Friday, August 31, 2007

Ubuntu: Huawei E220 for the sake of Celcom 3G

For certain purpose, I get to play with celcom 3G using Huawei E220 modem. Interestingly they are many people getting this device working under linux, but it seems people may have it working for them but not for the others, and here's mine.

shell>wget \

shell>sudo chown root huaweiAktBbo-i386.out

shell>sudo chmod +s huaweiAktBbo-i386.out


After you have done this, you can now configure wvdial, here's my humble configuration for impatient celcom 3G users, just edit your /etc/wvdial.conf.

[Dialer celcom]
Phone = *99***1#
Modem = /dev/ttyUSB0
Username = username
Password = password
ISDN = 0
New PPPD = yes
Baud = 460800
Init2 = ATZ
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Modem Type = Analog Modem

After you have configured it, just run this will do -

shell>wvdial celcom

Done. Thanks to all the helpful links in internet that give me idea of how to get this working on Ubuntu 7.04.

Cheers ;]

Tuesday, August 28, 2007

Ubuntu: Enlightenment 17

Due to the new job engagement, I haven't been posting much. I have just finished my first week working in the new company, the new job is totally different than my previous job since I need to do the requirements study for different network environments as well as some involvement of technical tasks. The job is quite challenging in certain perspective and hopefully I can take it.

I have been toying with enlightenment DR17, just like fluxbox there's no so called "stable release" and it is still in pre-alpha stage, if you know about enlightenment, DR17 is completely rewrite comparing to DR16 and the developers are now building all the applications using its own "e" libraries to facilitate and speed up the process. You can find more information about enlightenment here.

I have checked out E17 when trying the elive liveCD here, and it makes me always thinking that enlightenment is more to hobbyist window manager with slick graphic and animation supports. People who know me well should already know I always prefer something simple but highly usable and that's fluxbox.

Now I have Ubuntu linux installed on my new laptop(HP Compaq nx6320), I can get E17 installed using the package management system. I just need to add this three lines in my /etc/apt/sources.list -

deb feisty e17 deb-src feisty e17 deb feisty e17

Then I just update package repo -

shell>sudo apt-get update

shell>sudo apt-get install enlightenment enlightenment-dev \
e17-devel-extras entrance enlightenment-theme-night-bling

After this is done, I just need to logout from current session, and I can change the session from gnome to enlightenment in the login manager.

As there's no enlightenment user manual, I have to use "trial and error" method to configure it. You have to use left mouse click to launch the main menu and right mouse click to launch favourite menu where you can store quick launch application that you use daily.

Under the main menu, there's Configuration, click on it and it will expand horizontally and you can find the Configuration Panel where you will be able to configure most of the thing(everything?) for enlightenment.

I have a lot of keybindings when using fluxbox, therefore it is important feature for me. Enlightenment also provides the ease of use keybindings configuration. However the keybindings only support the control of the window and certain system commands, you can't do keybinding for application launching, maybe there's a way but I don't figure it out yet.

One of the important feature in Enlightenment is the modules, though it is not near perfect but with that you no longer requires gkrellm or conky, I just loaded few modules I find useful especially the virtual desktop, battery and so forth.

Wallpaper and theme configuration can be found under Configuration, and I just change to my preferred wallpaper(animated) and the theme too. Here are the two screenshots of my current desktop.

Here's the challenge, can you find the differences between two screenshots(wallpaper only) above? ;P

Yet I'm not finishing my post, there are two main functions which are built in that making me love about enlightenment, the window list and run command, with them you can just do application launching and switching in the blink of an eye. Just try out alt+tab and alt+esc and you will find that make your days.

As for now, though in pre-alpha version but I don't consider it in pre-alpha quality, and I have changed my mind that enlightenment is no longer hobbyist desktop shell but very fast and usable especially for people who don't rely much on mouse. Of course the graphics and animations without sacrifying the speed are the big plus too.

Kudos to Enlightenment developers!!!!!

Enjoy ;]

HP Compaq nx6320: Ubuntu Linux

Just start working in the company and I got this laptop in the first day, after few days of using ultimate OS that produced by M$, I can't resist anymore due to low productivities, therefore ..... good bye M$.

Finally Ubuntu kicks into my life in for production work because .....

1. I'm lazy to configure anything manually

2. I need something that can create high productivities

3. I have no time

4. It works almost out of the box except suspend to memory which not my serious concern anyway

5. Mel aka Spoonfork burnt me the Ubuntu installation CD

For Ubuntu users, the laptop model is HP Compaq nx6320 and its weight around 2.8kg +. If you don't mind the weight and love big laptop with clear screen, this is definitely your choice, especially the battery can last 3++ hours or I should say around 4 hours.

Maybe next time I should try FreeBSD, OpenBSD or Gentoo but currently I'm quited pleased with the outcome and I'm on the road.

Enjoy ;]

Thursday, August 23, 2007

Anti Anti-Spamming

Now you have detection to figure out the spam email, and now you have a way to avoid spammer to crawl your email, and now the spammer use your way to reach your mail box .....

From: "Harris Ramirez"

To: me

Seen my profile yet? Jennies friend. check me out @ triple w dot gotgameyes dot com xoxo Kira.

If you are interested, feel free to try the link, I'm sured you won't be dissapointed.

Don't get heart attack!!!!!

Cheers ;]

Sunday, August 19, 2007

Malaysia: National Cyber Security

There are two interesting posts from regarding our National Cyber Security, I'm sured the guy who maintains the site has critical view about Malaysia Cyber Security but truly correct in his sense.

Lets start the fun by reading this -

- Part 1

- Part 2

Sometimes we have to learn to accept critique especially when we are wrong, consciousness is a need.

Peace ;]

Saturday, August 18, 2007

Media Files Meta Info Identification

Lately I have setup a home pc for my parents and I have to install windows for them even I myself advocate open source, that's the platform my brother knows how to work with and he can help my parents in case there's technical problem as I'm about to move to new place.

I have installed Firefox browser, OpenOffice and Vlc media player for them. Since my parents prefer to watch movies, I have found a Open Source application that can help them to identify the media files and download the correct codec. You can find the application here -

Mediainfo is small application but very neat although it can't support all codecs yet, you can just load the media file and it will try to identify what kind of containers and media formats are embedded in the file and extract the useful meta information for you. Here's the basic look of it when I load the Joker.avi file -

You can change to tree view to read more details information(I prefer this) -

Of course the most useful feature for end user should be the "mouse click" where you can fetch the correct codecs to solve the problem of playing media file.

I already told you I advocate Open Source Softwares!

Enjoy ;]

Friday, August 17, 2007

The Best Friend

If you are hired to design and deploy the whole security infrastructure, who you prefer to refer or consult?

The answer is pretty straightforward - System & Network Administrator

If you are living with your alter ego and ignore the role of them, you are definitely the wrong person for the job. In order to roll out the whole security infrastructure plan and execute them correctly, we must be humble and study the existing structure in all aspects from them, you may say some of companies(usually Multi National Company) have very well written documentation but that's all from the hard works of them as well.

Most of the people who work in information security field only concentrating on developing their tech skill set, however sometimes we really need to learn how to build effective relationship and communication with people we are working with.

Cheers ;]

Tuesday, August 14, 2007

Gmail Verification

Login to my google mail account today, and I read this(replace my email to my email @ -
Delivered-To: my email @
Received: by with SMTP id f9cs301689wfi;
Sun, 12 Aug 2007 23:42:07 -0700 (PDT)
Received: by with SMTP id y1mr2421909rvf.1186987296602;
Sun, 12 Aug 2007 23:41:36 -0700 (PDT)
Received: by with HTTP; Sun, 12 Aug 2007 23:41:36 -0700 (PDT)
Date: Mon, 13 Aug 2007 08:41:36 +0200
From: "Gmail Team"
Subject: Gmail Account Alert ( Verify Your Account Details)
MIME-Version: 1.0
Content-Type: multipart/alternative;

Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


Dear ****G ma il Account Owner,*
This message is from Gmail messaging center to all Gmail free account
owners and premium account owners. We are currently upgrading our data base
and e-mail account center. We are deleting all unused Gmail account to
create more space for new accounts.

*To prevent your account from closing you will have to update it below
so that we will know that it's a present used account.*


- Gma il! ID : ..........
- Password : ...........
- Date of Birth : ......
- Country or Territory : ...........

Enter the letter from the Security Image :
........ 859304
** **
** * * * ** Warning!!! Account owner that refuses to update his or her
account within Seven days of receiving this warning will lose his or her
account permanently. *
***Thank you for using Gmail* *! *
*Warning Code:VX2G99AAJ*
The Gmail Team
Interesting isn't it? Look at the puzzling gmail word. I think I need to update this or else my email will be deactivated -
Warning!!!   Account owner that refuses to update his or her
account within Seven days of receiving this warning will lose his or her
account permanently.
Thanks to for sending this notification.

Cheers ;]

Monday, August 13, 2007

Defensive Security: Beyond NSM

I was with the Offensive Security Cloud in the VNSEC Conference, this is the first security conference ever in Vietnam and overall it is good with some of the familiar faces we have seen in HITB. I don't plan to write anything about the security conference as you can find the event write up here. Overall I enjoy the Vietnam trip and may pay for second visit.

I had spent a lot of times studying Defcon presentation slides, and I have feeling of this -

- You will never be the expert in certain subject, unless you don't see "Time" as a factor. Every single subject requires deep interest and continuous efforts to reach "expert" level.

- There are too many vectors that leads to successful attacks, we can't just count on bugs in the software itself, and even if you are, and assuming you are hiring pentester to hunt for the bugs in the software, he or she can find bug A, but he or she may miss bug B(different skill level or just miss it, code auditing is not easy task especially in complex software). Other problem such as human errors, this is not only happening for the social engineering and carelessness part that leads to information leaking, misconfiguration of network assets that leads to compromise should be counted because you are hiring wrong people to do the job.

- Attack and exploit based tools are geared towards automation now to speed up the process of hacking and vulnerabilities discovery. Cracking is possible now with better hardware(fast processors and chunks and chunks of memories), imagine the cyber crime activities that supported and backup by evil organizations.

- Application based exploitation becomes more and more popular. The exploitation techniques that discovered by attackers getting more and more unpredictable and advance. When I say application, it is no longer server side applications(eg. network services) but user side applications too such as browser, flash player and so forth.

- New technology is not always good, look at Voip, NAC, Web 2.0 and IPv6. Don't believe in "HYPE"! Learning from past experience is a need when building new technology but this is not the case.

For the moment it is pretty hard to form a well-defined defence because things are getting more complicated. But I would love to point out few open source applications which can be utilized to form my idea.

Application Level Protection & Monitoring - Why, because front end application is easy target and not well protected, and most of the hackers always go for the easiest route. Currently we hardly see much development on application level protection and monitoring yet, but that doesn't mean they doesn't exist -



Network Assets Profiling - Whatever connected to the network must be profiled and stored in the centralized location, of course this can be done almost passively with something like PADS, but I'm looking at something more advanced, such as -


Network Security Metrics - There's no complete standard for this yet as I don't think network security reaches mature stage yet. But really, we can't avoid this anymore if we are talking about Critical Network Security Infrastructure. Of course I don't see any complete tool for this but look at this -


Logs ..... - I'm not talking about tree but record. Record must be in Human Readable Form, realtime, understandable and provides advance mining functions. I think OSSEC has done a good job -


To counter fast pace emerging threats, I would love to see defensive systems to be built with the ideas below -

- Network intelligence collection, such as baselining of network assets and network traffics. This is the important lead to identify abnormal and malicious activities abruptly.

- Full automation is bullshit, human intelligence must present. The system must require certain level of automation and certain level of examination as well. Why automation, automation can increase time effectiveness and productivities on behalf of analyzt. Why we need to examine it? Because we won't be any good as the expert in the subject when dealing in certain type of the attacks(usually unknown or new to the analyzt especially when they have never encountered it before). Therefore we need other sources to learn about it. For example snort has the reference for its signature rules.

- Relation to the whole organization, and follow up actions, I don't know how to describe this in proper way yet but it is something I have in mind for my new employer which has to do with reporting, classification and priority.

- Supporting Audit Trails, Incident Response and Forensics Operation.

Of course I can't consider this as proactive methodology but I'm now looking at how it can be applied to critical network infrastructure. Richard has very interesting thought in this one.

We can never hopeless!

Peace ;]

Thursday, August 09, 2007

HeX liveCD: Mirror mirror on the Net

Dr. J has again setup the download mirror for HeX liveCD 1.0 Beta 2. I have forgotten to mention that we have included metasploit for this release as well. Here you can find two US mirrors download -

- Mirror 1
- Mirror 1 MD5

- Mirror 2
- Mirror 2 MD5

Thanks to Dr.J for his kindly offer! Please report if you have any problem with the mirrors.


Monday, August 06, 2007

HeX liveCD 1.0 Beta 2

Chl4gs_ has integrated BSD installer to HeX liveCD so now we are making it to 1.0 Beta 2, we haven't added any other changes yet except the BSD installer so we encourage everyone to test it extensively. Here's the really simple how-to -

Boot up the LiveCD and "su" to root and type "installer" or "sudo installer" to start the installation. cpdup might take 10-30 minutes depending on you CDROM drive speed.

The only problem is BSD installer ncurses looks a bit weired under X. We still have no solution/workaround to that. However that shouldn't affect the installation process.

You can find the download link below, I will put it up at rawpacket site later.

- HeX liveCD 1.0 Beta 2 ISO Image

- MD5 Checksum

- SHA256 Checksum

Enjoy ;]

Wednesday, August 01, 2007


Why do you read books? Some people read books because it is their hobby, some read entertaining books such as novel or science fiction, some prefer philosophy or politic related books, as there are way many too books out there, everyone just choose the topic of their interest.

Before I started my computing journey(pre age 23), I read a lot of books that related to economy and pyschology which is enlightening, I learned how to manage EQ, relationship and partnership management and the trend of macro economy.

But now, most of my times are spent on computing books, technical papers, mailing lists and RSS feeds to keep myself cutting edge about the evolution of technology. Working in InfoSec field requires continuous strength to improve myself. I think reading books may speed up the learning process of certain topics or subjects that I'm not familiar with as I'm learning from the experts in the field.

Anyway here are the books I will buy -

- Computer Networks: Internet Protocols in Action

- Snort Intrusion Detection and Prevention Toolkit

Security Metrics: Replacing Fear, Uncertainty, and Doubt

- Virtual Honeypots: From Botnet Tracking to Intrusion Detection

More books to come but all of these are what I need for the moment.
Enjoy ;]

Ourmon: Detecting P2P Activities In LAN

One of the beautiful thing about ourmon is it does generate network errors graphs, and usually we know p2p uses non-privilege dynamic ports(>1024) for both file uploads and downloads, and when one of the host running p2p client stop running, other p2p clients in external networks(internet) will still probe to it hardly and that will generate noticeable burst, hence if you see lots of triggers on port unreachable flow, that maybe some kind of ongoing p2p traffics.

However ourmon monitor placement is important, I suggest it should be deployed between Local Area Networks and the Firewall that protecting the network.

Cheers ;]