Cisco NAT Address Types

Cisco IOS NAT address types can be very confusing. I just read a very good article describing the different types of NAT address. Here's the summary:

• Inside global: The address of the inside host as seen from the outside
• Inside local: The address of the inside host as seen from the inside
• Outside local: The address of the outside host as seen from the inside
• Outside global: The address of the outside host as seen from the outside

To read the full article, goto Understanding NAT address types.

MySEQ Web App

Nothing fancy, but it is my first (hello world) web app for Google Chrome. I'm following the instruction at http://code.google.com/chrome/apps/docs/developers_guide.html

Screenshot of Chrome New Tab

Note: it is the same process how I created for Google Reader Web App at http://myseq.blogspot.com/2010/08/creating-google-reader-web-apps-with.html

Google Reader Unreachable

The app is currently unreachable.

Google Hacking Database, GHDB, Google Dorks

Remember Johnny Long's Google Hacking Database (GHDB)?

At exploit-DB, it is called 'googledorks': inept or foolish people as revealed by Google. Here are the 2 sites that host the Google Dorks:

• Google Hacking Universe (Exploit-DB) - organized into categories and searchable.
• Google Dorks (by PenTestIT)

Something Went Wrong with Facebook

Sorry, something went wrong.

147-year-old Civil War Message Cracked

There is an encrypted message from 147-year-old Civil War. This six-line message was dated July 4, 1863. It remained a mystery for 147 years, until a CIA codebreaker cracked the message after a museum had the vial opened.

The piece of paper was rolled up, tied with string and sealed along with a bullet in a glass vial.

The full text of the message reads:

'Gen'l Pemberton: You can expect no help from this side of the river. Let Gen'l Johnston know, if possible, when you can attack the same point on the enemy's lines. Inform me also and I will endeavor to make a diversion. I have sent some caps (explosive devices). I subjoin a despatch from General Johnston.'

The code is called the 'Vigenere cipher,' a centuries-old encryption in which letters of the alphabet are shifted a set number of places so an 'a' would become a 'd' — essentially, creating words with different letter combinations.

Read more: http://www.dailymail.co.uk/news/article-1341666/CIA-codebreaker-reveals-147-year-old-Civil-War-message-Confederate-desperation.html#ixzz19H4zdu8Q

Exploit-DB Owned and Exposed

Exploit Database was owned and exposed in Christmas morning.

Chrome Web Store Unreachable

Chrome Web Store unreachable

0day Exploit for WMI Administrative Tools

Microsoft WMI Administrative Tools is prone to a remote code-execution vulnerability that affects the WMI Object Viewer ('WBEMSingleView.ocx') ActiveX control.

The vulnerabilities are caused due to the "AddContextRef()" and "ReleaseContext()" methods in the WMI Object Viewer Control (WBEM.SingleViewCtrl.1) using a value passed in the "lCtxHandle" parameter as an object pointer.

An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the application (typically Internet Explorer) that uses the ActiveX control.

The vulnerabilities are confirmed in version 1.1 (WBEMSingleView.ocx 1.50.1131.0).

Workaround:
Set the kill-bit for the affected ActiveX control.


PoC Exploit is available at:

• Original credit goes to "牛奶坦克" via WooYun. 
• http://www.securityfocus.com/data/vulnerabilities/exploits/45546.txt
• http://www.exploit-db.com/exploits/15809/

Reference:

• http://xforce.iss.net/xforce/xfdb/64250

GnackTrack

GnackTrack is a Live (and installable) Linux distribution designed for Penetration Testing and is based on Ubuntu. Although this sounds like BackTrack, it is most certainly not; it's very similar but based on the much loved GNOME!

Google Chrome is Ready for Enterprise now

Recently, Google releases a number of tools for enterprise to centrally manage Chrome in AD environment, specifically:

• MSI Installer Package for Google Chrome. 

Enterprises can start centrally roll out and update the browser using Group Policy using the standalone installer at a system-level across the organization.

• Group Policy for Google Chrome. 

Google released ADM policy templates to allow admins to enforce the organization's requirements, such as default search provider, default homepage, manage security and privacy including the ability to disable auto-updates.

• Google’s Chrome Frame plug-in for Internet Explorer.

This allows enterprises to begin adopting Chrome even while continuing to use Internet Explorer. Moreover, Chrome Frame settings are also configurable through Group Policy.

One of an interesting feature from the ADM policy is to allow whitelist or blacklist of Chrome extensions. This will help locking down the browser's configuration.

So, download Google Chrome for Business now.

Anti-Thief v3.0

Just been introduced to new Intel processor's feature called remote-kill switch (Anti-Thief  v3.0). This technology embedded in the CPU (Intel Sandy Bridge) allows the user to remotely disable the processor through 3G, that is, even when the computer is not connected to the Internet or it switched off. The goal is to offer the user the capability to shut down remotely the computer if it is lost or stolen.


Some extra reading for those interested on this technology:

• http://www.intel.com/en_US/Assets/PDF/general/br_IT_AntiTheft_vPro.pdf?wapkw=(vpro+antitheft)
• http://antitheft.intel.com/Libraries/Documents/Intel_R_Anti-Theft_Technology_-_Technology_Brief.sflb.ashx
• http://download.intel.com/technology/vpro/Whitepaper_AllNew2010IntelCorevProProcessors.pdf

Microsoft Security Essential 2.0

Microsoft’s Security Essentials has been my favorite anti-malware application since it launched. It’s free, unobtrusive, and it doesn’t slow PC down. Now it’s even better with the new 2.0 release, which adds network filtering, IE integration, heuristic protection:

• Network Traffic Inspection integrates into the network system and monitors the traffic at a low level without slowing down your PC, so it can actually detect threats before they get to your PC.  
• Internet Explorer Integration blocks malicious scripts before IE even starts running them—clearly a big security advantage. 
• Heuristic Scanning Engine finds malware that hasn’t been previously detected by scanning for certain types of attacks. This provides even more protection than just through virus definitions.  

These new features make MSE on par with other anti-malware applications, especially the heuristic scanning. Download it today at http://www.microsoft.com/security_essentials/default.aspx

Make Simple Things Difficult

Just read an article by Mark on "A Bluescreen By Any Other Color". It is an example on how to make simple things difficult.

If you prefer the simple way, go to Change Color for your BSOD and Manual BSOD to get your Red Screen of Death. :-)

Microsoft Service Temporarily Unavailable

Service Temporarily Unavailable 

Change Display Resolution settings with xrandr

xrandr is used to set the size, orientation and/or reflection of the outputs for a screen. It can also set the screen size. There are a few global options; the rest modify a particular output and follow the specification of that output on the command line.

First, to show the current setting and all the supported settings:

$ xrandr

This will display the allowed resolutions:

Screen 0: minimum 320 x 200, current 1024 x 768, maximum 4096 x 4096

VGA1 connected 800×600+0+0 (normal left inverted right x axis y axis) 267mm x 200mm

800×600 85.1* +

640×480 75.0 60.0

720×400 70.1

If you want to add a mode with resolution 1024X768, you can enter the following command:

$ cvt 1024 768

# 1024×768 59.92 Hz (CVT 0.79M3) hsync: 47.82 kHz; pclk: 63.50 MHz

Modeline “1024x768_60.00″ 63.50 1024 1072 1176 1328 768 771 775 798 -hsync +vsync

Now you need to create a modeline:

$ xrandr --newmode

Copy the modeline of the previous output to the place mode line:

$ xrandr --newmode “1024x768_60.00″   63.50  1024 1072 1176 1328  768 771 775 798 -hsync +vsync

Now you need to add the above mode using the following command:

$ xrandr --addmode VGA1 1024x768_60.00

here for VGA1 you have to use what ever that was there for $ xrandr output:

$ xrandr --output VGA1 --mode 1024x768_60.00

Running these would change your resolution but this is temporary. Tthese steps were done to make sure that these commands work. Now we need to make these changes permanent.

Now you need to edit the default file:

$gksudo gedit /etc/gdm/Init/Default

Look for the following lines:

PATH=/usr/bin:$PATH

OLD_IFS=$IFS

And add the the following lines below them:

xrandr --newmode “1024×768″ 70.00 1024 1072 1176 1328 768 771 775 798 -hsync +vsync

xrandr --addmode VGA1 1024x768_60.00

xrandr --output VGA1 --mode 1024×768

Save and exit the file.

Make PDF in Google Reader

I use Google Reader a lot, to read RSS feeds. Here's a tip on create a sendto to print the post as PDF.

At your Google Reader settings page, at the "Send To" tab, click "custom link".

• Name: Joliprint
• URL: http://api.joliprint.com/api/rest/url/print/s/googlereader?url=${url}
• Icon URL: http://api.joliprint.com/buttons/joliprint-icon.png

Or you may prefer to add a bookmarklet at here.

Note in Reader Bookmarklet

Today, I learn how to use Google Reader as my bookmark service. I can even create a shortcut to store any interesting article with highlight.

Steps:

1. Goto Google Reader, Notes section (upper left corner).
2. Drag the bookmarklet to your bookmark bar.
3. Add the link to Google Chrome Search Engine (create shortcut).

To add into Note in Reader:

• Browse to any interesting article, and highlight the sentence you like.
• Either click on the bookmarklet;
• Or type the shortcut at the address bar.
• You may tag what you store in the note too.

Advantages:

• You can easily search your bookmark items with Google Reader.
• The bookmark service cache the post even the website is down.
• Can keep items unread.
• Easily share them (as they are treated as feeds).

WebSockets disabled in Firefox 4

HTML5 will be one of the hottest topics this year (and may continue for next 2 years). One of the features is called WebSocket. WebSocket is a technology providing for bi-directional, full-duplex communications channels, over a single Transmission Control Protocol (TCP) socket. It is designed to be implemented in web browsers and web servers but it can be used by any client or server application.

Due to a desgin vulnerability in WebSocket protocol, Mozilla Foundation has disabled it in the forthcoming Firefox 4 Beta 8 release. The vulnerability, in the code for transparent proxies, can potentially be exploited to poison the proxy cache and inject manipulated pages.

A group of researchers described the problem on the IETF mailing list in November. In their POC, it could allow attackers to inject a specially crafted JavaScript for Google Analytics into the proxy's cache that will be returned to clients and executed in their browsers after every subsequent request.

In conventional connections, a client prompts a server to send data via GET or POST. WebSockets allow permanent connections between clients and servers and enable servers to independently send data to a client.

Currently, WebSocket (ver. 76) is already supported by Chrome and Safari.

What is HTML5 WebSocket

One of the cool new features of HTML5 is WebSockets. It allows clients connect to the server without using AJAX requests.

WebSockets is a technique for two-way communication over one (TCP) socket, a type of PUSH technology. At the moment, it’s still being standardized by the W3C; however, the latest versions of Chrome and Safari have support for WebSockets.

Websockets can replace long-polling. This is an interesting concept; the client sends a request to the server – now, rather than the server responding with data it may not have, it essentially keeps the connection open until the fresh, up-to-date data is ready to be sent – the client next receives this, and sends another request. This has its benefits: decreased latency being one of them, as a connection which has already been opened does not require a new connection to be established. However, long-polling isn’t really a piece of fancy technology: it’s also possible for a request to time-out, and thus a new connection will be needed anyway.

Many Ajax applications makes use of the above – this can often be attributed to poor resource utilization.
Wouldn’t it be great if the server could wake up one morning and send its data to clients who are willing to listen without some sort of pre established connection? Welcome to the world of PUSH technology!

Here's a short tutorial, that review the process of running a WebSocket server in PHP, and then building a client to send and receive messages to it over the WebSocket protocol.

Other reference:

• http://www.infoq.com/news/2008/12/websockets-vs-comet-ajax

Speed Up Firefox Page Loading Time

We all know that using RAM disk, we can force the browser to load cached images and data from memory instead of hard disk. However, Firefox can do this without RAM disk.

Here are the steps:

1. Type about:config into the address bar
2. Type browser.cache into the Filter field
3. Set browser.cache.disk.enable to false (double click it)
4. Set browser.cache.memory.enable to true (double click it)
5. Right click > New > Integer; type browser.cache.memory.capacity; press OK
6. Type in 100000 (this is equivalent to 100 megabytes); press OK
7. Close all Firefox tabs and windows, and then restart the browser

You may try using 500000 for 500 MB of cache, or -1 to tell Firefox to dynamically determine the cache size depending on how much RAM you have.

Top 5 Security Threats in HTML5

HTML4 was introduced in 1997. Recently, with the introduction of new features, HTML5 also brings with it potential security vulnerabilities. This isn't to say that HTML5 is "flawed," but that there will be new attack vectors for hackers to exploit. Some originate from elements of the standard itself, some from implementations of the standard in each browser, and some from the care that developers do (or do not) take in building their HTML5 code.

• 
  
• Below is the summary of the potential security threats in HTML5. You may read the full article at the original source at http://www.esecurityplanet.com/features/article.php/3916381/Top-5-Security-Threats-in-HTML5.htm (By Aaron Weiss on December 9, 2010)
• 
  

1. Cross-Document Messaging

HTML5 does not itself enforce the origin check in the newly introduced API, called postMessage that creates a framework for a script in one domain to pass data to a script running on another domain. This means a careless developers might not actually implement origin verification, essentially leaving the script exposed to postMessage requests from malicious sites.

2. Local Storage

A newly introduced HTML5 feature is offline storage, a client-side SQL database that can be accessed by JavaScript (offline). When storing sensitive data, such as email messages or passwords, it is up to the developers to use SSL and to generate unique database names (to prevent a predictable attack). Also, developers are expected to use prepared SQL statements, rather than constructing queries in JavaScript code, or else hackers could intercept or emulate these queries to execute "SQL injection"

3. Attribute Abuse

In addition to providing many new tags, HTML5 also introduces new attributes, some of which may be subject to abuse. A particular threat is when attributes can be used to trigger automatic script execution.

For example, the new HTML5 attribute "autofocus" will automatically switch browser focus to the specified element—a trick that is sometimes useful for user interface design and previously had been implemented using JavaScript. Other new attributes, including "poster" and "srcdoc," allow page elements to point to external resources—resources that may be malicious in nature. 

Again, it is not that these attributes are flawed—they exist to enable richer functionality in Web applications—but that they also could be abused by bad actors.

4. Inline Multimedia and SVG

With its new <audio>, <video>, and <svg> tags, HTML5 can natively render popular formats and vector graphics without external plug-ins. For example, an earlier version of Google Chrome contained a documented bug in its SVG parser which, could allow scripts to access the object properties of a page hosted on a different domain and violating cross-domain security policy.

Each browser needs to implement native multimedia handling and crop up for different bugs. And this may lead to multiple attack vectors been exposed.

5. Input Validation

HTML5 provides rich client-side input validation, empowering Web developers to define input boundaries alongside the forms themselves, with instant feedback provided to users. Since this input validation syntax is new to HTML5, developers may be more prone to make mistakes in their validation code, such as flawed regular expression (regex) syntax in page code that lead to DoS against browser.

Related links:

• https://developer.mozilla.org/en/DOM/window.postMessage
• http://diveintohtml5.org/offline.html
• http://code.google.com/p/html5security/wiki/WebSQLDatabaseSecurity
• http://code.google.com/p/chromium/issues/detail?id=21338
• https://developer.mozilla.org/en/HTML/HTML5/Forms_in_HTML5#Constraint_Validation

Reverse-Engineering Malware: Malware Analysis Tools and Techniques

Just completed the GIAC Reverse Engineering Malware (GREM) exam today. 

This popular course explores malware analysis tools and techniques in depth. FOR610 training has helped forensic investigators, incident responders, security engineers, and IT administrators acquire the practical skills to examine malicious programs that target and infect Windows systems.

I took this self-study course in Aug 6, 2010. The course begins by establishing the foundation for analyzing malware in a way that dramatically expands upon the findings of automated analysis tools. I've learn how to set up a flexible laboratory to examine the inner workings of malicious software, and how to use the lab to uncover characteristics of real-world malware samples, and then edirect and intercept network traffic in the lab to explore the specimen's capabilities by interacting with the malicious program.

Syllabus:

• FOR610.1: Malware Analysis Fundamentals
• FOR610.2: Reversing Malicious Code
• FOR610.3: Malicious Web and Document Files
• FOR610.4: In-Depth Malware Analysis
• FOR610.5: Examining Self-Defending Malware
• FOR610.6: Malware Analysis Tournament 

Link:  Reverse Engineering Malware Training | Malware Tools & Techniques | SANS FOR610

SANS 610: GREM

I pass my GREM exam today. :-)

Hacked by B0ogle

This morning, at http://merdekareview.com/news/n/16062.html

http://merdekareview.com/news/n/16062.html

The website has published a notice about this at http://merdekareview.com/news/n/16063.html

Howto disable the Avahi daemon

The Avahi daemon is to discover any network resources and connect to them.


It's primary roles are:

• Assign an IP address automatically even without the presence of a DHCP server.
• Act as DNS (each machine is accessible by the name nameMachine.local).
• Publish services and facilitates access (the local network machines are warned of the opening and closing up a service, facilitating the sharing of files, printers, etc.. )

It is an implementation of Zeroconf protocol compatible with Apple services. Possible drawbacks of Avahi :

• It use some memory (about 248 kb).
• It opens 2 network ports (UDP 32768 and 5353).
• It has been reported in some cases to decrease network performance.

The name of daemon may be different but the method remain the same for Debian-based systems

sudo update-rc.d -f avahi-daemon remove

To recreate the used links

sudo update-rc.d avahi-daemon defaults

Amazing Things with HTML5

Just read the article at MakeUseOf, 15 sites that do amazing things with HTML5.

15 Sites That Do Amazing Things With HTML5

by Dave Drager on Nov. 29th, 2010

The forthcoming HTML5 update to the 20 year old HyperText Markup Language promises to bring the "web" experience to a whole new level, allowing the browser to do more from both a visual and data perspective. Even though HTML5 is still a good distance away from being fully deployed, that hasn't stopped many developers from pushing it to the limits.

Check out these amazing websites which really give you a good idea as to the capabilities of HTML5 as a programming language, doing things in your web browser that were once only possible in an external program or plugin. I've tested them in Chrome and they should all work in an HTML5 compliant browser such as Chrome, Firefox 4, Safari or IE9. They are demos and HTML5 is still a work in progress, so if you have problems viewing them you might want to try in another browser. Enjoy!

Arcade Fire – The Wilderness Downtown

This is a great demo done by Arcade Fire and Google which feature different HTML5 Canvas tricks. I don't want to spoil the surprise for you – enter your childhood address and enjoy the video and technical wizardry.

WebVenture

WebVenture is an HTML5 and Javascript implementation of the MacVenture gaming platform. You can now play Deja Vu 1 & 2, Shadowgate and Uninvited right in your browser! Other game implementations such as Wolfenstein 3D are being worked on, bringing gaming into your browser.

20 Things I Learned About Browsers And The Web

This site from Google demos a "book" styled approach to a description about how web browsers work and how many of the underlying technologies work. Impressive from a technical standpoint, it also is a good primer for readers who would like to know more about how the web works.

Collaborative Drawing

This demo uses the HTML5 websockets feature to allow viewers to collaboratively – at the same time – draw on the canvas.

SketchPad

SketchPad is a "paint" program for the web. It supports rudimentary drawing instruments and is done only in HTML5 and JavaScript.

Galactic Plunder

Galactic Plunder is a 2D Space Shooter implemented in HTML5. Not quite as feature filled as a normal side scrolling shooter, it is done entirely in HTML5 which is impressive in itself.

Video Effects

HTML5 allows you to to much with video on the web. In addition to letting you play it without your web browser, with no plugin, it allows you to manipulate that video. This demo shows how you can "Blow up" the pixels of a video while playing.

Multiple Window Ball

This demonstrates and effect also seen in the Arcade Fire video. HTML5 allows you to open multiple windows and have objects move between them.

HTML5Rocks (Google)

HTML5 Rocks is a slideshow which demonstrates many of the special features of the HTML5 language. If you are a developer it gives you sample code and lets you see the possibilities of HTML5.

8-bit Color Cycling (Like Old School Games)

If you were a gamer in the early 90s you will remember this effect fondly. Since computational power was limited, graphic designers used 'tricks' to emulate video in a static image. This canvas effect will show you how it was done and also includes many examples which are beautiful as well.

HTML5 Experiments from Hakim.se

This site lists many demos of games and other neat little gadgets to show off what you can do with HTML5. Good for inspiration and maybe a little time diversion.

Harmony

Harmony is a neat little drawing program that lets you use cool brushes to paint a picture. You can create things such as "fur" and "web" which are just cool to see in creation.

Twitter/Music Mashup

This neat mashup from @9elements pits music and rotating dots with twitter posts about HTML5. Hard to describe in practice, must be seen to understand!

Radiohead/HTML5 Mashup

Another neat mashup which pits Radiohead's Idioteque with a drawing of Thom Yorke which is drawn as the song progresses. Another "seen to be believed" effect.

Want More?

HTML5Demos / CanvasDemos

These two websites are set up to give views a wide variety of demos of HTML5 and the HTML5 Canvas effects. Ranging from the mundane to the "cool", if you are thirsty for more these are the places to go.

There are many demos of HTML5 out there on the internet now – and it is well on its way to becoming the new standard of the web. Do you have awesome demos you would like to share? Please post in the comments below!