless your email is spongebob@krustykrab.com (is it yours?? sorry but I think you do not have maybank2u account rite? You do?…)

And the rest of the process is similar with the old phising scam.. Get TAC number, enter your TAC number, and the usual do not login to your account within 24 hours..

That’s for now. it seems there’s something interesting from the traffic generated by these activities. Will update on later post.

Oh yeah, it seems the site has been taken down ;)

Anyway.. be careful and IF you have doubts, ALWAYS call your bank whenever you received any email from them. Just for confirmation and yeah you have to call them even you know that their Customer service is SUCKS..


Burn CD dengan dd command

Dah lama tak menulis.. agak sibuk. Tadi baru burn CD gune DD command..dah lama tak main "dd" ni...

Mula-mula check kat mana posisi disk kita...

root@auber:~# cdrecord -scanbus



scsibus1:
1,0,0 100) 'TSSTcorp' 'CD/DVDW SH-S182F' 'SB01' Removable CD-ROM
1,1,0 101) *
1,2,0 102) *
1,3,0 103) *
1,4,0 104) *
1,5,0 105) *
1,6,0 106) *
1,7,0 107) *


Then kalo tengok kat atas posisi dia 1,0,0...


root@auber:~# cdrecord -v -dao -dev=1,0,0 /backup/debian-504-i386-CD-1.iso



TOC Type: 1 = CD-ROM
scsidev: '1,0,0'
scsibus: 1 target: 0 lun: 0
WARNING: the deprecated pseudo SCSI syntax found as device specification.
Support for that may cease in the future versions of wodim. For now,
the device will be mapped to a block device file where possible.
Run "wodim --devices" for details.
Linux sg driver version: 3.5.27
Wodim version: 1.1.9
SCSI buffer size: 64512
Device type : Removable CD-ROM
Version : 5
Response Format: 2
Capabilities :
Vendor_info : 'TSSTcorp'
Identification : 'CD/DVDW SH-S182F'
Revision : 'SB01'
Device seems to be: Generic mmc2 DVD-R/DVD-RW.
Current: 0x0009 (CD-R)
Profile: 0x0015 (DVD-R/DL sequential recording)
Profile: 0x0016 (DVD-R/DL layer jump recording)
Profile: 0x002B (DVD+R/DL)
Profile: 0x001B (DVD+R)
Profile: 0x001A (DVD+RW)
Profile: 0x0014 (DVD-RW sequential recording)
Profile: 0x0013 (DVD-RW restricted overwrite)
Profile: 0x0012 (DVD-RAM)
Profile: 0x0011 (DVD-R sequential recording)
Profile: 0x0010 (DVD-ROM)
Profile: 0x000A (CD-RW)
Profile: 0x0009 (CD-R) (current)
Profile: 0x0008 (CD-ROM)
Profile: 0x0002 (Removable disk)
Using generic SCSI-3/mmc CD-R/CD-RW driver (mmc_cdr).
Driver flags : MMC-3 SWABAUDIO BURNFREE
Supported modes: TAO PACKET SAO SAO/R96P SAO/R96R RAW/R16 RAW/R96P RAW/R96R
Drive buf size : 1056000 = 1031 KB
Beginning DMA speed test. Set CDR_NODMATEST environment variable if device
communication breaks or freezes immediately after that.
FIFO size : 12582912 = 12288 KB
Track 01: data 645 MB
Total size: 741 MB (73:28.32) = 330624 sectors
Lout start: 741 MB (73:30/24) = 330624 sectors
Current Secsize: 2048
ATIP info from disk:
Indicated writing power: 6
Is not unrestricted
Is not erasable
Disk sub type: Medium Type C, low Beta category (C-) (6)
ATIP start of lead in: -11231 (97:32/19)
ATIP start of lead out: 359846 (79:59/71)
Disk type: Short strategy type (Phthalocyanine or similar)
Manuf. index: 27
Manufacturer: Prodisc Technology Inc.
Blocks total: 359846 Blocks current: 359846 Blocks remaining: 29222
Speed set to 8468 KB/s
Starting to write CD/DVD at speed 48.0 in real SAO mode for single session.
Last chance to quit, starting real write in 0 seconds. Operation starts.
Waiting for reader process to fill input buffer ... input buffer ready.
Performing OPC...
Sending CUE sheet...
Writing pregap for track 1 at -150
Starting new track at sector: 0
Track 01: 645 of 645 MB written (fifo 100%) [buf 99%] 41.6x.
Track 01: Total bytes read/written: 677117952/677117952 (330624 sectors).
Writing time: 158.952s
Average write speed 31.5x.
Min drive buffer fill was 99%
Fixating...
Fixating time: 15.222s
BURN-Free was 1 times used.
wodim: fifo had 10666 puts and 10666 gets.
wodim: fifo was 0 times empty and 6177 times full, min fill was 97%.

Defaced - http://www.politeknik.edu.my




Website: Jabatan Pengajian Politeknik (Operasi)
URL: http://www.politeknik.edu.my/index.asp

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Defaced - http://ncer.com.my




Website: Northern Corridor Economic Region (NCER)
URL: http://ncer.com.my

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Defaced - http://mbj.perak.gov.my/




Website: Pejabat Setiausaha Kerajaan Negeri Perak
URL: http://mbj.perak.gov.my/

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Defaced - http://www.nippon-precision.com.my




Website: Nippon Precision Technology Sdn Bhd.
URL: http://www.nippon-precision.com.my/newsdetail.php?newsId=24

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Defaced - http://ofitech.com.my/mydoms.php




Website: http://ofitech.com.my
URL: http://ofitech.com.my/mydoms.php

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Defaced - http://www.natureinabox.com.my




Website: Nature in a box, The Art of Nature
URL: http://www.natureinabox.com.my/images/index.htm

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Defaced - http://www.nasom.com.my/




Website: Welcome to the Nasom Teleautism
URL: http://www.nasom.com.my/

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Defaced - http://www.techsource.com.my




Website:
URL: http://www.techsource.com.my/events/events.asp

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Defaced - http://www.akpk.org.my




Website: Agensi Kaunseling Dan Pengurusan Kredit (AKPK)
URL: http://www.akpk.org.my/Portals/0/r3m1ck.txt

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Defaced - http://www.aspirasidigital.net.my




Website: Aspirasi Digital Online
URL: http://www.aspirasidigital.net.my/InisiatifMain.asp

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

[from johnpowell] html5media - Project Hosting on Google Code


[from johnpowell] The Future Of CSS Typography - Smashing Magazine


Links for 2010-02-27 [del.icio.us]


Forensic Readiness Policy and watch your steps eh..


Pic source: kellepcharles.blogspot.com

Greeting guys..

I’ve spent the past two weeks getting the draft for forensic readiness policy complete for submission to our client in Indonesia. To be honest this time around I need to assist our sister company there in designing an SOC for that particular client. In sense of security policy, bulk of the task was done by my colleague there. She’s very good in integrating the client’s security policies into ours. I really impressed with her works tho ;)

So what the heck is Forensic Readiness Policy?

The main objectives of this policy are to maximize the usefulness of incident data and minimize the cost of forensics during incident response. Very clear eh? ;) Well the elements of forensic readiness usually:

  • How Logging is done
  • What are the activities/items that being logged?
  • Intrusion Detection System (Network and host based)
  • Forensic Acquisition
  • Evidence Handling

So before this post become a mini howto, better for me to stop till there. Nowadays more and more organizations aware on the importance of preserving or maintaining a proper record especially on their network traffics (based on my limited encounter lah.) There was a time when firewall or filtering via the boundary routers can be considered enough for network security. Now it seems that at least Intrusion Detection Systems (IDS) is the must have within the list of security devices for an organization (whether there are analysts or at least people monitoring this IDS outputs is another story). Also from my (limited) experience, most of our clients do have either one or more logs repository. Again the question whether if these logs are reviewed or not is not for me to answer.

So what does it mean?

It means that nowadays the www is not as wild wild web like it used to be. You hit and then you left the scene without much fuss on the trail. Bypassing filtering device like firewall is something cool but now if you brag on how you managed to bypass layer 3 and 4 filtering device, I guess people will just shrug off and ignore you. Now there are mechanisms to detect your activities whether on network or on the attacked system itself. Hacking is not Harry Porter stuff and you do leave a trail. Sooner or later, your “hacking” activities trails will lead to you.

With this kind of policy and many other similar policies as well, organizations perhaps are well prepared to detect and respond to any security incidents. Because for me, eventually you will be hacked or compromised. The important thing that you have to remember is how do you detect, respond and recover from these attacks.

Prepared - source :www. antithesiscommon.com

So bragging about your “hacking” activities in forums or blogs IMHO is a NO NO. It makes the task for the LEA easier especially when you include your handler in the page that you “hacked” D

Anyway, somehow crime doesn’t pay ;)