Sunday, December 18, 2011

Digital Forensics Tools For Linux

If you are using Fedora Linux Distro to perform Forensics works, you may want to look into this -

http://www.cert.org/forensics/tools/

CERT also provides vmware forensics appliance where you find at the link above.

Enjoy ;]

Re-look: Security Operation Tools

I haven't kept track of my favorite tools for awhile, and it's time to pay attention to them again -

- Bro-ids
- Splunk
- Suricata
- Argus
- Ntop

All of them have new version released and it seems there are numerous changes that worth re-look into ;)

Friday, December 16, 2011

High Tech Fix For "Nokia N900: All telephony functions are disabled" issue

Last week, my Nokia N900 phone suddenly popped up with the message -

All telephony functions, including emergency calls, are disabled due to communication error. To recover, you might have to reboot the device

You will see something like a sim card icon on the top panel when this message appears.

Awesome, it seems I couldn't make or receive call after this message is shown, I rebooted my phone and it works again ... until this week, the phone is dead, I can't use it as a phone but small tablet. Maybe I should try google to see if there's any solution and here's what I have found -



Basically the solution is to claim the warranty and Nokia replaces a new one for you, what if you are out of warranty, just someone like me? Nokia has no answer for that, thank you Nokia ;)

I was thinking "Sim card icon and communication error", maybe it is sim card slot issue? I don't know, but here's what I try -

0. Switch off N900
1. Open up N900 case at the back(battery part)
2. Take out battery
3. Take out sim card from the slot, clean it
4. Put the sim card back to the slot
5. Tighten the slot
6. Take the toilet paper, yes I say toilet paper because it was on my desk when I was trying to fix this
7. Try to tear the toilet paper and make it thicker by layering them
8. Make the toilet paper slightly same size(square) as the sim card slot
9. Put the toilet paper on top of the sim card slot and push in a bit
10. Put back your battery and press it little hard, the toilet paper will be underneath
11. Close the case
12. Switch on your phone

The phone works automagically, don't ask me why, it's really high tech fix if you ever encounter this issue.

Have fun with N900 again, by the way no fun since not much apps for it(Thank you Nokia), BUT it works as PHONE again!

Cheers ;]

p/s: By the way let me know if this solves your problem, I would like to hear about it!

Friday, December 09, 2011

Time to Kill Bill

For all Malaysia IT people, do read this and spread out the words, it's time to kill Bill, what Bill? Computing Professionals Bill 2011!


Do read it in detail! Currently it is in drafting processing, thanks to my best pal - Mel to share this nonsense bill. By the way, if you have facebook, support this -


I will constantly update this post if there's any progress regarding the matter, voice out while you can regarding CPB2011 to the document below -


Mosti has put up their latest working draft which you can find here -


Please review it and make your voice loud and clear!

Some opinions from the individual who works in IT industry ;)


Petition!


Follow the Tweets regarding CPB2011


Flip-flop, uncertainty?


Makes yourself certified criteria?


Mosti is just facilitator?


Role model of CPB 2011, seriously?


Interview of Malaysia Deputy Minister Of Science, Technology And Innovation, Datuk Fadillah Yusoft by Astro Awani, if only you know Malay Language -


From Tony Pua, member of Parliament -

http://www.youtube.com/watch?v=6ilM5bKokkw&feature=youtu.be

While they can't define what is CNII properly during open meeting, now they want to include more sectors in this undefined crap? Seriously if the government sector has failed to deliver security all these years, that means PRISMA that was initiated to protect government ICT agency by our government is a big failure(so much money wasted and now this)? By the way if you read carefully at the last few paragraphs, you will notice "What we can do at CyberSecurity Malaysia is to continue to provide more training and capability building in cyber security, says CyberSecurity malaysia Chieft Executive Officer(CEO) Lt Col Prof Datuk Husin Jazri."

To me, that basically sounds like if this bill is passed, he can make big money by selling training and certification program, now we know who is really pushing this AGENDA at the back ;)


http://thestar.com.my/news/story.asp?file=%2F2011%2F12%2F18%2Fnation%2F10119744&sec=nation

Discussion about CPB 2011 on BFM radio station -

http://bfm.my/geeksquawks_ep53.html

The TeAM(The Technopreneuers Association Of Malaysia) objects to CPB 2011 -

http://techcentral.my/news/story.aspx?file=/2011/12/14/it_news/20111214141030&sec=IT_News

Speak out loud, geeks!

http://thestar.com.my/news/story.asp?file=%2F2011%2F12%2F18%2Fnation%2F10105092&sec=nation

No cheers this time, F it!

Tuesday, December 06, 2011

Intel X520

I want this for my Christmas present ;]

http://www.intel.com/content/www/us/en/network-adapters/gigabit-network-adapters/ethernet-x520.html

I never thought 10G network adapter can go very cheap, really need to get one for development and testing!

Monday, December 05, 2011

Virtual PF_Ring

Ntop development team has always developed high performance packet capture solutions that I would like to take a look into it -

http://www.ntop.org/products/pf_ring/vpf_ring/

Virtual PF_RING can only be used with KVM, with this it will bypass many copy operations and capture packets in line rate. I think I will test it on my Linux box and see how it goes. By the way you need to donate to obtain it.

Cheers ;]

Sunday, October 16, 2011

RIP - Dennis Ritchie

Sorry for the belated one.

Nothing much I can say but truly from my heart - Rest In Peace, Mr. Dennis Ritchie.

Thursday, January 13, 2011

FreeBSD: Ringmap Quick Testing

I have mentioned about FreeBSD ringmap here, and now I will share how I get ringmap installed quickly. As the developer of ringmap(Alex) has ported it to FreeBSD stable, here's what you can do -

Download FreeBSD 8.1 stable iso -

shell>wget -c ftp://ftp.jp.freebsd.org/pub/FreeBSD/snapshots/201011/FreeBSD-8.1-STABLE-201011-i386-disc1.iso

Install FreeBSD 8.1 stable on VirtualBox using the iso(Standard Install and make sure you include the source), you can do this quickly without issue if you are familiar with FreeBSD installation. The reason why I choose VirtualBox because VirtualBox can virtualize the following six types of networking hardware:

- AMD PCNet PCI II (Am79C970A)
- AMD PCNet FAST III (Am79C973, the default)
- Intel PRO/1000 MT Desktop (82540OEM)
- Intel PRO/1000 T Server (82543GC)
- Intel PRO/1000 MT Server (82545EM)
- Paravirtualized network adapter (virtio-net)

The ringmap implementation supports Intel 8254x network cards which you can find in the list above, therefore it's the ideal VM solution to use. Make sure you use any of the Intel 8254x in the list.

After I have FreeBSD stable installed on VirtualBox, then proceed to recompile the kernel without device em.

shell>cd /usr/src/sys/i386/conf
shell>mkdir /root/kernels
shell>cp GENERIC /root/kernels/RINGMAP
shell>ln -s /root/kernels/RINGMAP

Edit /root/kernels/RINGMAP by commenting out this line

# device em # Intel PRO/1000 Gigabit Ethernet Family

To recompile and install the custom kernel -

shell>cd /usr/src
shell>make buildkernel KERNCONF=RINGMAP
shell>make installkernel KERNCONF=RINGMAP

It will take a while and once you got it done, reboot the system. After the system is up, add these two lines to /etc/make.conf(if the file not exists, you can just create it) -

EM_RINGMAP=yes
LIBPCAP_RINGMAP=yes

Download ringmap source and install -

shell>fetch http://ringmap.googlecode.com/files/ringmap_freebsd_8.1_1.1.0.bz2
shell>tar xvjf ringmap_freebsd_8.1_1.1.0.bz2
shell>cd FreeBSD_8/scripts
shell>chmod 755 *
shell>./build_ringmap.sh

To enable the ringmap -

shell>./set_ringmap.sh

To make sure you can run any packet capture tool, you need to turn on monitor mode for the network interface -

shell>ifconfig em0 monitor up

For quick testing just run tcpdump and listen to em0 interface -

shell>tcpdump -ttttnni em0

That's all for ringmap testing, I haven't done any benchmarking yet until I get the real hardware for testing but you definitely can find more information about ringmap in its own page here -

http://code.google.com/p/ringmap/

Cheers (;])

Wednesday, January 12, 2011

Ubuntu: Daemonlogger

To install daemonlogger on Ubuntu 10.10, you can follow me here -

Install all the required dependencies -

shell>sudo apt-get install libpcap-dev libdumbnet1 libdumbnet-dev

As the libdnet files are renamed to dumb names, we need to create soft link for them so that daemonlogger can find them, otherwise you can install libdnet from source which I want to avoid here -

shell>cd /usr/lib

shell>sudo ln -s libdumbnet.a libdnet.a

shell>sudo ln -s libdumbnet.so libdnet.so

shell>sudo ln -s libdumbnet.so.1.0.1 libdnet.so.1.0.1

shell>sudo ln -s libdumbnet.so.1 libdnet.so.1

shell>sudo ln -s libdumbnet.la libdnet.la

shell>cd /usr/include/

shell>sudo ln -s dumbnet.h dnet.h

Install daemonlogger -

shell>wget -c http://www.snort.org/users/roesch/code/daemonlogger-1.2.1.tar.gz

shell>tar xvzf daemonlogger-1.2.1.tar.gz

shell>cd daemonlogger-1.2.1

shell>./configure

shell>make

shell>sudo make install

There you go, now you have daemologger installed on Ubuntu and ready to capture packets.

Enjoy (;])

Saturday, January 01, 2011

Happy New Year 2011

Good bye 2010, and here comes 2011!

Happy new year everyone, and hopefully myself will be more active in blogging this year!

Cheers & Enjoy (;])