Skip to Content

Hackerspace KL Preview, Dump Your Stash and Gotong Royong Day

9 January, 2010 - 22:31

Earlier this morning Hackerspace KL had its first gathering at the it's own space. Congratulations to spoonfork who got the space.

Want to know more about Hackerspace KL? https://wiki.hackerspace.my/

Everybody had a chance to look around the place. Those who brought stuff to donate to Hackerspace KL dumped them happily. There were some very cool stuff that will be used for "research", and other stuff will be salvaged for its parts.

We also had our "gotong royong". Gotong royong is a term in Bahasa Malaysia and it means mutually helping each other to clean up a place or similar activities. So we all came and saw the cleaning tools and just did whatever. There was not much planning or anything, just everybody happily lending a hand as is normal in a gotong royong.

For pictures, please go to http://bit.ly/4pCWBZ

Hack In The Box Security Conference 2010 – Dubai

26 December, 2009 - 13:28 — Azrin Madin

Venue: Sheraton Dubai Creek,
Baniyas/Creek Road,
Dubai, UAE

Technical Training – DAY 1 and DAY 2
Date: 19th and 20th April 2010
Time: 0900 – 1700

TECH TRAINING 1 – Web Application Security – Threats and Countermeasures
TECH TRAINING 2 – Java Security
TECH TRAINING 3 – The Exploit Laboratory 4.0
TECH TRAINING 4 – Bluetooth & Wireless Security

Conference DAY 1 and DAY 2
Date: 21st and 22nd April 2010
Time: 0900 – 1700

Deep Knowledge Security Conference
HITB Web Hacking Challenge + Bin Rev
Industry Exhibition & Technology Showcase

More information at http://conference.hitb.org/hitbsecconf2010dxb/

World Computer Security Day

30 November, 2009 - 09:11

30 November is World Computer Security Day. This is an annual event observed worldwide where we remind people on the importance of protecting their computers and information, and suggest ways to do so. Want to know how you can participate or take part in this event? Here is a list provided by the folks at CyberSecurity Malaysia. For more information on Computer Security Day, head on to http://www.computersecurityday.org/.

Oh and today is Cyber Monday, happy shopping and be safe.

NetEvents: The Meeting Place for Technology Leaders

19 November, 2009 - 10:31

For those who don't know yet, NetEvents is live now. Must see for those working in Service Provider industries. http://www.netevents.org/

Happy 40th Anniversary dear Internet!!!

31 October, 2009 - 12:43

Right, so I haven't been paying attention to my website for quite some time. It's time to update and update and put new stuff here. But first, to put spam management. (>_<)

Anyway, recently UCLA Engineering celebrated the 40th Anniversary of the Internet. Forty years ago, a team led by UCLA's Professor Leonard Kleinrock sent the first first message on ARPANET, which later became known as the Internet. More details can be found at http://www.engineer.ucla.edu/IA40/.

The internet we now know is still transforming and more exciting things are coming. It's still young and has lots to offer for those that dare to explore and express ideas.

Compiling the universal TUN/TAP driver on Solaris 10

I was compiling the TUN/TAP driver and bumped into problems getting it to work in Solaris 10 on SPARC64.

After much searching, I found the solution at http://openvpn.net/archive/openvpn-users/2007-03/msg00254.html.

The important parts are (edited a bit):

# Sun Studio targetting 64 bit SPARC
% cc -D_KERNEL -xarch=v9 -c tun.c
# Sun Studio targetting 64 bit x86
%cc -D_KERNEL -xarch=amd64 -xmodel=kernel -c tun.c
# Sun Studio targetting 32 bit
% cc -D_KERNEL -c tun.c
# GNU C Compiler targetting 64 bit SPARC ( optional: mtune=ultrasparc -O2 )
% gcc -D_KERNEL -m64 -mcpu=v9 -mcmodel=medlow -fno-pic -mno-fpu -ffreestanding -nodefaultlibs -c tun.c
# GNU C Compiler targetting 64 bit x86 ( optional: mtune=opteron -O2 )
% gcc -D_KERNEL -m64 -mcmodel=kernel -mno-red-zone -ffreestanding -nodefaultlibs -c tun.c
# GNU C Compiler targetting 32 bit
% gcc -D_KERNEL -ffreestanding -nodefaultlibs -c tun.c

The linking is the same for all
% usr/ccs/bin/ld -r -o tun tun.o

The destination is different depending on the architecture:
# 64 bit sparc
cp tun /usr/kernel/drv/sparcv9/tun
# 64 bit x86
cp tun /usr/kernel/drv/amd64/tun
# 32 bit
cp tun /usr/kernel/drv/tun

Compiling and making packages in Solaris 10

It's frustating that whenever you compile a package, it doesn't actually compile like you want. In Solaris 10, these are a few things that I have found useful.

1. Edit your PATH to have these:
/usr/bin:/sbin:/usr/local/bin:/usr/openwin/bin:/usr/dt/bin

2. Edit your LD_LIBRARY_PATH to have these:
/lib:/usr/lib:/usr/local/lib

3. The cc compiler doesn't usually get things right. Use the GNU C compiler (gcc). You can download gcc from http://sunfreeware.com/ and install it with pkgadd.

While you're at it, you might also want to consider getting the latest version of Sun Studio from http://developers.sun.com/sunstudio/downloads/index.jsp. Registration for the Sun Developer Network is free, so just register and get your free full license copy of Sun Studio.

4. There is a version of make at /usr/ccs/bin/make, but I have found it doesn't always work somehow. I prefer to use /usr/sfw/bin/gmake.

Patch xxxxxx-xx failed to install due to a failure produced by pkgadd.

Just sharing some solutions to problems I have faced. This problem was found in Solaris 10 when installing Solaris OS patches. It's an old workaround, but somehow we still need to do it today....

I was installing some patches, and got this:

# ./install_patches.sh
Installing patch 118683-03
Validating patches...
Loading patches installed on the system...
Done!
Loading patches requested to install.
Done!
Checking patches that you specified for installation.
Done!
Approved patches will be installed in this order:
118683-03
Checking installed patches...
Verifying sufficient filesystem capacity (dry run method)...
Patch 118683-03 failed to install due to a failure produced by pkgadd.
See /var/sadm/patch/118683-03/log for details
Patchadd is terminating.

If you have ever encountered similar errors, check into the log file generated. If you see something like pkgadd: ERROR: checkinstall script did not complete successfully, then here are some answers.

When installing a patch, the patch installation procedure will execute the script "checkinstall" with uid nobody. If any of the patch files or if any part of the path leading up to the patch directory cannot be read by nobody, an error pkgadd: ERROR: checkinstall script did not complete successfully will appear:

It seems that at some point the patchadd process does an su to the user install if one exists, otherwise to the user nobody. If the patch files and all parent directories are not readable by either install or nobody, you get the above error messages.

Here are two workarounds, but i prefer the second one:

1. Set the execute permission for all on /var/spool/patch so that the user nobody can read all patch files and execute a pwd in the patch directory hierarchy.

2. Add an account for user install to the system:

useradd -u 0 -o -g 1 -c "Install user" -d / -s /bin/true install

Twitter Abuse Prevalent

9 July, 2009 - 22:20

People have asking me to get on twitter. But I look at it, and I don't like it much. There are several things I see.

Twitter provides a platform to publish extremely short updates. This maybe good, but rss works too.

"With Twitter, you can stay hyper–connected to your friends and always know what they’re doing". I guess this works for people who like to tell everyone what they are doing all the time. But I wouldn't want to know if a person was going to the toilet. That's a bit too much information, unless I wanted to gather information on a target. (Hmm... possible to find out alot about a person?)

As a service that lets people know what you are doing, it works great. But more than that... you might want to look elsewhere, like blogging. Twitter does not build ideas effectively, and you begin to depend heavily on the add-ons to make your updates as short as possible.

One of the popular styles I see that people utilize is the use of short urls. I have never been a fan of short urls. For one thing, it doesn't exactly tell me where the link is going to take me. It might take me to a good site, which is harmless. But it also might lead me to malicious sites, before I get a chance to know that my browser went there. You can lead a person to a site that installs trojans or spyware on that person's computer in the background, then quickly proceed to redirect the person to another site that looks harmless.

Ok, so that's not Twitter's fault. It's the "creative" people using Twitter.

So why don't we look at Twitter itself and its technology. Twitter is revolutionary, that's true. But being revolutionary, and wanting to put the technology out as soon as possible, they neglected the security aspects. Which is true of other technologies we've seen in the past. But Twitter is slowly getting into security, which is good.

Twitter has issued a list of suggested security practices that add-on developers should follow. But sadly it doesn't look like the add-on developers are catching on, and there doesn't seem to be any enforcement mechanism at all.

Aviv Raff, a Tel Aviv based security researcher, has begun listing vulnerabilities that he has found on popular Twitter add-on services. For the month of July, he plans to release one vulnerability a day at http://www.twitpwn.com/, a blog that he owns.

I find this blog to be very interesting, and I do think that people should look at his updates everyday. This is a great way to get Twitter to improve security.

I guess I should check on Twitter now to see all the vulnerabilites list on http://www.twitpwn.com/

Comments behavior updated

3 July, 2009 - 05:46

I have updated how comments are handled on my website. Hopefully this will provide a better experience to you.

Syndicate content


Theme by Dr. Radut.